PowerTech Releases 2008 Annual State of IBM System i (AS/400) Security Study

Results of this fifth annual study show that System i security compliance remains poorly managed by organizations that use this platform

iNSIGHT 2008

KENT, Wash.--()--The PowerTech Group, Inc. today released its fifth annual review of the state of security on IBMs System i platform (also known as AS/400 or iSeries). This years study is based on the results of over 200 system audits that were conducted by PowerTech over the last 12 months. The complete results and analysis are published in a whitepaper, which can be downloaded from the PowerTech website at www.powertech.com/study2008.asp.

According to industry research, the System i is used by more than 90 percent of the Fortune 1000 alone, and is known to host sensitive and confidential data such as credit card numbers, Social Security numbers, and other private data. Although IBM has architected the System i with industry leading security capabilities, the PowerTech research shows that the System i security is often poorly configured and poorly managed by companies that use it.

PowerTechs President & CEO Jon Scott noted, Organizations should make it a top priority to secure the mission critical data that is on the System i. Yet, year after year, we see System i shops that leave data exposed. For example, the study found that over one third of the systems surveyed in the study are not following the IBM best practice for the overall system security setting.

A preview of the study data was first presented at iNSIGHT 2008, the System i Security and Compliance conference, which recently concluded in Las Vegas. At the conference PowerTech Vice President and CTO John Earl remarked, Once again, this study demonstrates that System i shops are very vulnerable to loss and disclosure of their critical data. Thats the bad news. The good news is that many of these exposures are easily corrected. We publish this study to draw attention to these problems so that they can be addressed.

As good as the operating system is at protecting data, any system will only be as strong as the policies and practices deployed to keep it safe. Listed below are a few examples of the study findings that trouble auditors and executives alike:

  • 68% of systems allow any user to change data on the System i using PC applications like MS Excel and MS Access. These systems also did not audit this vulnerability, which effectively hides it from oversight.
  • Out of an average of 751 users, 9% of all users have privileged (root level) access authority.
  • 30% of systems are not using the system security auditing tool inherent in the system.
  • Over half of the systems have more than 16 users with default passwords (Password = User name) that could be easily determined by any attacker.

About The PowerTech Group, Inc.

PowerTech is your security expert in managing evolving compliance and data privacy threats with automated security solutions for IBM Midrange Servers. Because System i and AS/400 servers are used to host particularly sensitive corporate data, it is imperative that organizations practice proactive compliance security. As an IBM Advanced Business Partner with over 1000 customers worldwide, PowerTech understands corporate vulnerability and the risks associated with data privacy and access control. PowerTech hosts iNSIGHT, the annual System i Security and Compliance conference.

Contacts

The PowerTech Group, Inc.
Sadie Cummings, 253-872-7788 ext. 346
Sadie.cummings@powertech.com

Contacts

The PowerTech Group, Inc.
Sadie Cummings, 253-872-7788 ext. 346
Sadie.cummings@powertech.com