Security Still Top Concern, IBM i Marketplace Study Says

February 1, 2023

Alex Woodie

Security continues to be the number one concern of IBM i shops surveyed for the annual IBM i Marketplace Study conducted by Fortra. Application modernization surged ahead from last year’s finish to make the race for number one interesting, while HA/DR and IBM i skills rounded out the top four concerns.

Fortra (formerly HelpSystems) formally released its 2023 IBM i Marketplace Study last week, making it the ninth straight year that the company has released the study. This year’s study, which you can access here, is based on surveys taken last year by about 300 individuals from the IBM i community. That’s down a bit from previous years, including the 450 who took it last year. But it’s still a representative sample of the IBM i base (or at least the active portion anyway).

Fortra covers lots of ground in its IBM i Marketplace Study and the accompanying webinar that took place on January 26, a recording of which is available here. One of the most interesting components of the survey is the top concern questions, which is a useful gauge of what the installed base considers important. Not surprisingly, security – or cybersecurity as Fortra terms it – retains the number one spot, a position it has held for the past six years.

Steve Will, the IBM i CTO and Distinguished Engineer with IBM, says he’s not surprised to see cybersecurity listed as the top concern.

“There are a lot of developers who feel like they need to have more security knowledge. There are a lot of administrators who feel like they need to have more security knowledge,” Will said during the January 26 webinar. “The fact that threats are constantly changing and that they have to also meet business needs means that people really need to get more information.”

Sixty-eight percent of the survey-takers listed cybersecurity as one of their top concerns, which was actually up from last year, when 62 percent listed cybersecurity as one of their top concerns. Security reached its peak as a top concern in the 2020 study, when 77 percent listed it as a concern.

Application modernization (or “modernizing applications” as Fortra put it) had a surprisingly good showing, with 64 percent of survey-takers indicating it was a top concern. That was up from 56 percent in the 2022 survey, when it occupied the third slot in the company’s question about the top five concerns.

In fact, from 2017 to 2022, there was no change in the top three concerns in the IBM i Marketplace Study, although the percentages did move around a bit. If you go all the way back to 2016, which was the second year the study was published, application modernization was actually the number one concern, with a 58 percent share. Security that year came in at a lowly 33 percent. (The company has since changed its survey methodology.)

Fortra also changed the security question for this year’s survey, and only asked about cybersecurity, whereas last year the company grouped cybersecurity and ransomware into one choice. (Considering that ransomware is one of many possible threats in the cybersecurity world, it was probably a good move.) In previous years, HelpSystems referred to it simply as “security.”

Will said he’s not surprised that ransomware continues to be big issue in the marketplace, but there was one was thing that caught his eye. “I am a little surprised that there are actually 8 percent of the people who say they don’t have a security challenge at all,” he said.

“Good for them, right?” responded Tom Huntington, Forta’s vice president of technical services.

When Fortra asked about cybersecurity challenges, the “Lack of security knowledge and skills” was identified as the number one challenge, with a 47 percent share. That was closely followed by “Threats are constantly changing” at 45 percent and “Balancing security controls and business efficiency” at 39 percent.

IBM certainly seems to have gotten the message on computer security over the past couple of years, and has introduced changes in the IBM i operating system in new releases of the OS and Technology Refreshes that make it easier to identify gaps in security configuration and to lock them down. The IBM i remains one of the most “securable” systems available, Huntington noted. “People need to turn the dials the correct way and that’s the education piece,” he said.

Will concurred. “I never get the impression from my customers . . . that their security challenges are related to things they can’t do on IBM i,” the CTO said. “It’s that they may not know how to do what they need to do on IBM i.”

In terms of what IBM i shops are actually doing to lock down their systems, adoption of secure managed file transfer (MFT) sits in the number one spot, with 49 percent of survey-takers indicating they have adopted secure MFT and another 12 percent plan to introduce it. That was closely followed by the introduction of compliance and audit reporting and privileged user management, both of which have been adopted by 45 percent of the survey-takers, although the “plan to implement” rate for compliance and audit reporting (13 percent) trails the planning for privileged user management (20 percent). Exit point security – which Huntington admits is his bugaboo – lurks in the number four spot with a 43 percent adoption rate and a 17 percent “plant to adopt” rate.

“For me, it always starts with exit point manager and exit point monitoring on this platform as a way of really protecting your data,” he said. “And so it’s good to see a healthy investment in these various technologies that help with additional security around the platform.”

