How many passwords do you have?

Mark Conway, Director of Product Development at Micro Focus, takes a look into Multi-factor Authentication, password security and what it all means for the developer community.

Password Proliferation….

Either they are simple and easy to crack. Or difficult to remember and get written down. They are surprisingly easy to steal. If a Windows authentication dialog pops up, how many of us would just type our password into it without thinking? Are we sure it’s not a web page displaying something that looks like a legitimate prompt but is secretly capturing input?

This isn’t news. Organizations like the Federal Government and PCI (Payment Card Industry) Security Standards Council have mandated what’s call Multi-Factor Authentication. This is often expressed as:

  • Something you know (e.g. a password).
  • Something you have (e.g. a smartcard or phone).
  • Something you are (e.g a fingerprint, or other biometric).

Passwords alone are no longer enough. We’re getting used to multi-factor through consumer sites like Google and Facebook – sometime they SMS us a PIN to use. This is multi-factor. It means that a bad guy must have intercepted your phone as well as obtained your password to get into the application ‘as you’. It’s a lot more secure. There are even some organizations which have removed passwords altogether and just rely on strong authentication.

IAS blog 2

What does this mean for Applications Developers?

Many applications over a few years old used their own user login screens. It’s pretty simple – display a dialog with username and password; look up the username in LDAP, etc. but in the Multi-Factor world it’s not so simple. Every application has to handle the myriad of different inputs and requests required – from finger prints to one-time passwords, from smart cards to image gestures. It’s just not practical, and it definitely wouldn’t be consistent from each application.

Authentication methods are evolving fast. One of the many vendors Micro Focus is working with is Nymi (nymi.com).  Their wristband device uses an ECG to authenticate (and in future it could double as fitness band).

One thing for sure is that “logging in” is going to become more involved for users which will annoy the hell out of them! Biometrics may look like a great solution, but so far nothing is 100% reliable, and a back-up is always needed. We want the burden on normal users to be as small as possible.

IAS 3

Some things that help:

Single Single On (SSO).

Once Authenticated, user should stay authenticated for their “session” – long enough to accomplish their tasks. Other applications should not ask the user to log in again. This means real SSO, not just synchronizing your CRM application logins with your LDAP server and sharing passwords.

Risk-based authentication.

Not all log ins are equal. Do all these scenarios carry the same risk?

  • User was logged in an hour ago, and wants to log in now to the same application, from the same location.
  • A user is logging in at 2am to an application they’ve never used before, and previously they’ve only worked office hours.
  • A user is logging on from a device (e.g. a phone), which they’ve never used before.
  • User is logging in from China, and they are already logged in from Brazil.

What we’re really talking about here is abstracting the notion of authentication & authorization from the application itself. We’ve known this is good practice for years, but just not always done it. With multi-factor it’s no longer an option.  This is a win-win situation: our applications become more secure for users and as Developers, we no longer have to care. That means I’ll never need to implement another login screen again…….

Don’t forget to find out more about the leading Internet Access and Security solutions from Micro Focus by visiting the NetIQ website

Taking COBOL mobile

Organizations without mobile capabilities – or a strategy to achieve them – are standing still. But with the right technology, even older COBOL applications have the potential to go mobile. COBOL has a long, rich history of innovation and is adding to it every day…

Hands up if you have a drawer full of old mobile phones that you will probably never use again? That’s a lot of hands. Sure, we all need a spare, but if you are likely to swap your touch-screen smartphone for your Nokia 6310 then keep your hands up … thought so.

My point is that the increasing consumer adoption of all things mobile, namely phones, devices, apps and services – even our exploration of the Internet of Things – represents an irreversible trend.

The mobile arena is the battleground for today’s digital business. Gartner predicts that by 2017, mobile consumers will download or access mobile apps and services more than 268 billion times. That’s – potentially – a cool $77bn in mobile revenues. The key word is potentially. Any modern business wishing to ride that wave must offer their customers the opportunity to experience their business services digitally or surrender that business to the competitors that can.

iStock_000015940814Small

Balancing act

That is fine in principle. But any businesses must exercise cost control and maintain a ‘balance’ of new innovations and the BAU, ‘lights-on’ work. Essentially, anything leveraging modern tech must deliver a fast return to the business to pay its way – and that means giving the customer what they want sooner than other players in this marketplace.

