Founded in 1947, International Rectifier (IR) is a world leader in advanced power management technology. The company’s 5,400 worldwide employees support operations in 20 countries. Annual revenues are approximately $1 billion.
Compliance Regulations Remain at the Top of Exec's Minds
Sarbanes-Oxley (SOX) hasn’t disappeared and remains at the top of many executives’ minds. Among other stipulations, it requires rigorous data integrity protection. That makes system security, which was always important, even more critical for El Segundo, California-based International Rectifier (IR). Because IR maintains a replica of its partitioned IBM i production server for high-availability purposes, it must ensure that security policies on the primary and backup servers match. ”We were spending a lot of time getting security policies in sync on our primary and backup servers and even more time creating SOX compliance queries and reports,” says Roger Crawford, International Rectifier’s global operations manager.
Unbiased Security Reports and Risk Analysis
IR looked at another vendor’s products, but a number of PTFs had to be installed before it could be used, and, even then, it failed to deliver the promised functionality. Then, Crawford and Suhas Narayan, assistant operations manager, spoke to someone from another company who recommended the software and services from HelpSystems. A 30-day trial proved that this solution “had a lot of functionality and did all of the things we were expecting — and more,” says Crawford. “And it didn’t take the 30 days to find out what the product could do. It took one phone call with Carol Woodbury. After about half an hour, I saw what HelpSystems was doing and immediately cut a PO.”
IR also contracted for a Risk Assessment and purchased the Risk Assessor product, which performed an automated risk analysis that provided comprehensive unbiased security reports. For example, Risk Assessor showed that more than 500 files didn’t have the appropriate owner and 114 user profiles hadn’t had any log-in activity for more than 180 days.
Automated Security Policy Reporting Saves Time and Money
Most significantly, IR installed Policy Minder for IBM i, a security administration and compliance tool that automated the process of keeping IR’s security configuration in compliance with its security policies. Policy Minder for IBM i helps reduce the costs of enforcing security compliance and taking remedial action when necessary. IR uses Policy Minder to create all of its security policies and to monitor compliance. For example, the software identifies user profiles that have been inactive more than 90 days and automatically disables them. It also reports on profiles that have been inactive for 180 days so those profiles can be manually deleted. (Policy Minder can automatically delete profiles, but IR does a quick manual verification first.) “That’s helped us to clean up a lot of our profiles,” reports Narayan.
In addition, IR uses Policy Minder for IBM i to set *PUBLIC authority of files containing confidential information to *EXCLUDE and to limit who can execute commands from the command line, which are both requirements for SOX compliance.” Policy Minder also alerts IR to the existence of new objects that shouldn’t be in QSYS.LIB and other libraries. Those objects are then removed, and developers who were responsible for their presence are contacted so it doesn’t happen again.
Policy Minder’s import facilities make it easy for IR to copy policies from its production machine to the backup system to ensure that the policies on each match perfectly.
"Boom, I'm Done!"
“Risk Assessor and the Risk Assessment were immensely helpful in helping us better understand the security challenges in our environment. Further, before implementing Policy Minder for IBM i, I spent a lot of time creating SOX compliance reports and queries. Now I just go in, print a Policy Minder report, and, boom, I’m done!” Crawford declares. “We were able to clean up, secure, and get everything correct without spending months doing it.”
Policy Minder saves administrators time by automatically documenting your security policy and checking server configurations for compliance.
Automated risk analysis
Automatic inactive profile disablement
Better understanding of security challenges in their environment