The  Oregon Trail covered  2,000 miles and took about six months to travel. Used up until to the mid-1800’s, the trail led travelers across what later became six states: Missouri, Kansas, Nebraska, Wyoming, Idaho, and Oregon. Some 150 years later, my trip took only a week and involved Nevada, Utah, California, and Oregon.

My trip started in Reno, Nevada, with a visit to the local Reno/Sparks user group. I presented the popular “Top 10 vulnerabilities of IBM i that you need to fix NOW” and gave away another gift card and a number of great PowerTech t-shirts.

Last week also marked an exciting time for the PowerTech team back in Minneapolis with the release of a new version Network Security. Version 6 of our popular exit program solution includes a cleaner user interface, several new reports, and the ability to set rules for specific objects and IFS stream files. Watch for the formal announcements and press release.

I opted not to return to Minneapolis for the weekend, and instead drove the 90 minutes to South Lake Tahoe which straddles the Nevada/California state line. If you haven’t visited this part of the world, you are missing a treat. I visited when I was in town last Spring for COMMON, but seeing it in the midst of perfect winter conditions is spectacular, and skiers—cross-country and downhill—are in heaven here! The highlights for me included the bizarre sight of snow covered beaches, and the breathtaking Emerald Bay.

I arrived in Oregon late on Sunday night. On Monday, I conducted a security workshop at the offices of MSI Systems Integrators in downtown Portland. Afterward, I met with Sirius Computer Solutions, another PowerTech security partner, to talk about their growth in their security practice, and how PowerTech can provide additional sales support to their extensive organization. I am looking forward to following up on some of the action items that we put together.

The main purpose of my visit to Portland was to present to the local user group. On Tuesday, I repeated the popular session on the “Top 10 vulnerabilities of IBM i that you need to fix NOW.” This was one of the most engaging groups I have had the pleasure of meeting, and the normal 60 minute presentation ran close to two hours based on great questions and pertinent side discussions.

After the session, I followed the recommendation of one of the session attendees and took a short drive to the Columbia River Gorge. Even though the light was beginning to fail, I was able to capture some memorable images of the impressive Multnomah Falls, a combination of two water falls with a combined height of 611ft, more than three times the height of the Niagara Falls that I visited last month.

I fly back to Minnesota on Wednesday for a quick turnaround to repack my suitcase and then I am off to the Help/Systems, International office in the U.K. On a personal level, this trip has special significance as I was born and raised a short distance from the office location in Fleet. It has been almost 11 years since I last returned, and my two teenage children will be accompanying me back “home.”

I look forward to speaking with you again next week from England!

March is a big month for Massachusetts! On the 5^th, we see the official kickoff of “Maple Month,” which is a celebration of “all things maple.” Scheduled events include numerous pancake breakfasts and tours of local sugarhouses that open their doors to show visitors how sap from the maple trees is boiled into a syrup. If you would like to learn about the interesting syrup-making process, including how to make your own, check out the Massachusetts Maple Producers Association. Just be aware that it takes 40 gallons of sap to make one gallon of maple syrup!

On the compliance front, March 1^st marked the deadline to comply with the wide-reaching Massachusetts Law 201 CMR 17.00, which requires any business with 1 or more records of information about a Massachusetts resident to adequately protect their data. This new law complements the existing state breach notification law (General Law 93H), which allows for civil penalties of up to $50,000 for data breaches. What is groundbreaking about this law is that it is much more specific than other data protection laws about how the data is to be protected, and the fact that it affects companies not otherwise in a regulated industry.

201 CMR 17 consists of 5 sections which outline the scope, responsibility, and requirements for compliance. There is a definition of what is considered a “data breach;” primarily described as the unathorized acquisition or use of unencrypted data (or encrypted data in conjunction with the encryption key). All data that meets the “personal information” criteria requires protection, and it is the responsibility of the data owner or licensee to safeguard that information with a comprehensive security program.

Highlights of that security program include the requirement of a documented security policy, regular monitoring to ensure that the security program is working to prevent unauthorized access (or use) of personal data, and detailed documention of incident response. To ensure incidents may be investigated, the law also requires data breaches to be reported to the state’s Attorney General.

PowerTech is well positioned to assist organizations running IBM i that are required to comply with 201 CMR 17. Our Network Security access control and Authority Broker solutions work together with the IBM i operating system to satsify section 17.04 2a, which states that methods be implemented to “restrict access to records and files containing personal information to those who need such information to perform their job duties.” And Compliance Monitor can assist with paragraph 4, which requires personnel perform “reasonable monitoring of systems, for unauthorized use of or access to personal information.” But it doesn’t stop there! Our security experts can assist with configuring the operating system controls, and our leading technology partnerships can assist with encryption and anti-virus requirements.

The law was written to make companies take a “risk-based” approach to compliance that takes into account the size of the company, the type and amount of data being stored, as well as the nature of the business. There was also a well-publicized shift in the deadline for compliance from August 2009 to March 2010. That day has now come!

A complete copy of the law may be found at: 201 CMR 17.00.

The Massachusetts Office of Consumer Affairs & Business Regulation (OCABR) also maintains a number of online resources regarding identity theft, including an FAQ on complying with law 201 CMR 17.00.

I fly out again Wednesday, on my way to Reno, Nevada. I am looking forward to this trip as I fell in love with the Reno/Tahoe area during my visit for COMMON 2009. I will be conducting a security workshop at the impressive Grand Sierra Resort & Casino, and also presenting the popular “Top 10 Security Risks You Need To Fix NOW” to the Reno-Sparks Midrange Users Group. From there I head to Portland, a new city for me, but one that I have heard is spectacularly beautiful. This will involve another workshop at the offices of a regional PowerTech partner, MSI Systems Integrators, and then a session for the Portland Users Group.

Have a great week, and I will be sharing an update from Portland next week.

My name is Robin Tatam and I am PowerTech’s Director of Security Technologies. When I was asked to contribute to our corporate blog, I was excited for two reasons. First, I am a true believer! You won’t find many people who are bigger fans of Power Systems and ‘i’ than me. And, I am not just an ‘on paper’ enthusiast—I have strung miles of Twinax cable, written “millions” of lines of RPG code, and sat up many nights running disaster recovery tests. I get it—this server is a technological rock star! Second, in my capacity as a security professional, I see how many of these systems are not properly secured. I love the idea of having access to another communication channel to spread the word that there is much work to be done to keep IBM i data safe.

As part of our status as the leading IBM i security solution and services provider, PowerTech has embraced a number of modern communication mediums, including Twitter (@powertechgroup), PowerNews, our electronic newsletter, and a weekly online seminar schedule. Blogging is a natural extension of that communication because it allows for rapid dissemination of information so that we can easily weigh-in on important security topics. In the future, we plan to have personal observations from the PowerTech security team, interspersed with more in-depth articles from the PowerNews newsletter, as well as announcements on upcoming events.

In the true spirit of blogging, I wrote this entry at 36,000 feet, somewhere above the Grand Canyon, on the last leg of my trip to irrepressible Las Vegas to attend an ISACA auditor conference. Our work with the audit community sometimes makes us unpopular in data centers, but we feel that an educated auditor is easier to deal with, forcing us to be more conscientious security officers.

I look forward to reporting to you about my trip…

Robin Tatam

Robin Tatam, the new Director of Security Technologies, joined PowerTech’s Eden Prairie, Minnesota office in July 2009. He brings two decades of IBM Power Systems (AS/400, iSeries, System i) and operating system (OS/400, i5/OS, IBM i) consulting experience, including a strong midrange background of RPG and advanced CL programming, Web site creation, and system administration.

For the last six years, Robin has been a top tier consultant for System i security and compliance issues. Robin’s recent projects included teaching commercial classes in security and system administration, performing advanced product implementations, and numerous compliance-oriented assignments. He was a guest on the panel of experts at the PowerTech iNSIGHT Security Conference in Las Vegas two years in a row. In 2009, he taught multiple security sessions at COMMON in Reno, Nevada.

Robin Tatam, Director of Security Technologies

Previously, Robin was an IBM i Security Specialist for MSI Systems Integrators, an IBM Business Partner, where he was named Technology Impact Player of the Year for 2008. He also has worked as a development manager and was a vice-president directing corporate development practices.

Robin has been quoted on System i security trends by ComputerWorld magazine and has published several full-feature technical articles in Midrange Computing magazine. He also authored the MSI System i Security and Compliance Guide and co-authored the IBM Redbook on System i data encryption.

You can e-mail Robin at robin.tatam@powertech.com.

We’re very pleased to announce that Richard Bryant of Pilot Pen is the lucky winner of the Netbook mobile internet device in our recent security compliance assessment promotion. Richard took advantage a free PowerTech security compliance assessment and was entered into the drawing for the device. We would also like to thank everyone who participated.

Our free security compliance assessment helps you identify areas of weakness in your current configuration so that you can take steps to correct problems and close exposures before these weaknesses are exposed by an audit. PowerTech Network Security can then help you implement the access control that regulatory legislation requires by preventing unauthorized access to data by giving you the power to fine-tune restrictions to only those who need it.

To get a free security compliance assessment for your System i, visit our request page. You can also learn more about PowerTech Network Security in the products section of our website.

Watch for future promotions right here on the PowerTech PowerBlog!

Partnership gives PowerTech customers access to world-class encryption solutions.

Patrick Townsend Security Solutions (PTSS) has announced its partnership today with The PowerTech Group. Townsend is a leader in encryption products for Power Systems servers running IBM i, while PowerTech (a Help/Systems company) is a leading provider of native IBM i security solutions. This strategic partnership gives PowerTech customers access to the world-class encryption solutions offered by Patrick Townsend.

Tom Huntington, vice president of Technical Services at Help/Systems said, “This is a natural relationship for PowerTech customers who need encryption. The security solutions offered by these two companies are very complimentary.”

Patrick Townsend, founder and chief technology officer of Patrick Townsend Security Solutions, said, “This is just another great way for PowerTech customers to round out their security. While native security solutions can protect data from inappropriate change or deletion, our encryption technologies go a step further to actually protect the data from all inappropriate use or viewing.”

About Patrick Townsend Security Solutions
Patrick Townsend Security Solutions provides data encryption, key management, and secure data transfer products for major enterprise platforms. Its customers include some of the most recognized names in retail, finance, healthcare, and government. Known as the Encryption Company, Townsend Security Solutions was formed in 1984 and is privately held with headquarters in Olympia, Washington. For more information visit www.patownsend.com or call 800/357-1019.

About PowerTech
PowerTech is a leading expert in automated security solutions for IBM Power Systems running IBM i (System i, AS/400), helping users manage today’s compliance regulations and data privacy threats. Because these systems are used to host sensitive corporate data, every organization needs to practice proactive compliance security. PowerTech products provide definitive security coverage. For more information, visit www.powertech.com or call 1-800-915-7700.