Everyone knows that security is important, but getting started on the road to compliance can be confusing and intimidating. Understanding common vulnerabilities helps you focus your attention and resources on the areas that need the most help.

We all want “best-practice” security, but what are top organizations doing to achieve and maintain it? Attend this session to learn the details about how to develop the seven habits that are part of daily life for secure organizations.

You’ll learn how to:

• Break the Ostrich Syndrome
• Develop a Security Policy
• Assess Current Standing
• Perform Security Event Logging and Review
• Use “Best of Breed” Technologies
• Monitor for Ongoing Compliance
• Plan For The Future

This session examines what each of these habits means to the System i and helps you make sure that you don’t become the next security statistic.

Presenters
Main Presenter: Robin Tatam, PowerTech
Co-Presenter: Jill Martin, PowerTech

Wednesday, February 24, 2010
10 a.m. Central Standard Time (16:00 GMT)
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bios
Robin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached by email at robin.tatam@powertech.com.

Jill Martin a PowerTech Technical Services Manager, brings a strong System i background to any security discussion. Jill has worked in a number of roles in the industry, including technical trainer, sales account manager, and most recently as a key member of the security team. Contact Jill at jill.martin@powertech.com.

The IBM i operating system provides the ability to audit system and user events. But, after the event data is collected, the challenge becomes how to disseminate the raw data, in real time, as useful information.

Join this webinar to understand:

• How to configure the IBM i operating system to record system and user events.
• How to add PowerTech Network Security to audit network-based events such as FTP and ODBC.
• How to send real-time alert notifications as system log events to a Security Information and Event Management (SIEM) console using Interact from PowerTech.
• How to send real-time alert notifications to e-mail addresses and cell phones using Robot/Alert from Help/Systems.

Attendees are eligible to receive a FREE compliance assessment.

Featuring a live Compliance Assessment demo.

Presenters
Main Presenter: Jill Martin, PowerTech
Co-Presenter: Paul Culin, PowerTech

Wednesday, February 17, 2010
10 a.m. Central Standard Time (16:00 GMT)
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bios

Jill Martin a PowerTech Technical Services Manager, brings a strong System i background to any security discussion. Jill has worked in a number of roles in the industry, including technical trainer, sales account manager, and most recently as a key member of the security team. Contact Jill at jill.martin@powertech.com.

Paul ‘Paulie’ Culin is a security advisor with the PowerTech Group.  As a product expert, he manages client training and implementation engagements, and hosts security presentations, webinars, and product demonstrations.

One of the greatest challenges an organization faces when securing a System i environment is protecting the system from the people who are charged with its care: programmers, administrators, and security officers. These power users often need access to restricted objects and commands, but they rarely need that level of access 24 hours a day, and definitely not without accountability.

Join this session to learn about the vulnerabilities associated with powerful users. Then, explore Authority Broker, an award-winning approach to regaining the control your auditors demand while allowing your administrators and programmers to do their jobs.

Featuring a live Authority Broker demo.

Presenters
Main Presenter: Robin Tatam, PowerTech
Co-Presenter: Jill Martin, PowerTech

Wednesday, February 10, 2010
10 a.m. Central Standard Time (16:00 GMT)
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bios
Robin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached by email at robin.tatam@powertech.com.

Jill Martin a PowerTech Technical Services Manager, brings a strong System i background to any security discussion. Jill has worked in a number of roles in the industry, including technical trainer, sales account manager, and most recently as a key member of the security team. Contact Jill at jill.martin@powertech.com.

Well, last week was a busy, but fantastic week. My travels started on Monday afternoon with a non-stop flight from the chilly air of Minneapolis to John F. Kennedy International in New York. Actually, I was surprised how fast the flight went, and after a few short hours I was programming the rental car’s GPS and heading into Manhattan.

It’s been 20 years since I was last there, and though the skyline might have been tragically altered forever, the hustle and bustle of the city that never sleeps is the same. I came to the United States in the summer of 1988 as a British foreign exchange student, and one of my most vivid memories is of being in New York City at night, and riding a tour bus across one of the bridges into Manhattan. It was one of the most spectacular nighttime skyline views that I had ever seen. As an amateur photographer, one of my personal goals of this trip was to try to recreate that view, and I was able to work my way down to the water line and get this photo.

New York Skyline

My work agenda started on Tuesday morning with a visit to a customer on Long Island. We had a great discussion regarding the ways they were using several of the PowerTech tools to help administer and audit access from users that normally would be hard to control, such as programmers. We also talked about how they see their developing security requirements.

After a 90-minute car-ferry ride from Port Jefferson, NY to Bridgeport, CT, it was a short hop down to Norwalk to meet my first user group. The group had selected the topic of “7 Habits of Highly Secure Organizations” and, for a couple of hours, we enjoyed dinner and interacted about the subject of auditing, access control, and regulations and policy. I raffled away a Starbucks gift card, as well as a number of free t-shirts, and it was a great evening.

Wednesday was a pretty easy day, riding the ferry back to Long Island, and then navigating to the location of the Long Island user group. I was met with a fantastic turnout from a crowd of very active System i users. The group started the evening early with some PHP training led by one of their own members, and there was a fun slideshow on some System i/iSeries/AS/400 history. I presented the “Top 10 Security Vulnerabilities,” based on data extracted from our annual security study. I really enjoyed interacting with this group, which included several of my own customers, as they had lots of great questions and discussion points. After another gift card drawing and distribution of a big box of t-shirts, I was off to my next stop in Morris Plains, NJ.

As a side note, if you are not from the East Coast, a GPS is a prerequisite to navigate your way around a city as large as this. Although mine had some trouble acquiring a signal at times (ahhh! technology) and wanted to send me in circles, I managed to successfully navigate the 90 or so miles to my destination.

Thursday morning begin early with another customer visit to a great customer of Help/Systems and now a new PowerTech customer. I learned about some of the challenges that they had faced trying to implement an object security infrastructure. I offered some advice and also offered the PowerTech services team to provide assistance if desired. After all, as I have stated in my blog several times, we are not just a software company.

Thursday evening had me in Fairfield, NJ, at my final user group meeting. I spent several hours with another lively crowd of about 30 people who learned about the dangers of “FTP, ODBC, and Remote Command.” I included a small demo of how simple it is to access corporate data through common tools, and the conversation was very active, which is typical after people see just how easy it can be. I cleared out my final box of t-shirts, handed out my last gift card, and headed the 90 miles to Philadelphia.

I wanted to use this travel opportunity to visit with another (very well-known) customer on Friday morning. They are an active user of several of our security tools, and are evaluating another one to add to the suite. I spent a couple of hours learning about how they are implementing security in their environment, as well as identifying areas where we can provide some relief.

This is one of my favorite types of work. Meeting with customers to discuss their successes and future needs, and also mingling with the types of user groups that I used be an attendee at in my past jobs. These are the folks that are the diehards of the technology on which our software runs. You don’t have to sell them on the attributes of the System i (or AS/400, as many still call it), and their biggest complaint is that it is not more prevalent than it is.

I want to thank the customers who took time from their busy schedules to meet with me, and also the three user groups that invited me to present to their membership. At the request of a number of people, I am looking forward to returning to the area in the future—to meet with the user groups again as they support the local ‘i’ community, and to host our IBM i security workshop.

I am finalizing this blog entry on Friday afternoon, while awaiting my return flight from Philadelphia, Pennsylvania. After a brief return to Minneapolis, I leave again to head to St. Louis, Missouri, to teach a security workshop, and give a user group presentation in Jefferson City.

Interestingly, although I added “ferry” to the list of my various modes of transportation used last week, I still have yet to use a train!

With Gregg Bury and Jill Martin

JM:  Before we get started with the questions, why don’t you give us a quick introduction?

GB:  Well, my name is Gregg Bury. I’m a technical support consultant at PowerTech and I work with the System i and our software in security.  I live in the Pacific Northwest, in Seattle.

JM:  How long have you been with PowerTech?

GB:  It’s 10 years this year; joined in 2000.

JM:  Have you always been in customer support?

GB:  I have.  In the early days, it wasn’t just customer service. We did QA, and wrote our own documentation and guides and best practices, so it’s kind of narrowed now.  In the original days, there was a lot broader job description.

JM:  What makes our support unique?

GB:  Those of us in support have been here a long time, so we’re very aware of not just our software, but security needs and the System i.  Myself and my co-worker, Pablo Tellez—he’s been here 11 years—just by virtue of our length of time in service at this one company, I think gives us a lot of credibility and skill here.  And, we both like what we do and we care about the customers.

JM:  What is the knowledge level of our support?  (Level 1, 2, 3 etc)

GB:  Three being the highest?  At least 2 and edging into 3; generally when I consider 3, you’re getting into the development and the code and the software functions at a program level.

JM:  You take it further than level 2 often times, I bet you do a lot of research.

GB:  Yes, we research.  We dig into the deepest parts sometimes.  Sometimes with help.

JM:  What type of closure rate do we have for incoming calls? How often do you close calls after the initial contact?

GB:  Well, I’d say between 80%-90% easy.  While we’re on the call, we open it.  We may be creating the ticket at the moment they call, and most of the time by the time the call is done, it’s finished.  We’ve closed the call.

JM:  You’ve solved the problem for the customer?

GB:  Correct.

JM:  In addition to phone calls, what are some other ways to contact support?

GB:  Email; we have a support email address.  It’s mailbox that we monitor: support@powertech.com.  The phone and email are primary ways.  Often some will be referenced by either an account rep or someone else who transfers the call to us, but generally it’s the phone.

JM:  What do you like best about working with our customers?

GB:  I like problem solving.  People will call, they have a problem – often they’re stressed, and people often vent which is normal, but we don’t take it personally in that respect; but when we’re done, they’re often happy or satisfied that they’ve got your answer or at least we’re working on the problem.  So, I just like to solve problems.

JM:  Would you say that most of the calls or questions you guys get are related to defects or how-to questions?

GB:  At least 75%-80% are how-to questions.  Some of them might be dealing with the iSeries and how it works with security, or how to use our software.  Often they’re dealing with forensics: they had an event that happened that shouldn’t have or something, and they’ll call us about how to get some history and documentation of what happened.  Often it’s just on the iSeries or using our software.

JM:  So most of the calls you take are how-to questions on the software or on the operating system.  For instance, it’s not always just when there’s an actual problem.

GB:  Yeah, I think people have learned to trust us; not all of the calls we get have to do with our software, and maybe don’t even have to do with security, they just know that somehow we know what to do in this situation, and we’ll get calls on that just because they trust us.

JM:  What are some of the other things you get involved in as part of support?

GB:  QA (testing) often from the customer standpoint.  I know we have QA people who make sure the code is working, but we, in support, will do QA from a customer perspective; we know customers like to do a particular process in a particular way just by virtue of our calls.  Whether it’s running a report, adding access control rules, installing or uninstalling – various things like that.  We also find customers do things in unexpected ways that when development built the product, they didn’t foresee; Pablo and I know that and we will run our QA from that perspective.  Also, we have ideas and enhancements that we will supply back to development by virtue of repeated calls that we get from customers.  We are often involved in usability meetings with the products.

JM:  So, by being on the front lines and getting involved with new version product testing and enhancements, you’re able to add a lot of value to the direction of the product.

GB:  I think so and I hope so.

JM:  Any other thoughts you would like to share?

GB:  Well there’s a loaded one!  You know, our software targets security, but often people view our software as an end-all solution, but it should probably be viewed more as a tool to dealing with security.  Also, security is a verb, it’s not that you just put the software on and then forget about it, it’s ongoing.  The environments are changing, the laws change, the users – as everybody knows – come and go from the business, so they have to be added and removed, the way users do things – as users get smarter they’ll try new things, software applications are added – you know, the old thing with ODBC, and through Microsoft Excel, that was more or less a catalyst for Network Security – but they’re just tools and they can’t be forgotten, they have to be worked and used.  I think at PowerTech we do offer more than just the tools, we are offering our security expertise and experience.

Regardless of how much effort we expend to plan for “unexpected” events, sometimes things happen that are simply out of our control. Last week in Seattle, for example, a failed network component at the local communication service provider’s data center forced a temporary outage of our voice and data lines at our technical support center. Fortunately, having multiple locations means we could do some creative magic and reroute our callers to different offices. This ensured that anyone looking for help could still talk to a live person; something that Help/Systems companies take pride in.

Although the outage was sporadic, it did mean that our call handlers sometimes had to seek other people when they couldn’t forward the call to a technical support employee. Rather than simply take call-back information, I fielded one of the calls myself, and I am extremely glad that I did. It came from a large customer located in Niagara Falls, NY, who initially was a little surprised that a director was answering level 1 support calls (perhaps their surprise was less about my title than the concern of a “pencil pusher” trying to help them!). I explained that the support team was not available, but that I was interested in knowing what their question was, and that I would do my best to address it for them, or escalate it as soon as Seattle came back online. As we worked through some troubleshooting steps, it gave me a great opportunity to visit with them.

