Security Still Top Concern, IBM i Marketplace Study Says
February 1, 2023 Alex Woodie
Security continues to be the number one concern of IBM i shops surveyed for the annual IBM i Marketplace Study conducted by Fortra. Application modernization surged ahead from last year’s finish to make the race for number one interesting, while HA/DR and IBM i skills rounded out the top four concerns.
Fortra (formerly HelpSystems) formally released its 2023 IBM i Marketplace Study last week, making it the ninth straight year that the company has released the study. This year’s study, which you can access here, is based on surveys taken last year by about 300 individuals from the IBM i community. That’s down a bit from previous years, including the 450 who took it last year. But it’s still a representative sample of the IBM i base (or at least the active portion anyway).
Fortra covers lots of ground in its IBM i Marketplace Study and the accompanying webinar that took place on January 26, a recording of which is available here. One of the most interesting components of the survey is the top concern questions, which is a useful gauge of what the installed base considers important. Not surprisingly, security – or cybersecurity as Fortra terms it – retains the number one spot, a position it has held for the past six years.
Steve Will, the IBM i CTO and Distinguished Engineer with IBM, says he’s not surprised to see cybersecurity listed as the top concern.
“There are a lot of developers who feel like they need to have more security knowledge. There are a lot of administrators who feel like they need to have more security knowledge,” Will said during the January 26 webinar. “The fact that threats are constantly changing and that they have to also meet business needs means that people really need to get more information.”
Sixty-eight percent of the survey-takers listed cybersecurity as one of their top concerns, which was actually up from last year, when 62 percent listed cybersecurity as one of their top concerns. Security reached its peak as a top concern in the 2020 study, when 77 percent listed it as a concern.
Application modernization (or “modernizing applications” as Fortra put it) had a surprisingly good showing, with 64 percent of survey-takers indicating it was a top concern. That was up from 56 percent in the 2022 survey, when it occupied the third slot in the company’s question about the top five concerns.
In fact, from 2017 to 2022, there was no change in the top three concerns in the IBM i Marketplace Study, although the percentages did move around a bit. If you go all the way back to 2016, which was the second year the study was published, application modernization was actually the number one concern, with a 58 percent share. Security that year came in at a lowly 33 percent. (The company has since changed its survey methodology.)
Fortra also changed the security question for this year’s survey, and only asked about cybersecurity, whereas last year the company grouped cybersecurity and ransomware into one choice. (Considering that ransomware is one of many possible threats in the cybersecurity world, it was probably a good move.) In previous years, HelpSystems referred to it simply as “security.”
Will said he’s not surprised that ransomware continues to be big issue in the marketplace, but there was one was thing that caught his eye. “I am a little surprised that there are actually 8 percent of the people who say they don’t have a security challenge at all,” he said.
“Good for them, right?” responded Tom Huntington, Forta’s vice president of technical services.
When Fortra asked about cybersecurity challenges, the “Lack of security knowledge and skills” was identified as the number one challenge, with a 47 percent share. That was closely followed by “Threats are constantly changing” at 45 percent and “Balancing security controls and business efficiency” at 39 percent.
IBM certainly seems to have gotten the message on computer security over the past couple of years, and has introduced changes in the IBM i operating system in new releases of the OS and Technology Refreshes that make it easier to identify gaps in security configuration and to lock them down. The IBM i remains one of the most “securable” systems available, Huntington noted. “People need to turn the dials the correct way and that’s the education piece,” he said.
Will concurred. “I never get the impression from my customers . . . that their security challenges are related to things they can’t do on IBM i,” the CTO said. “It’s that they may not know how to do what they need to do on IBM i.”
In terms of what IBM i shops are actually doing to lock down their systems, adoption of secure managed file transfer (MFT) sits in the number one spot, with 49 percent of survey-takers indicating they have adopted secure MFT and another 12 percent plan to introduce it. That was closely followed by the introduction of compliance and audit reporting and privileged user management, both of which have been adopted by 45 percent of the survey-takers, although the “plan to implement” rate for compliance and audit reporting (13 percent) trails the planning for privileged user management (20 percent). Exit point security – which Huntington admits is his bugaboo – lurks in the number four spot with a 43 percent adoption rate and a 17 percent “plant to adopt” rate.
“For me, it always starts with exit point manager and exit point monitoring on this platform as a way of really protecting your data,” he said. “And so it’s good to see a healthy investment in these various technologies that help with additional security around the platform.”
Fortra’s focus is cybersecurity (“Hence the name change,” Huntington said). The company is seeing increased interest in privileged user management and getting a handle on ALLOBJ authority, he said. “We see a larger rise in interest in implementing that, along with multi-factor authentication at 20 percent of the customers who took it are looking at those technologies,” he said.
The threat posed by cybersecurity threats is certainly not a secret anymore. Thanks to high-profile data breaches and other problems, organization of all stripes are increasingly wary of making the front page of the newspaper.
There’s definitely been a sea change in how IBM i shops approach security, Huntington said. “When we started this survey nine years ago, there were people who literally said I have no concerns at all about cyber security,” he said. “That’s changed. It really has.”
Stay tuned for continuing coverage of the 2023 IBM i Marketplace Study.
RELATED STORIES
Security Again Top Concern in HelpSystems Marketplace Study
Ransomware Epidemic Hits Epic Proportions, And IBM i Shops Take Notice
‘Alarming’ Security Gaps Exposed in IBM i Marketplace Report