Boosting administrator security controls in Spectrum Protect 8.1.15

Last week saw the release of the latest IBM Spectrum Protect update. Predatar technology is built to work exclusively with IBM storage software, so naturally we stay very close to the development of what is already an incredibly powerful backup and recovery platform. In fact, Predatar’s Technical Director, Steve Miller is something of an authority on the Spectrum Protect Suite.
   
Here’s his take-aways on the version 8.1.15 release.

A few months back, I talked about Multi-Factor Authentication in Spectrum Protect, and how it would be a fundamental way to secure Spectrum Protect environments from now on.

With the release of 8.1.15, IBM have further beefed-up security access for Spectrum Protect with some relatively simple changes that we tend to take for granted on many other systems that we use.

Complex passwords
Firstly, Spectrum Protect admins can now establish complex passwords requirements. Up until now, it would have been possible for administrator IDs to have simple words as a password. I can’t help but wonder how many installations remain out there with the default userID and password setup still in place since the day it was implemented.

Although Spectrum Protect still doesn’t distinguish between upper and lower case, it’s now possible to set a requirement for passwords to have a set number of alphabetic, numeric and special characters.

Invalid logons
There has also been a refresh with the settings allowed for invalid logon attempts. Previously, the lowest value for this was 0. As it was the default, it effectively meant that invalid logon attempts were not being checked.

As of the new release, the default value for this is changed to 1, and the range is changed from 1 to 10. Again – it’s a sensible, if overdue update, making administrator access more secure.

TLS certificate loophole
Finally, the default behaviour for a new Admin ID is to require a TLS connection. Previously, the default was that the first connection was an enabling session, allowing the administrator ID to download the TLS certificate from the Spectrum Protect server. That’s been recognised as a security loophole and closed off.


In summary

Making data secure has always been the top priority of the Spectrum Protect development team. Encryption, both at rest and in transit was always fundamental, but administrator access had remained relatively open for a long time.

Looking at the pattern of these updates, it’s clear that IBM has recognised the risks of rogue administrator access, and it’s a critical threat to close-down. According to a 2021 report published by Verizon, 36% of data breaches are caused by internal bad actors. The changes that have arrived in 2022 are designed to remove weaknesses and will help to reduce risk in this area, and as a result any organisation using Spectrum Protect will benefit from the updates.

There are lots of ways you can leverage the power of IBM Spectrum Protect and Spectrum Protect Plus to boost cyber resiliency in your organisation. Predatar cyber recovery orchestration works hand-in-hand with IBM storage software to ensure your backups are infection-free and ready for quick, clean and complete recovery when you need it. You can see in this 5 minute demo video, or contact our team with questions.