IBM Addresses Object-Level Security with New Tool

April 17, 2007 Alex Woodie

You have choices in how you implement security on your i5/OS server. Data-centric security implemented at the folder or object level is the most rigorous type of security you can implement, but it is also the toughest to deploy and maintain. To address this challenge, IBM last week unveiled Secure Perspective for System i, a new tool that uses natural language processing to make it easier to secure i5/OS machines at the object or folder level.

Object-level security is powerful stuff on the i5/OS server. It gives administrators the ability to say what objects will be available to which users and when, and which objects users won’t be allowed access to. With object-level security properly implemented, system administrators can rest easy knowing their critical System i data and programs are protected from unauthorized access, even if they haven’t taken steps to clamp down network access via FTP, ODBC, or other easy routes of passage into unprotected i5/OS servers.

But, obviously, it’s not all sweet potatoes on easy street. The rub on object-level security is that it’s difficult to implement, and that has been the case for many years. Several third-party vendors have jumped at the opportunity to put a layer of abstraction in front of the IBM commands with their own tools, to make it easier to get to the nirvana of object-level security. Now, IBM is addressing the complexity level, too, with Secure Perspective for System i.

With Secure Perspective, IBM is providing a way for managers and executives without technical skills to have input into the implementation of object- and folder-level security. The software features a browser-based interface that allows non technical people to define a security policy, using “natural language” (i.e., not arcane i5/OS commands).

After the non technical managers create their policy with Secure Perspective, and a systems administrator with technical skills has mapped the policy to the actual location of the data on the iSeries or System i server, then the changes are automatically implemented.

Secure Perspective provides two other functions in addition to implementing object-level security. First, it includes a “what if” modeler that is designed to predict how a policy will affect the system, and identify potential problems that it may create. (Obviously, you wouldn’t want to accidentally restrict all your users from accessing the system–one of object-level security’s potential problems, and one of the reasons it has been difficult to implement.)

The second additional function is the generation of compliance reports demonstrating object-level security, as well as reports detailing all security policy changes or deviations. You may have the most secure System i setup in the Lower 48, but nobody–including your auditor–is going to believe you unless you prove it to them with a report. This is why security reporting tools have become so important in this post-SOX world.

Secure Perspective works i5/OS V5R3 and V5R4. The software will become available May 4. Licenses for the software start at $1,500 per processor. For ordering information, see the Software Announcement Letter.

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Tags:

Sponsored By
COMMON

Customize your System i education in 2007 with
COMMON's 2007 Annual Conference & Expo,
April 29 - May 3, 2007 in Anaheim, California.

This premier System i education and networking event promises to be larger than our recent conferences, providing invaluable learning and networking opportunities for you and your employees.

The Annual Conference & Expo will be the flagship event of the new "COMMON…Customized" education model, offering over 500 educational sessions, hands-on labs, and all-day workshops. We've added new tracks on hot topics like PHP, open source, and IP telephony - all delivered by the most respected experts in the IT industry. In addition, the new COMMON Annual Conference & Expo will offer non-technical, professional development sessions to help IT managers resolve daily business issues.

COMMON's 2007 Annual Conference & Expo will offer:
· More session hours, including over 500 sessions and hands-on labs
   in a range of choices every hour.
· More user sessions that are driven by users, including customer experience sessions.
· More in-depth education that includes all-day pre-conference workshops,
   all-day Integrated Seminars, open labs and a wide variety of regular-length sessions.
· Emphasis on networking that provides great opportunities to network with your peers,
   IBM developers and executives, and industry experts.
· An extensive Expo of new companies showcasing the latest System i-related
   industry solutions.

The COMMON Annual Conference & Expo is one of the most cost-effective ways to gain knowledge and tools needed to meet the changing demand of IT. You'll pay a reasonable amount for intensive education, and realize a tangible, immediate return on your investment. In addition to the direct cost savings, the networking opportunities and professional contacts are immeasurable.

The COMMON 2007 Annual Conference & Expo is a System i educational and networking event that you and/or your team won't want to miss. To learn more about the conference and to register online, visit www.common.org/conference.html.

The Annual Conference & Expo is just one of the many benefits to COMMON membership, so don't miss out on your opportunity to attend this premier event.

www.common.org

Admin Alert: The Process and Pitfalls of Duplicating Libraries Calling SQL Functions Directly From a High Level Language Program

Table of Contents

Recent Posts

Subscribe

Pages

Search