Taking A Centralized Approach To IBM i Security
June 7, 2021 Timothy Prickett Morgan
We are branching out and doing new things here at IT Jungle, and one of them is using video as well as text to get information about the IBM i platform across. Video is certainly not a new thing, and we have done a bit of it as part of consulting engagements, but starting now it is going to be part of what we do on an ongoing basis. We are grateful to IBM i security and high availability software vendor Precisely for initially supporting us in this endeavor.
For our first video interview, we sat down with John Vanderwall, who is co-founder with Carol Woodbury of DXR Security, which was founded last year by the two long-time business partners. Vanderwall is chairman and chief executive officer at DXR Security, while Woodbury is president and chief technology officer, a splitting of workload that the two have used in the past with prior companies. Rather than selling products this time around, DXR Security is more of a consultancy, and in this capacity the two co-founders have been working with Precisely to raise awareness on certain IBM i security issues. This interview was done explicitly for this purpose, and focuses on the need to have a centralized approach to security at IBM i shops.
We were trying to get to the bottom of a number of issues that are absolutely relevant in the IT world today and certainly affect the IBM i platform, which cannot depend on “security through obscurity” as many customers have done in the past. We wanted to know what is the impact of having a centralized approach to security on IBM i, particularly knowing that traditional on-premises enterprise security environments have been decentralized. In decentralized environments, IT teams typically manage and maintain security at the platform level. You secure Windows Server this way, Windows desktops that way, Apple desktops another way, Linux servers still another way, and IBM i with its own methods.
The centralized approach, says Vanderwall, does two important things right off the bat: It brings focus to security methods and tools, and it removes the risk of security holes and lapses to the entire business.
“Another prime motivation for organizations to centralize especially when it comes to security is better collaboration across teams,” continues Vanderwall. “For example, its one team versus individuals scattered across the organization, so knowledge sharing and skills transfer are easier. Second, you see a benefit of more balanced budgeting. What I mean is this: because the function, in this case security, is consolidated instead of each individual fighting for a share of budget, which they may or may not get, you have one place from which to make a request. Since everyone reports into the same manager in a centralized approach, it is likely less tolerated for a portion of the team to get something implemented and the other portions getting nothing implemented. When you are de-centralized, you are scattered, non-implementation could easily be hidden by claiming that resources were needed to address other priorities. Contrast that with a centralized and consolidated approach. where security is their priority and you aren’t pulled in other directions.”
We had a good conversation, and we hope you enjoy it and learn from it.
This content was sponsored by Precisely.