briteskies-knowledge-base

Why It's Time to Audit Your IT Department

Bill Onion
October 2020

Generally, when people think of audits they think of a company’s financials with the ultimate goal of determining if all the financial components of a company are being handled correctly, honestly, and securely. But what about auditing the back-end systems that are doing the actual routing and securing?

Information Technology is the centerpiece of your company. Whether it’s storing company passwords, financial information, or playing gatekeeper to who can access your system, IT is the core of your company’s functionality.

But what happens when the core begins to break down? Maybe it’s cracking from old age or from repeated pressures building up. Or maybe it was just never that strong to begin with.

One of the biggest misconceptions within the market is that the IBM i is secure and doesn’t need maintenance, and compared to other platforms that is true, but it doesn’t mean you can take an “out of sight out of mind approach”, nor does it mean you can overlook performing risk assessments or acting on them once they’ve been performed.

Your IT infrastructure is one of the single most important parts of ensuring a safe, thriving, and successful company. Don’t fall under the false approach of “security through obscurity”.

With the IBM i, the initial hack is often not through the platform directly, but instead uses other areas of the infrastructure as a conduit. In one instance the IBM i was brought down by malware via the PC. Because the company had a drive mapped to route on a PC, when the PC got hit the malware spread to every network drive, including the IBM i.

While companies are often financially audited, less time and expertise is devoted to their information technology practices. And so, though companies likely set up initial information security practices, often it gets left to the wayside and forgotten about, and sometimes it comes back to haunt.

There’s a sweet spot that people want to hit with security, but most people have that sweet spot too low, creating the façade of security without putting in the real effort. By performing an IT audit, you are forced to double check your practices, to make sure that they are still strong, functional, and protective.

With security, there’s never perfection, just constant improvement to defend against cracks vulnerabilities as best as possible.

If you are wondering if your IBM i is secure and if your IT infrastructure is a liability, start by asking yourself these questions:

  • Do your company password rules become more lenient when working on the IBM i?
  • Does your server have open access to and/or from the internet?
  • Do you know if your server can be accessed from the internet?
  • Have you troubleshooted to make sure you don’t have weak infrastructure access controls?

If you’re concerned your IT infrastructure may be vulnerable, get started with a security assessment to identify your risks and create a roadmap for determining the next steps.

Whether you're performing an IBM i audit or are the company being audited, visit our IT Security Audit resource page for more helpful information.

Still have questions? You can always reach out to our infosec team for more tips and advice for how to best secure your business.

Questions? Contact Us For More Info

A Great Offer, Just a Click Away

Lorem ipsum dolor sit amet, consectetur adipiscing elit

Subscribe by Email

No Comments Yet

Let us know what you think