• IBM Power for Google Cloud Offering Gets PCI Cert

  November 13, 2024 Alex Woodie

  IBM i shops that want to run their workloads in the Google Cloud may be interested in the latest news out of Converge Technology Solutions, which recently announced that it has completed the PCI-DSS certification for the company’s IBM Power for Google Cloud (IP4G) platform.

  The availability of IBM Power servers in the public cloud has been growing in fits and starts over the past five years. Back in 2019, a Seattle, Washington, company named Skytap (since acquired by Kyndryl) worked to place Power servers within Microsoft Azure data centers. Connectria, one of the biggest private cloud providers, …

  Read more

• Guru: The Finer Points of Exit Points

  June 27, 2022 Bruce Bading

  Many years ago, we received a call from an IBM i customer stating that all exit points were gone and the QAUDJRN and receivers were missing. Then the question, “Do you think we’ve been hacked?” Truth was, the exit points weren’t gone; the associated programs had been de-registered. Conclusion, they had most likely been compromised.

  The IBM i platform is a very securable system that can be secured (Secure vs Secured – What’s the difference?, WikiDiff), if you take steps to secure it.

  On the IBM i, a limited number of functions provide an exit so that your …

  Read more

• Guru: SIEM Is Only Part Of IBM i Cybersecurity

  March 28, 2022 Bruce Bading

  Many times, we hear from IBM i business owners that their SIEM – that’s short for Security Information and Event Management – is their cybersecurity solution for the IBM i. But that can’t be true, and I want to explain why it is part of the security shield but certainly not all of it.

  Let’s start with SIEMs and how they fit into cybersecurity frameworks. SIEM is mentioned in the PCI appendix, but not once in the core of the 250+ PCI DSS requirements, likewise, the NIST Cybersecurity Framework lists event monitoring as one of the 100s (1/100s) of NIST …

  Read more

• Thoroughly Modern: IBM i Security Is No Longer Set It And Forget It

  March 14, 2022 Amal Macdonald

  For most IBM i shops, who are busy creating and maintaining the applications that run the business and who are not just chronically understaffed but structurally understaffed, the smartest thing they can do when it comes to security is give up.

  You heard that right. They need to put their arms in the air and surrender, absolutely and completely.

  No, we don’t mean they need to open all of the ports on their server, turn off the firewall, and let the ransomware and malware in and let the hackers and phishers do whatever they will. What we do mean by …

  Read more

• Strengthen IBM i Password Security With Multi-Factor Authentication

  March 15, 2021 Bill Hammond

  As stories of data breaches caused by exploited credentials continue to make headlines, basic password protection mechanisms are no longer good enough. Organizations require an additional layer of protection that is also easy to use and doesn’t impose an additional burden on administrators.

  IBM i systems contain the data that drives your business, including financial transaction information, healthcare records, and other personally identifiable information for customers, partners, and employees. Much of this data is subject to regulations such as SOX, PCI DSS, HIPAA, and GDPR. Therefore, any data breach can result in regulatory fines, lost revenue, remediation costs, legal fees, …

  Read more

• Can You Build Data Integrity Without Securing IBM i Systems?

  January 27, 2021 Bill Hammond

  Nowadays, companies tend to have vast troves of data stored on their IT platforms. Many companies are struggling to use that data – including critical data on IBM i – that could, in theory, help to make better business decisions and run operations more smoothly and efficiently. But in reality, that data is frequently siloed, inaccurate, and unsecured – leading CEOs to be concerned about the integrity of the data upon which they are basing decisions. Businesses across the globe are screaming for data they can trust.

  The pace of digital transformation initiatives has rapidly accelerated in the past year, …

  Read more

• Confidence in IBM i Security Is Dropping, Syncsort Says

  May 6, 2020 Alex Woodie

  IBM i shops were significantly less confident in their ability to prevent a security breach in 2019 than the previous two years, according to a new study by Syncsort. More than 40 percent of IBM i shops have suffered at least one security breach, according to the study, which also indicates that awareness of security regulations is growing, but not for the ones you might think.

  In 2019, 11 percent of respondents reported being somewhat or very unconfident in their ability to prevent a data breach at their organization, Syncsort concluded in its new study, which is titled “IBM i …

  Read more

• Trinity Guard Gives Audit Tool A Friendly GUI

  June 25, 2018 Alex Woodie

  IT professionals who are tired of using 5250 greenscreens to manually conduct regulatory audits of their IBM i systems may be interested in a colorful piece of software from Trinity Guard. The company recently launched TGCentral, which is a unified HTML interface designed to simplify the configuration and execution of security and regulatory audits across multiple IBM i servers.

  As the spiritual and intellectual successor to PentaSafe, Trinity Guard understands how beloved those old PentaSafe products were. Even though NetIQ/Attachmate/Micro Focus has not added any new features to its IBM i security suite for over a decade, there were …

  Read more

• IBM i Security Expert Interprets PCI and Multi-Factor Authentication

  July 17, 2017 Dan Burger

  With data security written boldly at the top of many organizations’ priority lists, the Payment Card Industry Data Security Standard (PCI DSS) is viewed as a top line defense against data breaches. Whether a company handles credit cards and is required to implement mandated security measures or uses the PCI standard as a best practices model, IT security gurus pay attention to the PCI DSS.

  We are well beyond the realization that organizations need to be secure. The emphasis has clearly shifted to how organizations become secure. How to build and maintain a secure network, protect data and regularly monitor …

  Read more

• Time To Get Your 2FA On, IBM i Admins

  April 3, 2017 Alex Woodie

  System administrators working in regulated industries will soon be required to sign-in to servers using two-factor authentication (2FA), according to the latest PCI requirement. The industry regulation will impact administrators working with all types of computer systems, and will likely be enforced in late 2017 or early 2018, security experts say.

  In prior versions of the Payment Cardholder Industry Data Security Standard (PCI DSS), only remote administrators were required to use 2FA, which bolsters the security of the sign-on process by requiring users to show “something you know,” like a password, as well as “something you have,” like a hardware …

  Read more

Previous Articles