IBM i Reality Check: Outdated Assumptions, Real Risks

Your IBM i system might feel rock-solid — but that stability could be hiding serious risk.

In this episode of Not Your Grandpa’s JD Edwards, we break down what’s really happening in today’s IBM i environments. From security gaps and ransomware threats to staffing shortages and outdated processes, many organizations are operating under a false sense of security.

By the end of this episode, you’ll understand:

• Where IBM i environments are most vulnerable today
• Why stability does not equal security
• How staffing and modernization gaps increase risk
• What a well-managed, low-risk environment actually looks like

Table of Contents

1. Why Companies Are Questioning IBM i Security
2. Where Today’s Risks Are Coming From
3. The False Sense of Security Problem
4. How IBM i Risk Has Changed Over Time
5. The Growing Talent Shortage
6. Common Security Gaps in IBM i Environments
7. What a Well-Managed Environment Looks Like
8. How to Move From Reactive to Proactive 

Why Are Companies Questioning IBM i Security?

IBM i has long been known for its stability.

But as Tim explains, that same strength can also be a weakness:

“The best thing about IBM i is it can run code from 30 years ago… and the worst thing is it can run code from 30 years ago.”

What used to be a closed, highly controlled environment is now:

• Connected to banks
• Integrated with vendors
• Open to external systems

That shift has completely changed the risk profile.

Where Are Today’s Risks Coming From?

Risk is no longer just internal — it’s both:

Internal Risks

• Employees clicking malicious links
• Lack of proper access controls
• Poor security awareness

External Risks

• Exposed interfaces
• Misconfigured firewalls
• Third-party integrations

As Tim shared, even a single user action can trigger a ransomware event if protections aren’t in place.

The False Sense of Security

One of the biggest issues?

Companies assume:

“It’s been running fine for 10–20 years… so we must be safe.”

But that mindset is dangerous.

“You get that false sense of security that nothing is going to happen to you.”

The reality:

• The system hasn’t failed
• But the environment around it has changed dramatically

How IBM i Risk Has Changed

Modern IBM i environments now include:

• Open-source tools
• APIs and integrations
• External data exchanges

Each of these introduces new vulnerabilities.

IBM has provided security tools — but they must be actively used.

Security today is not automatic — it’s intentional

The IBM i Talent Shortage (A Hidden Risk)

One of the biggest threats isn’t technical — it’s human.

• Many IBM i professionals are nearing retirement
• Few new professionals are entering the field
• Skills like RPG, COBOL, and SQL are harder to find

“Within the next 5–10 years, there’s going to be a tremendous number of people leaving and retiring.”

This creates risk in:

• System knowledge
• Maintenance
• Security oversight

Common Security Gaps (What We See Most Often)

From real-world experience, here are the most common issues:

• No user access controls (ACLs)
• Missing logging and auditing
• Lack of intrusion detection
• Poor patching practices
• No centralized monitoring
• No after-hours alerting

In one real case:

A company was down for 2.5 weeks after ransomware due to lack of preparation.

Where Companies Are Most Exposed Today

Based on industry data and experience:

1. Security

More attack vectors than ever before

2. Staffing

Not enough skilled professionals

3. Modernization Delays

Resources diverted to maintenance instead of improvement

What Does a Well-Managed IBM i Environment Look Like?

A modern, low-risk environment includes:

✅ 24/7 Monitoring

Across all systems — not just IBM i

✅ Documented Processes

So knowledge isn’t locked in one person

✅ Regular Security Reviews

Ongoing, not one-time

✅ Tested Backups & DR

Quarterly or annual testing minimum

✅ Clear Ownership Structure

Defined roles and escalation paths

Reactive vs. Proactive Environments

Reactive

• Respond after issues happen
• Limited visibility
• High business risk

Proactive

• Continuous monitoring
• Prevent issues before impact
• Clear recovery strategy

“A low-risk environment isn’t one without problems — it’s one that’s prepared for them.”

How to Start Improving (Without Overhauling Everything)

You don’t need to fix everything overnight.

Start with:

Step 1: Baseline Assessment

Identify gaps and weak points

Step 2: Prioritize Risks

Focus on biggest vulnerabilities first

Step 3: Add Monitoring

Across infrastructure and endpoints

Step 4: Fill Skill Gaps

• Train internally
• Or leverage managed services

Final Takeaway

Your IBM i system being stable does not mean it’s secure.

Most environments aren’t failing —
they’re just not being actively managed for today’s risks.

Want to Know Where You Stand?

If this raised questions about your environment, you’re not alone.

At ERP Suites, we help organizations:

• Assess current risk
• Identify security gaps
• Build proactive strategies

Schedule your IBM i risk assessment:
https://www.erpsuites.com