- JD Edwards
- IBM i / AS400
- Support Services
Is your organization’s AS/400 security up to current standards? When it comes to IBM i security, even a small step is better than no step at all. That’s why we recommend conducting a security assessment.
But what exactly is an IBM i security assessment and what should you expect? We’re sharing examples from two of our clients to help clear up confusion and give you insight into how to improve your current IBM i security.
Our first client example concerns a retail company specializing in outdoor sporting supplies. Because they sell firearms for hunting, the client is regulated by the Bureau of Alcohol, Tobacco, and Firearms, which requires them to meet certain standards.
This client contacted our team and requested a basic information security assessment and recommendations for improvement. They had recently suffered a cyber security incident where a ransomware attack damaged a portion of their infrastructure and took far too much IT effort to contain and remediate. In order to reduce their risk of experiencing this again, they wanted to improve their security.
Our security assessment takes a wholistic approach to cyber security because security is not determined by any one specific thing, but is the combined effort of people, policies, procedures, and technology.
The Briteskies security team is led by senior consultant Rob Nettgen. He has 30 years of IT experience, 15 years of information and cyber security experience, and became a Certified Information Systems Security Processional (CISSP) in 2009.
This client has an IT team dedicated to operational support and they maintain most of their infrastructure onsite, including email, file, database, and application servers and network security. Here are a few things they were doing right.
Although all of that was a good start, there were still a few things this client had to work on, including:
While this client had taken modest steps towards improved security, there were still plenty of opportunities for further enhancements. Here are a few of the recommendations that our team made:
With these recommendations in place, our team was able to help the client create a plan for implementing the necessary changes. They were able to implement practices that allowed them to handle their security in-house moving forward, of course our team is always available for additional help.
Our second client example is with a client who manufactures sand for the oil and gas industries. As a publicly-traded company, they are regulated by SOX. While they had established security practices in place, this client wanted an external assessment to identify any additional opportunities for security improvement.
This client already had a well-developed and implemented information security program. Here’s what that entailed:
Along with those best practices, this client’s data center is located offsite with strong physical security. They also perform an annual IBM i-focused disaster recovery test to stay on top of backup media and recovery procedures.
Because of all of the hard work this client had already done on their cyber security, nothing our team found during the IBM i security assessment was deemed a critical risk. However, that doesn’t mean we didn’t find potential security vulnerabilities. Here are a few risks our team identified:
By identifying these vulnerabilities and helping the client establish a plan for remediating them, this client was able to further improve their information security.
Because this client already had the basics of cyber security in place, our assessment was able to get more granular with our findings. This more advanced IBM i security assessment highlights the fact that there are always next steps to be taken when it comes to protecting your system and data.
Are you ready to perform an IBM i security assessment? Our team is ready to help. Contact us to get started.