Security Architecture For Business Applications

July 7, 2015 Patrick Botz

Developers can make it infinitely less complex to manage the security of a system and can significantly improve the security of any computer system by following a simple architecture in their applications. Conversely, not following a similar architecture makes it virtually impossible for any administrator to both maintain the best security possible and avoid failed and crashed applications.

Nearly everyone in most IT shops assumes that it is the system (or security) administrator’s responsibility to manage access control for the data on the system. They also assume it is the administrator’s responsibility to fix any authority failure issues encountered by users. But when you think about this, it doesn’t really make sense for administrators to have this responsibility.

Who knows more about which data an application uses and how and where within the application it gets used? I assert that few administrators have this kind of knowledge about the internals of any application. Thus, when encountered with an authority failure, they usually “fix” the problem by ensuring that nobody will ever encounter that same failure again. How? By making sure that everyone has the ability to create, read, change, and delete that data or file . . . by default! This, of course, makes it much easier for an attacker to access that data.

But this can be avoided pretty easily without anyone–developers or administrators–having to manage access control for specific users while at the same time ensuring that others using the system but not running the application can’t access the application’s data. This scenario is the cheapest to manage, but it requires that applications be written with a certain set of assumptions that lead to a general security architecture.

The assumptions developers should use when architecting any new application or program are:

Administrators are only responsible for controlling which users are allowed to run the initial program of an application (or the program in the case of an application consisting of a single program).
The application controls that users are allowed to perform the various business functions provided by the application.
Developers implement their applications such that the applications and programs acquire the authority necessary for them to run to completion without a security failure.

Using these assumptions when architecting and implementing an application makes it easier and faster to deploy the application from a security perspective, and makes it much easier and cheaper to manage access control and avoid authority failures over time. If an administrator can assume that the application controls that users are allowed to perform which business functions, then administrators only need to manage which users can use the initial program associated with the application. This makes it very easy to create a group for authorized application users. Add each user authorized to use that application to the group and then grant that group read or use authority to the initial program.

Many business applications are architected with some sort of “business function and authorized users” table that the application uses to control which users are allowed to access which business functions, so that doesn’t represent any new or extra work on behalf of developers. All operating systems support mechanisms and APIs that allow programs to manipulate the authority under which they are executing at the time the program is built and even during execution. Programmers know what data objects they are accessing and what authority the program will need to be running under when it accesses those objects, so programmers can use the most appropriate API to ensure that the program has the required authority to the data at the time it accesses the data. This represents extra work for developers, but just is one time and extremely small (especially when compared to the effort required for an administrator to identify all of the data objects, determine what authority each user may need to those objects, and then attempt to manage that access control over time).

I recently wrote an article for IBM Systems Magazine‘s AIXExtra newsletter that goes into more technical detail about the mechanisms and APIs available on AIX and IBM i–adopted authority and the user profile “swap” APIs being just two of them–developers can use to implement this security architecture. You can find it here. By exploiting these tools, developers can ensure their applications will not fail due to authority failures while administrators can focus only on controlling access for users allowed to run those applications.

Patrick Botz is President and CTO of Botz & Associates. His expertise includes security strategy, security policy enforcement, password management, single sign-on (SSO), industry and government compliance, and biometrics. He is the architect of the SSO stat! service. Previously he worked as Lead Security Architect at IBM, and he founded the IBM Lab Services security consulting team. You can connect with Pat here.

Sponsored By
FRESCHE LEGACY

IBM i Modernization Planning with Fresche Legacy
Experience shows that it's best to develop a phased modernization strategy with early wins

At Fresche, modernization and efficient management of IBM i environments is what we do. It's our specialty. We provide highly experienced modernization services in conjunction with tools such as the X-Analysis suite (for deep understanding of your applications, data models, code complexity, business rules, etc.) and the looksoftware suite (to modernize your application UI and improve the complete user experience). Most IT departments have limited modernization experience and are not aware of all the pitfalls that can occur on a modernization journey. Fresche has already met and overcome most obstacles, including difficulties in testing, project management and integration.

Experience shows that there are six main steps that lead up to a successful modernization effort.

