2015 IBM i Security Study Exposes Poor Management of User Controls and Network Access

April 28, 2015

PowerTech’s State of IBM i Security Study uncovers flawed system settings that leave data vulnerable

Minneapolis, MN, April 28, 2015—PowerTech, a division of HelpSystems and leader in security solutions for IBM i servers, today announced the release of the 2015 State of IBM i Security Study.

PowerTech has published the annual study for 12 years, aiming to raise awareness of IBM i security vulnerabilities and ways to correct them. Key findings from 2015 include:

  • Nearly half of systems studied have no controls in place to log and restrict traffic passing through the back doors of your database, such as FTP, ODBC, or SQL
  • 33 percent of systems have more than 100 user profiles with default passwords
  • Only eight percent of systems are utilizing the password policy settings introduced with IBM i 6.1

“Weak password settings are especially dangerous when combined with overly permissive user authorities,” says Robin Tatam, PowerTech Director of Security Technologies and author of the study. “A hacker or malicious insider will have an easier time accessing sensitive data on the system—the risk of a serious data breach is much higher.”  

For the first time, the study also includes data about virus scanning on IBM i. Of the servers reviewed for anti-virus controls, 80 percent are not scanning files before they’re opened. This creates a risk of viruses spreading to other servers in the networks.

“The lack of virus scanning is consistent with what we’ve seen year after year in the other areas of IBM i security,” says Tatam. “The factory settings in IBM i simply won’t prevent data from being stolen, deleted, or corrupted. There’s an urgency to adopt a proactive approach to security policies and configurations best practices if we want to stand any chance of securing it.”

This year’s study includes data from 110 IBM i servers and partitions audited by PowerTech’s Compliance Assessment in 2014. Participating organizations varied in size and represent multiple industries, including insurance, retail, manufacturing, and finance.

For more information about other IBM i security gaps that increase the risk of a data breach, download your copy of the study today.

About PowerTech

PowerTech, a division of HelpSystems, develops modular, automated security solutions for IBM i servers, helping users manage today's compliance requirements and data privacy threats.

About HelpSystems

HelpSystems, LLC is a leading provider of systems and network management, business intelligence, and security and compliance solutions. HelpSystems software reduces data center costs by improving operational control and delivery of IT services. Founded in 1982, the company has 15 offices worldwide and more than 9,000 customers from small businesses to Fortune 100 companies. Based in Minneapolis, Minnesota, HelpSystems sells its solutions directly and through strategic partners worldwide.

HelpSystems brands include: Robot, SEQUEL Software, PowerTech, Halcyon, Skybot, AutoMate, Safestone, Bytware, ShowCase, InterMapper, CCSS, and RJS Software. Learn more at www.helpsystems.com.

Mike Devine
Vice President, Marketing
+1 952-563-2798


Recent News

August 7, 2018

Policy Minder has been expanded to empower security monitoring for data stored on Amazon S3, giving IT professionals peace of mind any misconfigurations or oversights will be detected and rectified.

July 17, 2018

This update to Vityl Capacity Management brings all pieces of a capacity management practice into one tool. Users can now take business developments, IT changes, industry factors, and more into account to create capacity plans in an intuitive workflow. The newest release also supports container monitoring, an essential when move applications from one platform to another.

June 16, 2018

CEO Chris Heim took over one of the Twin Cities’ largest software and IT-services firms in 2014. Before joining HelpSystems, Heim was CEO of Axium Software, a Portland, Ore.-based software company that was sold to Deltek in 2014. From 2007 to...