Tuesday, April 21, 2015

What the future holds … are you scared?

We may be familiar with stories from the past including popular movies and publications but has securing private information become too scary? For the NonStop community there are lots of options ….

This week another trailer was released for the upcoming end-of-year new Star Wars movie: The Force Awakens. Billed as Episode 7, it follows a pretty uninspiring Episodes 1 through 3 that focused on utilizing new film technologies, including a lot of Computer Generated Imagery (CGI) that left many a follower of Star Wars wanting a lot more, and with the release of multiple trailers it looks like Disney, the new owners of the Star Wars franchise, is delivering!  Another image from the most recent trailer features the return of Hans Solo, aka Harrison Ford, and following some scary scenes ends simply with the acknowledgement from Hans Solo, “Chewie, we’re home!” and as a quick glimpse into the future, Star Wars fans are resting easy.

However, for anyone in IT the future is looking a little scary these days even as it returns to computing we are a little more familiar with – the latest embellishment on the old service bureau models. Clouds and even hybrids have been with us, albeit under different guises, for decades and few within the NonStop community are fooled by the latest “window dressing” being applied – so, all my compute resources are off site? Cool! And sure, I can provision for my next application quickly (and with minimal human intervention)? I like it! Much of what is now taking place with respect to computing resources happens in real time and that is just one more attribute that looks familiar to the NonStop community, but with the latest application of make-over of a very old model come risks, uncertainty and a considerable amount of fear among those occupying the C-suites on mahogany row. If only we could turn away all potential intruders even as we make sure nothing truly terrifying has taken place. 

Before contemplating the future it’s good to know that our concerns about security have their roots dating back millennia.  In Biblical times, we read of how Eden’s tree of life was protected following the fall of Adam and Eve. According to Genesis, “Thereupon God appointed Cherubim to guard the path leading to the tree of life with a flaming sword which constantly turned its fiery edge in every direction so that none could pass forward without permission.” Turning to Nordic legends and of the worlds occupied by deities, we come across the story of Heimdall. According to popular beliefs of the time, Heimdall “is the all-seeing and all-hearing guardian sentry of the world, Asgard, who stands on the rainbow bridge Bifröst to watch for any attacks to Asgard. Heimdall can also ‘look across time, as well as space’”. Unlike the Cherubim of Biblical times, it is recorded that Heimdall didn’t so much depend on his sword as he bore the Gjallerhorn ("Yelling Horn"), which he would sound to alert all of Asgard to dangers threatening the city's gates.  

Returning to the issues facing modern day IT and looking too to what the future may hold, USA Today published an article on April 16, 2015,
2025 tech predictions both thrilling and scary. The article then asks readers, “And if things don't go as planned and all our data are allowed to bolt out of the corral?” what then?  It then quotes Rachel Maguire, research director at Institute for the Future, a non-profit think tank, "Well that's the dance that's happening now. We're in the age of omnipresence, so the question is, can we solve for the privacy issue so we and future generations can enjoy the benefits of technology?" 

The USA Today article then wraps up by circling back to the first shift in technology, security. “Under the heading ‘privacy-enhancing tech’ are predictions of cryptographic breakthroughs that hopefully will deliver us from a reality where it seems every major outfit is being hacked on an almost daily basis. Of all the shifts, however, this one clearly deserves the most attention,” the article concludes. Its final thought may be chilling to some but it’s what drives middleware vendors today to do even better, “Without encrypted and secure data transfer, our digital lives will fast become an open book. Says Maguire: ‘The question we need to keep asking is, simply, what is technology setting us up for over the longer term?’”

