Managing Elevated IBM i Authorities: Best Practices in Data Security and Compliance

Data security and compliance best practices when managing privileged access to IBM i systems

When organizations have too many powerful users, it leaves the system and data exposed to data breaches and other forms of cybercrime. Powerful IBM i special authorities allow users the ability to:

• create, change or delete user profiles
• change system configurations
• change or limit user access

Special authorities such as *ALLOBJ and *SECADM are infamous for wreaking havoc – especially if in the wrong hands as these authorities provide full access to all data on the system.

Users with elevated authority will have access to data such as customer lists, source code, financial information, valuable intellectual property, employee HR files, and other information.  These powerful users could even install malware on corporate systems to give accomplices full access.

While most insider incidents are due to negligence caused by improper configuration of system security controls, the fact is that insider cybercrime is increasing. A recent study found that 15% of data breaches and 20% of data security incidents were related to insider activity1 . “Insiders” may be employees,
contractors, or business partners motivated by financial gain, revenge or achieving a career advantage.

Because insider data security incidents can be so destructive, compliance auditors require that special authority be granted to users only when needed and only for the time required.  The best practice for data security is a separation of duties; even an administrator should have someone monitoring his or her actions and the security measures he or she is putting in place.

Privileged access, or elevated authority, gives users powerful access to IBM i systems. This access can can lead to, or be defined as, a data breach. When users have too much power or authority for longer than they need it to do their jobs, it creates security risks and noncompliance situations.

Download this white paper to learn more about automating the process via an Elevated Authority Management tool that can help organizations keep sensitive data safe and can build in greater IT efficiencies.