POWER > Systems Management > Security

Mitigating Risks

Mitigating Risks

AIX Security

There’s no denying it: Good intentions alone won’t protect your organization’s critical data. Indeed, according to a recent AIX* security survey conducted by IBM Systems Magazine, a majority of respondents indicated they were either very (55.6 percent) or somewhat (34.8 percent) concerned about the platform’s security (see Figure 1).

These numbers may be large for a number of reasons, according to Stephen Dominguez, worldwide AIX security lead for IBM Systems Lab Services. “It could be due to the critical nature of their data, whether it’s credit card numbers or health data. In the case of a data breach, organizations storing such sensitive data can face devastating business consequences, not to mention the stress their customers may experience if their data is sold on the black market and exploited in identity theft.

“The large percentage of concerned participants could also be due to the lack of confidence in their existing security defenses.”

Most organizations would have greater confidence in their security defenses, Dominguez continues, if they approached their information security holisticly, leveraging enterprise risk management and defense in depth strategies.

“Enterprise Risk Management involves identifying all types of security threats and vulnerabilities (and not just those involved with compliance) in an organization, prioritizing and fixing them to reduce risk to an acceptable level. Defense in depth is where an organization implements many layers of security defenses, so if one layer is compromised, other layers will protect an organization’s assets from an attacker,” he says.

Unauthorized Users

According to the survey, the top three current worries regarding security involved authorized system user access or credential abuse, external hackers and unauthorized users, in that order. Clearly, data has the potential of being assaulted from all sides, whether by internal or external actors—and protecting it needs to be taken seriously (see Figure 2).

“We’re mostly concerned about unauthorized system users or credential abuse, because any logged-in user can compromise the system if they use the appropriate tools,” notes Enid Vrenozaj, head of IT systems with Societe Generale Albania, a banking organization based in Tirana, Albania.

Of concern, however, is the 54 percent of respondents who reported they don’t have methodologies in place to identify unauthorized users. The remaining 46 percent indicated they use a variety of solutions, including access monitoring tools, active directory audits, biometrics passwords, cognitive passwords and one-time dynamic passwords.

SNS Bank, headquartered in Utrecht, Netherlands, uses the IBM Security Directory Server (SDS), role-based access control (RBAC) and IP access control on AIX to address this issue. As an added layer of defense, it’s also using several firewalls.

When asked what procedures they followed when they uncover unauthorized access, 53.5 percent of respondents said they had no procedures in place, while the remaining 46.5 percent indicated they did. Methods included escalating reports to their security teams, blocking access and determining its origin point, and collecting evidence and notifying their legal departments.

Jim Utsler, IBM Systems Magazine senior writer, has been covering the technology field for more than a decade. Jim can be reached at jjutsler@provide.net.



Advertisement

Advertisement

2017 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

POWER > SYSTEMS MANAGEMENT > SECURITY

Analytics Can Be Your Best Defense Against Corporate Fraud

At Your Fingertips

An introduction to biometrics

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store