Raz-Lee Summarizes i OS Security Settings in New Compliance Product
March 17, 2009 Alex Woodie
The IBM System i is a notoriously difficult nut for auditors to crack. Accustomed to “standards-based” Windows and Unix systems, auditors sometimes struggle to make their way around a subject’s i OS-based computer. To help alleviate the pain of hunting for security data for auditors and IT managers alike, i OS security software developer Raz-Lee Security last month launched a new product called Compliance Evaluator that seeks to include the most relevant compliance-related security information in a concise, one-page summary.
Raz-Lee, which is based in Israel and has its U.S. offices near New York City, has plenty of experience with helping customers deal with security regulations. Its iSecurity suite can generate hundreds of reports detailing exactly whether a given System i server (and the company running it) is compliant with computer security provisions of countless laws, including Sarbanes Oxley, HIPAA, PCI, Basel II, the California Privacy Act, and ISO 17799, just for starters.
But not everybody wants to wade through the technical minutia–or can understand it, for that matter. Whether a group of users has exceeded the password reset limit of 60 days may be an important thing to consider when sculpting a security enforcement policy. But when all you want is a big picture summary of a customer’s AS/400 security posture, the nitty gritty detail actually hurts productivity; it doesn’t help it.
That’s where the latest addition to Raz-Lee iSecurity suite, Compliance Evaluator (formerly called Compliance On-Demand), comes in. Compliance Evaluator is intended to be used by IT managers and auditors who periodically need concise summaries of System i security settings. The product gathers data from i OS’s QAUDJRN, and generates one-page summary reports, which include an overall compliance score and ratings for specific security-related components, such as system values, network attributes, and user profiles. All of the reports are output in Excel format, and can be automatically e-mailed to managers or off-site auditors.
Raz-Lee CEO Shmuel Zailer says the new product marks a breakthrough in System i security reporting. “With Compliance Evaluator, we’ve take a giant step forward toward our mission of making System i security easily attainable for managers and auditors,” Zailer says. “The clear, single-view display of complex, comprehensive security data makes managers’ tasks a lot easier, enabling them to quickly assess–and immediately improve–the security of their environment.”
The security settings of up to 99 System i servers or LPARs can be summarized by Compliance Evaluator. The product can then take this data and compare the different security scores, generate site-wide security summaries, or even create baseline levels for compliance.
Compliance Evaluator uses the security reporting and scheduling capabilities of several other iSecurity products, including the Firewall and Audit products, to generate its summary. Because of this, it cannot be sold separately from the suite. Instead, it’s meant to help with security compliance reporting of existing and future iSecurity customers.
Compliance Evaluator is available now. Pricing is tier-based and begins at $4,000. For more information, visit www.raz-lee.com.