• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Security Is Top of Mind at VAI

    November 16, 2022 Alex Woodie

    Kevin Beasley hasn’t added “security” to his title yet at VAI, the Long Island-based IBM i ERP software and services provider. But the longtime CIO may just yet, considering all the security activities he’s overseeing for VAI’s on-prem and cloud customers alike.

    “We’re constantly looking at new things,” Beasley tells IT Jungle. “Obviously, the security landscape out there is phenomenally dangerous. There was a local government attacked here, and we’re constantly working on security.”

    The top threat at the moment is ransomware, which is typically perpetrated through email or text phishing schemes. Nearly a dozen VAI customers have been hit by ransomware in just the past 18 months, Beasley says. While none of the recent attacks breached the IBM i server at the heart of an S2K deployment, they did compromise some of the outer layers of the companies’ security apparatus.

    The message is getting out, Beasley says. Security is a big deal, and customers are taking notice. That’s a good thing.

    “As recently as a couple of years ago, during the big attacks like Colonial Pipeline, a lot of customers, especially SMBs [small the midsize businesses] said, ‘Ah I don’t have to worry about that type of problem. They’re only going after the big guys,’” Beasley says. “Well, they go after everybody’s nowadays. Big, small it doesn’t matter. Lately, they’ve been targeting governments.”

    VAI has always taken security seriously. Some IBM i ERP software vendors are bit lackadaisical when it comes to IBM i configurations, but you won’t find VAI users operating under powerful user profiles like QSECOFR or working with ALLOBJ security.

    “Obviously we encourage people to move away from certain protocols, like SMB [Server Message Block], or at least have something that’s going to do some inline scanning of things like that,” Beasley says. “In our applications we offer a replacement option for customers who don’t want to do mapped drives and file shares. It’s an application we wrote that would replace it. It still can be launched from the IFS, but it’s being launched through a Web browser and through security settings, with various different levels of authentication.”

    Having a good software architecture running atop IBM i – one of the most hardened operating systems around – can give IBM i shops piece of mind. When the security administrator locks down the rest of the platform – which is something that VAI does for its cloud customers and which it recommends that on-prem customers do for themselves – it can present a very resilient defense.

    “IBM i stands up pretty good,” Beasley says. “You still have to make sure you have your security set correctly. Many times in the IBM i world . . . if it’s not completely public facing, you have to worry more about internal security, whether you’re going to get hit with ransomware, and do you have everything in your authorities correctly set and so forth.”

    While the IBM i side of the house is mostly under control from a security perspective, it’s the other components that worry Beasley. It’s ensuring the network edge is sufficiently protected, that you’re on top of new vulnerabilities, that you’re applying patches, that the Web application firewalls are updated and functioning, that you’re looking for spoofing and any traffic that could be impersonating you.

    But it’s been forced to up its game in response to the situation on the ground. Considering the threat that phishing poses to potential ransomware attacks, user training is a big deal. VAI conducts training sessions every couple of months to help educate its customers on how to avoid. Even so, ransomware attacks are still successful. “It happens all the time,” Beasley says. “You just don’t hear people talking about it.”

    VAI already conducts periodic system audits and has contracts with penetration testing provider to check the security of its systems. Those provide a good point-in-time reference for security, but Beasley wanted something that could work in a more real-time manner.

    “It’s like when you’re doing a data backup. You’re backing up. It’s a point in time,” he says. “We’re looking at what’s going on out in the security world that is the security equivalent of continuous data protection, or high availability.”

    To that end, VAI is now contracting with additional security professionals who can actively work to penetrate the system, in a “red team-blue team” type of configuration. The company has brought in some folks with high-level security experience, including former military, to help them take security to the next level. This gives Beasley and the VAI leadership team more confidence that they are doing everything they can to protect their clients’ valuable data.

    “We wanted to . . . ensure that we’re secure [by] using red-team types tools that simulate what an attacker would really be looking for,” he says. “Not just a simple weakness. You can patch this, and we do patching and everything else. But sometimes, what a blue team might think is what’s being targeted might not be what our red team might be looking at.”

    VAI has also contacted the Cybersecurity & Infrastructure Security Agency, a federal agency in the Department of Homeland Security. According to Beasley, CISA will assign a security advisor to work with American companies free of charge.

