Every IBM i Estate Needs Securing – Here’s Why

IBM i Security, Explained

As operating systems go, IBM i platforms can be battle-hardened with security offerings that often go amiss. Like all platforms, forgoing the basic security protocols (are you, for example, utilising security audit logs?) invites risk and cybercriminals are nothing if not opportunists.

After more than 40 years of helping customers transform with scalable, compliant, and secure platforms like IBM i, our experts have seen it all, from poor configuration to limited protection where there is no exit point program in place. One of the most common scenarios, for example, affecting system users regards password length issues.

The list of possible security issues goes on.

What is considered security best practice for IBM i? There is a more formal list of security objectives for IBM i, detailed by IBM in this report, which covers areas including:

• Password controls and policies
• User special authorities
• System auditing
• Secure connections
• … and more

The Next Generation of Resilience – IBM Power11

In case you missed it… IBM Power11 launched to hotly anticipated subjects of productivity, business continuity, and beyond. As an agentic, autonomous platform, IBM Power11 is enriched with values of resiliency – not just security.
What does this mean for you?

“Resilience”, simplified, is the end goal for most modern organisations and describes how effectively they deter, mitigate and recover from risks of all kinds. Operationally, however, there is no single road to achieving resilience. Instead, companies layer in security controls and strategies, one after another, to ensure that they are defended from today’s threatscape.

Today’s most aggressive, pervasive and devastating risks can be blunted and deterred. The first step is simple: start with the essential security controls.

Security Blind spots (According to Businesses)

Surveying the market, our security partner, Fortra, discovered that amongst the main inhibitors of IBM i security are:

• Risk misconception
• Mismanaged priorities
• Lack of security education (and training)
• Over reliance on firewalls
• Green screens (only menus)

These areas have been identified as some of the largest risks posed to businesses with IBM i workloads right now.

Where Do I Start with IBM i Security?

We tell customers all the time that there’s a difference between a secured IBM i platform and one that’s securable. Costly downtime, reputationally harming headlines, a high profile with regulators – there’s a lot on the line.

Security isn’t out-of-box, universal fit, but rather comes with some assembly required.

Start foundationally and with a wide-open, practical view into building up to resilience. Security, for example, isn’t a one-time, overnight fix. But rather security can be trained, managed and controlled, layered into your IT over time.
There are no shortcuts in security either.

Buyer beware, commercial security tools are available in the marketplace, and they exist to support your operational resilience. Owning tools doesn’t necessarily mean that you are protected.

Our experts have outlined the top three areas to consider first when starting to secure your IBM i estate.

#1. System Configuration

We recommend everything from robust auditing trials to strengthened user profiles. Without auditing, for example, detecting a security violation will be impossible. Areas for improvement in user profiles, such unused users, or defaulted passwords, should be addressed immediately.

If IFS shares are not under regular review, then there’s a greater risk of attack. But quick steps in eliminating unnecessary shares or making IFS shares “read only” can mitigate certain risks of an invasion.

#3. Exit Programmes

If antivirus is a fortified wall in the fortress of your security strategy, exit programmes are the arsenal. Exit points allow you to define what happens when a user, or an application, attempts to connect from the outside in. This means with exit programmes, you can lock down the most attacked interfaces.
With exit programmes in place, you can:

• Allow or deny access based on user, IP, time, or command type
• Log every attempted access (… even failed ones)
• Block unencrypted sessions or limit specific SQL statements
• Monitor and alert on unusual usage patterns

OTHER ROLES

Compliance, Risk & the CISO’s Office

What about cyber insurance policies? Very recently, our analysts offered guidance to the UK & Ireland market regarding policies. Initially many asked, what can you do with risk? That quickly changed to: how can I offset risk and liability associated with cybercrime?

Cyber insurance is now stricter, making these policies even more challenging to acquire.
Regulators want better audit trails. Boards are asking harder questions. Customer data and its privacy has tightened.

Whether a bank, insurer, university, or other regulated industry, they all need verifiable controls. That includes:

• Antivirus logs
• Audit journal configurations (QAUDCTL, QAUDLVL)
• Least privilege enforcement
• File integrity monitoring

Without these, the risk of a costly breach is heightened.

IBM i Security ‘in a Box’

What if the worry of ransomware invasions, poor configs or weak passwords could be improved? In partnership with Fortra, CSI is offering IBM i end users an essentials ‘bundle’ for security, helping to compile some of the fundamental layers of security.

Secure by design, our security essentials is a way to get ahead of today’s pervasive threatscape. We built these essential building blocks to IBM i security to address the most common security challenges, including antivirus.

For more information on securing your IBM i platform, leave us a message and one of our experts will be in touch. Interested in understanding more about IBM i managed services? Be at peace with your security strategy – and it all starts with a free scan.