Raz-Lee Delivers New IFS Object Security for IBM i

September 24, 2013 Alex Woodie

IBM i is renowned for being a very securable OS. Its object-level security capabilities enable customers to lock the system down to a very tight degree. However, the operating system’s object-level security capabilities don’t extend to the Windows-like Integrated File System (IFS) data store that’s used to house non-traditional data and application objects, including all Java and PASE/AIX data and objects. Now Raz-Lee Security says it has an answer to that with a new product called IFS Object Security (IOS).

Implementing object-level security on the server is considered by IBM to be best practice for security on the system. However, it can be a complicated task that is sometimes best left to IBM i security professionals, who can be expensive to hire. That’s one of the reasons that IBM i security professionals and security vendors say that object-level security has not been widely deployed by actual IBM i shops, despite the powerful security advantages that it entails.

Raz-Lee addressed this need four years ago, when it shipped a product called Native Object Security that automates many of the aspects of implementing object-level security on the native IBM i file system.

As a member of Raz-Lee’s iSecurity software suite, NOS enables administrators to set up rules that define security levels for specific objects or groups of objects in IBM i, and also gives them the power to define variables, such as the object’s owner, its authorization lists, what group it’s part of, and whether there are any specific user authorities associated with the object.

The new IOS is essentially a repeat of NOS, but for the IFS instead of the IBM i’s native file system. According to Raz-Lee, it “simplifies the work-intensive–and therefore error-prone–management of access rights to IFS objects by enabling system administrators to easily define target security levels per object and to check for inconsistencies between actual and planned object security settings.”

IOS does this by allowing administrators to assign owners, authorization lists, primary group, and specific user authorities for objects and data. The software also guides users through the implementation of object-level security for IFS, using a “plan, check, set” process. Users can plan multiple object security rules simultaneously using generic naming capabilities and object types, Raz-Lee says, as well as accommodate site-specific IFS definitions in complex, multi-site organizations with multiple divisions. It also outputs reports.

IBM i shops may be surprised to learn how reliant they are on the IFS, and that is one reason why the lack of coverage for the IFS by native IBM i security mechanisms may be so surprising and disconcerting. The file system is used for many of the “modern” applications that customers are running on their IBM i servers, including Java and PHP applications, which run in IFS-resident PASE AIX runtime.

Eli Spitz, vice president of business development for Raz-Lee Security, says the new IOS software will be a good addition for customers who are already running the NOS software. “iSecurity’s Native Object Security and IFS Object Security products together provide a total solution for planning, checking, and setting actual object security rules, which will protect these objects from abuse and enable our customers to adhere to SOX, PCI, and HIPAA regulations, while at the same time easily answering auditors’ requests for tighter access to critical objects,” he says in a press release.

IOS is available now. Pricing was not disclosed. For more information, see www.razlee.com.