Over the past two years the IBM i 7.1 (V7R1) has come to be known as a powerful, reliable, and highly scalable solution for businesses. IBM i V7R1 supports total integration and virtualization with new encryption capabilities that are appealing to many companies who must comply with data security regulations such as PCI and GLBA/FFIEC. This new exit-point feature, called field procedures (FIELDPROC), helps businesses to encrypt their sensitive data at column level without any application changes in order to meet compliance regulations and protect data from hackers.
This is great news since data breaches have become painfully common. Despite the staggering amount of data breaches that happen every month, a new study has shown that nearly 70% of data breaches could have been avoided had the proper security measures been implemented.
Patrick Botz of Botz and Associates recently joined our founder and CEO, Patrick Townsend, in an interactive webinar that focused on security tips both he and Patrick recommend. Patrick Botz is an expert on data security and data breach prevention. He held the position of lead security architect at IBM and was the founder of the IBM Lab Services security consulting team.
Here are the top three security tips for users securing sensitive data in IBM i V7R1 and meeting data security regulations according to Patrick Botz and Patrick Townsend:
1. Use Encryption & Encryption Key Management Best Practices - Encryption is the tool that protects your data. If you do your encryption poorly, there’s really no point in doing it at all. In order to do encryption well you must follow best practices for encrypting data and managing the encryption keys. These best practices include: using AES encryption certified by the National Institute of Standards and Technology (NIST) and key management certified under the FIPS 140-2 standard; and using key management that utilizes controls such as separation of duties and dual control. Your encryption is only as good as your key management. If you follow best practices for encryption and encryption key management, you are also more likely to avoid having to report a data breach and deal with the severe costs.
2. Use Password Best Practices - Password management is often the downfall of many companies who suffer a data breach, especially a data breach that happens internally or by mistake. Patrick Botz specialized in password management and has enabled IBM i users to manage their passwords more securely with his Single SignOn (SSO) service, SSO Stat! Using a program called Kerberos, SSO works with both Windows and IBM i domains to streamline password use in a secured environment.
3. Monitor Your IBM i with System Logging - A crucial step to achieving good data security, receiving important system logs in real time and using a SIEM solution can help a database administrator prevent or catch a system breach as soon as it happens. System logging is also a critical part of meeting most compliance regulations. One challenge around system logging on the IBM i, however, is that security audit journal, QAUDJRN, is in a proprietary IBM format. In order for these logs to be centralized and correlated with other logs in your server environment, these IBM logs must be translated into a useable format. File integrity monitoring (FIM) is also important to monitor configuration changes. Townsend Security’s Alliance LogAgent provides file integrity monitoring and translates all of your logs into a single usable format that can be read by your SIEM provider.
Encryption, encryption key management, password management, Secure System Logging and File Integrity Monitoring are all absolute necessities for a business to safely store their data, and avoid legal complications due to negligence.
Please check out our resources tab to find out more information. You can find us on Facebook, Twitter and LinkedIn as well as our website, www.townsendsecurity.com. Start better security today!