Secure IBM i Systems to Meet Today's Risks

IBM i is no longer isolated from threats. The increase in web-based applications and network presence as part of modernization efforts has also increased security risks.
Modernization has also made security requirements more complex than even just five years ago. For example, the need to lockdown access has to be balanced with appropriate web access to support a modernized legacy application.
Security best practices are often neglected due to the perception that IBM i is secure “out-of-the-box.” IBM i is capable of being a highly secure platform, but only if you leverage the available security features.

Our Advice

Critical Insight

“Security by obscurity” doesn’t work anymore. The increase in attack surfaces as companies modernize and web-enable legacy applications means security has to be just as much a concern for this platform as for any other.
The platform’s environment and security risks are too complex to manage effectively without the assistance of third-party tools, especially for mid-to-large enterprises. For example, third-party tools are necessary to review system logs, enforce change control, and manage user access rights.
The security practices of the green-screen days aren’t good enough anymore. Organizations must adapt their security practices for IBM i to meet today’s increased security risks.

Impact and Result

Address modern security risks from external Internet-based attacks to application vulnerabilities such as SQL injection and cross-site scripting.
Implement appropriate guidelines for assigning special authority access rights.
Establish best practices for security monitoring.

Secure IBM i Systems to Meet Today's Risks Research & Tools

1. Secure your IBM i system to meet today's risks

Protect your IBM i from external and internal threats.

2. Restrict network access

Ensure IBM i requirements are incorporated into perimeter security.

3. Secure your applications

Incorporate security requirements in application development processes.

4. Protect your data

Exclude public access to your data and encrypt sensitive data.

5. Manage user access rights

Control user access rights for internal staff, vendors, and consultants.

6. Implement security monitoring

Enable security auditing and conduct regular security reviews.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Author

Frank Trovato

Contributors

Rick Odegard, IT Operations Manager, Appleton
Steve Barb, Senior Programmer/Analyst, City of Winchester, Va.
Trevor Perry, Chief Strategist, Angus Thinks!