IT needs to take proper precautions, says IBM exec
Jaikumar Vijayan, Computerworld

Ian Jarman, IBM's System i product manager, spoke with us recently about the annual security study conducted by The PowerTech Group.

Q: One of the biggest take-aways from PowerTech's study was that people responsible for managing System i machines don't appear to be securing them as they should. Is that your assessment as well? A: The System i is very well respected for its integrated security. We've never had a reported virus on the System i. But in the same way that you have to lock your doors and windows at home, you certainly need to be making sure that you're taking the necessary security precautions.

Q: So why aren't more users of the System i doing that? A: People looking at security very often are concerned about systems that are affected by viruses, network security [issues] and so on. It's sad to say that sometimes they don't necessarily put the same emphasis on the back-end system, and that is an important priority as well. It's also reasonable to reflect that security policies, practices and compliance requirements [have] changed so significantly that all companies running System i or any other platform ought to be periodically reviewing their practices.

Q: Who is responsible for securing the System i environment - the IT operations team or the IT security group? A: That varies considerably with the size and type of company. For example, there are 16,000 banks running on System i - obviously, security is a top priority for them. In many of those banks, there will be a security team working in cooperation with the different operating platform teams. If you look at more traditional smaller to mid-sized companies, you probably would find that they have the System i operations teams in charge of security.

Q: PowerTech also found that projects involving System i security often aren't given the proper priority because the system is assumed to be secure. Do you agree? A: It's fair to say that System i has always had a very strong reputation for security and availability. As a result, perhaps some resources get focused on fighting fires and plugging holes elsewhere, where there have been more problems. It's sometimes a challenge to raise the priority where there isn't necessarily a perceived problem.