Friday, January 6, 2012

Feeling secure?

In recent posts I have talked about modernizing the application as well as modernizing the infrastructure, both important areas of product development within comForte. With the New Year celebrations behind us, however, it’s a good time to discuss security!

Returning to Boulder, Colorado after spending the New Year in Key West, Florida I was anticipating much colder weather but surprise! It’s almost as warm here as it is in other parts of Florida. Although the break proved relaxing I still managed to find time to blog. And if you missed reading the January 3rd post to Real Time View you may want to check it out, as I provided commentary about a recent online research exchange conducted by The Standish Group. I will not revisit the same subject material as I did in that post but the part I do want to address here has to do with security – a topic you may have come to associate with comForte’s name.

Standish chairman, Jim Johnson, elected to produce a predictions “top ten” list along the style of late night host, Letterman, and among the many points that Standish included was one identified as “National Bionics ID”. Yes it placed third behind the more popular predictions in support of much broader use of “Particle Transference” and even potentially the “Plaque Eating Guinea Worm” and yes, there was some humor associated with the inclusion of them as possible high-profile developments in 2012 that would attract IT managers’ interests. But behind these flashy bullet points lie some intriguing possibilities.

National Bionics ID was just one perspective on security. In other words, not just a craze or even a spoof, but rather an attempt to highlight just how far we all may be prepared to go to ensure our own security – not just physical, such as we come across routinely as we catch a plane – but in cyberspace where so much more damage can be inflicted on us, mostly unaware! Yes, there are some of us now quite prepared to volunteer considerable information about ourselves simply to duck standing in line or risk a cyber-attack.

In previous posts to this blog I referenced exchanges I had had with comForte’s Thomas Burg and Thomas Gloerfeld where we looked at how best to categorize the products being provided by comForte and we came up with the classifications of Application Modernization and Infrastructure Modernization. But we also added to this pair the classification of Security. After all you can modernize the infrastructure and then the applications as much as you like, but increasingly today if you fail to adequately account for security, you may have simply made it a lot easier to penetrate the business logic and data you may have just deployed.

Modernization is not without its price. Standards and open systems are by default those that attract the biggest followings and where little escapes the eye of those who may not share the same interests as we do and are only too anxious to exploit any opening that may appear. As Standish went on to explain as they further qualified the bullet point National Bionics ID and the likely acceptance of identities tied more closely to measurable, biological characteristics “it will be the prevention of identity theft and just the convenience of not carrying driver’s licenses and identity cards that will drive people to want this feature in their lives.”

Facial recognition is already in use across some cities and, without going into specifics, I know I have been scanned several times of late – the greeting from those screening me at the time was such that they could only have found out who I was from the arrays of cameras I passed on my way to the checkpoint. In the past I have avoided providing commentary about security but as from this year I plan to immerse myself more deeply in the subject and working with comForte, as I have these past couple of years, it hasn’t escaped my attention just how important a role security plays in the business comForte pursues. It’s not hard to miss how it is comForte products today that come as part of HP NonStop product packages in support of encryption of data in transit.

“comForte was successful early in having HP NonStop ship our MR-Win6530 as the standard SSL-enabled emulator on the NonStop console and this has proved popular with the NonStop community,” comForte’s Thomas Gloerfeld observed. He then went on to add how today “HP had been selling an optional SSL and then later, an SSH package to the NonStop community but as of September 2011, HP OEM’s this too and it’s now an integral part of the operating system.” This is clearly a world of standards and as always this is in an interest of mine as there’s a strong heritage of success when it comes to embracing standards, and the NonStop community is no exception in this respect.

For many years NonStop has not been the sole server in the data center nor has it been a complete vertical product offering satisfying all the needs of business as a turnkey solution. The days of a single product line satisfying all requirements are long over, and in fulfilling highly focused roles, usually in support of mission critical applications, NonStop servers connect with a diverse array of client and peer servers. There’s no alternative to supporting standards in this new world and the NonStop community is fully aware of this development.

It may be years before you can “walk into a store, face a camera and walk out with your purchases. No mess, no hassle and no drama.” This was a likely future scenario according to Standish. But for those of us working inside the data center there’s already many steps that have been taken to protect identity and to ensure privacy that in time, and with the approval of society at large, it may not be as fanciful as it appears. The coming year will be filled with many interesting developments but I have to believe, for many of us, security is definitely going to percolate even higher up the list (than third) as we wrestle with addressing the world we are modernizing as quickly as we can!

1 comment:

  1. If it was just technology, would not be too hard (relatively speaking) but the other aspects such as sociological, identity proofing, etc., make this a daunting task. Coming up with a workable identity proofing program (foolproof, not overly cumbersome) has severely slowed our HSPD12 efforts.

    So there will be more progress this year but there's a long way to go.