I've been wracking my brain, since reading this survey, to sort out why this is so. In this day and age of regularly reported data thefts and data abuses, why would someone who is using what is arguably the most secure computing platform available choose to run it without a full implementation of those features?
Part of this might fall into the category of not really understanding why security is so important. I see several big reasons why you should be concerned about security.
Another part of the reason why so many System i shops have not implemented security can be found from their history. Many of these shops grew up on predecessor systems such as the System/36 and System/38. On those systems, access was restricted to devices that attached by unique twin-ax cabling. This effectively insulated the CPU from the outside world. Security implemented at the menu level was very effective in limiting functions to those who were authorized. But, everyone knows that this is just not the case any longer. Most shops are now fully networked and most System i users connect via a network connection. In today's networked world, this just doesn't cut it any longer. Anyone with a PC and broad system authorities can access and manipulate just about any data on your system. If your system is accessible from the Internet, someone can easily access your system via FTP and you might never know it when it happens.
Just having a system that is known as a very secure system won't keep you from getting in trouble. The tools do you no good if they just sit on your workbench unused. If you're feeling guilty at this point in your reading, do something about it now. Don't end up in the headlines like the recent problems at TJX (the parent company of TJ Maxx) who now hold the record for the most credit card information stolen.
If you have any questions about this topic send me an email, I'll try to answer any questions you may have. All email messages will be answered.
About the author: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.