IBM i regulatory compliance is like that relative you don’t really like, but have to…
This is the second year in a row that HelpSystem’s IBM i Marketplace Survey has caught IBM i security concerns at the top of the “Business Challenges” list. In fact, 72% of respondents listed IBM i security as their top priority to work on in 2018.
The challenges of IBM iSeries (AS400) security tend to fall into three categories:
1. How companies are understanding IBM i security concerns
IBM i is a remarkably secure platform. That being said, users tend to overestimate its inherent security. Like any and every system, some level of vulnerability is inevitable, and therefore anti-virus software is a necessity. In spite of this, a surprisingly low 33% of companies are employing anti-virus software on their IBM i platform. To add insult to injury, over 50% of users have no intention of implementing anti-virus software in the visible future.
It’s important to remember that malware (Ransomware included) is avoidable, unauthorized access can be prevented, and data encryption is a critical last-resort for data security. On that note, we come to our next point:
2. Realizing that prevention is possible
It might seem obvious, but too many companies aren’t taking the necessary precautions to prevent attacks on their systems. Malware, ransomware, and viruses affect servers and personal computers (PCs) alike, causing devastating (and costly) consequences for companies – from downtime to critical data loss.
Just because big and well-known companies are hit doesn’t mean that you have to be, too. Solutions as simple as high availability (HA) and disaster recovery (DR) make a huge difference on productivity, compliance, and data security. Unfortunately, too many companies realize this when it’s already too late.
There are also many varieties of anti-virus software you can implement, including those specifically for IBM i – even at the server level. Meanwhile, securing and monitoring exit points is critical to avoid compliance violations, or even data corruption.
Finally, data encryption should be considered a standard for your sensitive data. Even if malware makes its way onto your computer, or if your exit points become compromised, encryption is a powerful last line of defense against data theft. Stolen data is useless if it’s unintelligible, and sensitive customer data won’t be put at risk if it isn’t actually exposed.
3. Lacking necessary planning
As Benjamin Franklin famously said, “If you fail to plan, you are planning to fail.” This is particularly true when it comes to your IBM i security.
With the ever-increasing number of data breaches and cyber security issues that make headlines these days, failure to plan accordingly would seem surprising. What’s truly surprising is how ubiquitous it is.
For instance, when it comes to the points mentioned above – exit point security, anti-virus protection, and database encryption – only 36.6%, 33.3%, and 19.4% of users have these solutions implemented, respectively. Meanwhile:
- Only 17.5% plan to implement exit point security
- Only 12.2% plan to implement anti-virus protection
- Only 22.3% plan to implement database encryption
The complement to these very low percentages are very high percentages of companies that have no plans to implement these critical security measures. It’s one thing not to have every solution in place at once, but this low level of planning is surprising for the business-critical functions that IBM i systems provide.
The answer to staying on top of your IBM i security concerns? Understanding your weak points, realizing that these can be mitigated, and planning accordingly.
For more information on how to keep on top of your IBM i security concerns and plan accordingly, contact us today at 317-707-3941.
Source: IBM i Marketplace Survey by HelpSystems