At the very heart of what scares IT and business executives the most today is security. And yet, there’s a lot that can be done right now to diminish the fear of what lies ahead. In a three part series of posts on Security written for the comForte blog, I began by asking, Does our interest in Top 10 …? In that post I quote comForte CTO, Thomas Burg, who also asks, “It is a mystery to me why it seems to be easier to sell a software product in the six digit price range than to convince customers to get paid-for advice by experienced folks like ourselves or our partners.” In the second post, Time to get fit? I quote comForte Marketing VP, Thomas Gloerfeld, who asks, “why would any of us expect to fully understand all the tools at our disposal if we truly didn’t know what they did or how best to use them?” The third post is yet to be published but it asks yet another question, “What about NonStop? Does NonStop inherently ward off all intrusions or do we need to be even better prepared than ever before?”

One vendor who is leveraging the work of another is DataExpress. Identifying their marketplace as addressing secure, managed file transfer, DataExpress leverage comForte SSL / SSH products provided as part of the NonStop operating systems. “This allows DataExpress to focus on differentiating functionality so important for us when it comes to growing our business,” said DataEpress CEO, Michelle Marost. But DataExpress is not alone when it comes to making sure private information stays exactly that; private!  

“Customers have often used Prognosis to supplement their security monitoring on NonStop. It can detect files being created or changed, abnormal process activity or event messages, and act on them,” said IR Product Manager, Jamie Pearson. “More recently, though, IR have provided a solution called Prognosis Change Auditor to assist with PCI-DSS auditing of configuration changes on the NonStop platform. It detects changes in the configuration of system and application components, which can then be reviewed and matched against approved change requests.”

“Today we provide the OmniAuth module that is used to define rules to reduce fraud, an all-important consideration for FIs and our entry in the all-important Fraud Blocker marketplace. But, OmniAuth is really Authorization which is of course checking security etc. plus checking if you have the money,” said OmniPayments, Inc. CEO, Yash Kapadia. “Looking at OmniPayments as a whole, it comes already equipped with complete security functions for every financial transaction that it handles, including encryption-at-rest and encryption-in-flight. But yes, we acknowledge that it is an ongoing battle as we face-off with the bad guys.”

No discussion on security across American banks and retailers would be complete without some references being made to the looming October 1, 2015, date for acceptance of smart cards with embedded chips – my first card, from CHASE, arrived this past week giving me a total of one Chip and Pin card. In the post of November 10, 2014, The headlines say it all: EMV is an answer! to the blog ATMmarketplace, Yash said, "While it may be true that security will be a problem for all in IT — vendors and users alike — there are steps that can be taken to make life for the bad guys a lot harder." Furthermore, according to Yash, “Smart cards have been in use in most countries around the world for years, and they are now coming to the U.S. (and) since HP NonStop systems have a significant presence in payment-card transaction systems, it is important that the NonStop community be familiar with smart-card technology.”

HP is pursuing greater security options for NonStop systems and this is evident from recent statements made by HP NonStop security architect, Wendy Bartlett. "Defense in depth is critical, particularly when it comes to securing the applications running today on NonStop. We are continuing to invest in the security capabilities of our own products, including but not limited to Safeguard, even as we continue to leverage solutions from both HP's Enterprise Security group and our NonStop partners. There are many aspects of defense in depth, from intrusion prevention to intrusion detection, analysis, and response, so you cannot have too many eyes focused on security. HP NonStop customers expect this level of attention from their vendor and partners.”

Products, services, education plus a healthy assist from HP NonStop development are all readily available and can go a long way to help the NonStop community ensure there’s a depth of defense capable of warding off all but the most persistent attacker and / or someone who has gained inside information – the so-called weak link. Scary scenes from popular movies and legendary defenders from the dawn of time reinforce how important having adequate defenses truly has become – it doesn’t take a think-tank of futurists to keep as sensitized to what is really happening in the world.

As HP noted, when it comes to security, you cannot have too many eyes trained on the problem and looking for new way to add additional layers of defense. For the NonStop community this is encouraging and the fact that the numerous vendors continue to provide security products helps go a long way to slake the thirst of CIOs lining up at the well of safe IT -  yes, we have to solve for the privacy issue in order for future generations to enjoy the benefits of technology! 

No comments: