A Publication of iSeries 400 Experts Total Information Service

System i security guru leaves IBM,
launches consulting company

By Davin Wilfrid
Friday December 7, 2007

Security is a verb.

If that sentence sounds familiar, you probably heard it first from Pat Botz, former chief security architect for i5/OS and co-founder of a new security consulting firm called Group8 Security.

Botz left IBM on October 31 to help launch the start-up company with co-founder Ken Akren (who also co-founded high availability vendor Vision Solutions) and four others. In an interview with Insider Weekly, Botz and Akren said they saw a defect in the current SMB security marketplace.

“We look at the industry and we see few people correctly positioning their products. Most people in the industry will tell people they can’t be secure without their product. That’s just flat-out wrong,” says Botz, VP of security consulting, Group8 Security, Rochester, MN.

Botz and Akren say their business model will be different. Instead of developing and selling a software solution — theirs or anyone else’s — they will focus on helping companies implement appropriate security practices regardless of what platform or security software they are using.

“We’re not aligning ourselves with anyone in the business community to get royalties. We’re going to stay neutral. People want to know that we don’t have another agenda,” says Akren, VP of Business Development, Group8 Security, Phoenix, AZ.

Botz and Akren say they will make homegrown tools and utilities available to customers as part of the consulting services package. Group8 will operate on a subscription model, meaning shops will sign up for consulting services for a fixed term. They believe a typical customer will engage Group8’s services for two to four years.

“We don’t want to make customers dependent on us. We want to train them to become independent,” says Akren.

That sentiment is supported by Botz’s insistence that security should be the responsibility of more than just the IT department. Part of the problem with the security industry as a whole, he says, is that salespeople have convinced companies that security issues are something that can be solved with a software package.

“The first thing that has to happen when trying to secure business assets is that business leaders need to define what their assets are — not in terms of databases and applications, but at an abstract level. Then the leaders need to define what roles are allowed to do what with those assets,” says Botz.

Botz and Akren say cost is a critical element in any implementation of security practices and processes, and one that is often ignored by consultants eager to sell their company’s product.

For example, a company that needs to transfer data from one location to another might be better served by writing the data to tape and carrying it to the second location than by purchasing an expensive encryption solution.

“Security is a function of risk and cost. You cannot deal with security if you don’t deal with both aspects,” says Botz.

Both men say shops must adjust their perceptions of what security means. Security is not about “locking down” a system, says Botz.

“The way I approach this with customers is to say ‘We’re not locking down your system. We’re going to open up your system so everybody can continue to do their jobs with little or no change,’” he says.

For more on Group8 Security, go to www.group8security.com.

IBM warns against counterfeit disk drives Counterfeit IBM disk drives have made their way into the marketplace and are causing failures at some shops, according to an IBM alert circulated this week. “IBM has recently observed cases at our IBM System i customers where disk drives have been procured on the open market and modified to look like IBM drives. These modifications include false labels that look like IBM labels and firmware that is similar to ours. However, the disk drives have not gone through our test processes, don't have the correct firmware, and have sub-standard carrier hardware,” according to the alert, which was written by Dave Verburg, IBM, Rochester, MN. Big Blue says the false disk drives can cause problems for unsuspecting shops. “These issues have led to failures in customer systems. Since these are not IBM parts, they are not covered under IBM's Warranty or Maintenance agreements. IBM recommends that you proceed with caution when procuring disk drives for IBM System i servers from any source other than IBM or other trusted reputable resellers.” For more, contact your IBM representative.