Fortra’s focus is cybersecurity (“Hence the name change,” Huntington said). The company is seeing increased interest in privileged user management and getting a handle on ALLOBJ authority, he said. “We see a larger rise in interest in implementing that, along with multi-factor authentication at 20 percent of the customers who took it are looking at those technologies,” he said.

The threat posed by cybersecurity threats is certainly not a secret anymore. Thanks to high-profile data breaches and other problems, organization of all stripes are increasingly wary of making the front page of the newspaper.

There’s definitely been a sea change in how IBM i shops approach security, Huntington said. “When we started this survey nine years ago, there were people who literally said I have no concerns at all about cyber security,” he said. “That’s changed. It really has.”

Stay tuned for continuing coverage of the 2023 IBM i Marketplace Study.

RELATED STORIES

Security Again Top Concern in HelpSystems Marketplace Study

Ransomware Epidemic Hits Epic Proportions, And IBM i Shops Take Notice

‘Alarming’ Security Gaps Exposed in IBM i Marketplace Report

Bob Langieri Shares IBM i Career Trends Outlook for 2023

February 1, 2023

Alex Woodie

When it comes to career trends in the IBM i community, there are few who have a better sense of what’s going on than Bob Langieri. The longtime CEO of Excel Technical Services in Orange County, California, has his fingers on the pulse of the job situation, which is why we turn to him for an outlook on 2023 trends.

The economy started out on a down note last year before picking up momentum towards the end of 2022, Langieri notes. Those forces are still with us today, the tea leaves are inconclusive.

“A recession is defined as two consecutive quarters of negative GDP growth,” Langieri says. “The first half of 2022 said we were in a recession. The third quarter picked up a little, but we are not out of the woods just yet. This is a tricky one to figure out because consumers are still spending as interest rates are going up. Unemployment rates look good. The CPI [consumer price index] is up, gas prices up, food is up. I am seeing the beginning of hiring freezes and some cutbacks by major corporations, sending signals that the next two years may be a bumpy road for some. Big Tech companies like Amazon, Meta (Facebook), Twitter, Salesforce, Cisco and others have all announced or started major layoffs.”

In the IBM i-RPG job market, hiring has been stalled or slower for the last year, he says. There are folks being excluded from the job hunt due to the number of trips they’ve made around the sun.

“I am hearing from more RPG developers who have retired, but still want to work part-time. It’s pretty normal now to see more people working until the age of 70 or longer. They are a real value, but most companies are ignoring resumes that show their age as working since 1980 or signs of System/36 or System/38. I feel no need to go back more than 20 years on a resume,” Langieri writes.

“Covid-19 forced many employers to accept remote workers, especially programmers/software developers. So now besides Covid-19 being a reason for working remote, the expense of commuting will force even more people into remote. Employment participation is down as more people have been lured by unemployment checks and government handouts to stay home or thought maybe it’s a good time to re-evaluate your career and life,” he says.

Salaries for IBM i talent have increased over the last year, Langieri notes, but they’re still nowhere close to the salaries that folks focusing on technologies, like .NET and open source tools, are making.

“Typical salaries for RPG developers (employees) are in the range of about $118,000 to $130,000 and may vary by location and proximity to major metro areas,” he says. “Salaries for .NET and other open-source technologies typically are going from $140,000 to $180,000. I am seeing a number of IBM i-RPG environments running less RPG applications and more open-source applications. I see a number of companies acquired and then moving applications off IBM i and onto cloud-based systems.

“I have been in the recruiting and contract staffing business for over 40 years, and I can tell you that hiring and layoffs ebb and flow mainly due to economics,” Langieri says. “When companies are struggling, it is hard to find job openings even for really good candidates. When companies are growing, it’s hard to find good candidates. Factors like inflation, interest rates, supply chain/logistics, housing starts, global pandemics, worker participation rate, unemployment rate, number of new jobs created, manufacturing index reports, consumer confidence levels, retail sales, US debt, US Import and Export Price Indexes, average hourly earnings, etc., etc.”

Langieri takes in information from a lot of different sources. From the sound of his analysis, we’re not on the cusp of a period of widespread prosperity for midrange types, but your own particular mileage may vary.

“Every day I watch the business news, follow the stock market and listen to numerous analysts to help me to form my own opinions,” he says. “When you see a trend developing, pay attention. Look for the general outlook and also be aware of the smaller trends like in your own state or industry, or in the case of IT, look for the trends in what technologies are being used and which are declining. Look at the number of job postings in different categories besides your own specialty.”

With that said, there is a solid path that IBM i professionals can take to increase their usefulness to employers, and therefore their employability. It can be boiled down to three simple words: Learn new stuff.

“What you learned five or 10 years ago may be fading into obsolescence,” Langieri says. “Broaden your knowledge of new technologies even if it’s not what your company is using. The Internet offers so much in the way of learning new skills for free. It should almost be mandatory that IT managers encourage their staff to look for alternative ways to do things, partly as a brain exercise and partly as a way to ‘build a better mousetrap.’

“Our best talent and trainers in the IBM i world are people that stepped out of their comfort zone and tried learning from others or experiment with new tools and found out that they are now the teachers leading the way,” he concludes. “So, break out of your comfort zone and find something new to keep your career on the bleeding edge. In summary, find ways to make yourself more valuable to your company, while also making your skills more transferable to more opportunities.”

For more information on Langieri’s recruiting services, check out Excel Technical Services’ website at www.excelsearch.com.

RELATED STORIES

2023 IBM i Predictions, Part 3

The IBM i Job Environment, It’s a Changin’

IBM i Salaries: Underpaid, Yet Highly Valued And Hard To Replace

Innovating And Thriving with IBM i

The Job Market For The People Who Make The IBM i Go

Kisco Brings Native SMS Messaging to IBM i

February 1, 2023

Alex Woodie

Kisco Information Systems recently launched a new IBM i product designed to facilitate native SMS messaging on IBM i. Pre-integrated with Twilio, kConnect will not only keep administrators aware of security and other events occurring on IBM i, but it will also help streamline the configuration of two-factor authentication (2FA) setups on the box.

Kisco’s newest IBM i utility allows users to send SMS messages to recipients directly from an IBM i application, which can be useful for a variety of reasons. The product supports sending messages via a command line or directly from their custom IBM i applications, using CL and RPG code snippets that Kisco includes with the product.

kConnect is pre-integrated with three Kisco products, including the network security utility SafeNet/i, the 2FA offering i2Pass, and iEventMonitor, which provides a remote monitoring service. This integration allows users to receive native SMS messages directly if, for example, a security event is detected by SafeNet/i, a user needs to be authenticated via i2Pass, or iEventMonitor has detected that a disk-usage threshold has been exceeded.

The new software requires a customer to have an account set up with a third-party SMS service. Currently it requires Twilio, but other SMS services will be available for use with kConnect in the future, the company says.

Using a native SMS service is superior because it doesn’t require the user to fuss around with an email-to-text conversion. That’s the current method supported by Kisco, but it’s an outdated method that can be tedious and time-consuming to configure, Kisco CEO Justin Loeber says.

“With some carriers, [email-to-text conversion] works fine, but others are starting to have more stringent requirements, for reverse-DNS lookup and stuff like that,” Loeber says. “Some of our customers were not wanting to add reverse DNS to their public domain. They weren’t willing to have to do all this stuff just so they could get messages from the i.”

More than half of Kisco’s help desk calls are related to the email-to-text alerting, Loeber says. The company has no plans to end support for use of the email-to-text, which is supported by all the major carriers. But the move to a native SMS service should help simplify the setup for customers, he says.

The move to native SMS will also pay dividends down the line for Kisco when it rolls out a new MFA offering that should allow IBM i shops to adopt the latest authentication standards.

“The underlying architecture that allows us to interact with a third party messaging API is the same Archi urea that we’re leveraging now that will allow us to do the next release of our 2FA products, which will be able to work authenticator apps,” Loeber tells IT Jungle. “So the same core functionality, kConnect, will also be part of that flow of communication.”

Enterprises are starting to adopt authenticator apps, such as Microsoft Authenticator or Duo Mobile, to help ensure only authorized individuals are given access to sensitive data and applications. With authenticator apps, the second form of authentication (besides the user name or other initial identifier) is the app itself, which the user has already been authenticated to.

Authenticator apps have one key advantage over traditional 2FA and multi-factor authentication (FFA) methods: There’s no need to enter a six- or eight-digit PIN. That will be important when Kisco rolls out another new capability in its security lineup: the ability to receive an alert when somebody tries to access an IBM i exit point.

“When it comes to 2FA, email is not considered to be secure anymore,” Loeber explains. “In order to complete the 2FA cycle with just email, somebody has to key in the code, which means you have to have access to the UI in order to complete the login. So if we’re trying to put 2FA in an exit point and no UI in play, we can’t do it.”

With native SMS hooked into authenticator apps, there’s no longer a need for a user to enter a PIN to prove themselves. If they initiate a transaction that involves an exit point on IBM i, they’ll receive a notification on their mobile device, asking them to authenticate that they had initiated the transaction. They click a button in the app, which communicates back to the Kisco product to enable access.

“We don’t have to worry about presenting a data input on the UI,” Loeber says. “It opens up a whole new world of places where we can integrate 2FA.”

kConnect is available now. New Kisco customers will pay $850 for a standalone copy, while existing customers can get a 40 percent discount on that. For more information, see www.kisco.com.

RELATED STORIES

Kisco Makes Moves In the IBM i Security Business

Father, Son, & Co: Kisco Systems Drills Down On Security

Who’s Watching i? The Kisco, Kid

Four Hundred Monitor, February 1

February 1, 2023

Jenny Thomas

We’re just a month into 2023, and we can already see a lot of action from IBM. Our Top Stories this week all revolve around IBM activity, some of which is good, and some of which less so. (Layoffs are never good news, but especially so in the current economy.) But like we said, there is lots of good happening, both in and around the industry. Check out the Calendar below, which is becoming loaded with new events, so be sure to take a look. You will notice that the virtual option appears to be here to stay, and is becoming a standard way of being able to participate.

Top Stories From Around The Jungle

(The Hill) IBM isn’t going to avoid the layoffs hitting the tech industry.

(Inc.) A new mantra for IBM sets the tone for the future.

(Yahoo!Finance) How does IBM measure up against HPE as a value option?

(SamMobile) IBM is part of a group working on nextgen chips.

(CIO Dive) Change isn’t always easy, as IBM is finding on its path to the hybrid cloud.

Redbooks, White Papers, Blogs, Podcasts, and Other Resources

(COMMON) COMMON is accepting applications for the 2023 Board Elections. Applications will be accepted through February 24.

(Fortinet) Check out this check list before a ransomware attack.

(Service Express) The 2023 Data Center and Infrastructure report analyzes data from more than 900 participants to identify challenges and priorities, and offer ideas for implementing cost-saving measures.

(Zend) Find out about ARM support for ZendPHP, which is now available.

(Raz-Lee Security) What’s the cost of a data breach? This report breaks down the numbers.

Chats, Webinars, Seminars, Shows, and Other Happenings

February 1 – Webinar – Join iTech Solutions, a Service Express company, for a webinar with Steve Pitcher as he covers the Basics of Enterprise Identity Management. These sessions are designed for anyone starting out as an IBM i system admin, looking to refresh their knowledge, or looking to learn more.

February 9 – Webinar – Join ARCAD for part two of a three-part Roundtable Webinar Series, where ARCAD experts will demystify the move to Git and an automated process with options that work for everyone. During this second session, the discussion will focus on feature/release, branch management, and building the branches with tools like Bob and ARCAD.

February 9 – Online Meeting – Get “Tricks with Spool Files” with Simon Hutchinson (RPGPGM.COM) at the February meeting of the Mid-Atlantic Group of IBM i Collaborators (MAGiC). This is a free event open to non-members.

February 15 – Webinar – Learn how to modernize IBM i data access without programming at this free webinar hosted by New Generation Software. See a demo and learn about low-cost licensing options, tech support, maintenance, and education.

February 21 – Online Meeting – Get “Tricks with Spool Files using SQL” with Simon Hutchinson (RPGPGM.COM) at the February meeting of the Southeast Michigan IBM i User Group (SEMIUG). This is a free event open to non-members.

February 21 – Webinar – Learn how to choose the right encryption method to securely exchange files during this webinar from Fortra.

February 23 – Webinar – Join ARCAD for the final session of a three-part Roundtable Webinar Series, where ARCAD experts will demystify the move to Git and an automated process with options that work for everyone. During this third session, the discussion will focus on pipeline tools like Jenkins and the new automation features of Git packages.

March 8 – Webinar – Join Rocket Software for a Women Leaders In Technology (WLIT) coffee talk for International Women’s Day. The team from reacHIRE will be discussing how they support women in building their leadership skills, relationships, and community so that their careers and lives thrive, which also enables organizations to build a strong and diverse leadership pipeline.

March 14-16 – Delavan, Wisconsin – The Wisconsin Midrange Computer Professional Association (WMCPA) will be having its annual Spring technical conference in-person at Lake Lawn Resort in 2023.

April 12-13 – Online Event – Join more than 1,000 IBM i professionals from around the world at iAdmin. This two-day virtual conference will bring some of the most experienced individuals in the IBM i community straight to your computer screen to share what they know best.

April 24-27 – Denver, Colorado – Save the date for COMMON’s POWERUp 2023, which will be held at Sheraton Denver Downtown.