• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • New Service Combats Complacency In IT Security

    September 19, 2016 Dan Burger

    The chilling reality of IT security weaknesses is widely overlooked and often assumed to be something that only affects someone else’s business. A close look at our own organizations makes us uncomfortable. So do stories that include expert opinions that every business should begin its security review with the realization that a security breach has already occurred. That’s how real the threat is. And your current security policy, if you even have one, is probably obsolete.

    Security is an ongoing process. It’s not inherent in the system, not even the legendary IBM i platform.

    “Attackers and their targets and objectives are changing,” explains Patrick Botz, a former security architect at IBM who understands the IBM i system’s security capabilities as well as just about anyone. “No longer are they script kiddies trying to make a name for themselves. It’s now organized crime rings and even nation-states looking to make money or establish the ability to cripple critical infrastructure. That means establishing an ongoing, covert presence without being caught. Attacks on at least two small utility companies have already been identified, and ransomware attacks against small businesses have been rampant this year.”

    Smaller businesses, Botz warns, make ideal targets because they have no way of telling if their systems have been breached. They have few security processes in place and most do not actively monitor their systems for potential issues.

    “The IBM i’s legendary security capabilities have made many organizations complacent. They think the system protects them. The simple truth is that the IBM i is highly securable, but you need to know how to apply those capabilities to potential vulnerabilities to keep your systems secure.”

    Because of the growing risk, Botz believes the time is right for cybersecurity management as a service. His company, Botz & Associates, brings a level of security expertise most small to midsize companies could never achieve on their own at a cost that is reasonable. He calls the ongoing security package TeamSecurity.

    “There are tools of the profession, but beyond that are the skills to know what needs to be fixed,” Botz says. “Many small and midsize companies don’t have anyone on staff that knows how to fix security. Adding another piece of security software isn’t going to do them much good if they don’t have a framework in which to deploy that software.”

    Botz believes all businesses need a security/risk management process in order to manage security in a rational way, but they are ill equipped to do that. His company specializes in determining the policies and the steps needed to put the processes in place. Because, as he says, there’s no such thing in security as “set it and forget it,” his TeamSecurity package includes ongoing help with processes that deal with constantly changing new threats.

    Some might think there’s not much to do once the processes are in place and the system is secured. But Botz emphasizes the importance of continuous monitoring by someone who knows what to do with the information that the monitoring provides and who can make decisions based on current information about threats, vulnerabilities, and risks.

    There are three levels of TeamSecurity contracts.

    The highest level includes what Botz calls the virtual chief information security officer (CISO). It provides assistance in designing and implementing a security plan that manages risk; for architecting the processes, developing a roadmap, and implementing related projects. Included is an annual security assessment and monthly monitoring reports of key indicators. Botz says it’s like hiring a CISO at a fraction of the cost.

    The mid-level service provides help monitoring an existing security system. Includes an annual security assessment and monthly monitoring reports of key indicators and an hour of consulting or security services each month.

    The basic level simply involves an annual security assessment and key indicator monitoring and reports.

    The service is not designed to catch a breach as it happens. Botz says that would be far more expensive. This process reduces the risk at a small cost. The monthly monitoring is designed to identify when something isn’t quite right–something that is not supposed to be there. A good plan begins by establishing what is normal and then searching for anomalies. Most breaches occur over a long period of time. It’s not a smash and grab, Botz says.

    Complacency is common among small shops, Botz says.

    “The idea that nobody is going to want to steal from a small company is ludicrous. Small companies are being targeted because they are easy targets. They may not have proper backups, so they have to pay the ransom to get the info back or it will be lost. It’s almost like saying, ‘Why would a small bank in small town have a bank vault.’ Do they need a vault or a guard? No one is going to want to steal from them, right?”

    RELATED STORIES

    Study Identifies Disturbing IBM i Security Weaknesses

    IBM i 7.3: High Time For High Security

    Testing For Security Inadequacies

    Clearing Up IBM i Security Confusion

    State of IBM i Security? Still Horrible, After All These Years

    Security Risks Avoided By The Development Team

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Focal Point Solutions Group

    A CloudSAFE Company

    The Power of Services:
    IBM Cloud and Managed Solutions

    Upgrade your business processes, and save time and resources with specialized, best-in-class IT solutions.

    Managed, Cloud, and Custom Solutions

    Managed Services

    • Infrastructure Monitoring & Management
    • Server Patching
    • Application Patching
    • Managed Backup
    • High Availability/Disaster Recovery Monitoring
    • Cloud Environment Monitoring
    • Office 365 Management
    • Endpoint Management
    • Managed Colocation

    Cloud Infrastructure

    • IBM i Private Cloud
    • IBM AIX Private Cloud
    • VMware Private Cloud
    • VMware Cloud Director
    • Multi-Tenant Cloud
    • Desktop as a Service

    Data Protection & High Availability

    • Disaster Recovery as a Service
    • Backup as a Service
    • IBM i Vaulting

    Security

    • Security Consulting
    • Remote Security Awareness Training & Education
    • Onsite Security Awareness Training & Education
    • Phishing Tests
    • Penetration Tests
    • Mail Security
    • Managed Detection & Response
    • Managed Firewall
    • Endpoint Protection
    • Vulnerability Management
    • Vendor Risk Assessments
    • Security Risk Assessments

    Professional Services

    • Server Virtualization
    • Data & Infrastructure Migrations
    • Hardware & Software Installation
    • Microsoft Office 365 Implementation & Migration
    • Infrastructure Assessments
    • IBM i Consulting
    • IBM AIX Consulting

    Focal Point provides all the tools you need to protect your data, ensure the integrity of your IT infrastructure, and keep your business running.

    Contact Focal Point to Learn More About Our IBM Solutions and Partnerships

    Follow us on LinkedIn

    focalpointsg.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    System i Developer:  RPG & DB2 Summit - October 4-6 2016 in Chicago. Register now!
    BCD:  Webinar: What's Possible with PHP on IBM i. Tues., Sept. 27 at 1pm ET. Sign up now!
    Manta Technologies Inc.:  The Leader in IBM i Education! Download catalog and take sample sessions!

    Generate SELECT For All Columns IBM i Finds A Place At Edge Conference

    Leave a Reply Cancel reply

Volume 26, Number 39 -- September 19, 2016
THIS ISSUE SPONSORED BY:

Profound Logic Software
Maxava
Midrange Dynamics
Computer Keyes
WorksRight Software

Table of Contents

  • New OpenPower Servers Present Interesting IBM i Possibilities
  • What’s Ed McVaney Up To Next?
  • Is It RDi Time Yet?
  • As I See It: The Girl Who Liked to Count Things
  • New Service Combats Complacency In IT Security

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM i Development and Modernization is Getting A Fresche Start with Some Ground-Breaking Subscriptions
  • CloudSAFE And Focal Point Solutions Group Combine Services, Unify Brands
  • Guru: Partitioning Result Sets Using SQL
  • As I See It: Elusive Connections
  • IBM i PTF Guide, Volume 25, Number 47
  • AWS Inks Deal With Connectria To Have a Power Play
  • IBM i Shops Have Alternatives to Db2 Web Query
  • Eradani Lays Waste to API Payload Restrictions
  • Four Hundred Monitor, November 15
  • Old PHP and Other PASE Apps Break on IBM i 7.5

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle