m-Power Brings 2FA to Web Apps

May 6, 2014 Alex Woodie

Web applications built using mrc‘s m-Power development tool can now supplement password protection with two-factor authentication, the company announced from the COMMON conference in Florida.

The Heartbleed vulnerability in the OpenSSL encryption library has shocked the world by compromising many of people’s supposedly secure and encrypted sessions over the past two years. Users who thought their transactions were secure were actually exposed, putting all of their sensitive passwords at risk.

The Heartbleed episode has given new thrust to alternative authentication mechanisms. The folks at mrc have responded by announcing that applications built with its m-Power tool can support two factor authentication (2FA).

The new 2FA feature in m-Power works by using PIN numbers sent via SMS messages. “Any time a login attempt is made from an unrecognized computer,” the company says, “the application can automatically verify the user’s identity via another PIN number delivered to the verified phone. Without the correct pin number, the user cannot access the account.”

The Chicago company also is boosting its password protection by encrypting passwords within m-Power. The company says it supports multiple password encryption methods and also supports the capability to automatically encrypt passwords.

Password encryption is seen as another layer in the security cocoon. If an organization stores user IDs and passwords in plain text, it runs the risk that all of them will become corrupted if somebody gains unauthorized access to that server. However, if the authentication information is encrypted, it’s useless to hackers, unless they also have the encryption key.

“As security threats evolve, Web applications must evolve right along with them,” Tyler Wassell, mrc’s manager of software development, says in a press release. “These new enhancements help m-Power users keep their data and their applications secure in an increasingly insecure world.”

m-Power Takes IBM i Mobile Apps Offline

m-Power Gets Responsive with Screen Design

Cloud Consultant Program Launched by mrc

User Defined Dashboards Now Shipping from mrc

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Tags:

Best Practices for Doing IBM i Cloud Backup & DRaaS Right

In the technology business for 30+ years including more than a decade in cloud backup and disaster recovery, we’ve learned a few things along the way. Here are best practices to follow – and land mines to avoid.

RELIABILITY. Up to 71% of restores from tape contain failures.

BEST PRACTICE: Use disk-to-disk technology for backups.

With disk-to-disk technology, your backup data resides on disk drives, proven to be far more reliable than tapes. When your backup completes, you know the data is secure and accessible on the disk drive. With tapes you never really know if your data is usable until you try to restore it, at which point it’s too late.

BREADTH OF OFFERING. Choice in product and service offerings meet your business’ needs.

BEST PRACTICE: Don’t settle for less than what you need.

Vendor offerings vary widely. Some are designed primarily for consumers and others for enterprise data centers. Choose a solution that scales and offers the features you need to provide the level of service you expect. De-duplication and delta-block technologies will improve performance, reduce your data footprint and save you money. Find out if their de-duplication offering is at the file level or the block level. Make sure the solution can back up servers, PCs, and laptops as well your applications.

SECURITY. 60% of organizations using tapes don’t encrypt their backups.

BEST PRACTICE: End-to-end encryption with no “back door.”

Using encryption with tape makes backups run slowly and often takes too long to fit within a backup window. As a result, most people simply turn encryption off, creating a security risk. Even with the physical safety of disk-to-disk backup, encryption is essential. Look for 256-bit AES. Find a solution that encrypts your data during transmission and storage. Make certain there isn’t a “back door” that would let someone else view your data.

ACCESSIBILITY. Companies waste thousands of hours waiting on tapes.

BEST PRACTICE: Ensure that you can get your data back with minimal delay.

You should have direct access to your backups, with no time spent on physical transport (no trucks, no warehouses). Restores should take minutes, not hours or days. Set yourself up to work with your data, not wait for it. Make sure your solution provider can meet your Return-to-Operations (RTO) and Recovery Point Objectives (RPO) which determine how quickly you can recover your data and maintain business continuity. Inquire about onsite and offsite replication that provide both improved performance and a solid disaster recovery strategy.

CYBER SECURITY. More than 80 percent of U.S. companies have been successfully hacked, according to a Duke University/CFO Magazine Global Business Outlook Survey.

BEST PRACTICE: Regular cyber security training and phishing tests for all employees using company email are essential to your organization.

Your end-users are the weak link in your network security. Today, your employees are frequently exposed to advanced phishing attacks. Trend Micro reported that 91% of successful data breaches started with a spear-phishing attack. Be sure your vendor of choice includes cyber security training as part of their backup and DR package.

SCALABILITY. Some backup systems can’t scale readily.

BEST PRACTICE: Invest in a data protection architecture that can grow with your business.

You should be able to back up your data no matter how large it grows. Starting small? Look for an option that handles your backups automatically. Then, as you grow, gives you tools to manage complex environments. Look for “changes-only” and compression technologies to speed backups and save space. And insist on bandwidth throttling to balance traffic and ensure network availability for your other business applications. Make sure that their solution offerings rely on common technology to scale easily as your business––and data––grow.

COST-EFFECTIVENESS

BEST PRACTICE: Calculate the true total cost of tape-based back up.

A 2019 Server OS Reliability Survey found that one hour of downtime costs at least $100K for 98% of companies to over $5 million for 34% of surveyed companies. When you do the math, the dollars make sense: Go with disk-to-disk. Unlike tape, there are close to zero handling costs—no rush deliveries, loading, accessing, locating, or repeated steps. And there’s one benefit you can’t factor directly: Reputation. Reliability and security can make an incalculable difference with just one avoided breach or failure.

COMPLIANCE. Most companies have problems satisfying privacy, security, and data retention regulations.

BEST PRACTICE: Choose a data protection partner who has deep know-how about compliance, and the technology to ensure it.

Disaster Recovery. Most companies lack a comprehensive, tested plan for disasters.

BEST PRACTICE: Find a vendor that delivers a complete DR solution.

You can’t say your data protection is complete until you have a disaster recovery plan that is itself complete and tested. Your backup vendor should have both the product mix and professional services team to help you prepare for a worst-case scenario. Make sure they can help configure your backups so you rebound quickly. Best bet: A vendor who can train you to deal with disasters confidently, based on your company’s actual configuration.

EASE OF USE. Some companies don’t —or can’t—manage their backups from one place.

BEST PRACTICE: Get control and reporting you can use anywhere, with ease. Managing your backup environment should be simple, and the software you use should eliminate any guesswork that could lead to lost data. You should know at all times if your data is protected across your entire network—including remote offices—by simply looking at a dashboard. The software should be simple to configure using wizards, yet powerful enough to meet your specific needs with customizable views, job propagation, and roles-based security.

OPERATING SYSTEM AND PLATFORM SUPPORT. Most backup vendors support a limited range of OS, server types, and applications.

BEST PRACTICE: Look for broad and deep technology that supports your complete environment. Your backup solution should accommodate your environment, not vice versa.

CUSTOMER SUPPORT. Backup vendors’ product support varies widely.

BEST PRACTICE: Find a vendor whose support is passionate, maybe even slightly obsessed. Customer support should be one of your vendor’s main selling points. You shouldn’t have to wonder if they’ll be there to help when you need them most. Do they offer phone support or email only, and who exactly are you talking to when you call that 800 number? Find a vendor that will treat your data as if it were their own.

REPUTATION. Does your backup vendor have a quality reputation and the financial resources to stay in business for the long haul?

BEST PRACTICE: Find a vendor with strong financial backing and customer references. There are a lot of vendors that have come and gone. When you consider a service provider, look for one that has strong financial backing, a solid business plan and the ability to be in business as long as your data needs to be stored. Ask for customer references and case studies as their customers are the best validation you can get.

Visit VAULT400.com/proposal to receive a FREE analysis and proposal

DOWNLOAD SOLUTIONS BRIEF:
Best Practices for IBM i Cloud Backup & Recovery

DURING THIS UNPRECEDENTED TIME, DON’T WAIT FOR YOUR BUSINESS
TO SUFFER A DISASTER TO TAKE ACTION.

Serving the US, Canada, & Latin America

VAULT400 Cloud Backup & DRaaS is an IBM Server Proven Solution.

800.211.8798 | info@ucgtechnologies.com| ucgtechnologies.com/cloud

To the First Responders serving on the front-lines during the COVID-19 pandemic,
we extend our heartfelt gratitude.