How secure is your system?
Editor’s Note: This article is an excerpt from the white paper “The State of IBM i Security 2012.”
Are my Power Systems servers running IBM i (aka System i, iSeries, AS/400) compliant with government and industry security regulations?
Is my data secure behind the walls of my Power Systems server? Are we able to detect fraud, data theft, and other deceptive behavior?
How do I secure my system in the most efficient and economical way?
If you’re a senior executive or IT manager with responsibility for Power Systems running IBM i, then you’re already familiar with these security-related questions. In response to these issues, PowerTech surveyed over 120 Power Systems servers (many from Fortune 100 companies) in 2011. The results, and the universal nature of IBM i vulnerabilities, led us to conclude that if you have IBM i systems in your data center, then your organization probably suffers from internal control deficiencies.
IBM i security projects often take a back seat to Windows- and UNIX-platform security, either because it is assumed that an IBM i server is already secure or because the security professionals or auditors are unsure how to assess this system.
Our goal in releasing this annual study is to help executives, IT managers, system administrators, auditors, and compliance officers understand the important security exposures of IBM i servers and to provide answers to the questions that keep you up at night.
Introduction: The IBM i Market
IBM introduced the AS/400 in 1988 as its computing system for small- and medium-sized companies. Today, the Power Systems product line ranges from small servers with a single processor to the high-end mainframe-class POWER7 Model 795, which can have up to 256 processors. The IBM i community includes a large and loyal base throughout the world—with more than 380,000 systems estimated in production use.
The PowerTech data was collected from a cross-section of systems of varying sizes. Companies in industries such as retail, financial, manufacturing, and distribution typically purchased their Power Systems server as part of an integrated business system. Today more than 16,000 banks run their core banking and financial applications on an IBM i server. Many retailers use applications that store credit card data on the system. Some of the more well-known software vendors that provide applications are Oracle (JD Edwards ERP); Lawson/Intentia (financials); FISERVE; SAP; IBM Domino; IBM WebSphere; Jack Henry (core banking); INFOR (BPICS, MAPICS, Infinium, Infor ERP XA applications, PRISM); and Manhattan Associates (supply chain). Given the mission-critical data that is stored on these systems, maintaining a secure configuration should be a top priority.
Over the years, IBM i installations have seen considerable changes in staff. Often, these servers have been running mission-critical business applications for 20 years or more, and the staff that set up server security is no longer there. Consequently, the administration of security controls has lapsed and the guards are down. You’ll see that in our results. What you need to consider is, “Are our guards down, too?”
LATEST COMMENTS
MC Press Online