IBM i / AS400 Security 

Are you following AS/400 security best practices? It’s time to take IBM i security seriously. A proactive plan will help you stay one step ahead of every storm.

Are you managing the risky security behaviors of your IBM i / AS400 users?

Overall AS/400 security starts with the user, and you don't have to have a full-blown security program to make a difference. Start by identifying those items that will have a greater impact with minimal effort and work your way up to those changes that will take more effort.

Learn how to get your IBM i security program started →


Individual Behavior / Passwords

Security is a personal problem. If people on your team are using weak passwords, reusing passwords, or opening phishing emails, your whole organization could be at risk.



Administrator Privileges

IBM i has eight administrator-level privileges that should be assigned sparingly and monitored vigilantly. IBM recommends that organizations carefully review user roles before assigning special authorities and to keep track of those that have already been granted.


Minimum System QSecurity Level

IBM has established 40 as the minimum level required to support a secure system, so be sure your levels meet that requirement. Also be sure IBM i is running an OS that is supported for at least the next two years.


"An unfortunate reality of doing business today is that online security is everyone’s responsibility. Fortunately, even small steps can greatly improve your security."

— Rob Nettgen, CISSP
IBM i Security Specialist, Briteskies

Are you following IBM i / AS400 security best practices?

You know you should be doing more for your AS/400 security, but where do you start? Whether you're addressing internal needs or meeting minimum compliance requirements, every small step counts. Start by asking the questions below.

Let's work together to start implementing IBM i / AS400 security best practices →

Security Policies and Practices

  • Does your company have an information security policy?
  • Is the policy reviewed and updated annually?
  • Does the policy address IBM i-specific security requirements?

Plans and Procedures

  • Are response and recovery plans in place and managed?
  • Are your cyber supply chain risk management processes identified?
  • Is a vulnerability management plan developed and implemented?

Individual Profiles

  • Do all employees use a unique user profile?
  • Do employees change passwords at least twice a year?
  • Do you have a minimum password complexity policy?


Authorities and Roles

  • Have user roles been defined via groups or authorization lists?
  • Who can create, maintain, and delete user profiles?
  • How and where is adopted authority used?

IBM i Server

  • Is the IBM i running at a security level of 40 or above?
  • Is the System i running an OS that is supported for at least the next two years?
  • Are old versions of Java, WebSphere, or PHP running on the server?

System and Data

  • Do you have a formal offsite data backup rotation?
  • Do you test backup media regularly?
  • Have you implemented encryption and key storage?

A compliance plan vs. a fail safe security strategy for IBM i / AS400 

A compliance plan alone is not enough to safeguard your system, it’s just a component of an overall security policy. Maintaining SOX, J-SOX, HIPAA, GDPR, and PCI compliance is of utmost importance for your organization, but it's not the total picture.

Don't fall victim to believing that because you have a compliance plan in place, you're covered. You need a full security strategy as well, since compliance mandates typically set only minimum requirements.

Contact Us for an IBM i Security Review


Cybersecurity continues to be a top concern for IT professionals. It's time to take information security seriously, so Briteskies is teaming up other industry experts to provide end-to-end security solutions for your IBM i system. Hear more from IT professionals in the 2020 State of IBM i Security Study sponsored by HelpSystems.

Get the study

Partner with leading security firms for IBM i / AS400 security solutions

HelpSystems Security Scan
In just 10 minutes, a free HelpSystems Security Scan will provide you with an initial overview of identified IBM i system vulnerabilities that can put your organization at risk. Using this information, a knowledgeable security advisor will work with you to assess and highlight the potential risks which exist for your IBM i and will provide insights on how you can improve your security plan and data protection.

Take advantage of this opportunity and get started today.
For more information about the Free Security Scan

Allout Trace Monitoring and Auditing Tool
Trace is a monitoring and auditing system for IBM i that enables you to prove and verify that you have strong internal controls over your database management systems.

Contact us to get started


Don't miss this Briteskies and ALLOut Security IBM i webinar replay 

Learn how Trace can provide database auditing and identify unauthorized changes or errors in your IBM i data. Trace for IBM i is a notification system that alerts you to potential suspicious behavior on your IBM i.

To increase the security of your system, Trace helps you:

  • Streamline processes
  • Save time and money
  • Secure servers, applications, and data

Security tools included are:

  • Security management
  • User management
  • Reporting
  • Compliance
  • Project automation

Are you a target for an IBM i / AS400 security attack?

People are often in denial that they are a target for an IBM i security breach. But hackers are always looking to exploit vulnerabilities. The “it won’t happen to me” mentality isn’t going to cut it.
Do you have a pressing security challenge or are not sure where to start?

Contact Us For a Solution


Supply Chain Security Risk

Read how this attack rocked the cybersecurity world →


Ignored Best Practices

  • A failure to follow security best practices led to the 2017 Equifax breach
  • Personally identifiable information of over 148 million people was exposed

Read more about how this security breach could have been avoided →


Failure to Update Systems

  • The 2017 WannaCry ransomware attack targeted Windows users who had ignored recommended security patches
  • Ultimately hit more than 230,000 computers

Read more about what the cyber community has learned following this ransomware attack →


Why hackers target small business

What the smaller guy fails to realize is that a hacker's path to the larger organization may be through him, a smaller, but related company or supplier. 
Terry Ford
Team Lead for Security Services Delivery, IBM Systems Lab

Our Certified Information Systems Security Professional (CISSP) and IBM i certified specialists are ready to help you become more secure.

Learn how to get your IBM i security program started →

1 in 10 tech employees plan to steal company information before leaving

Insider threats are a major security concern for organizations, as even those tasked with protecting a company's data may put it at risk, according to a new survey from Gurucul

Learn how to get your IBM i security program started →