IBM Addresses Object-Level Security with New Tool
April 17, 2007 Alex Woodie
You have choices in how you implement security on your i5/OS server. Data-centric security implemented at the folder or object level is the most rigorous type of security you can implement, but it is also the toughest to deploy and maintain. To address this challenge, IBM last week unveiled Secure Perspective for System i, a new tool that uses natural language processing to make it easier to secure i5/OS machines at the object or folder level.
Object-level security is powerful stuff on the i5/OS server. It gives administrators the ability to say what objects will be available to which users and when, and which objects users won’t be allowed access to. With object-level security properly implemented, system administrators can rest easy knowing their critical System i data and programs are protected from unauthorized access, even if they haven’t taken steps to clamp down network access via FTP, ODBC, or other easy routes of passage into unprotected i5/OS servers.
But, obviously, it’s not all sweet potatoes on easy street. The rub on object-level security is that it’s difficult to implement, and that has been the case for many years. Several third-party vendors have jumped at the opportunity to put a layer of abstraction in front of the IBM commands with their own tools, to make it easier to get to the nirvana of object-level security. Now, IBM is addressing the complexity level, too, with Secure Perspective for System i.
With Secure Perspective, IBM is providing a way for managers and executives without technical skills to have input into the implementation of object- and folder-level security. The software features a browser-based interface that allows non technical people to define a security policy, using “natural language” (i.e., not arcane i5/OS commands).
After the non technical managers create their policy with Secure Perspective, and a systems administrator with technical skills has mapped the policy to the actual location of the data on the iSeries or System i server, then the changes are automatically implemented.
Secure Perspective provides two other functions in addition to implementing object-level security. First, it includes a “what if” modeler that is designed to predict how a policy will affect the system, and identify potential problems that it may create. (Obviously, you wouldn’t want to accidentally restrict all your users from accessing the system–one of object-level security’s potential problems, and one of the reasons it has been difficult to implement.)
The second additional function is the generation of compliance reports demonstrating object-level security, as well as reports detailing all security policy changes or deviations. You may have the most secure System i setup in the Lower 48, but nobody–including your auditor–is going to believe you unless you prove it to them with a report. This is why security reporting tools have become so important in this post-SOX world.
Secure Perspective works i5/OS V5R3 and V5R4. The software will become available May 4. Licenses for the software start at $1,500 per processor. For ordering information, see the Software Announcement Letter.