Kent, Wash. - October 24, 2006 The PowerTech Group, Inc. announced today that it has released its third annual review of the state of security on IBM's System i platform (also known as AS/400 or iSeries).  The study is based on the results of 188 different system audits that were conducted by PowerTech over the last 12 months.  The complete results and analysis are published in a whitepaper, which can be downloaded from the PowerTech website at www.powertech.com.   

IBM has architected the System i with industry leading security capabilities. The majority of Fortune 1000 companies have trusted the System i for years to house the most sensiitive and critical applications used for enterprise resource planning (ERP), finance, inventory, and human resources.  These organizations may have been given a false sense of security by their IT auditors and staff, who are unaware of vulnerabilities.

 

"The results of this annual study are consistent with previous years and led us to believe that the majority of AS/400s (System i) are unable to pass an IT audit and comply with government regulations," said Jon Scott,  CEO of PowerTech.  "This study should serve as a wake up call for IT Executives, Administrators and Auditors to the fact that the reputable AS/400 platform is plagued with poorly written applications that do a bad job of protecting critical data."

 

Listed are a few of the examples of the findings that should alert auditors and executives alike:

 

91% of systems don't control or audit changes to data made thru PC access - a violation of COBIT standards, which should be a material weakness.

95% of all systems have more than 10 user with *ALLOBJ (root) authority - a threat to data integrity and an audit deficiency.

 

77% of all systems have more than 20 users with passwords the same as user name – an obvious violation of COBIT and ISO password standards.

 

“Too often projects involving security on the System i are not given the proper priority because the system is assumed to be secure,” says John Earl, PowerTech CTO.  “The data in this study indicates that just like UNIX and Windows platforms, the System i can be very vulnerable.” 

      

The whitepaper includes more than just the results from the assessment of 188 different systems. To assist security professionals who are defining policy across the enterprise, PowerTech also cross references security issues on the iSeries against the Control Objectives for Information Technology (COBIT) framework. The conclusion includes recommendations for remediation of the different control issues uncovered in the survey.