• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • New Service Combats Complacency In IT Security

    September 19, 2016 Dan Burger

    The chilling reality of IT security weaknesses is widely overlooked and often assumed to be something that only affects someone else’s business. A close look at our own organizations makes us uncomfortable. So do stories that include expert opinions that every business should begin its security review with the realization that a security breach has already occurred. That’s how real the threat is. And your current security policy, if you even have one, is probably obsolete.

    Security is an ongoing process. It’s not inherent in the system, not even the legendary IBM i platform.

    “Attackers and their targets and objectives are changing,” explains Patrick Botz, a former security architect at IBM who understands the IBM i system’s security capabilities as well as just about anyone. “No longer are they script kiddies trying to make a name for themselves. It’s now organized crime rings and even nation-states looking to make money or establish the ability to cripple critical infrastructure. That means establishing an ongoing, covert presence without being caught. Attacks on at least two small utility companies have already been identified, and ransomware attacks against small businesses have been rampant this year.”

    Smaller businesses, Botz warns, make ideal targets because they have no way of telling if their systems have been breached. They have few security processes in place and most do not actively monitor their systems for potential issues.

    “The IBM i’s legendary security capabilities have made many organizations complacent. They think the system protects them. The simple truth is that the IBM i is highly securable, but you need to know how to apply those capabilities to potential vulnerabilities to keep your systems secure.”

    Because of the growing risk, Botz believes the time is right for cybersecurity management as a service. His company, Botz & Associates, brings a level of security expertise most small to midsize companies could never achieve on their own at a cost that is reasonable. He calls the ongoing security package TeamSecurity.

    “There are tools of the profession, but beyond that are the skills to know what needs to be fixed,” Botz says. “Many small and midsize companies don’t have anyone on staff that knows how to fix security. Adding another piece of security software isn’t going to do them much good if they don’t have a framework in which to deploy that software.”

    Botz believes all businesses need a security/risk management process in order to manage security in a rational way, but they are ill equipped to do that. His company specializes in determining the policies and the steps needed to put the processes in place. Because, as he says, there’s no such thing in security as “set it and forget it,” his TeamSecurity package includes ongoing help with processes that deal with constantly changing new threats.

    Some might think there’s not much to do once the processes are in place and the system is secured. But Botz emphasizes the importance of continuous monitoring by someone who knows what to do with the information that the monitoring provides and who can make decisions based on current information about threats, vulnerabilities, and risks.

    There are three levels of TeamSecurity contracts.

    The highest level includes what Botz calls the virtual chief information security officer (CISO). It provides assistance in designing and implementing a security plan that manages risk; for architecting the processes, developing a roadmap, and implementing related projects. Included is an annual security assessment and monthly monitoring reports of key indicators. Botz says it’s like hiring a CISO at a fraction of the cost.

    The mid-level service provides help monitoring an existing security system. Includes an annual security assessment and monthly monitoring reports of key indicators and an hour of consulting or security services each month.

    The basic level simply involves an annual security assessment and key indicator monitoring and reports.

    The service is not designed to catch a breach as it happens. Botz says that would be far more expensive. This process reduces the risk at a small cost. The monthly monitoring is designed to identify when something isn’t quite right–something that is not supposed to be there. A good plan begins by establishing what is normal and then searching for anomalies. Most breaches occur over a long period of time. It’s not a smash and grab, Botz says.

    Complacency is common among small shops, Botz says.

    “The idea that nobody is going to want to steal from a small company is ludicrous. Small companies are being targeted because they are easy targets. They may not have proper backups, so they have to pay the ransom to get the info back or it will be lost. It’s almost like saying, ‘Why would a small bank in small town have a bank vault.’ Do they need a vault or a guard? No one is going to want to steal from them, right?”

    RELATED STORIES

    Study Identifies Disturbing IBM i Security Weaknesses

    IBM i 7.3: High Time For High Security

    Testing For Security Inadequacies

    Clearing Up IBM i Security Confusion

    State of IBM i Security? Still Horrible, After All These Years

    Security Risks Avoided By The Development Team

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    VISUAL LANSA 16 WEBINAR

    Trying to balance stability and agility in your IBM i environment?

    Join this webinar and explore Visual LANSA 16 – our enhanced professional low-code platform designed to help organizations running on IBM i evolve seamlessly for what’s next.

    🎙️VISUAL LANSA 16 WEBINAR

    Break Monolithic IBM i Applications and Unlock New Value

    Explore modernization without rewriting. Decouple monolithic applications and extend their value through integration with modern services, web frameworks, and cloud technologies.

    🗓️ July 10, 2025

    ⏰ 9 AM – 10 AM CDT (4 PM to 5 PM CEST)

    See the webinar schedule in your time zone

    Register to join the webinar now

    What to Expect

    • Get to know Visual LANSA 16, its core features, latest enhancements, and use cases
    • Understand how you can transition to a MACH-aligned architecture to enable faster innovation
    • Discover native REST APIs, WebView2 support, cloud-ready Azure licensing, and more to help transform and scale your IBM i applications

    Read more about V16 here.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    System i Developer:  RPG & DB2 Summit - October 4-6 2016 in Chicago. Register now!
    BCD:  Webinar: What's Possible with PHP on IBM i. Tues., Sept. 27 at 1pm ET. Sign up now!
    Manta Technologies Inc.:  The Leader in IBM i Education! Download catalog and take sample sessions!

    Generate SELECT For All Columns IBM i Finds A Place At Edge Conference

    Leave a Reply Cancel reply

Volume 26, Number 39 -- September 19, 2016
THIS ISSUE SPONSORED BY:

Profound Logic Software
Maxava
Midrange Dynamics
Computer Keyes
WorksRight Software

Table of Contents

  • New OpenPower Servers Present Interesting IBM i Possibilities
  • What’s Ed McVaney Up To Next?
  • Is It RDi Time Yet?
  • As I See It: The Girl Who Liked to Count Things
  • New Service Combats Complacency In IT Security

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25
  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle