The "Easy" Button for Provisioning IBM i Users

1/21/15(c) 2015 PowerTech, A Division of HelpSystems

The “Easy” Button for

Provisioning IBM i Users

(c) 2015 PowerTech, A Division of HelpSystems

• Introduction

• The Profile Challenge

• Why Policy Matters

• PowerAdmin Demonstration

• Free Resources

Today's Agenda


Today's Speaker

ROBIN TATAMDirector of Security Technologies

952-563-2768

[email protected]


PAUL CULINSr. Information Security Engineer

952-563-2762

[email protected]

Today's Speaker


About PowerTech

• Premier Provider of Security Solutions & Services

– 18 years in the security industry as an established thought-leader

– Customers in over 70 countries, representing every industry

– Security subject matter expert for COMMON

• IBM Advanced Business Partner

• Member of PCI Security Standards Council

• Authorized by NASBA to issue CPE Credits for Security Education

• Publisher of the Annual “State of IBM i Security” Report

http://www8.software.ibm.com/bpconnections/bpcms.nsf/BPE/0D129368771B9F9786256C4A0067C0A3?OpenDocument&OpenFrameset

http://www8.software.ibm.com/bpconnections/bpcms.nsf/BPE/0D129368771B9F9786256C4A0067C0A3?OpenDocument&OpenFrameset


Comprehensive Security Solutions for Power Systems


• Introduction




• Free Resources

Today's Agenda


PowerTech uses anonymous audit data

from our Compliance Assessment tool

to compile an annual study of security

statistics.

This study (available online) provides a

picture of what IBM i shops are

currently doing with their security

controls.

And, year after year, it shows that there

is definitely still room (and a need) for

improvement!

(The study sample consists of

security-aware environments.)

The State of IBM i Security Study


• Special Authorities are only for Administrators!

– *ALLOBJ: Complete control of the system

– *SAVSYS: Save, restore, and delete anything

– *SPLCTL: Complete control of spooled files

– *SERVICE: Alter hardware, storage, and clear disks

– *SECADM: Create and delete user profiles

– *JOBCTL: Manage jobs, PWRDWNSYS, and more

– *IOSYSCFG: Configure communication services, TCP/IP

– *AUDIT: Modify system audit values

• Learn more at:www.helpsystems.com/powertech/managing-privileged-users-ibm

Special Authorities: What's So Special?


2014 State of IBM i Security Study


2014 State of IBM i Security Study

These are not the fault of the “end” user


• Introduction




• Free Resources

Today's Agenda


• Legislatures create laws

– Sarbanes-Oxley, PCI, HIPAA, Gramm-Leach-Bliley, SB1386, and more

• Laws are open to interpretation

– Sarbanes-Oxley Section 404: • “Perform annual assessment of the effectiveness of internal

control over financial reporting…”

• “…and obtain attestation from external auditors”

• Auditors are the interpreters

Legislative Reactions


• Auditors interpret regulations:

– Auditors focus on frameworks and processes

– Auditors have concluded that IT is lacking when it comes to internal controls

• Executives follow auditor recommendations

The Auditor's View


• Distributed Provisioning:

– Ensure that users are created on (and only on) the necessary systems• Programmers only on-boarded on development partitions

• Rapid deployment of new users in defined roles

• Audit and realignment during profile lifecycle

• Simple end-of-life processing

The Auditor's View


• Resolve Inconsistencies:

– Ensure that users are created using a standardized template• Special authorities

• Command line restrictions

• Initial program and menu

• Accounting code

Applicable to both uni- and multi-partition servers

The Auditor's View


Endless News Reports of Insider Breaches


Solution: PowerAdmin

TEMPLATE-BASED

MANAGEMENT

ROLE-BASED

SECURITY

EVENT HISTORY

AND REPORTING

HIGHLIGHT

POLICY

EXCEPTIONS OR

UNAUTHORIZED

UPDATES TO

PROFILES


• Government regulators and IT auditors demand accountability.

• Legislatures have created laws that require us to prove that our IT infrastructure is secure.

• Non-compliance penalties range from public disclosure and fines to prison sentences for executives.

• Executives are finally taking IBM i security very seriously.

Why PowerAdmin?


• Allows you to reclaim the user lifecycle to ensure a consistent, managed profile environment

– PowerAdmin lets you specify where and how users are deployed.

– PowerAdmin removes the complexity and costs associated with managing profiles across many virtual machines.

– PowerAdmin works with IBM i security tocorrectly protect assets.

– PowerAdmin audits the configuration of users between their creation and deletion.

Why PowerAdmin?


• Introduction




• Free Resources

Today's Agenda


• IT Security has executive attention

– This is the best opportunity to solve long-standing problems

– Gain management approval now

• Control users with broad authority to production data

– Leaving user configuration to chance is both an audit exception and an accident waiting to happen

• Limit the deployment of powerful profiles

– Monitor and report when profiles are non-compliant

– Consistent provisioning of users

Summary


• Introduction




• Free Resources

Today's Agenda


YOUR PC YOUR IBM i SERVER YOUR VULNERABILITIES

Automated Vulnerability Testing


Online Compliance Guide

Security Policy

Compliance Resources


Other (FREE) Resources

Please visit www.helpsystems.com/powertech to access:

– Demonstration Videos & Trial Downloads

– Product Information Data Sheets

– White Papers & Technical Articles

– Customer Success Stories

– How-To Articles

– To request a FREE Compliance Assessment

www.helpsystems.com/powertech (800) 915-7700


Questions


+1 253-872-7788 [email protected]

www.helpsystems.com/powertech

The "Easy" Button for Provisioning IBM i Users

Software

Transcript of The "Easy" Button for Provisioning IBM i Users