It doesn’t matter what industry you work in. Many of your core business applications continue to run on mainframe and mid-range systems, including IBM, Unisys, Tandem, HP, UNIX, and OpenVMS. After all, these are proven platforms for reliability and availability. But today’s security threats, numerous industry regulations (HIPAA, PCI DSS, Sarbanes-Oxley Act, etc.), and your organization’s newest security policies are putting new demands on your tried-and-true applications.
The good news is that you don’t have to re-architect or rip-and-replace your applications. Using a well-thought-out approach can preserve, and increase the value of, the investment you’ve already made in legacy applications. Whether you’re trying to adhere to an industry regulation or follow standard security practices, the following options can help to ensure that your legacy applications are in compliance:
End-to-end encryption – Encrypting the data moving between users and applications is one of the easiest and most basic steps you can take towards securing application access. Attachmate uses SSL/TLS and Kerberos-based encryption techniques to protect data between clients and servers.
Nonsecure protocol replacement – Widely used protocols such as Telnet and FTP have been deemed as nonsecure because information, notably passwords, is sent in plain text—which makes it susceptible to packet analysis. SSH-based clients and servers provide confidentiality and integrity by allowing data to be exchanged using a secure channel between mainframe, UNIX, Linux, or Windows-based systems.
FIPS 140-2 – One of the most stringent security specifications for encrypting data is the U.S. government's Federal Information Processing Standard (FIPS). Vendors may be required to validate their cryptographic products against this standard before they can be deployed and used within the federal government. While driven by the U.S. federal government, these requirements have been adopted by companies in other industries, including financial services and health care. The majority of Attachmate mainframe access products have been validated as meeting the FIPS 140-2 standards for its cryptographic products. The list of certified products, along with vendors’ stated security policies, can be found at http://csrc.nist.gov/cryptval/vallists.htm.
PKI and DOD-PKI – Public Key Infrastructure (PKI) helps facilitate secure communications through the use of digital certificates. DOD-PKI is a specification for the configuration and use of PKI as mandated by the U.S. Department of Defense. A number of Attachmate mainframe access products support PKI and DOD-PKI for host and user authentication during Secure Shell and SSL/TLS sessions.
Authorization and authentication – Attachmate mainframe products include an array of authentication and authorization methods, so you can easily pair them with your existing security framework. To verify user or system identity—and block access to private files or systems through nefarious means—support for Kerberos, PKI, SSH, passwords, Active Directory, LDAP, X.509, smart cards, tokens, web portal authentication methods, IBM Express Logon, and RSA SecureID is provided in both Attachmate clients and servers.
Secure file transfer – A variety of secure file transfer mechanisms are available in Attachmate clients and servers. These mechanisms allow you to send files of any size and manage the process from end to end. Whether moving files internally or externally, between users or systems, automated or user-driven, Attachmate provides comprehensive file transfer solutions supporting nearly any type of encryption (SSL, AES, 3DES, and Blowfish) and any platform (IBM z/OS, Windows, UNIX, and Linux).
Internet-based file exchanges with FileXpress Internet Server.
Customized presentation – By customizing what is presented or accessible through the user interface, administrators can control what information or functionality is available to users. Using a powerful set of web and service-enablement tools (.NET, Java, XML, and web services), developers can repurpose existing legacy data and functionality. They can create new modernized applications or integrate legacy data and business logic with existing applications such as Microsoft Office, and CRM.
Group Policies and User Account Control – Using the Windows policy editing utilities or Microsoft Installer (.msi) packages, you can establish policies across your enterprise that limit access to features to one user, a group of users, a computer, a group of computers, a domain, or the entire enterprise. You can remove commands from the menus, disable buttons on toolbars and QuickPads, and disable keys on keyboard maps. For example, if you want to prevent users from creating a new session, you can remove the New Session option from the File menu.
Trusted locations – Administrators can prevent security risks by allowing users to open sessions and documents only from trusted locations—areas on the local hard disk that are safe for reading and writing user files. Administrators specify these locations in the Trust Center.
Privacy filters – Administrators can define privacy filters that mask sensitive data—such as credit card numbers, patient information, and social security numbers—from terminal emulation screen history, copy/paste, screen capture, printing, and more.