Four Hundred Monitor, November 16

November 16, 2022

Jenny Thomas

Next week is Thanksgiving, so today we are giving thanks for all of you. We feel quite lucky here in the Jungle to have survived another year, and are looking forward to thriving in 2023. We are also looking forward to a little holiday break – as I am sure are all of you – so look for Monitor again in early December before we close out for the year. Until then, get your fill of the latest industry news and happenings below, and enjoy a little family (and turkey) time. You have our deepest gratitude for your continued support, and we’ll see you after the break!

Top Stories From Around The Jungle

(Phoronix) IBM is working to extend Power10’s MMA architecture with a new feature for “dense math” that is expected to premiere with future IBM Power processors.

(Consultancy.uk) IBM Consulting’s senior vice president talks news and how the firm helps businesses achieve digital transformation ambitions.

(Financial Times) IBM strikes up a deal with a new chip company to counter China.

(Analytics Insight) The Quantum computing wars continue, with IBM and Intel fighting for supremacy.

(IBM) The IBM i on Power FAQ is available for download. It addresses the most frequently asked questions concerning IBM i performance on Power, and provides best practice guidelines for most commonly seen performance issues.

Redbooks, White Papers, Blogs, and Other Resources

(iTech Solutions) This blog takes a look at the New Navigator (the new Navigator for i web interface).

(Zend) This blog shows how to install and configure Zend PHP, PHP-FPM, and Nginx for IBM i.

(Seiden Group) This article will help you with the easier-to-install IBM i ODBC driver for Db2 using YUM.

(MicroFocus) This slideshow summarizes a talk from last month’s Open Mainframe Summit about COBOL and modernization. Click through to learn about the history of COBOL.

(IntelliChief) Intelligent AP automation to radically improve the benefits and payback of automation. Watch this on-demand webinar to learn more about automation for accounts payable.

Chats, Webinars, Seminars, Shows, and Other Happenings

November 17 – Greenfield, Wisconsin – The monthly dinner meeting of the Wisconsin Midrange Computer Professional Association (WMPCA) will feature Steve Bradshaw, who will present two sessions: “Things i love about 7.5” and “How healthy is your IBM i?”

November 23 – Online & In-Person Meeting – The TUG (Toronto User Group) meeting of the month will feature presentations on “BOB” and data integration.

March 14-16, 2023 – Delavan, Wisconsin – The Wisconsin Midrange Computer Professional Association (WMCPA) will be having its annual Spring technical conference in-person at Lake Lawn Resort in 2023.

Tags: Tags: Four Hunded Monitor, IBM i

Security Is Top of Mind at VAI

November 16, 2022

Alex Woodie

Kevin Beasley hasn’t added “security” to his title yet at VAI, the Long Island-based IBM i ERP software and services provider. But the longtime CIO may just yet, considering all the security activities he’s overseeing for VAI’s on-prem and cloud customers alike.

“We’re constantly looking at new things,” Beasley tells IT Jungle. “Obviously, the security landscape out there is phenomenally dangerous. There was a local government attacked here, and we’re constantly working on security.”

The top threat at the moment is ransomware, which is typically perpetrated through email or text phishing schemes. Nearly a dozen VAI customers have been hit by ransomware in just the past 18 months, Beasley says. While none of the recent attacks breached the IBM i server at the heart of an S2K deployment, they did compromise some of the outer layers of the companies’ security apparatus.

The message is getting out, Beasley says. Security is a big deal, and customers are taking notice. That’s a good thing.

“As recently as a couple of years ago, during the big attacks like Colonial Pipeline, a lot of customers, especially SMBs [small the midsize businesses] said, ‘Ah I don’t have to worry about that type of problem. They’re only going after the big guys,’” Beasley says. “Well, they go after everybody’s nowadays. Big, small it doesn’t matter. Lately, they’ve been targeting governments.”

VAI has always taken security seriously. Some IBM i ERP software vendors are bit lackadaisical when it comes to IBM i configurations, but you won’t find VAI users operating under powerful user profiles like QSECOFR or working with ALLOBJ security.

“Obviously we encourage people to move away from certain protocols, like SMB [Server Message Block], or at least have something that’s going to do some inline scanning of things like that,” Beasley says. “In our applications we offer a replacement option for customers who don’t want to do mapped drives and file shares. It’s an application we wrote that would replace it. It still can be launched from the IFS, but it’s being launched through a Web browser and through security settings, with various different levels of authentication.”

Having a good software architecture running atop IBM i – one of the most hardened operating systems around – can give IBM i shops piece of mind. When the security administrator locks down the rest of the platform – which is something that VAI does for its cloud customers and which it recommends that on-prem customers do for themselves – it can present a very resilient defense.

“IBM i stands up pretty good,” Beasley says. “You still have to make sure you have your security set correctly. Many times in the IBM i world . . . if it’s not completely public facing, you have to worry more about internal security, whether you’re going to get hit with ransomware, and do you have everything in your authorities correctly set and so forth.”

While the IBM i side of the house is mostly under control from a security perspective, it’s the other components that worry Beasley. It’s ensuring the network edge is sufficiently protected, that you’re on top of new vulnerabilities, that you’re applying patches, that the Web application firewalls are updated and functioning, that you’re looking for spoofing and any traffic that could be impersonating you.

But it’s been forced to up its game in response to the situation on the ground. Considering the threat that phishing poses to potential ransomware attacks, user training is a big deal. VAI conducts training sessions every couple of months to help educate its customers on how to avoid. Even so, ransomware attacks are still successful. “It happens all the time,” Beasley says. “You just don’t hear people talking about it.”

VAI already conducts periodic system audits and has contracts with penetration testing provider to check the security of its systems. Those provide a good point-in-time reference for security, but Beasley wanted something that could work in a more real-time manner.

“It’s like when you’re doing a data backup. You’re backing up. It’s a point in time,” he says. “We’re looking at what’s going on out in the security world that is the security equivalent of continuous data protection, or high availability.”

To that end, VAI is now contracting with additional security professionals who can actively work to penetrate the system, in a “red team-blue team” type of configuration. The company has brought in some folks with high-level security experience, including former military, to help them take security to the next level. This gives Beasley and the VAI leadership team more confidence that they are doing everything they can to protect their clients’ valuable data.

“We wanted to . . . ensure that we’re secure [by] using red-team types tools that simulate what an attacker would really be looking for,” he says. “Not just a simple weakness. You can patch this, and we do patching and everything else. But sometimes, what a blue team might think is what’s being targeted might not be what our red team might be looking at.”

VAI has also contacted the Cybersecurity & Infrastructure Security Agency, a federal agency in the Department of Homeland Security. According to Beasley, CISA will assign a security advisor to work with American companies free of charge.

“Obviously they’re on top of everything,” he says. “But being in contact with them obviously and having an advisor that we can reach out to when we need to” has been beneficial.

The majority of new sales for VAI today are occurring in the cloud. Part of the reason for that is doesn’t require the customer to have as many technical skills, which for an IBM i software developer, is a good thing. But the other part of the cloud equation is that it actually provides a more secure environment, Beasley says.

RELATED STORIES

Security Alert: The Anti-Alfred E. Newman Effect

Security Threats, They Are a Changin’

ERP Deployments Shift Cloudward, Even On IBM i