Let’s face it, security is not everyone’s area of expertise. While many sources exist to educate oneself on the nuances of IBM i security, organizations often rely on outside experts to guide them. Interestingly, most of the experts—myself included—work for a security software provider. With a function as critical as security, business decision makers sometimes worry that this presents a conflict of interests. As such, it’s imperative to garner the opinions of an expert who has the background and skills in the base operating system controls, in addition to knowing the benefits of any software they are representing. All too often I talk to customers who are skeptical that the recommended software package will solve all their security and compliance needs. The truth is that there’s no “silver bullet” solution, and anyone that suggests otherwise is perhaps more sales than expert.
IBM integrated the security infrastructure in the operating system, and that remains an effective foundation in today’s modern world of web servers and network connections. Software solutions do not replace this infrastructure, but should augment it with additional features and time-saving controls. And, while a software solution may help with a weak OS security deployment, the reality is that you should be counseled that implementing one without the other will undermine the benefit of running one of the most secure(able) operating systems available in the server market.
Before investing in security software for your IBM i server, I strongly recommend that you have an assessment performed. This assessment should interrogate and evaluate the operating systems controls—even if you have an identified need for a particular third-party solution. As a subject-matter-expert for COMMON, I’ve visited with hundreds of organizations and am called upon to perform dozens of assessments every year. Many times the customer evaluates the benefit of one of our software solutions, but they often make decisions about their operating system controls and processes as well.
Start with a free Security Scan—especially if you don’t have the budget necessary to engage an expert to provide a full-blown assessment of the server environment. Of course, this no-cost, no-obligation assessment does not provide the same granular analysis as our deep-dive offering; however, within an hour you’ll have documentation of six critical areas of server configuration and is a fantastic (and arguably less overwhelming) starting point. This assessment can be used as-is, or to provide cost justification for a more comprehensive review.
Although I am the Director for one of the world's most successful IBM i software providers, I still encourage companies to start by obtaining a free review of the server. Anyone can market themselves as a security expert as there’s no official IBM i security certification (although I’ve pushed for it). An assessment will go a long way in determining the credibility of the expert who is working with you to recommend a solution—with or with software—as it helps establish trust. An assessment will reveal if that expert truly understands your operating system configuration, whether they can discuss security in terms that you can relate to, and whether they are capable of making credible recommendations beyond “buy our software.”
On the flip-side, don’t discount a recommendation for a software solution simply because it comes from a software provider. PowerTech’s software solutions were developed from a common need from customers and there huge benefits are attained from their deployment. And there are other reputable providers in the industry that have developed their solutions the same way. If the recommendation comes from a reputable (and trusted) expert, you will find yourself on the path to discovering a better, easier way to secure your system or establish regulatory compliance.
Last week I was engaged in a consulting project for a great, long-time customer down in Albuquerque, New Mexico. Coincidentally, the international hot-air Balloon Fiesta! was wrapping up and I got a chance to experience a dawn mass-ascension at this, the largest event of its kind in the world. I’ve seen hot-air balloons take off before, but nothing prepared me for the beauty of this incredible sight. It was a chilly morning and you could feel the heat from the massive burners from about 20 feet away! Whether it was the vision of hundreds of balloons rising majestically, a breath-taking ride on the Sandia Peak aerial tramway—the worlds longest—or the nearby beauty of Santa Fe and Taos, you’ll understand why New Mexico is known as the “Land of Enchantment.”