2015 IBM i Security Study Exposes Poor Management of User Controls and Network Access

April 28, 2015

PowerTech’s State of IBM i Security Study uncovers flawed system settings that leave data vulnerable

Minneapolis, MN, April 28, 2015—PowerTech, a division of HelpSystems and leader in security solutions for IBM i servers, today announced the release of the 2015 State of IBM i Security Study.

PowerTech has published the annual study for 12 years, aiming to raise awareness of IBM i security vulnerabilities and ways to correct them. Key findings from 2015 include:

  • Nearly half of systems studied have no controls in place to log and restrict traffic passing through the back doors of your database, such as FTP, ODBC, or SQL
  • 33 percent of systems have more than 100 user profiles with default passwords
  • Only eight percent of systems are utilizing the password policy settings introduced with IBM i 6.1

“Weak password settings are especially dangerous when combined with overly permissive user authorities,” says Robin Tatam, PowerTech Director of Security Technologies and author of the study. “A hacker or malicious insider will have an easier time accessing sensitive data on the system—the risk of a serious data breach is much higher.”  

For the first time, the study also includes data about virus scanning on IBM i. Of the servers reviewed for anti-virus controls, 80 percent are not scanning files before they’re opened. This creates a risk of viruses spreading to other servers in the networks.

“The lack of virus scanning is consistent with what we’ve seen year after year in the other areas of IBM i security,” says Tatam. “The factory settings in IBM i simply won’t prevent data from being stolen, deleted, or corrupted. There’s an urgency to adopt a proactive approach to security policies and configurations best practices if we want to stand any chance of securing it.”

This year’s study includes data from 110 IBM i servers and partitions audited by PowerTech’s Compliance Assessment in 2014. Participating organizations varied in size and represent multiple industries, including insurance, retail, manufacturing, and finance.

For more information about other IBM i security gaps that increase the risk of a data breach, download your copy of the study today.

About PowerTech

PowerTech, a division of HelpSystems, develops modular, automated security solutions for IBM i servers, helping users manage today's compliance requirements and data privacy threats.

About HelpSystems

HelpSystems, LLC is a leading provider of systems and network management, business intelligence, and security and compliance solutions. HelpSystems software reduces data center costs by improving operational control and delivery of IT services. Founded in 1982, the company has 15 offices worldwide and more than 9,000 customers from small businesses to Fortune 100 companies. Based in Minneapolis, Minnesota, HelpSystems sells its solutions directly and through strategic partners worldwide.

HelpSystems brands include: Robot, SEQUEL Software, PowerTech, Halcyon, Skybot, AutoMate, Safestone, Bytware, ShowCase, InterMapper, CCSS, and RJS Software. Learn more at www.helpsystems.com.

Mike Devine
Vice President, Marketing
+1 952-563-2798

[email protected]