The Four Hundred

It's a tricky technological tango building and maintaining modern IT infrastructures. And it can't be done effectively without a watchful eye on security issues. Damages related to security breeches have grown significantly over the last few years, setting off a trend in IT budgeting that places bigger numbers on line items labeled security. This comes at a time when corporate spending receives close scrutiny, yet the amount spent on security continues to rise and the rate of spending in this area is predicted to climb.

"The focus on critical infrastructure protection means that the government, utilities, transportation, and energy sectors will be forced to spend more on security," said John Pescatore, vice president and research fellow at Gartner. HIPAA guidelines for the health-care industry, plus many federal, state, and local laws that affect data integrity and dissemination, add more pressure to lock down the security. Nearly every company and organization is facing increases in the number of people with access to critical data, and with that comes increased security challenges.

"Security spending can't continue to consume ever-increasing portions of the IT budget. No enterprise can afford to spend more on insurance than on new product development," Pescatore said. "By 2005, security groups that can't demonstrate security effectiveness metrics will experience flat-to-declining IT security funding."

The repercussions related to security failures and fixes echo throughout IT industry. Data integrity, privacy issues, industry regulations, and government legislation all factor into the increasing concern.

For those of us concerned with the iSeries and AS/400, security has rarely been an issue because of the proprietary nature of the box and a belief that no one outside the organization could break in. We all slept a little bit better each night thinking that way. Well, there's been a reality check. There are serious issues to be dealt with from within and outside of our organizations. There are myths and misconceptions, exaggerated stories, and do-nothing attitudes that have led to, and are continuing to lead to, trouble.

What is worrisome is that many people are without the information needed to make the right moves that can shore up security evils. Few see security problems coming. Good fortune may smile on some, but it's predictable that others will incur detrimental and costly intrusions that could alter their vital business practices and put valuable proprietary information at risk.

COMMON takes the threat seriously. To help raise the level of awareness and to provide the information, the education, and the training that is needed, the international iSeries users group designated security as the focus of its fall conference in Orlando, Florida. More than 50 educational sessions and labs have been scheduled, and three meeting rooms at the conference will have non-stop security sessions throughout the course of the conference. It will be possible for attendees to book their conference days solid with security topics.

COMMON calls its specialized subject curriculum a focused education roadmap, and is offering four security-related options at its conference next month: iSeries Foundation Security, iSeries Advanced Security, Building and Using Virtual Private Networks, and Single Sign-on.

Because security issues involve everyone in a company that touches the IT department, topics will include management issues, iSeries features, software applications, and networking communications. Advanced technologies such as virtual private networks (VPN), digital signatures, and digital certificates (PKI) cover territory that shows how businesses are going to operate differently. The top experts in the security field will be explaining these topics. Instructors include Pat Botz, IBM's lead architect for OS/400 security and member of the eServer security team; Jim Fey, one of the foremost experts on the topic of virtual private networks; and John Earl, chief technology officer for security software vendor The PowerTech Group.

Many of the top software firms that specialize in iSeries protection are presenting sessions that detail technologies and products designed for specific circumstances, and many will have their in-house experts at their booths in the vendor expo area.

It's a good place to learn outside the classroom and to gain an understanding of what the various off-the-shelf solutions will cost in both time and money.

Network intrusion, hacking, and other high-tech fraud, in many cases, require investigation. Chances are, you'll not find Officer Joe Friday called in for this type of work. In real life, you'd get a guy like Bob Breeden, special agent supervisor for the Florida Department of Law Enforcement's Computer Crime Center. Breeden, a keynote speaker at COMMON, and his staff are a rare mix of cop and computer geek. His stories should be warnings for those still thinking about whether to implement improved security procedures.

If you look at the selection of topics and authors in this special security edition of The Four Hundred newsletter, you'll see a condensed version of the COMMON security focus. We've presented five in-depth reports on issues that are central to any discussion of iSeries security. It was designed to give you the knowledge to initiate a security plan, to realize what's available, what's feasible, and what to be cautious of. We think it will add clarity to this topic and allow you to fit together the pieces of your own security puzzle in a better light.

I think some people believe the security risks are overstated, that it's being unnecessarily sold like the second or third set of locks on your front door. But the locks on your door don't do a thing if you don't use them and not everything that can hurt you will walk through the front door.

There's a lot to be nervous about in situations where no security is in place or when it is mistakenly believed that your system is secure. There's no excuse for being unprepared. Quite simply, too much is at stake to ignore what's going on around you.