How to choose your
IBM i security consultant?
Despite all the security advantages that an AS/400 can offer, current attacks are forcing their owners to implement best practices for their organization: at stake is their ability to ensure continuous production, as well as the various legal risks associated with the possible loss of data.
Bob Losey explains the point of view of Bruce Bading, IBM i security expert.
With kind permission of Bob Losay. Jan. 2023
IBM i cybersecurity is one of the top priorities of the IBM users I talk to. I’m fortunate to have worked with Bruce Bading, a true IBM i security expert. With her permission, this is a modified reprint of another publication I wish to share.
There are many options when it comes to cybersecurity consultants or managed security service providers. One way of assessing your choices is to ask what security best practices the consultant (or his company) recommends for setting up cyber defenses. Some best practices are driven by massive organizational teams or company results. However, there is another way to develop security guidelines by leveraging CIS controls and benchmarks through membership of CIS SecureSuite.
CIS Controls and CIS Benchmarks are security best practices that pave the way for improved defenses through a unique community consensus process. Working with many of the world’s security professionals, CIS develops global security guidance (CIS Controls) and technology-specific reinforcement configurations (CIS Benchmarks).
Let’s take a look at how Bruce Bading, President of BFB Consulting, uses his CIS SecureSuite membership to strengthen his customers’ cybersecurity. BFB Consulting provides cyber defense services to help organizations improve their cyber policies, compliance requirements and procedures.
Implementing fundamental safety
With over 40 years’ experience in cybersecurity and regulatory compliance, Mr. Bading has seen the growth and development of various best practices. From his time as CFO of a major industrial company to his years of experience at IBM as a senior cybersecurity consultant, he has learned to leverage the resources of CIS SecureSuite. It relies on CIS Controls, CIS RAM (risk assessment method) and CIS Benchmarks to help customers operationalize fundamental safety. Mr Bading uses CIS-CAT Pro, a configuration assessment tool, to show his customers the security gaps in their configurations: “CIS-CAT Pro is a really solid foundation on which you can address any customer and show them. Look, here’s what the Center for Internet Security tells us you need to do to lock down your systems. You can read what Tony Sager says – stop chasing the shiny stuff and get back to basics.“.
Bading has seen first-hand how some customers fall into the “glitter syndrome” and chase claims of technical greatness while ignoring basic best practice. “
We need to get back to fundamental safety
“he insists. Part of this fundamental security includes implementing best practices such as CIS benchmarks and assessing compliance and adherence. Customers should ask whether consultants are members of CIS SecureSuite. If this is the case, they can ask to see their own CIS-CAT Pro results to identify any security gaps in the configuration. The consultant’s expertise can then help fill these gaps and address any remaining cybersecurity concerns.
Safety in hybrid environments
Bading’s customers operate in hybrid environments, i.e. on both on-premise and cloud infrastructures. The important thing, says Bading, is to identify the criticality and confidentiality of each data element. It recommends that private information such as personally identifiable information (PII) or other confidential data be stored in a private cloud. For public data, a public cloud is sufficient. Secondly, it’s essential that organizations harden cloud environments, wherever they’re hosted. CIS provides security best practices for securely configuring cloud accounts and services on three of the leading providers:
- CIS AWS Foundations Benchmark
- CIS Azure Foundations Benchmark
- CIS Google Cloud Platform Foundations Benchmark
Whatever environment you operate in – on premise or cloud, public or private – secure configurations are essential. “
And that’s what we need to communicate to people
“, explains Mr. Bading. “
We need to harden these images
Collaborate and connect to the community
Bading participated in the CIS community consensus process to help develop the first IBM i Benchmark CIS. He enjoys being connected to a wider cybersecurity community and said, “My next goal is to enter some of the other communities.“CIS communities enable networking with other technical experts, solving security problems and finding consensus on best practices in cybercrime. “Professionals took part in the debate“explains Bading, “through a community, they’ve come full circle. And here’s what they said collectively. It’s not just one person, or one company – it’s a large group of individuals all conveying the same message..”
Serious security for serious threats
Cybercriminals are serious
“warns Mr. Bading, “
and they’re not afraid to break things.
“. The determination of cybercriminals demonstrates that customers need to be just as serious about implementing best practice and compliance. Cybersecurity is a business issue, not just an IT issue. For BFB Consulting and its customers, CIS SecureSuite Membership provides the resources they need to implement security best practices. “
Firewalls and antivirus are no longer enough in the age of malicious AI, fileless and metamorphic malware
“, explains Mr. Bading. “
We need to constantly up our game when it comes to security and internal controls
.” By combining the powerful CIS Benchmarks and CIS Controls, CIS SecureSuite Membership helps organizations keep their systems securely configured. It’s an essential resource for developing genuine basic safety throughout the company.
Find out more at
Original article in English: https: //www.linkedin.com/pulse/how-choose-ibm-i-iseriesas400-cybersecurity-consultant-bob-losey/
Other articles you might like
customer case Terres du Sud makes the most of its IBMi environment with Armonie-Notos About Terres du Sud The Terres du Sud group is the leading cooperative in Lot-et-Garonne. A major player in agriculture and food in the South-West of France, it is made up of...
Fortra 2023 study IBM i: security remains the main concern On February 1, 2023, The Four Hundred's Alex Woodie explained how security remains the number one concern for IBM i resellers. In its ninth annual survey, Fortra questioned over 300 members of the IBM i...
ID-INFO blog Security on IBM i : 10 major risks and how to avoid them Security threats are on the increase. Whether it's a cyber attack or a virus, identity theft is becoming more and more common, not to mention the fact that certain vulnerabilities can also lead to...
ID-INFO blog IBM i legacy users: what you need to know in 2022 Switching to the cloud to keep costs down, security issues, spare parts problems, increased IBM support costs: keeping your AS/400 sometimes has to be earned! Bob Losey's thoughts on what to consider......
ID-INFO blog IBM i: four key trends affecting the market These are interesting times for everyone. Indeed, no one could have imagined global containment, or such a widespread pandemic with such restrictions to prevent the virus from spreading. This may be stating the...
ID-INFO blog The strange story of the IBM i IBM i developments are now almost as famous as the Fitzgerald novel in which Benjamin Button, the protagonist who was born old, gets younger as time goes by. Instead of "aging", becoming a "legacy" system and on the verge of...
ID-INFO blog 6 IBM i features that give it an edge Here are the main features of IBM i, in response to critics who claim that IBM i is "old". He's not "old", he's always ahead of the game. Last week, one of my customers confided in me that his network team leader...
ID-INFO blog Does your IBM i have a future? Of course! As an IBM Business Partner and cloud hosting provider, I talk to IBM i users every day. Many "experts" claim that IBM i is an old and dying technology. I've even heard accountants and auditors ask their clients...
ID-INFO blog Your IBM i has security flaws you don't know about. And they can be repaired. The IBM i has earned a reputation for reliability based on decades of performance and availability for good reason. Despite this, as the operating system and IBM i appearances...
ID-INFO blog How long does it take to leave IBM i? Last week I was talking to an IBM expert who explained that 5 years ago, new management complained that their IBM i system was really old. Why? Because it was based on characters instead of a graphical interface. As a...