Results of this fourth annual study show that security compliance by System i users has not improved.
Kent, Wash. – Mar 29, 2007 -- The PowerTech Group, Inc. announced today that it has released its fourth annual review of the state of security on IBM’s System i platform (also known as AS/400 or iSeries). The study is based on the results of nearly 200 system audits that were conducted by PowerTech over the last 12 months. The complete results and analysis are published in a whitepaper, which can be downloaded from the PowerTech website at www.powertech.com. The 2007 security study demonstrates that although the system is very reliable and has great security features, the overall security of machines in the field is often both poorly managed, and poorly configured by the organizations that use it.
PowerTech’s President & CEO Jon Scott stated, “IBM has architected the System i with industry leading security capabilities. 98% of Fortune 1000 companies run some part of their business on this architecture, and some of the most sensitive information a company keeps is stored on the system. It is common to find critical applications such as accounting, payroll, inventory control, order entry, and customer care applications all housed on a single machine. The study points out that a large percentage of systems are not configured correctly by IT departments with respect to security, resulting in a large number of systems being vulnerable to internal security breaches.”
System i security expert and PowerTech’s Chief Technology Officer John Earl said, “The computing and networking demands of today’s enterprises require more open connectivity and targeted sharing of data between departments and key business partners. But many OS/400 shops have yet to embrace the new security technologies that are available in IBM’s architecture and through third-party security applications, leaving their critical data exposed.“
Forrester estimates that 70% of all database breaches are internal, making it even harder for IT to monitor such activity because the actions are often undetectable. (Enterprise Databases Need Greater Focus To Meet Regulatory Compliance Requirements, Noel Yuhanna, January 24, 2007)
As good as the operating system is at protecting the data assets, any system is only as strong as the policies and practices deployed to keep it safe. With the extent and cost to companies of data security breaches, and the ease of which the System i platform can be secured, PowerTech continues to be surprised by the study results.
Listed are a few examples of the findings that should alert auditors and executives alike:
- 76% of systems don’t control or audit changes to data made through PC access applications like MS Excel and MS Access creating uncontrolled network access.
- 10% of all users have privileged access (root level access) authority.
- Confidential reports can be viewed by 20% of all users.
- Half of all systems have more than 20 users with default passwords (Password = User name) that can be easily determined by any attacker.
Earl went on to say, “Organizations who utilize OS/400 architecture should not be complacent about the security of this system. These statistics make clear that critical data stored on the System i is as, or even more, vulnerable than data stored elsewhere in the enterprise."
About The PowerTech Group, Inc.
PowerTech is the security expert in managing evolving compliance and data privacy threats with automated security solutions for IBM Midrange Servers. Their ServerProven security solutions are straightforward and save your valuable IT resources, giving companies ongoing protection and peace of mind.
Because System i and AS/400 servers are used to host particularly sensitive corporate data, it is imperative that organizations practice proactive compliance security. As an IBM Advanced Business Partner with over 800 customers worldwide, PowerTech understands corporate vulnerability and the risks associated with data privacy and access control.
Contact:
Christina Sylvester
Director of Marketing
info@powertech.com
(253)479-1420
|
