Security Still the Top Concern as Privacy Regs Loom
February 12, 2020 Alex Woodie
For the fourth year in a row, security is the number one concern of the IBM i installed base, according to HelpSystems’ 2020 IBM i Marketplace Survey. IBM i shops are clearly concerned about the need to prevent unauthorized access to applications and data. But security’s first cousin, data privacy, also stands to gain more attention with the recent passage of data privacy laws, such as GDPR and CCPA.
HelpSystems released the results of its latest marketplace survey last month, as it has done for the past six years. And just as it has for every year since 2017, security resided atop list of “Top Concerns” tabulated by the systems management vendor.
“I think of this as the list of things that keep you up at night,” IBM Product Offering Manager Alison Butterill said during the webcast to unveil the results in January. “I think that any IT manger, any company executive, would be worried about security. That has been in the same position every year from the first time we did this survey. And I believe that is the number one concern.”
Butterill is close. When HelpSystems published its first IBM i marketplace report way back in 2015, application modernization was the top concern, garnering a 58.7 percent score across a host of other concerns, including HA, IBM i skills depletion, mobile access, and IT spending. Security was not even listed as a concern in that report. When Help surveyed the installed base again the following year, security was the sixth of nine concerns listed, with a 33.1 percent score (application modernization repeated as the number one concern that year).
But every year since then, it’s been a Ballmer-esque mantra of security, security, security (sorry developers). With four of the five most hazardous data breaches occurring since 2017 (according to the list maintained by UpGuard), the pace of major security events would appear to be accelerating. Every organization that amasses large amounts of sensitive information is at risk of a data breach. And while IBM i servers are capable of being quite secure, it’s up to the user to properly configure it.
Tom Huntington, HelpSystems vice president of technical services, notes that HelpSystems’ customers are taking action to shore up their IT security. “It’s interesting to see people spending money on anti-virus, exit point monitoring, and integration of their security events with the rest of the organization,” he said during the IBM i Marketplace Survey call. “It’s not just IBM i people who are concerned about it. It’s certainly Windows, Unix, and Linux” people too.
Part of the security game is complying with regulations. Depending on the industry, a company may be required to comply with PCI, HIPAA, or SOX. But a new round of data privacy regulations, like GDPR and CCPA, which went into effect in California on January 1, is changing the compliance landscape.
“I think privacy is going to impact everybody going forward,” Huntington says. “The privacy of your data and rights to your data — it’s going to impact every organization, whether you’re privately owned or you’re publicly traded. It isn’t going to matter.”
Enforcement of CCPA doesn’t begin until July, which gives some time for American companies who do business with Californians to come into compliance. But other states are expected to follow in California’s footsteps and craft data privacy regulations that are similar to CCPA (which itself is similar to GDPR).
HelpSystems is also tracking how those new data privacy requirements translate into new requirements for IBM i tools and technology. “We’ve also seen a lot of request for data encryption at rest, and data encryption for data that’s in flight,” Huntington says.
Ian Jarman, the former IBM i product offering manager who now heads up IBM Lab Services, is keeping an eye on the evolving compliance landscape, in particular the “dramatic rise” in the number of the regulations.
“The thing that is beginning to change is consumer privacy,” Jarman says. “The GPDR, the [data protection] regulations in Europe, these are being replicated, or similar types of regulations are coming in Latin America, in California, and I think you will continue to see that rise.”
Some American firms with a limited clientele may be relatively insulated from data privacy regulations at this time. If a company has no clients in Europe, California, or one of the Asian countries with a data privacy regulation, they may not have to worry about compliance. But the trend around the country and the world is toward greater regulation of privacy.
With customers around the world, IBM’s Lab Services team encounters a variety of data regulations. “Daily, we have to be aware of these types of privacy regulations,” Jarman says. “So that one is going to increase for sure. If you haven’t seen it now, which you probably have, you’re probably going to encounter it very soon.”