This article introduces the white paper 2014 State of IBM i Security Study.

You sleep soundly, knowing your business's data is protected by IBM i servers. Besides, who would attack your company when major corporations such as Neiman Marcus and Target have vulnerable data?

But then it happens. The data you rely on for day-to-day operations is deleted or corrupted. Or private customer information is stolen, destroying the trust that took years to build.

Maybe cybercriminals targeted your company at random. Maybe an angry former employee wanted revenge. When the damage is done, you won't ask who or why. You'll ask, "Can my business recover?"

System administrators and IT managers rely on Power Systems servers running IBM i because of their well-deserved reputation for impenetrable security. But the data from the 2014 State of IBM i Security Study shows improper configuration settings chip away at the level of security provided by IBM i.

When cybersecurity threats include criminals around the world as well as your own employees, relying on default security settings endangers your business's future. Although some businesses have the financial and personnel resources to survive a cyberattack, many others do not.

Because tools to access data on IBM i servers are widely available on the Internet, IBM allows administrators to monitor and restrict network access through exit programs. Few have implemented such measures. This unmonitored network access, combined with overly powerful users and lax system auditing, leaves your server vulnerable to internal and external threats.

The State of IBM i Security Study is designed to help executives, IT managers, system administrators, and auditors understand the full extent of IBM i security exposures and how to correct them effectively and economically.

Why This Study Is Important

Last year marked the 25th birthday of the AS/400, as well as the 10th anniversary of the State of IBM i Security Study. From the AS/400 to iSeries, System i, and finally Power Systems running IBM i, PowerTech has followed the evolution and provided invaluable security insight from more than 1,900 servers worldwide. The results from the 2014 study, and the universal nature of IBM i vulnerabilities, lead us to conclude that if you have IBM i systems in your data center, your organization might suffer from similar internal control deficiencies.

What This Study Means for You

Your IBM i server likely runs your mission-critical business applications—and has been for 20 years or more—but the staff that set up server security is long gone.

To complicate things, the integrated nature of many IBM i security controls has caused confusion over who is responsible for the configuration—IBM, the customer, or the application provider. As such, many systems operate with default settings due to lack of ownership.

You know an IBM i audit is long overdue, but you're too busy grappling with:

• Knowledge gaps

• Overextended staff

• Lean IT budgets

Because Windows and UNIX platforms tend to require more resources to secure them, it's much easier to let IBM i security projects take a back seat.

Consequently, as threats loom ever greater, the administration of IBM i security controls has lapsed and guards are down.

Here's the good news: the weaknesses identified through our assessments and documented in this study are caused by poor or missing configurations that can—and should—be corrected.

This study shows you the most common and dangerous IBM i security exposures; outlines best practices for improvement; and explains how these relate to compliance legislation, industry regula­tions, and IT guidelines and standards.

PowerTech is your security expert in managing evolving compliance and data privacy threats with automated security solutions for IBM Midrange Servers. Our ServerProven security solutions are straightforward and save your valuable IT resources, giving you ongoing protection and peace of mind.   Because IBM Power System (iSeries and AS/400) servers are used to host particularly sensitive corporate data, it is imperative that you practice proactive compliance security. As an IBM Advanced Business Partner with over 1,000 customers worldwide, PowerTech understands corporate vulnerability and the risks associated with data privacy and access control.   Eden Prairie, Minnesota-based PowerTech Group was founded by security experts in 1996. In 2004, PowerTech was awarded the prestigious Industry Driver APEX Award from iSeries NEWS. That same year, PowerTech also won the APEX award as the Editor’s Choice in the Security category. PowerTech is also the only iSeries security company to have been recognized as a finalist in the IBM Beacon awards.

The PowerTech security solutions provide definitive security coverage for iSeries and AS/400 systems.