I was very happy to hear that they are “huge fans” of the PowerTech security solutions, and frequent listeners of my weekly educational Webinars, but especially proud of how complimentary they were of the support team that they (normally) talk to if they call in. Regardless of whether they had an actual technical issue, or they were simply looking for advice or assistance on how best to utilize the solutions to secure their numerous systems, I was told that the support they had received had always been first class.

I started thinking about how quality technical support can make an enormous difference in a customer relationship. It doesn’t matter how good a solutions is, if at the end of the day the solution is not well supported. I think everyone at one point has purchased a product or service, and found that they had a question about its use, or needed some assistance with it. The instant a phone call is made to the vendor’s support number, there is a “Y” in the road that says whether it will actually increase the customers’ level of satisfaction, or make them question their purchase. In fact, I remember hearing a tale of a cellular phone company that deliberately provided a number of their customers with phones that were not working. This was done as an experiment to see if the way that the support calls were handled would have an impact on a customer’s perception of the company. Interestingly, the level of satisfaction after the issue was handled promptly and courteously was recorded as higher than even those customers who had received a working phone from the start! That is a powerful statement of the impact that good support can have.

Of course, PowerTech does not provide solutions that will deliberately cause issues to customers, but we do have the type of support response that gets praised frequently. That is good for the customer and good for our business. From my perspective, I wish to send my thanks to the members of the PowerTech support team, and also the professional services team that—based on the satisfaction surveys that pass my desk—do an equally superb job at making PowerTech look good. It takes a lot of patience and skill to help customers in a way that makes them thankful for calling.

I am going to be in Buffalo, NY, in February (for some reason, everyone laughs when I say that) to speak at a local user group, and to host a half-day IBM i security class. During that trip, I have arranged to stop by and visit with this particular customer. I want to thank them for their business, and also to have some discussion about how they use the PowerTech products. It is invaluable to us to hear customer insight about what security and compliance issues are important to them in their business, as well as features they would like to see us include in an upcoming release of one of our products. I think it makes us more of a security company than a software company.

Oh, and in case you were wondering, I was able to resolve the question that the customer had called in about. My single call may pale in comparison with the volume of questions that the professionals in Seattle typically handle, but at least I can hold my head up high in the break room!

Watch for an upcoming blog and PowerNews newsletter interview with a member of our (real) support team.

I guess it is a sign of my age that the years seem to slide past faster nowadays. It is staggering to think that it is the start of yet another decade, and ten years ago the I.T. industry just got done holding its collective breath for Y2K—a computing event that many thought would be cataclysmic. While no disaster ever materialized, it did help to point out how technology-dependent we have all become in our businesses and in our personal lives.

Security should be considered the new Y2K as it demands the attention of every citizen in every country, and has the potential of bringing us to our computing knees. While the year 2000 came and went without major incident, barely a day goes by that another breach doesn’t occur, or someone pays the price of one. We have seen an increasing barrage of attacks come from every direction, from every country, and via every form of communication. And even some “legitimate” businesses have turned out to be the culprit, and their actions have resulted in a new requirement for yet another regulation or legislation (think Sarbanes-Oxley). As someone who works in this industry full-time, I only see this continuing to worsen as cyber-criminals become more sophisticated and well-funded.

So as we embark on the ride into the next decade, I really hope that the vulnerabilities that I see every day are seriously contemplated and then addressed. For that to happen, it is critical that management gives the necessary consideration to their I.T. budget to help protect the very assets that their business survives on. This is true even in a tepid economy as employees fear for their jobs, and those that remain have to perform even more responsibilities. “ROSI” is an industry term, meaning “Return On Security Investment,” and although it might be calculated slightly differently from the more traditional “ROI,” there is a return nonetheless. One of the returns is that your business stays IN business—a pretty significant return, and something that should get the attention of your corporate management.

The good news is that many of us continue to run our core businesses applications on IBM i. While it does not come pre-configured as an overly secure environment, it has the ability—with a little help from your friends at PowerTech—to be one of the most secure servers available today. The features that are built in to the operating system all work together as a tightly integrated ring of protection around the data. And our popular software provides additional tools to make the life of the security officer more productive, and your data more secure.

So, as we start another new year and a new decade, resolve to finally take the steps you know you need to take to get your server in shape. If you don’t, it might mean more than your system just gaining a few extra holiday pounds!

Happy New Year, everyone!