Expert Interview (Part 2): Patrick Townsend on IBM i Security
Is your IBM i system secure? Are there ways that you can make it even more secure? How are IBM i security features like multi-factor authentication changing?
We sat down recently with Patrick Townsend, founder and CEO of Townsend Security, to get answers to these questions. Here’s what he had to say about securing IBM i systems.
If you missed part one, you can find it here.
Can you elaborate on data enrichment and its importance as part of an IBM i security strategy?
Here is an example: Let’s say you’ve got dozens of users on the IBM i platform. You have a user named Bill. Bill accesses a file, and the event goes to the SIEM. Based on the information in the event itself, the SIEM can’t figure out who Bill is and what level of privilege he should have.
But with the help of a collector that enriches data by determining Bill’s access privileges, the SIEM can determine whether Bill is a privileged user or not, and analyze his activity accordingly.
Let’s talk compliance. Which compliance challenges should IBM i admins be aware of?
PCI is always near the top of the list. If you’re doing any kind of credit card processing, PCI protection needs to be there. And not only that, but PCI serves as the gold standard for what to do to secure systems.
The other major framework that is resonating right now is GDPR. GDPR has a data protection component: Article 32. It requires more than just encrypting data. It requires you to know which data you’re collecting, assess what would happen if it were breached, then implement specific technical controls. GDPR applies to IBM i systems just as much as it does to any other type of infrastructure.
The list of regulatory frameworks that IBM i admins need to follow is growing. There are new regulations in Australia, New Zealand and APAC. California also just passed a new data security law. And at the federal level, it’s always possible that the government will pass new data privacy requirements. It’s true that they’ve been trying for years, and have not gotten anywhere. There’s a chance that current headlines about unauthorized data collection by Internet companies could change that.
Multi-factor authentication has become a hot topic recently. Why and how can you implement multi-factor authentication for IBM i?
You want to do multi-factor authentication (MFA) on IBM i for the same reason you do it anywhere else. It’s a critically important security control, and many IBM i users are just getting around to implementing it.
Unfortunately, most vendors in the MFA market don’t address IBM i, so you have a smaller set of solutions to choose from. But they’re out there. For example, Syncsort has two MFA tools that support IBM i.
It’s worth noting, too, that the PCI framework was just updated with new guidance for MFA. It recommends that users enter their user ID, password and MFA code all at one time. This is different from two-step authentication, which entails entering the user ID and password first, then the code separately. Many Web apps and services currently use two-step authentication, which is less secure because it makes it easier for attackers to identify a valid username and password combination. Although most MFA providers don’t currently offer single-step authentication, Syncsort’s MFA products already meet the new PCI guidelines.
Download our whitepaper on the importance of multi-layered data security.