i5/OS may be famous for security, but it doesn't go far enough in protecting your system's data; it doesn't differentiate how the data being accessed can be used. Because read/write/update authority is needed to use an interface such as a 5250 green-screen or a GUI to access the data, unnecessary authority for actions such as FTP can allow files to be moved off the system and intended securities to be bypassed. Therefore, it's wise to supplement your security with third-party solutions that can secure how data can be used with network applications.
One popular way of enhancing IBM's built-in security is to analyze requests—or "transactions"—by parsing SQL statements using a network security application. A manager can review a list of SQL statements and transactions to decide whether or not to allow the activity. This method provides increased security and effectively keeps users out of the system, but it's time-consuming and requires constant maintenance.
IBM uses a more elegant solution for its built-in security, treating requests as "objects" and eliminating the need to examine SQL statements. Many users don't realize that such functionality is available in third-party solutions as well, providing coverage of all the same exit points as popular transaction-based solutions. Let's look at how such a solution can save you time and money and improve your operations and security.
Lost at SQL (or How Transactions Washed the Manager Away)
Transaction-based solutions can export to Excel a list of requests so that a manager can review them and set actions to accept or reject. Sounds useful, right? Now imagine a spreadsheet with 700 lines and 13 columns, containing dense information about locations, servers, functions, transaction times, and jobs. Each line must be reviewed and its action set. Sure, you could get through those 700 lines, but I forgot to mention that they were all generated in three hours. How many will you get next time?
Now imagine that you approved the request Select * from Myfile. When you open your next spreadsheet, you find that a user attempted to access data using select * from myfile. Was it approved? No. This request was rejected because the words "select" and "myfile" were not capitalized. Your network security application is treating these as two different requests, when in fact they are the same. Therein lies the weakness of transaction-based security.
In reality, the problem is much greater than this. The number of SQL statements requiring review can grow exponentially, and it is impractical for a human operator to review them all, constantly updating the software to accept different permutations of the same request. That's why transaction-based security, although popular, is time-consuming, difficult to manage, and error-prone.
The Object of Thy Desire
Returning to the model that IBM has chosen, focusing on objects can relieve you of the hassles of maintaining permissions. By breaking transactions down into the objects being requested, object-based solutions can provide adaptive security that requires minimal input from operators and eliminates the need to parse SQL statements or to "memorize" every transaction.
Let's take another look at the request Select * from Myfile. When we tried to grant permission for this using transaction-based security, we had to backtrack a few hours later when a difference in case created a mismatch. We corrected this problem by also memorizing select * from myfile. Not mentioned above was a later request that came through as SELECT * FROM MYLIB/MYFILE. All wanted access to the same data, but all had to be memorized separately.
This problem disappears when you use object-based security. The object-based solution understands that the user wants "myfile," and it will allow proper access to this object regardless of the syntax. Gone are the bloated spreadsheets, the SQL statements, and the constant reviewing of actions. This means time saved for you, and it also reduces staffing costs and the possibility of configuration errors that can prevent legitimate users from doing their work.
Reclaim Your Time, Improve Your Security
An object-based approach gives you the power to enhance security, improve the user's experience, and put your time to better use. It's no wonder IBM went the object route when building security for the world's strongest operating system. If you're considering implementing third-party security for the first time, choosing an object-based solution is one of the best ways to increase your return on investment. And if you're already using third-party software that is transaction-based, the object model is definitely worth a look. A change could do you good.
Check out Bytware's offerings in the MC Showcase Buyer's Guide.
Mike Grant is CEO and head of development for Bytware, Inc.
More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online