I think the best way to tackle this situation is to build your case for keeping your iSeries-based infrastructure and put them across in an open and frank debate about the organization's IT direction. The debate would certainly benefit from an independent -- and I mean independent -- risk assessment and return-of-investment report. These would provide a baseline from which arguments both for and against could be judged. Here are some reasons why you may want to consider championing for the iSeries.
The AS/400 has powerful security features built in to it; its security architecture is time tested and has been the backbone of subsequent IBM midrange product lines, including the iSeries. User authorization is mapped to the objects through a well-proven system of user rights, object types, group authorities and special authorities. Every resource is considered an object and authentication and authorization exists at the user and object levels. Users are defined by a user profile, made up of dozens of parameters defining the authorities and environments available to the user.
Your organization obviously has skilled in-house expertise to manage your current infrastructure. There would be extensive retraining requirements if the IT department had to learn how to maintain and secure a Windows-based server infrastructure. Certainly, one process that would need revamping is patch management, to ensure the new system maintained current performance levels. Virtualization is certainly all the rage, but little is understood about the security implications, both long and short term, of running virtual systems. I think virtualization is great for running test and development systems, but I would want to wait until the technology has matured a little further before I bet my business on it.
Counter arguments that you need to consider are the availability of iSeries experts. Finding admin staff to run a Windows environment is going to be easier and cheaper than for the iSeries. In five years time, how easy will it be to recruit iSeries specialists? You certainly need to be aware of IBM's road map for the iSeries so you can counter any arguments based on future compatibility issues with technologies such as smart phones and mobile devices.
Certainly, any migration would need to be rolled out slowly, with less-critical processes migrated first. A virtual environment would actually be a good way to test how any new system handles both business and security requirements. This won't be a short exercise though, and in the end, budget constraints and the overall business environment may well distract your bosses' attentions elsewhere.
Dig Deeper on Microsoft Windows security
Related Q&A from Michael Cobb
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading