Security Architecture For Business Applications

July 7, 2015 Patrick Botz

Developers can make it infinitely less complex to manage the security of a system and can significantly improve the security of any computer system by following a simple architecture in their applications. Conversely, not following a similar architecture makes it virtually impossible for any administrator to both maintain the best security possible and avoid failed and crashed applications.

Nearly everyone in most IT shops assumes that it is the system (or security) administrator’s responsibility to manage access control for the data on the system. They also assume it is the administrator’s responsibility to fix any authority failure issues encountered by users. But when you think about this, it doesn’t really make sense for administrators to have this responsibility.

Who knows more about which data an application uses and how and where within the application it gets used? I assert that few administrators have this kind of knowledge about the internals of any application. Thus, when encountered with an authority failure, they usually “fix” the problem by ensuring that nobody will ever encounter that same failure again. How? By making sure that everyone has the ability to create, read, change, and delete that data or file . . . by default! This, of course, makes it much easier for an attacker to access that data.

But this can be avoided pretty easily without anyone–developers or administrators–having to manage access control for specific users while at the same time ensuring that others using the system but not running the application can’t access the application’s data. This scenario is the cheapest to manage, but it requires that applications be written with a certain set of assumptions that lead to a general security architecture.

The assumptions developers should use when architecting any new application or program are:

Administrators are only responsible for controlling which users are allowed to run the initial program of an application (or the program in the case of an application consisting of a single program).
The application controls that users are allowed to perform the various business functions provided by the application.
Developers implement their applications such that the applications and programs acquire the authority necessary for them to run to completion without a security failure.

Using these assumptions when architecting and implementing an application makes it easier and faster to deploy the application from a security perspective, and makes it much easier and cheaper to manage access control and avoid authority failures over time. If an administrator can assume that the application controls that users are allowed to perform which business functions, then administrators only need to manage which users can use the initial program associated with the application. This makes it very easy to create a group for authorized application users. Add each user authorized to use that application to the group and then grant that group read or use authority to the initial program.

Many business applications are architected with some sort of “business function and authorized users” table that the application uses to control which users are allowed to access which business functions, so that doesn’t represent any new or extra work on behalf of developers. All operating systems support mechanisms and APIs that allow programs to manipulate the authority under which they are executing at the time the program is built and even during execution. Programmers know what data objects they are accessing and what authority the program will need to be running under when it accesses those objects, so programmers can use the most appropriate API to ensure that the program has the required authority to the data at the time it accesses the data. This represents extra work for developers, but just is one time and extremely small (especially when compared to the effort required for an administrator to identify all of the data objects, determine what authority each user may need to those objects, and then attempt to manage that access control over time).

I recently wrote an article for IBM Systems Magazine‘s AIXExtra newsletter that goes into more technical detail about the mechanisms and APIs available on AIX and IBM i–adopted authority and the user profile “swap” APIs being just two of them–developers can use to implement this security architecture. You can find it here. By exploiting these tools, developers can ensure their applications will not fail due to authority failures while administrators can focus only on controlling access for users allowed to run those applications.

Patrick Botz is President and CTO of Botz & Associates. His expertise includes security strategy, security policy enforcement, password management, single sign-on (SSO), industry and government compliance, and biometrics. He is the architect of the SSO stat! service. Previously he worked as Lead Security Architect at IBM, and he founded the IBM Lab Services security consulting team. You can connect with Pat here.

EIM Identifier Naming

Job User Name And Current Job User

Tags:

Do the Math When Looking at IBM i Hosting for Cost Savings

COVID-19 has accelerated certain business trends that were already gaining strength prior to the start of the pandemic. E-commerce, telehealth, and video conferencing are some of the most obvious examples. One example that may not be as obvious to the general public but has a profound impact on business is the shift in strategy of IBM i infrastructure from traditional, on-premises environments to some form of remote configuration. These remote configurations and all of their variations are broadly referred to in the community as IBM i hosting.

“Hosting” in this context can mean different things to different people, and in general, hosting refers to one of two scenarios. In the first scenario, hosting can refer to a client owned machine that is housed in a co-location facility (commonly called a co-lo for short) where the data center provides traditional system administrator services, relieving the client of administrative and operational responsibilities. In the second scenario, hosting can refer to an MSP owned machine in which partition resources are provided to the client in an on-demand capacity. This scenario allows the client to completely outsource all aspects of Power Systems hardware and the IBM i operating system and database.

The scenario that is best for each business depends on a number of factors and is largely up for debate. In most cases, pursuing hosting purely as a cost saving strategy is a dead end. Furthermore, when you consider all of the costs associated with maintaining and IBM i environment, it is typically not a cost-effective option for the small to midsize market. The most cost-effective approach for these organizations is often a combination of a client owned and maintained system (either on-prem or in a co-lo) with cloud backup and disaster-recovery-as-a-service. Only in some cases of larger enterprise companies can a hosting strategy start to become a potentially cost-effective option.

However, cost savings is just one part of the story. As IBM i expertise becomes scarce and IT resources run tight, the only option for some firms may be to pursue hosting in some capacity. Whatever the driving force for pursing hosting may be, the key point is that it is not just simply an option for running your workload in a different location. There are many details to consider and it is to the best interest of the client to work with an experienced MSP in weighing the benefits and drawbacks of each option. As COVID-19 rolls on, time will tell if IBM i hosting strategies will follow the other strong business trends of the pandemic.

When we say do the math in the title above, it literally means that you need to do the math for your particular scenario. It is not about us doing the math for you, making a case for either staying on premises or for moving to the cloud. There is not one answer, but just different levels of cost to be reckoned which yield different answers. Most IBM i shops have fairly static workloads, at least measured against the larger mix of stuff on the public clouds of the world. How do you measure the value of controlling your own IT fate? That will only be fully recognized at the moment when it is sorely missed the most.

CONTINUE READING ARTICLE

Please visit ucgtechnologies.com/IBM-POWER9-systems for more information.

800.211.8798 | info@ucgtechnologies.com

Article featured in IT Jungle on April 5, 2021