Throughout the business world, IBM i and its predecessor, the AS/400, has gained a solid reputation as a robust OS platform. Over the years, this popular and reliable operating system, comprised of integrated and dependable hardware and software, has been viewed as a relatively closed system, as secure as secure can be from outside intrusion and risk. But security cannot be taken for granted.
As the platform evolved to keep pace with IT infrastructure and networking changes, new functionality and connectivity gradually began to chip away at the fundamental security that was the heart of the IBM i platform. The growing need for compatibility with Windows-based networks resulted in the first significant challenge to complete IBM i security, even as it retained its flat virtual memory model and object-based architecture. Suddenly, IBM i was exposed to many of the same risks as any corporate Windows-based servers. This challenge was compounded by some of the unique attributes of many IBM i ecosystems, including increasingly complex layers due in part to the number of legacy applications still in use on the platform.
With the ability to contain Windows PC data comes the ability to also harbor malware – so even if that malware can’t be executed in the IBM i environment, the system can act as a host from which malicious apps can be launched into the more vulnerable and unsuspecting company Windows systems. For example, POODLE malware can be incubated in Apache-based IBM HTTP servers from which it can utilize the Internet to launch malicious browser code and decrypt sensitive and valuable encrypted data such as financial transactions and more.
This kind of problem can be compounded by the number of users on the IBM i platform (averaging around 800 for many enterprises), which can produce a large and often unaccounted-for number of vulnerable points such as unused and forgotten accounts and administrative access that remains open after the user has moved to another department or left the company. Many systems are simply poorly configured and security mismanaged as infrastructures get customized and are haphazardly maintained.
IBM i weaknesses can include:
- Excessive user access
- Poorly managed patches and upgrades
- Unchecked permissions
- Inadequate password management
- Database vulnerabilities
If you’re concerned about the vulnerability of your IBM i environment there are several steps you can take to help shore up your defenses, including:
- Develop a management-driven governance, risk, and compliance strategy that aligns your IBM i security with your organization’s overall risk management strategy
- Identify and address all internal and external compliance requirements
- Standardize your security approach and process, leveraging best practices from resources such as the IBM Security Framework, IBM i Security Reference, RedBooks, Security Administration and Compliance documentation
Of course, if your organization lacks the resources to effectively manage the security and maintain the functionality of your IBM i infrastructure, PSGi has the highly-experienced business and IT experts to provide proactive, cost-efficient, and integrated managed services for your IBM i platform and business processes. We can help ensure your systems are both optimized and secure.