IBM Systems Magazine, Power Systems - April 2017 - 25
Buying Time for
Tool enables IBM i administrators to assess security weaknesses
By Gene Rebeck
ven with more public
awareness about security
breaches in recent years,
it's surprising that "security
administration isn't given the
priority it should," says Terry
Ford, team lead for security
services delivery, IBM Systems
Lab Services in Rochester, Minn.
"Administrators don't regularly
look at it, or they only look at it
after performing other work."
Still, Ford believes that they're
not intentionally negligent.
Administrators are often frustrated
because they'd like to do more
security checks, but budgetary
constraints stop them, he explains.
"Yet they will be the ones who are
held accountable if they aren't able
to practice secure computing with
the rigor it requires."
Why don't organizations
examine security as closely as
they should? "Time is a big part of
that," Ford says. Companies focus
on producing and selling products
or services, so security is often an
afterthought, he notes.
To help IBM i clients, Ford
and his team built a security
compliance, assessment and
reporting tool (CART) that allows
time-starved administrators to
examine where hackers could
exploit their systems. (Other
IBM teams have created similar
assessment tools for AIX* and
Saving IBM i
Linux* administrators.) The
CART provides a comprehensive
picture of a client's systems and
pinpoints current and potential
weaknesses. The tool creates daily
reports but also features an alert
function when changes occur for
system administrators who can't
review every report.
The Bigger Picture
reports on more
than 1,000 data
The lack of time focused on
security is just one problem.
In Ford's opinion, many
organizations are "often
ignorant, or choose to be
ignorant, about the dangers
of a security breach." They
think a breach won't hit them
ibmsystemsmag.com APRIL 2017 // 25