• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • As I See It: Searching For The Silver Lining

    June 22, 2020 Victor Rozek

    All clouds, it is said, have their silver linings. Hurricanes are the winds of profit for the building trades; obesity sustains a huge (no pun intended) diet industry; bad relationships sell boatloads of self-help books; and sheltering in place has been a godsend for delivery companies, not to mention cardboard manufacturers, and the sex toy industry.

    Even IT, one of the more bombproof sectors of the economy, is not wholly immune from the laws of cause and effect. Silicon Valley, arguably the most prestigious assembly of high-tech prowess on the planet, was not spared the consequences of COVID-19.

    MIT Technology Review reported on a Stanford University study that showed “as many as 83,000 people” in the area had been infected. At the time, Santa Clara County had only reported “about 950 confirmed cases,” so this was an increase by a factor of 85X. The study suggested that about 4 percent of Silicon Valley residents were walking around with the infection. Many didn’t know it.

    But enough were symptomatic that 132,000 jobs were lost in the Bay Area, about 10,000 of them in the tech industry. Some offices were shuttered; many people were instructed to work from home, and some were told they could continue doing so even after the pandemic subsided.

    That’s a lot of disruption and, as in the aftermath of hurricanes, there are people poised to profit from the adversities visiting Silicon Valley. Among them, landlords in Austin, Texas.

    The problem facing the Silicon Valley unemployed, or underemployed, is that the cost of living in the Bay Area remains ungodly high. Even though COVID-19 drove rents down about 9 percent to 15 percent, the average monthly cost for a one-bedroom apartment in San Francisco is still a whopping $3,360. That’s $40,320 right off the top of your annual income, all before taxes and wine bars and $20 plates of brie and sourdough.

    In Austin, on the other hand, the average apartment rents for about $1,500. It is also home to the University of Texas and has a lively music scene featuring, blues, rock and, of course, kick-ass country. And where there is lively music, it is often accompanied by lively drinking. For the health conscious, Austin also has parks, lakes, lots of waterways and the other, lesser-known Colorado River, good for hiking, biking, swimming and boating. And being Texas, it has men who wear big hats and women who wear big hair.

    More important to IT professionals is an area called Silicon Hills, recognized as the tech epicenter of Texas. Dell started the Texas tech boom back in the mid-1980s, and since then a who’s-who of high-tech aristocracy discovered cheap land and an educated work force in Austin. IBM, Hewlett Packard Enterprise, Cisco Systems, Oracle, Intel, Apple, eBay, and everyone’s favorite defender of irresponsible speech, Facebook all have established either their headquarters or business offices in the area. But that’s just the tip of the proverbial motherboard. In total there are some 5,500 startups and tech companies in greater Austin. An IT professional’s wet dream.

    In fact, IT specialists from Silicon Valley are reportedly heading for the Hills in surprising numbers. And those who haven’t left yet are considering it. Katie Calanes, writing for Business Insider, reports “. . . social networking site Blind conducted a survey of thousands of techies in the region, two-thirds of which said they would consider leaving the Bay Area if their employer allowed them to permanently work remotely.”

    And why not? If you have to drive to work every day, it’s handy to live reasonably close to your place of employment – although commuting from San Francisco to Santa Clara is about as much fun as a daily colonoscopy. But if you can work from home, why not live somewhere less crowded and more affordable? Besides, the Bay Area is full of transplants who came for jobs and quality of life only to discover that their quality of life was diminished by how much of it they could actually afford. Another advantage to Austin is that Texas has no personal income tax. Compared to California, that’s another 13.3 percent of your salary that stays in your designer jeans. There is one notable disadvantage however: once you leave Austin city limits, you’re in Texas.

    The time for fleeing is auspicious. Apple, for example, already employs some 7,000 workers in Austin, and is investing in a second billion-dollar campus that will initially employ 5,000 more, with a possible ramp-up to 15,000.

    Google got its spurs in 2007 with its acquisition of the email security and archiving service Postini. It has since acquired some 300,000 square feet of office space where its teams work on everything from Android and G Suite operations, to support functions including finance and marketing. Next to those offices a tower is currently under construction. When finished it will offer 35 floors of workspace, and Google leased all of it.

    So, at the very least it can be safely said that many of the major tech players are bullish on Austin. A livable city, affordable housing, and a growing IT job market, make it an attractive destination for displaced IT professionals from any region. But it seems that if every cloud has its silver lining, the reverse is also true.

    Amidst the great opportunity lurks COVID-19. KVUE, the local ABC affiliate, reports that Travis county, where Austin resides, just recorded its single biggest increase in COVID-19 cases since tracking began. The former weekly record was 118; the current one is 161. That’s a 14 percent increase, and although not encouraging, it pales next to the 32 percent increase in nearby Hays county, and the 41 percent spike in Burnet county.

    So, as in all endeavors, opportunity must be weighed against risk. Technology, it seems, can save us from a great many things – excessive labor, tedious research, manual data collection and storage, not to mention boredom – just to name a few. But there is one thing it still cannot save us from: Ourselves.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: AISI, As I See It, COVID-19, IBM i

    Sponsored by
    Kisco Information Systems

    The Case For Implementing Exit Points

    By Rich Loeber

    Someone recently asked me if there was someplace on the Internet where they could see a case made for implementing exit points on their IBM i system. I was at a loss for a comprehensive source and this got me thinking that it might be a good idea to just create one here.

    Security exit points on the IBM i (and its predecessor OS/400) have been in existence since the mid-1990s. When the system was opened up to network access, the need for additional security over and above the standard IBM i OS security was apparent. IBM’s solution was to let their customers solve the issues on their own by giving them access to specific decision points in the various network server functions that were being rolled out. Server functions were being added to the IBM i OS to support network access to the system like FTP, ODBC, SQL, mapped drives in the IFS, file upload and download, remote command calls and a lot more. Since that time, even more network functions have been added along with related new exit points.

    To be fair and above board, I must also disclose here that my company, Kisco Information Systems, jumped on the exit point bandwagon right away when the exit points were initially rolled out. Since 1996 we have been selling a comprehensive general use exit point solution called SafeNet/i, now in its 11th release.

    The question I was asked was “Why does my shop need to implement exit point controls?” That is what I want to address here. I will do so by describing several cases where additional security is needed over and above the already excellent security features that are built into the IBM i OS.

    Case #1: The classic case for exit point implementation comes from the 5250 terminal application days. If you have a Payroll Application that runs on your IBM i and is maintained by one or more clerks, OS security has to give access to the payroll files for those clerks, but the application and terminal menu system can easily be used to restrict what operations they can do on the payroll master files. That access will probably grant then *USE access so they can update files and generate payroll checks and reports.

    The above scenario is secure from an application perspective, but you would never want your payroll clerk to be able to download the payroll master files and take them home on a USB drive, would you? An exit point implementation can prevent this access. The exit point process runs on top of the IBM i OS and can be used to restrict server functions by user profile, source IP address and even by objects accessed. This leaves the IBM i OS security intact for the 5250 terminal application and also prevents unauthorized access via the network connection.

    Case #2: Many IBM i shops have one or more “regular users” defined with *ALLOBJ access in their user profile. This can happen for lots of reasons and in many cases, it would take a very long time to correct. I never recommend granting *ALLOBJ access to regular users, but if your system has evolved with this issue, it cannot be fixed overnight. In many cases, the application itself is providing the security. The issue, however, is that these users literally have access to ALL OBJECTS on your system. With network access to your system, one of these users could easily download sensitive data from your system, including credit card information and customer identity information, and hide it on a USB drive and walk out the front door and nobody would be the wiser.

    An exit point implementation can address this issue. Using exit points, you can restrict object access by user profile even though the user is set up with *ALLOBJ. In fact, object access can even be restricted for the QSECOFR security user profile. This can help to protect your system from abuse by a user profile that has been granted more access rights than they really need.

    Case #3: Since the TCP/IP communications utility FTP was added to the IBM i OS, a very easy to use network application lets users interact with the IBM i system without using a 5250 interface. The FTP user can browse objects on your system and upload or download them. A talented FTP user and even execute IBM i commands through FTP. For some shops, you want a user to have these capabilities, but you wouldn’t want them granted on a broad basis.

    Exit points can help with this, too. First, you can easily restrict which user profiles are allowed to use FTP. Then, you can further restrict which FTP commands they are allowed to use letting them do a PUT, for example, but disallowing a GET. Then, you can even give the user contextual access rights by only allowing an FTP connection from a known and trusted IP address, such as an internal IP address. Then, if the user’s credentials are compromised, the FTP connection will still have to be established from a trusted source.

    To sum up: These are just a few examples of why IBM i shops should consider exit point implementation for additional security on your IBM i system. There are literally dozens of additional scenarios that can be described, but these should get you started on making a case for exit points. It is my belief that every IBM i shop should have some form of exit point controls in place in order to be secure. If you are interested, I can heartily recommend Kisco’s SafeNet/i software if you want to jump in and get started.

    If you have questions about details of this tip, feel free to contact me directly by email, download our FREE utilities, or visit our website for more information.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    The Ups And Downs Of The Server Cycle Guru: Use The Administration Runtime Expert To Validate Your System Configuration

    Leave a Reply Cancel reply

TFH Volume: 30 Issue: 38

This Issue Sponsored By

  • ProData Computer Services
  • 400School.com
  • MITEC
  • Kisco Information Systems
  • Raz-Lee Security

Table of Contents

  • Security Gaining Attention On IBM i, But More Progress Needed
  • Abacus Cloud Customers Enjoy Wider Ecosystem
  • Guru: Use The Administration Runtime Expert To Validate Your System Configuration
  • As I See It: Searching For The Silver Lining
  • The Ups And Downs Of The Server Cycle

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • 2021 Predictions for IBM i: Part Two
  • Zend Server for IBM i Now 64-Bit, Available Via RPM
  • New IBM i Logo, Publication
  • Four Hundred Monitor, January 20
  • IBM i PTF Guide, Volume 23, Number 3
  • IBM i Software And Power Systems Upgrades Keep Rolling Forward
  • Preparing For What’s Next In A Thoughtful, Structured Way
  • Guru: Fall Brings New RPG Features, Part 3
  • ARCAD Plugs IBM i DevOps Suite Into Microsoft Azure
  • Park Place Buys Curvature To Become Maintenance Goliath

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2021 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.