• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Security Checks Drive Consulting Biz for Briteskies

    June 14, 2021 Alex Woodie

    With high-profile ransomware attacks becoming the norm and calls for a federal cybersecurity department gaining steam, there’s a distinct uneasiness when it comes to the security of corporate computer systems. That uptick in awareness is helping to drive business for Briteskies, the Cleveland, Ohio-based IT consultancy that has made IBM i security a cornerstone of its business.

    Briteskies was founded in 2000 primarily as a JD Edwards specialist for organizations in the Great Lakes region. Over the years, the company has expanded into other niches, including Magento e-commerce systems, custom RPG development, and computer security.

    The market for IBM i security services, in particular, was underserved, according to Bill Onion, managing director at Briteskies. “We identified a long time ago that infosec was growing,” Onion tells IT Jungle. “We were looking at that saying, well nobody is paying attention to the IBM i.”

    The company has five employees who are dedicated to providing IBM i security services, including conducting security assessments of IBM i installations and remediating the problems it finds.

    “Generally, that was kind of okay [that people were not paying attention to the IBM i], but it’s getting more and more to where it’s not,” Onion said. “There’s still a lot of folks that think that because it’s an IBM i server, it’s presumed safe. They think they don’t need to worry about that.”

    Briteskies brings all sorts of tools to bear on its IBM i security engagements, most of which are with its clients in the Midwest, but some that are as far as Texas and California. It leans on automated assessment tools from HelpSystems and the new VERIFi offering from iTech Solutions that we wrote about in February.

    ALLOutSecurity, which develops JD Edwards-specific auditing tools, is another Briteskies partner. It also works with local Cleveland-based backup and disaster recovery (DR) firm, UCG Technologies, to help prepare customers for ransomware attacks, as well as DXR Security, Carol Woodbury’s new security firm, on penetration testing for IBM i. Onion says Tenable’s the network scanning tool, Nessus, does a good job with IBM i.

    After Briteskies runs a security assessment, it provides a color-coded report that lists the various vulnerability it finds, with red, yellow, and green corresponding to the severity levels. Mapped IFS drives can big a big concern, especially in this age of rampant ransomware. The degree of coverage of exit points with exit programs is another area to look at, especially concerning the “alarming” finding from HelpSystems earlier this year that detailed a disturbing lack of exit programs in place at IBM i shops.

    If there are a lot of service profiles with ALLOBJ active on the system, that will be flagged too. “Once you have ALLOBJ authority, you can pretty much, with a couple of steps, get access to the entire system, which is really terrifying,” Onion says.

    Briteskies gives its clients an assessment of the problems that it identified and the ways they can be fixed, Onion says. “Most of our customers say, they’ve got it, we’re going run with it and they take care of themselves,” he says. “Sometimes we’ll do some of the work, so we’ll split the work up to kind of tighten up the security posture.”

    These assessments sometimes turn up unexpected results. For instance, one client that contracted Briteskies to help it test its DR strategy turned out to have an IT system that had a Year 2000 issue. “They’re running an ERP system that they didn’t update for Y2K, 21 years ago,” Onion said. “We all got a chuckle out of it, but it’s also scary at the same time.”

    As fate would have it, the company that wrote the ERP product was out of business. Briteskies managed to get the system updated and tested, and this customer’s Y2K story had a happy ending. But it very easily could have ended differently.

    “They could not fully recover from that, not on the fly, not in that scenario,” Onion says. “If that company had ransomware or any type of attack or any type of power outage where they lost things, they would not have been able to easily recover from that.”

    Many customer engagements reveal a general lack of awareness about basic security precautions. For example, during one security engagement at a smaller shop, the Briteskies technician had the time to inspect the company’s entire IT portfolio. It turned out they were using a residential-type router as the VPN, which is not a recommended security configuration.

    “He showed the client the article that shows you how to hack through that thing and get access to their network,” Onion says. “They were worried about the IBM i. We’re like, your whole network’s at risk right now. So it is kind of an arms race, both hardware and software, to try to stay up with the stuff that the hackers are doing.”

    The state of security among IBM i shops is a work in progress. Some IBM i shops take it seriously. Other shops, not so much.

    “I think the awareness is certainly increasing. That’s a good positive step,” Onion says. “But I still think it’s really bad. I don’t know many shops that are great. There’s a handful out there. But most of them are just same as it was in the late 1990s. They just haven’t made that jump.”

    One good indicator that an IBM i shop has made the leap is whether they have somebody with a Certified Information Systems Security Professional (CISSP) certification on their staff or on retainer. “That, to me, is a good metric, to say how many folks that are IBM i savvy also have their CISSP,” Onion says. “There are not many.”

    Security threats are evolving, and it’s important that IBM i shops keep up with the changes. The modern IBM i server is an open platform that can run a multitude of applications, and integrate with just about any service across the Internet. It’s no longer cut off from the rest of the world, which is a good thing for commerce, but raises the stakes.

    At the same time, there are some commonsense things that the majority of IBM i professionals could do to address many of the threats. You don’t have to be a cyber genius to eliminate the bulk of the potential problems, Onion says. Briteskies and other consulting firms like it can help you identify and address them, or you can do them yourself.

    “We’re going to walk around to make sure all the barn doors and windows are closed, the obvious ones, and get those things secured and locked up,” Onion says. “We have really smart engineers, but anybody who is a savvy IBM i’er can do those things. It’s just a question whether they have the time and expertise to do that.”

    RELATED STORIES

    Taking A Centralized Approach To IBM i Security

    Malware Threats and Cyber-Recovery on IBM i

    Ransomware Epidemic Hits Epic Proportions, And IBM i Shops Take Notice

    iTech Solutions Keeps You In The Know With VERIFi

    3 Takeaways from the 2021 PowerTech Security Report

    ‘Alarming’ Security Gaps Exposed in IBM i Marketplace Report

    Is Information Overload Hurting IBM i Security?

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: ALLOBJ, Briteskies, Certified Information Systems Security Professional, CISSP, ERP, IBM i, IFS, VPN, Y2K

    Sponsored by
    PERFSCAN

    Revolutionary Performance Management Software

    At Greymine, we recognize there is a void in the IT world for a dedicated performance management company and also for a performance management tool that’s modern, easy to use, and doesn’t cost an arm and a leg. That’s why we created PERFSCAN.

    PERFSCAN is designed to make your job easier. With revolutionary technology, an easy-to-read report and graphics engine, and real time monitoring, tasks that used to take days can now take minutes. This means you will know your system better and will be able to provide better service to your customers.

    OUR FEATURES

    PERFSCAN is full of robust features that don’t require you to take a three-day class in order to use the product effectively.

    Customizable Performance Reporting

    Whether you are troubleshooting a major system problem or simply creating a monthly report, PERFSCAN lets you select any combination of desired performance metrics (CPU, Disk, and Memory).

    User Defined Performance Guidelines

    No matter if you are a managed service provider managing complex systems in the cloud or a customer analyzing your on-premises solution, PERFSCAN gives you the flexibility to define all mission critical guidelines how they need to be.

    Understanding The Impact Of Change

    Tired of all the finger pointing when performance is suffering? PERFSCAN’s innovative What’s Changed and Period vs. Period analysis creates a culture of proof by correlating known environmental changes with system performance metrics.

    Comprehensive Executive Summary

    Creating performance graphs is easy. Understanding what they mean is another thing. With one mouse click, PERFSCAN includes an easy-to-understand executive summary for each core metric analyzed.

    Combined Real-Time Monitor And Performance Analysis Tool

    With PERFSCAN’s combined built in enterprise real-time monitor and historical performance analysis capability, you will always know how your mission-critical systems are performing.

    Cloud Performance Reporting Is Easy

    Managing performance for production systems in the cloud can be a black hole to many system administrators. The good news is PERFSCAN analyzes all core metrics regardless of the location. That’s why MSPs and customers love PERFSCAN.

    Detailed Job Analysis

    PERFSCAN shows detailed top job analysis for any desired period. All metrics are displayed in two ways: Traditional Report and Percentage Breakdown Pie Chart. This toggle capability instantly shows the jobs using the most system resources.

    Save Report Capability

    Your boss lost the report you gave to him on Friday. Now what do you do? With PERFSCAN’s save report capability, any report can be retrieved in a matter of seconds.

    Professional PDF Reporting With Branding

    Creating professional looking reports for your customers has never been easier with PERFSCAN. Branding for our partners and service provider customers is easy with PERFSCAN.

    Check it out at perfscan.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    IBM i PTF Guide, Volume 23, Number 24 Guru: Use SQL To Replace Reports

    Leave a Reply Cancel reply

TFH Volume: 31 Issue: 41

This Issue Sponsored By

  • ProData
  • Fresche Solutions
  • UCG Technologies
  • Computer Keyes
  • Raz-Lee Security
  • ARCAD Software

Table of Contents

  • IBM Versus GlobalFoundries: A Lawsuit Instead Of The Power Chips Planned
  • Thoroughly Modern: Clearing Up Some Cloud And IBM i Computing Myths
  • Guru: Use SQL To Replace Reports
  • Security Checks Drive Consulting Biz for Briteskies
  • IBM i PTF Guide, Volume 23, Number 24
  • Moving To Git Source Control On IBM i

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Fortra Issues 20th State of IBM i Security Report
  • FNTS Launches Managed Services for Power Servers in IBM Cloud
  • Total LTO Shipped Capacity Up Slightly in 2022
  • Four Hundred Monitor, May 24
  • Update On Critical Security Vulnerability In PowerVM
  • Critical Security Vulnerability In PowerVM Hypervisor
  • IBM Power: Hosted On-Premises Or In The Cloud?
  • Guru: Watch Out For This Pitfall When Working With Integer Columns
  • As I See It: Bob-the-Bot
  • IBM i PTF Guide, Volume 25, Number 21

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle