Steven Shull, Projetech & Tyler Caldwell, CISSP, Projetech
Maximo comes with a lot of great security controls, but most are not implemented. All the changes we’ll discuss require minimal effort to implement and have extremely low or no performance impact on your system. We’ll discuss the changes in full detail, including why you should implement the control, related changes that you may need/want to make, and what versions of Maximo you can implement these on (you don’t have to be on the latest version for most of these changes!). Some examples are secured attachments, preventing unauthenticated web services, and better security around integration accounts. Along with securing the Maximo application, you must also secure the Maximo environment. Securing the Application Server through the implementation of role-based access control, policy-based network access, and enforcing SSL communications greatly minimizes its attack surface. With these controls in place and the use of system performance and event monitoring, you can implement your Maximo environment with a defense in depth security approach and provide industry security best practices for your Maximo users. To round out the security approach for Maximo is the administrative controls. The administrative controls include Change Management, Monitoring of IBM Advisories Communications, and Policies and Procedures around daily usage.