Security Remains Top Concern for IBM AIX Community

0
59

SURVEY OF AIX IT PROFESSIONALS ADDRESSES CHALLENGES AND SECURITY SOLUTIONS THEY PLAN TO IMPLEMENT

by Tom Huntington, Executive Vice President, Technical Solutions, HelpSystems

Did you know that 2018 marks the 30-year anniversary of the IBM I platform? Did you further know that IBM will announce the new POWER9 hardware this year? OK, those were easy. Here’s a real stumper: Did you know that nearly 75 percent of IBM i shops are using open source development tools on IBM I?

In 1986, IBM launched AIX®, its open standards-based UNIX operating system. Now, more than 30 years later, this popular platform runs on IBM POWER® servers and supports critical applications for organizations around the world. With such a strong presence in IT environments, AIX and its specific usage are of great interest to IT experts as they evaluate their own technology ecosystems in light of changing security, regulatory, and efficiency requirements. HelpSystems conducted a survey among 935 IT professionals from various industries around the world to gauge how AIX is being used and the role it will play for IT leaders in the coming years. Following are key findings as it relates to security.

Highlights

IT pros report high satisfaction with AIX and rely on it to run critical business solutions. Although some plan to move to Linux and Windows, many will broaden their AIX footprint indicating the platform delivers the performance, reliability, and security core business processes demand.

  • 89.5 percent report AIX provides a higher ROI than other servers.
  • 81.6 percent use AIX to run at least 25 percent of their core business processes.
  • 54.1 percent expect to increase their AIX footprint, while 18.2 percent will migrate some of their applications from AIX to a new platform.
  • 5.7 percent plan to move all of their applications from AIX to a new platform and 4.8 percent will do so in the next five years with Linux and Windows being the preferred options.

Maintaining cybersecurity and high availability/disaster recovery capabilities are top of mind. While many organizations are proactively putting security solutions in place for their AIX servers, others state having no plans for such measures despite the prevalence of cybersecurity threats and regulatory requirements.

  • Almost all respondents (94.8 percent) reported their organizations must adhere to regulatory compliance requirements including Sarbanes-Oxley (SOX), PCI DSS, HIPAA, and GDPR. Interestingly, many noted a lack of technology proven to protect against common threats. In fact, more than half of respondents said their companies lacked virus protection, network firewalls, two-factor authentication, or database encryption. This is despite the fact that industry regulations require or strongly suggest these types of capabilities.
  • 28.6 percent have two or fewer IT staff members focused solely on cybersecurity, while 71.4 percent have three or more.
    • 64.8 percent of those with 10 or more security staff members ranked high availability/disaster recovery as a top challenge, with 35.2 percent noting cybersecurity as a concern. By contrast, those with the security staff of two or fewer ranked cybersecurity as a lower priority.
  • Almost half of respondents (46.5 percent) named high availability/disaster recovery as a top IT concern for their AIX environment over the next 12 months, likely stemming from the dependence on AIX for core business processes. Companies cannot afford downtime in this environment.

Organizations with larger security teams are more likely to increase their AIX presence despite a lack of related skills

  • 31 percent of respondents working in teams with six to 10 security professionals said AIX skills were a challenge, yet 57.6 percent plan to increase their AIX usage. 40 percent of those with security teams of more than 10 people also noted AIX skills were a challenge, but 60 percent will increase their AIX footprint. This indicates IT professionals believe AIX to be the preferred platform for running critical apps. They will likely lean on vendors and contractors with the necessary security expertise to fill these skill gaps.

Few organizations plan to move away from AIX completely

  • Only 5.7 percent expect to move all applications to a different platform, with Linux and Windows being the preferred options
  • Those moving to Linux plan to use the following servers: x86 (59.2 percent), public cloud (52.1 percent), IBM Power Systems™ (40.1 percent), and mainframe (12 percent). IBM has a notable opportunity with such a large percentage looking at the IBM® Power Systems™ series. The industry buzz around the forthcoming POWER9™ may even be what’s behind the favorability of the AIX operating system. Both POWER8® and POWER9™ servers are optimized and priced to meet Linux market needs. The challenge for IBM here will be to prove that the scalability and performance of these servers is a better choice than an Intel® box.

Top IT concerns for AIX environments vary by industry, with high availability/disaster recovery, data growth, and cybersecurity cited most frequently. Among respondents in the top eight industries, which represented 94 percent of total respondents, there was some commonality in the top challenges selected. There are also notable plans for implementing security and compliance and reporting solutions across industries, perhaps to address compliance gaps for industry regulations.

Keeping sensitive information from falling into the wrong hands is top of mind for IT professionals. It seems like every week a new story comes out about a large data breach or an emerging threat. In this survey, 94.8 percent of respondents said their organizations are subject to regulatory compliance including Sarbanes-Oxley (SOX), PCI DSS, HIPAA, and GDPR. This means leaders in almost every industry are responsible for understanding evolving risks and putting the right technology in place as a preventative measure.

Cybersecurity is a top challenge for 44.8 percent of survey participants, and they highlighted numerous concerns that fall into this category. These include the feeling that management underestimates security risks (59.3 percent), the complexity of government and industry regulations (54.7 percent), and an overall lack of knowledge and skills (47.5 percent).

The good news is there is an array of powerful security solutions available, and IT professionals are either using or planning to implement many of these technologies in their AIX environments. When looking at solutions currently deployed, 66.1 percent have adopted anti-virus protection, 55.7 percent use network firewalls, and 50.2 percent use compliance and audit reporting tools. Many respondents noted plans to implement security solutions, with multi-factor authentication leading the pack at 44.8 percent followed by SIEM/SYSLOG solutions at 42.5 percent, and encrypted and secure managed file transfer at 42.1 percent.

Interestingly, there is a notable relationship between the number of IT security staff and plans to adopt new security applications. Organizations with two or fewer resources devoted to security are much more likely to forego technology in this area. For example, more than 27 percent have no plans to implement anti-virus protection, privileged user management, or multi-factor authentication. By comparison, companies with more than 10 security personnel reported 90.2 percent to have or plan to implement anti-virus protection, 99.1 percent have or plan to add privileged user management, and 95.2 percent have or plan to use multi-factor authentication.

Staying Current

AIX users are staying reasonably current with their hardware and software. Nearly 87 percent of those surveyed are either on AIX 7.1 or 7.2. Only 24.4 percent are using POWER6® technology, although some respondents that use this older version also have POWER8® and POWER7® servers. Almost 90 percent of AIX users have 11 or more partitions of AIX in their environments. As IBM lowers the cost of hardware while increasing the power of the server, we will see more and more partitions in this operating system.

It is also interesting to see that 66.7 percent of survey respondents run Linux or IBM I operating systems on the same servers they use to run AIX. The adoption rate for this is much higher than expected but shows consolidation has occurred even across the various OS offerings. When an organization hasn’t updated to a new OS level, it is generally a reflection of budget, the applications that need to run on the server, or a lack of necessity for adding an OS level or hardware.

AIX continues to be a highly valued operating system for IT professionals across many industries with more than half of those surveyed planning to increase or maintain their AIX footprint. Pressure on IT teams also continues to mount regarding challenges such as high availability/disaster recovery, cybersecurity, and data management. Regulatory requirements are driving the adoption of new security technologies, although companies with smaller cybersecurity teams are less likely to implement common solutions such as anti-virus and multi-factor authentication. Keeping ahead of changing cybersecurity threats means IT experts need to stay abreast of the most cost-effective method of protecting sensitive data and what makes the most sense in their environments.

About the Author

Tom Huntington is Executive Vice President of Technical Solutions at HelpSystems and has been with the company for nearly 30 years. He works with business alliances, acquisitions, and large customer relationships and ensures that the HelpSystems software works with other major software and hardware vendors worldwide. He is the author of the HelpSystems IBM i Marketplace Survey and was named an IBM Champion in 2016, 2017, and 2018 for over three decades of advocation and thought the leadership on the IBM i platform. Tom can be reached online at @tjhuntington and at http://www.helpsystems.com/.