the "easy" button for provisioning ibm i users
TRANSCRIPT
(c) 2015 PowerTech, A Division of HelpSystems
• Introduction
• The Profile Challenge
• Why Policy Matters
• PowerAdmin Demonstration
• Free Resources
Today's Agenda
(c) 2015 PowerTech, A Division of HelpSystems
Today's Speaker
ROBIN TATAMDirector of Security Technologies
952-563-2768
(c) 2015 PowerTech, A Division of HelpSystems
PAUL CULINSr. Information Security Engineer
952-563-2762
Today's Speaker
(c) 2015 PowerTech, A Division of HelpSystems
About PowerTech
• Premier Provider of Security Solutions & Services
– 18 years in the security industry as an established thought-leader
– Customers in over 70 countries, representing every industry
– Security subject matter expert for COMMON
• IBM Advanced Business Partner
• Member of PCI Security Standards Council
• Authorized by NASBA to issue CPE Credits for Security Education
• Publisher of the Annual “State of IBM i Security” Report
(c) 2015 PowerTech, A Division of HelpSystems
• Introduction
• The Profile Challenge
• Why Policy Matters
• PowerAdmin Demonstration
• Free Resources
Today's Agenda
(c) 2015 PowerTech, A Division of HelpSystems
PowerTech uses anonymous audit data
from our Compliance Assessment tool
to compile an annual study of security
statistics.
This study (available online) provides a
picture of what IBM i shops are
currently doing with their security
controls.
And, year after year, it shows that there
is definitely still room (and a need) for
improvement!
(The study sample consists of
security-aware environments.)
The State of IBM i Security Study
(c) 2015 PowerTech, A Division of HelpSystems
• Special Authorities are only for Administrators!
– *ALLOBJ: Complete control of the system
– *SAVSYS: Save, restore, and delete anything
– *SPLCTL: Complete control of spooled files
– *SERVICE: Alter hardware, storage, and clear disks
– *SECADM: Create and delete user profiles
– *JOBCTL: Manage jobs, PWRDWNSYS, and more
– *IOSYSCFG: Configure communication services, TCP/IP
– *AUDIT: Modify system audit values
• Learn more at:www.helpsystems.com/powertech/managing-privileged-users-ibm
Special Authorities: What's So Special?
(c) 2015 PowerTech, A Division of HelpSystems
2014 State of IBM i Security Study
These are not the fault of the “end” user
(c) 2015 PowerTech, A Division of HelpSystems
• Introduction
• The Profile Challenge
• Why Policy Matters
• PowerAdmin Demonstration
• Free Resources
Today's Agenda
(c) 2015 PowerTech, A Division of HelpSystems
• Legislatures create laws
– Sarbanes-Oxley, PCI, HIPAA, Gramm-Leach-Bliley, SB1386, and more
• Laws are open to interpretation
– Sarbanes-Oxley Section 404: • “Perform annual assessment of the effectiveness of internal
control over financial reporting…”
• “…and obtain attestation from external auditors”
• Auditors are the interpreters
Legislative Reactions
(c) 2015 PowerTech, A Division of HelpSystems
• Auditors interpret regulations:
– Auditors focus on frameworks and processes
– Auditors have concluded that IT is lacking when it comes to internal controls
• Executives follow auditor recommendations
The Auditor's View
(c) 2015 PowerTech, A Division of HelpSystems
• Distributed Provisioning:
– Ensure that users are created on (and only on) the necessary systems• Programmers only on-boarded on development partitions
• Rapid deployment of new users in defined roles
• Audit and realignment during profile lifecycle
• Simple end-of-life processing
The Auditor's View
(c) 2015 PowerTech, A Division of HelpSystems
• Resolve Inconsistencies:
– Ensure that users are created using a standardized template• Special authorities
• Command line restrictions
• Initial program and menu
• Accounting code
Applicable to both uni- and multi-partition servers
The Auditor's View
(c) 2015 PowerTech, A Division of HelpSystems
Solution: PowerAdmin
TEMPLATE-BASED
MANAGEMENT
ROLE-BASED
SECURITY
EVENT HISTORY
AND REPORTING
HIGHLIGHT
POLICY
EXCEPTIONS OR
UNAUTHORIZED
UPDATES TO
PROFILES
(c) 2015 PowerTech, A Division of HelpSystems
• Government regulators and IT auditors demand accountability.
• Legislatures have created laws that require us to prove that our IT infrastructure is secure.
• Non-compliance penalties range from public disclosure and fines to prison sentences for executives.
• Executives are finally taking IBM i security very seriously.
Why PowerAdmin?
(c) 2015 PowerTech, A Division of HelpSystems
• Allows you to reclaim the user lifecycle to ensure a consistent, managed profile environment
– PowerAdmin lets you specify where and how users are deployed.
– PowerAdmin removes the complexity and costs associated with managing profiles across many virtual machines.
– PowerAdmin works with IBM i security tocorrectly protect assets.
– PowerAdmin audits the configuration of users between their creation and deletion.
Why PowerAdmin?
(c) 2015 PowerTech, A Division of HelpSystems
• Introduction
• The Profile Challenge
• Why Policy Matters
• PowerAdmin Demonstration
• Free Resources
Today's Agenda
(c) 2015 PowerTech, A Division of HelpSystems
• IT Security has executive attention
– This is the best opportunity to solve long-standing problems
– Gain management approval now
• Control users with broad authority to production data
– Leaving user configuration to chance is both an audit exception and an accident waiting to happen
• Limit the deployment of powerful profiles
– Monitor and report when profiles are non-compliant
– Consistent provisioning of users
Summary
(c) 2015 PowerTech, A Division of HelpSystems
• Introduction
• The Profile Challenge
• Why Policy Matters
• PowerAdmin Demonstration
• Free Resources
Today's Agenda
(c) 2015 PowerTech, A Division of HelpSystems
YOUR PC YOUR IBM i SERVER YOUR VULNERABILITIES
Automated Vulnerability Testing
(c) 2015 PowerTech, A Division of HelpSystems
Online Compliance Guide
Security Policy
Compliance Resources
(c) 2015 PowerTech, A Division of HelpSystems
Other (FREE) Resources
Please visit www.helpsystems.com/powertech to access:
– Demonstration Videos & Trial Downloads
– Product Information Data Sheets
– White Papers & Technical Articles
– Customer Success Stories
– How-To Articles
– To request a FREE Compliance Assessment
www.helpsystems.com/powertech (800) 915-7700
(c) 2015 PowerTech, A Division of HelpSystems
+1 253-872-7788 [email protected]
www.helpsystems.com/powertech