• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • PowerTech Debuts ComplianceMonitor, Studies Security Practices

    October 11, 2005 Alex Woodie

    PowerTech is gearing up to launch a new product aimed at helping iSeries shops demonstrate their security controls as a means of achieving regulatory compliance. PowerLock ComplianceMonitor, which is due for release in December, saves administrators time and effort by automating the collection and analysis of audit reports from multiple iSeries. In related news, the Kent, Washington, software company released its “State of iSeries Security” report for 2005, which details some troubling trends.

    Like other tools in PowerTech’s PowerLock suite of products, ComplianceMonitor builds off OS/400’s rich collection of security capabilities, and is designed primarily as a time-saving device for administrators faced with regulatory audits, according to PowerTech chief executive, Bruce Leader, who says putting together the reports needed to satisfy new regulations like Sarbanes-Oxley and HIPAA has become an “enormous burden” on companies.

    “In many organizations, the expertise does not exist to adequately assess the security status of iSeries servers,” Leader says. “One of our goals in designing this product [ComplianceMonitor] was to make it easy for personnel who are not familiar with the iSeries to retrieve and interpret relevant audit information.”

    ComplianceMonitor helps overworked (or under-skilled) computer personnel by generating reports designed to satisfy the security audit components of regulations like Sarbanes-Oxley and HIPAA. These reports compare the OS/400 security settings of one or more iSeries servers against industry best practices, which are determined by PowerTech’s OS/400 security experts, and which are largely based on standards like COBIT and ISO-17799.

    A single command given from ComplianceMonitor’s GUI can launch security assessments across multiple OS/400 servers, including user ID configurations and system values, and the results of these assessments can be tabulated into a single report output in PDF, Excel, or CSV formats. Alternatively, users can schedule the tool to collect audit data at night or during off-peak hours.

    Less-skilled personnel can use a set of audit reports recommended by PowerTech, while advanced users can create their own reports. The tool, which PowerTech says can scale to hundreds of servers, includes functionality to group servers according to business needs. Users are also given the capability to set storage limits on the amount of audit data gathered and stored by the tool, and to compare audits from different points in time on the same report.

    Regulatory compliance has been a fruitful area for PowerTech lately (as it has for other OS/400 security tool vendors), and ComplianceMonitor is the company’s second recent offering aimed at helping OS/400 shops deal with audits, auditors, and auditing requirements. Last month the company launched PowerLock SecurityAudit version 2.0, which gave users access to an online tool called the AuditAdvisor that maps OS/400 security settings to COBIT and ISO-17799 standards, which some Big 4 auditors are relying on for regulatory compliance.

    The big difference between ComplianceMonitor and the AuditAdvisor function is in how users access the tools and their reports. ComplianceMonitor offers a PC-based GUI, while AuditAdvisor is only available through SecurityAudit’s green-screen interface. ComplianceMonitor also supports multiple servers, and outputs report in multiple formats, which makes the tool easier to use for people who aren’t familiar with iSeries systems, company officials say. See “PowerTech Translates SOX Requirements Into iSeries Terms” for more on AuditAdvisor.

    ComplianceMonitor was unveiled last month at the COMMON conference in Orlando, Florida. The product was scheduled to enter managed availability in November, with general availability following in December, company officials say. Pricing has not yet been set.

    State of iSeries Security: 2005

    In addition to launching ComplianceMonitor, PowerTech used the COMMON conference to showcase research the company has done in the area of real-world OS/400 security practices. The 15-page report, “State of iSeries Security 2005,” details the results of security audit data gathered by PowerTech from 159 OS/400 shops running 181 iSeries machines between August 2004 to July 2005.


    PowerTech’s study looked at OS/400 security settings and practices in six key areas, including the use of powerful user profiles; passwords; object and file protections; network access controls; system auditing; and system security values. The results are not pretty, and back up the widely held consensus that many iSeries shops are failing to adequately secure their servers.

    Among the most anxiety-inducing findings:

    • OS/400 shops average more than 60 user profiles with ALLOBJ authority, an “unacceptably high number”
    • 11 percent of all user profiles have default passwords, and more than 50 percent of systems have more than 20 user profiles with default passwords
    • virtually all iSeries users have access to data “far beyond their demonstrated need”
    • too many iSeries shops are “dangerously unaware” of the “wide open network access problem”
    • only one-third of iSeries shops use the audit journal, and only 10 percent use tools to sift through the volumes of data it generates

    The news was not entirely bad, however. For example, PowerTech found that most iSeries shops were using either Level 30 or Level 40 security, with just a few using Level 20 or Level 50. Also, the company found that the majority of companies are requiring passwords with six digits or more (although nearly 60 percent of shops did not require a number in the password, which makes it harder to guess).

    PowerTech chief executive Leader says the results of this year’s study are consistent with last year’s findings, and reflect what most iSeries shops would find if they audited their systems. Leader’s main concerns, he says, are that “most organizations do not have appropriate IT controls in place to support the separation of duties required for security compliance.”

    This was the second study conducted by PowerTech, which hopefully will continue the practice. PowerTech published its first “State of iSeries Security” last October (see “PowerTech Security Survey Says Most IT Departments Could Do Better”).

    To download the 2005 security study, go to PowerTech’s Web site at www.powertech.com.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    WorksRight Software

    Do you need area code information?
    Do you need ZIP Code information?
    Do you need ZIP+4 information?
    Do you need city name information?
    Do you need county information?
    Do you need a nearest dealer locator system?

    We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!

    The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.

    PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.

    Just call us and we’ll arrange for 30 days FREE use of either ZIP/CITY or PER/ZIP4.

    WorksRight Software, Inc.
    Phone: 601-856-8337
    Fax: 601-856-9432
    Email: software@worksright.com
    Website: www.worksright.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Shutting Down WRKSBMJOB Options Absolute Versus Relative Paths

    Leave a Reply Cancel reply

Volume 5, Number 40 -- October 11, 2005
THIS ISSUE
SPONSORED BY:

New Generation Software
SoftLanding Systems
SafeData
Asymex
Twin Data

Table of Contents

  • PowerTech Debuts ComplianceMonitor, Studies Security Practices
  • Saving RPG and the iSeries–Now Isn’t That Profound?
  • Looksoftware Developing New Product for Publishing Web Services
  • Aldon Supports iASPs with Change Management System

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Big Blue Raises IBM i License Transfer Fees, Other Prices
  • Keep The IBM i Youth Movement Going With More Training, Better Tools
  • Remain Begins Migrating DevOps Tools To VS Code
  • IBM Readies LTO-10 Tape Drives And Libraries
  • IBM i PTF Guide, Volume 27, Number 23
  • SEU’s Fate, An IBM i V8, And The Odds Of A Power13
  • Tandberg Bankruptcy Leaves A Hole In IBM Power Storage
  • RPG Code Generation And The Agentic Future Of IBM i
  • A Bunch Of IBM i-Power Systems Things To Be Aware Of
  • IBM i PTF Guide, Volume 27, Numbers 21 And 22

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle