Best Practices for IBM i Security
I like to begin any security best practices discussion with a question. Does your company have the deep knowledge required to properly secure your network, all your servers and your portable or mobile devices?
Securing your IT environment is a daunting task for companies of any size. Deep security skills that span many different technologies are required to adequately configure and maintain the many technologies that exist to support an IT installation.
Let’s just think through the scope of security within the typical enterprise. There will be multiple networks that need to be secured. Associated with each network you will find a variety of different types of networking equipment attached, such as firewalls, IDS/IPS, routers, switches, and more – some of which require detailed configuration to be properly secured. Within the network, it is common to see multiple servers that are running some number of different operating systems. In addition, a whole host of portable or mobile devices are used by employees to access company data from both inside the company network and/or remotely across the public network. A wide breadth of knowledge is required to properly secure the enterprise.
If you’re one of the few companies that has these security skills, then you are fortunate. For most companies, obtaining outside consulting help to perform a detailed cybersecurity evaluation is required. Understanding the security weaknesses that exist in your enterprise is the first step on your journey to securing your IT environment. This consulting work may need to include network penetration testing, analysis of networking equipment configuration plus a detailed review of each server in your network. In addition, a policy for how to deal with portable and mobile devices used by your employees is required. Do you have a plan to address lost or stolen devices? What do you do when an employee leaves the company that is using a personal device or a company-provided device? Can you wipe a phone to remove company information? In addition to the few have I listed here, there are many other considerations related to mobile that you must address.
I often deliver an “IBM i Security Best Practices” education session designed to provide IBM i professionals with an overview of the many areas of security that need to be considered within your enterprise. An IT environment that spans many technologies can quickly fall behind both on new technology advances as well as on applying the many security fixes required to address numerous reported security problems. The technology areas within the enterprise that need special attention to “stay current” are also overviewed in my presentation.
I recently delivered “IBM i Security Best Practices” as a Syncsort webinar, and I would encourage you to invest an hour of your time in the on-demand recording. In addition to a discussion of best practices, the webinar also includes notes on how Syncsort can help you secure your IBM i environments. If you’re planning to attend POWERUp 19 (aka COMMON US) in May, I will be discussing IBM i security best practices there as well. My goal is to help you understand whether your company has the deep knowledge required to properly secure your IT environment and where you can turn for help assuring your enterprise’s cybersecurity.