It’s always an eye-opening experience to speak with an auditor about the intricacies of auditing an IT environment. I respect their views, and I can only imagine how difficult it is trying to be an expert on the wide variety of technologies found in an average enterprise.

Last week, I spent a couple of days at the ISACA conference in Las Vegas, meeting and talking with auditors from around the country. While some had heard of the System i (or iSeries or AS/400), it was very evident that there weren’t any subject matter experts on hand. I was left wondering: “How can anyone receive an effective audit of a platform that IT auditors have such limited knowledge of?”

PowerTech security experts perform a healthy number of audits each year, but there are not many firms with our professional capabilities. Yet, we’re barely scratching the surface of the immense number of organizations that must maintain compliance with the seemingly-endless list of regulations and legislations found throughout the world. What about the others—are they just ignoring the mandates? Or, are they being subjected to questionable recommendations made from a comparison to an old checklist compiled from numerous online sources. I fear it’s probably a mix of the two!

PowerTech developed the wildly popular Compliance Assessment tool to perform a review of six major areas of vulnerability. We have made this tool available to users as a free service, and now include one-on-one time with a security expert to help interpret the findings. The auditors I talked to were extremely excited to know that there was someone out there to help make their lives easier, and to be an expert they can talk to when they encounter a System i. I’m excited and encouraged at the opportunities that brings to the PowerTech table as we continue to grow, and as we continue to service the IBM i community with world-class security solutions.

While you might not think of an IBM i-savvy auditor as a benefit, the fact that you’re talking with someone who understands real-world vulnerabilities, as well as the inherent strengths of security on the platform, adds protection to your corporate data. And the availability of a speedy tool that provides an educated view into the infrastructure makes your IBM i data even safer.

And, after all, isn’t that the purpose of a security audit in the first place?

Tags: Auditing

This entry was posted on Tuesday, October 13th, 2009 at 4:08 am and is filed under Auditing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.