1. Analyze your application environment
In large IBM i shops, it is very likely that no one has a complete picture of the application environment. Knowing what you have - and how it currently supports (or doesn't adequately support) the business - is crucial in deciding how to proceed. There are many decisions involved in a well-planned modernization project, and those decisions cannot be made if you do not have accurate metrics about application and database size, quality and complexity, interdependencies, obsolete and redundant code, backup procedures, etc. Using automated tools like X-Analysis to perform a highly detailed analysis of your IBM i application portfolio provides you with a clear picture of what is used in your system and how. This information is crucial before planning your modernization journey.

In addition, you need to begin evaluating target technologies. Remember that one size does not fit all. Not all of your legacy technology needs to move to the same target technology, and some of it does not need to move at all. Hybrid solutions are the key: rarely is there one monolithic solution to a company's modernization needs.

Consulting an experienced vendor such as Fresche can help you with both aspects of this phase. Through Fresche's Strategy and Discovery service, or even by purchasing X?Analysis, you can learn everything you need to know about your IBM i environment and begin reviewing recommendations for modernization.

2. Find the Right Strategy
There are a variety of modernization strategies, and you need to decide which ones are right to support each part of your business. Among the strategies and solutions:

Strategy Solutions

Maintain Application Support Services

Manage Optimize existing applications and improve performance by improving processes,
understanding business rules, and re-using design elements.

Modernize           GUI, SOA and Mobile Enablement
                            Re-hosting
                            Automated Conversion
                            Code Transformation
                            Re-architecting / Re-engineering

Replace Re-write applications on the IBM i
Packaged Applications

Retire Some applications can be decommissioned when newer technology on the platform has
superseded the older functionality

Again, help from an experienced vendor such as Fresche can be invaluable in determining how to proceed. Most companies do not have an abundance of modernization skills and experience and benefit greatly from a vendor's knowledge.

3. Align IT Projects to Business Value Creation
Fresche's experience has shown that willingness on the part of IT and some users is not enough to sustain a thorough and on-going modernization strategy. It is absolutely essential to link each modernization project with a business improvement that will benefit one or more parts of the business. As you are building out your strategy, keep the following points in mind:

• What does the business get out of it?

• Move from an IT-centric perspective to a business-centric one

• Existing IT budgets are rarely adequate to fund mid-to-large scale modernization initiatives;
the business will need to sponsor and fund the project

• A professional and strategic approach to the business is required

You must be able to show what business problems you are solving with each part of the modernization project. You must also be able to show business the return on the investment.

4. Define a Phased-Approach Timeframe that Includes Quick Wins
Organizations typically do not like to invest in multi-year programs where the benefits only appear at the end of an extended period, so it's in your best interests to create a milestone-based plan where each milestone shows a specific business value. Establish one or more quick and visible wins early in the process to show business that the modernization strategy has definite and beneficial goals. These quick-win projects can include rapid Web enablement, UI and workflow customization, database modernization (long names, for example), and a published data model. A variety of tools from Fresche and looksoftware can help with all of these projects.

5. Seek input from line-of-business application stakeholders
In fact, this is something that you need to do throughout your modernization journey. We have already stressed how important it is to define projects in terms of their business value. But it is also important to include business analysts and users as early in the discussion as possible to validate the direction that you are considering and to ensure buy-in. Projects that succeed are ones where business analysts fully understand - and are looking forward to - the benefits that the project will provide.

6. Seek External Validation on Strategy and Approach
Planning and running a modernization project is very different from net new development. It requires in-depth knowledge of the existing system and an understanding of where some of the scope creep and problematic areas could potentially arise. We always recommend obtaining external validation of your approach and strategy from sources that specialize in modernization. Fresche can help, no matter what stage of modernization you are currently considering.

Do you have questions? Do you want some helping building your plan? Talk to an expert.

Want more details about our offerings? Visit our Web site for details.

www.freschelegacy.com

cozTools Brings Subscription Pricing To Software Licensing Manufacturing Automation At A ‘Crossroads’ For IBM i Shops

Table of Contents

Recent Posts

Subscribe

Pages

Search