    “Obviously they’re on top of everything,” he says. “But being in contact with them obviously and having an advisor that we can reach out to when we need to” has been beneficial.

    The majority of new sales for VAI today are occurring in the cloud. Part of the reason for that is doesn’t require the customer to have as many technical skills, which for an IBM i software developer, is a good thing. But the other part of the cloud equation is that it actually provides a more secure environment, Beasley says.

    RELATED STORIES

    Security Alert: The Anti-Alfred E. Newman Effect

    Security Threats, They Are a Changin’

    ERP Deployments Shift Cloudward, Even On IBM i

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: ERP, IBM i, VAI Software

    Sponsored by
    UCG TECHNOLOGIES

    A Focal Point Solutions Group Company

    Comprehensive Data Protection from UCG Technologies

    Your organization needs to be thinking differently about your backup & disaster recovery strategy

    Concerns of the Industry

    • Inefficient manual backup processes
    • Effectively storing data offsite
    • Developing and testing a concrete disaster recovery plan
    • Efficient access to data in a disaster scenario for necessary users
    • Risk of cyber security attack
    • Declining IT staff and resources

    The true cause of the above concerns is an organization’s status quo – 80% of IBM i users currently backup to tape and 40% of companies have no DR plan at all. Don’t wait for a disaster to take action.

    The new way to ensure cost-effective safety

    • Automated cloud backup
    • Two (2) remote sites – redundant storage, power, internet pipe, firewalls, etc.
    • Data encryption at all times – in-flight and at-rest
    • Fully managed remote hardware DR, including remote VPN access for necessary users
    • Regularly simulated phishing tests and cyber security training

    Potential “landmines” in solutions to avoid

    • Single point of storage – no redundancy
    • Misleading data analysis, compression/de-dup ratios, sizing of necessary computer resources for backup and DR
    • Large-scale cloud storage with difficult recovery
    • Inability to meet RTO/RPO

    Don’t get caught like the many organizations we’ve seen with inefficient exposed backup data and no DR plan!

    What VAULT400 has to offer

    Backup

    • Native software agent schedules backups to the UCG cloud based on your retention scheme
    • Client data is backed up to two data centers in US or two data centers in Canada
    • 256-bit AES encryption in-flight and at rest – only the client has the encryption key
    • Detailed data analysis to ensure proper sizing

    Disaster Recovery as a Service (DRaaS)

    • UCG provides “hands-off” DR – fully managed recovery
    • 60 days of remote VPN access available to unlimited users in event of a disaster
    • Documented reports to ensure defined SLAs are met

    Managed Service Cyber Security Training

    • Fully managed phishing tests
    • Detailed reporting of results
    • Fully managed administration of custom online cyber security training

    VAULT400 Cloud Backup & DRaaS is an IBM Server Proven Solution.

    Visit VAULT400.com/proposal to receive a FREE analysis and proposal

    Download the VAULT400 Solutions Overview

    800.211.8798 | ucgtechnologies.com/cloud

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Four Hundred Monitor, November 16 IBM Debuts GRS, A New Data Replication Service in the Cloud

    Leave a Reply Cancel reply

TFH Volume: 32 Issue: 78

This Issue Sponsored By

  • Maxava
  • CloudFirst
  • UCG TECHNOLOGIES
  • New Generation Software
  • Raz-Lee Security

Table of Contents

  • 7 Reasons To Be Thankful For IBM i
  • IBM Debuts GRS, A New Data Replication Service in the Cloud
  • Security Is Top of Mind at VAI
  • Four Hundred Monitor, November 16
  • IBM Sets Maintenance Withdrawal On Power8 Iron For 2024

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Security Still Top Concern, IBM i Marketplace Study Says
  • Bob Langieri Shares IBM i Career Trends Outlook for 2023
  • Kisco Brings Native SMS Messaging to IBM i
  • Four Hundred Monitor, February 1
  • 2023 IBM i Predictions, Part 4
  • Power Systems Did Indeed Grow Revenues Last Year
  • The IBM Power Trap: Three Mistakes That Leave You Stuck
  • Big Blue Decrees Its 2023 IBM Champions
  • As I See It: The Good, the Bad, And The Mistaken
  • IBM i PTF Guide, Volume 25, Number 5

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.