Typically, organizations with large customer bases that need to deliver applications and data via consumer friendly services – think banks, insurance companies, airlines – are likely to have substantial investments in COBOL. Clearly, these systems were not built with mobile or the cloud in mind and the original developers will not have built in the requisite flex to create digital experiences through mobile applications. Yet the imperative to deliver them remains, so success depends on access to customer data and the ability to leverage core IP and business logic within these COBOL systems.

As has been noted – replacing time-proven COBOL code for an unknown commodity makes little business sense, particularly as COBOL has the inherent capabilities to deliver what the business – and crucially, the customer – needs.

 Portability: the foundation of COBOL’s legacy

For more than 50 years COBOL has embraced continuous innovation. Remember when ATMs were a novelty? Think about how technology has driven the advancement of logistics, banking, equity trading systems – all thanks to COBOL. Ask the Treasury of the Republic of Cyprus about how they have streamlined efficiency and achieved real savings with the language of the future.

Right now, COBOL is connecting more than 500,000,000 mobile customers. So the potential is there. The challenge for the developer is in bridging the gap between the existing technology and the modern capabilities required to take COBOL companies into the future.

The solution to that challenge could be easier than you think. As our ‘fast path to COBOL’ journey explains, re-use is the new ‘start from scratch’. Take your data and applications – your core business logic and competitive advantage – and create something new and exciting from it. Modern tools, such as the Visual Studio and Eclipse are the launchpad for delivering new mobile services faster and the workspace for folding modern languages such as Java, Objective C and C# into current COBOL systems.COBOLallaround

Micro Focus – taking COBOL mobile

COBOL has been our core business for nearly 40 years and bridging the gap between older and new technologies remains our primary mission. If you’re ready to derive more business value from your business applications, take a look at our COBOL to Mobile solutions.

Developers: Take advantage of these free resources.  Get started today with our handy demo code, video and ‘how to guide.

takingcobolmobile

Back to our original point; those old Nokia mobile phones in your drawer might be old, but they still work. The technology has simply evolved and with our help, so can yours.

But don’t bother swapping your laptop for a ZX Spectrum. With only 16KB of RAM to play with, your chances of reading this blog are pretty slim.

MelBurns

Beyond Terminal Emulation: Rumba+ looking good with Award-winning usability

We always said it – and now we can prove it. Rumba+ really does represent a class-leading Terminal Emulation and User Interface modernization solution. . Good enough to have won a 2014 Product of the Year Award from Mobility Tech Zone.

rumbachampionFrom who…?

Mobility Tech Zone is the go-to web resource for the mobile broadband industry. It’s a rolling feed of news, analysis, product info and downloadable resources for mobility and communications professionals. It has a clear focus on the innovations they need to overcome the challenges of disruptive technologies like BYOD and the rush to mobile.

Mobility Tech Zone is sponsored by TMC and Crossfire Media and TMC’s remit includes call center technologies, just one area where Rumba+ is proving to be a game-changer. It’s likely that the judges recognise the potential of Rumba+ to make a real difference to their specialist area. Maybe that’s why they were “very impressed” with Rumba+….

Award-winning mobility

Carl Ford, CEO and Community Developer, Crossfire Media, explains. “As leaders in the evolution to mobility we feel our award winners are delivering on enabling users by making carriers and enterprise networks capable of supporting our exponential data demands.”

In other words, Carl was looking for products that genuinely enable mobility in data transfer. That could almost be a product description for Rumba, which is bringing mobility to business applications and enabling a new view on established applications, bringing a fresh perspective on the world of green-screens – and all without changing a single line of code. Now that’s innovation.

As the Mobility Tech Zone award has recognised, Rumba delivers on the ‘enabling users’ aspect –major players like Allianz are accessing their core applications with user-friendly home tech, such as iPads, Windows and web browsers to slash ‘on-boarding’ times and boost business efficiency.

Meanwhile Aviva Italia have used Rumba+ to improve the user experience for the people who use their applications – improving their chances of recruiting and retaining industry talent, as digital expert Matt Ballantine notes on his blog. Many other Rumba+ customers enjoy the productivity gains and bypass the accessibility issues plaguing nearly half the companies appearing in the ‘IT Growth and Transformation’ survey recently commissioned by managed services firm Control Circle.

Achievable modernization from Rumba +

Similarly, this Vanson Bourne survey discovered that 54% of CIOs believe their green screens are “negatively impacting end user retention and recruitment”, while 98% of respondents recognise that new features would boost productivity but think modernization is too difficult. Well not anymore!

Rumba+ is risk-free, cost-effective technology that improves end-user efficiency without recoding. Need five more reasons to make the move? Try these.

Delivering modern user experiences is high on the CIO agenda. Rumba + consistently outperforms other products in the terminal emulation space, as Adam Rates, Senior IT Manager at Allianz UK notes in their case study …. and Mobility Tech Zone agree. Try it for yourself right here….

Rumba+

Transforming the Enterprise, One User at a Time

With so many new trends emerging in the mainframe world, is the end user being forgotten?

The mainframe world. The opportunities are endless, the possibilities limitless. Correspondingly, expectations from the business are usually ambitious. However, meeting those expectations is anything but easy. There are lots of issues to contend with: the volume and diversity of required change, managing a bewildering system complexity, often with limited investment, and typically in the fact of aggressive timescales. But while IT team scramble to determine the best ways to tackle things and what to do first, the rest of the business sees it as navel-gazing.

So what is the business asking for? After all, the technology is just there to enable the business. What does the user community really think about the IT service it receives?

But wait, what about those emerging trends we need to exploit to capitalize on our competitive advantage? What about the next generation of technology that IT need to innovate to secure our future growth?

Let’s explore a list of those emerging trends and consider how IT can satisfy the demands of the most important of critics – the end user.

BYOD

In a previous blog, we described the phenomenal rise of Bring Your Own Device (BYOD) and how it is being embraced by many organizations. You want easy access, you want availability, you want power and control as a user. Access to core apps need to be instantaneously provided on your device of choice, without further burden on the overworked development teams. Safe and secure access to core mainframe apps, from your chosen device. What is needed is technology that can embrace BYOD without compromising on mainframe resilience. What can provide all of this? Rumba+. Tick.

Mobile Computing

With mobile devices spreading faster than any other consumer technology in history, everyone wants to ‘go mobile’. You want a mobile workforce, you want flexibility, accessibility and agility. You want safe and secure access to core mainframe apps, from mobile devices, whenever, wherever. Rumba+. Tick.

End-User Computing

IT just isn’t cutting it. Its reputation is through the floor. It can’t deliver updates quickly enough, and the rest of the business is complaining. Users deride the so-called enhancements to the applications because they look archaic. The balance of power is shifting, IT is no longer setting the agenda on technology. The business teams and marketing leaders are requesting specifics and tech-savvy end users are pushing the boundaries each week. Pent-up demand for innovation is rising. Provide those ground-breaking new facilities they need, quickly. Find the quick wins and the innovative improvements the user community needs. Regain the reputation. Innovate, quickly and without risk. Rumba+. Tick.

IT Skills

Building smart new interfaces takes time. Expensive programming time. Building points of integration between smart new interfaces and existing back-office (mainframe-based) systems is just as tricky. Setting up and deploying new user services in a Java application server is hardly straightforward either. IT skills to support a ‘home grown’ innovation such as new user applications are expensive and not always available. Relying on costly and time-consuming efforts like this is inefficient and risky. If only there was a way to get those required user changes without needing specialist skills. Rumba+. Tick.

IT as a Service (ITaaS)

IT is constantly in demand. And when treated as a separate enterprise within the organization, there are additional pressures to achieve. Heavy reliance and continuous demands, issues and requests puts IT in a tricky position. They must juggle the never-ending requirements. And, with emphasis always on the line of business, there’s often very little time left to innovate.

To top it off, costs are often tightly controlled, with the requirement to act as a profit centre. Therefore how can IT possibly build new applications – or even re-write them – with all these constraints? The solution is technology which allows existing applications to be modernized quickly and easily, without any requirement for coding or specialist development knowledge. Rumba+. Tick.

The Modern Mainframe

The IBM mainframe has come a long way in the 50 years it’s been around. The modern mainframe can handle far larger quantities of data, process vast application estates, support a cloud infrastructure, and provide unprecedented levels of flexibility and return on value. A vast improvement in the technology hasn’t, however, equated to the same improvements in user experience, with tired old character-based user interfaces still widely used. Imagine having the option to modernize your user interface with all the features and controls of modern interfaces, and then having it available on desktop, web and mobile. You guessed it. Rumba+. Tick.

Rumba+

In a mainframe world with endless opportunities yet constant business challenges and emerging trends, Rumba+ helps tick all the boxes. Rumba+ is where green screen apps meet modern interfaces, accelerating efficiency and enhancing the user experience. Provide core system access from Windows, iPad or your web browser – without the risks of new code or reprogramming.

See for yourself how Rumba+ addresses your business issues with our ‘Top 5 Reasons to move to Rumba+’.

The future of the workplace: BYOD

Introduction

The rise of BYOD to the point of being a de-facto standard in today’s corporate world is causing a shift in employee and corporate culture. But also it is directly affecting how core IT systems are provided. This blog discusses the race is on to deal with the unplanned impacts of BYOD.

Paperless office

We’re constantly moving closer to achieving the notion of a paperless office – and now with the move towards BYOD (Bring Your Own Device) it doesn’t seem too far away. After all, why use a notepad and pen if you have a handheld tablet device?

According to studies, 89% of IT departments enable BYOD in some form. It’s highly likely that BYOD will feature – policy or not – within your organization in some form. While many organizations provide their employees with some devices – usually a mobile and laptop, it is not uncommon for staff to use their own personal technology when working, in addition to any standard issue kit.

BYOD here for the long-haul

With fresh new technology being introduced so frequently, and people becoming more and more gripped by their sparkling new devices, it’s not surprising that people are bringing them into work. Why? Who knows – maybe better ease of use in comparison to their work devices? Despite the reason, organizations are having to face the issue head on – should they embrace BYOD, or ignore it and hope it’s just a temporary trend.

BYOD does seem to be here for the long-haul, although with the growing demands of employees organizations may have to restrict such policy. CYOD (Choose Your Own Device) embraces all the attractive aspects BYOD has, although gives IT more control and allows them to support a chosen few instead of any device employees may have – and depending on the size of your organization that could provide real difficulties.

Although as daunting as implementing a BYOD or even a CYOD policy may seem, there are a number of benefits for the organization – increased productivity from employees, save money from costs savings and a more flexible workforce to name a few.

But what about Security?

It’s not all rosy, right? There are known challenges organizations face as a result of the move to a BYOD environment:

Security is a widely talked about issue surrounding BYOD – (Just look on twitter: each #BYOD tweet is either followed or preceded by some reference to security). Security is a hot topic for BYOD. Supporting a new array of devices poses a big security risk – what happens if an organizations’ data is misplaced, on a train, in a café – there have been many very widely-publicized examples.  We recognize security is an important factor while considering BYOD, although many avoid or simply don’t identify the importance of the effect of BYOD on current IT infrastructure…

What about Integration?

BYOD has a major knock-on effect on how everything currently works, with significant required changes in terms of integration with current IT infrastructure. Employees want to be able to do everything they can currently do on their work device, although now with their IOS mini tablet, Android mobile or Windows device. For IT, this is a headache. How do you deal with a single type of device let alone many different types of devices?

Furthermore, many of the core business IT functions and applications are likely to be running on a zEnterprise z/OS system, accessed through well-defined asynchronous links and well-established security protocols. These applications, of course, are themselves well-defined, if somewhat dated. Their function key, monochrome operation is a far cry from modern device-friendly interfaces.

With an army of staff (not to mention customers) wishing to access core mainframe applications via their personal devices – for an overworked IT team, this represents an unprecedented additional burden, just to “support BYOD”.

Bridging the Old and the New: Impossible?

How can personal devices access the applications held on the mainframe? Can all forms of device access the mainframe, or do we consider a CYOD roll-out? Can the mainframe handle the changes? Will a BYOD (or possibly CYOD) strategy adversely affect the mainframe set-up?

Unquestionably the introduction of mobile devices into the workplace will challenge the agility of many critical legacy applications, right? Wrong. Many organizations get fooled into thinking their ‘green screens’ (3270/5250 terminals) will not be compatible with their employees modern devices and therefore result to rewriting entire applications or purchasing a middleware solution – this is time consuming, very risky and extremely expensive.

Embracing BYOD with Rumba +

Rumba + Mobile is the first mainframe user interface (UI) modernization application for tablet devices. The new solution enables organizations to quickly modernize zEnterprise-based 3270 green-screen applications on mobile devices. The application interfaces can also be streamlined to reduce the user effort. The newly-presented interfaces quickly improve the end user experience, boost end-user efficiency and bring a modern look and feel to legacy business applications, all without the need to change application code or use specialist development skills.

BYOD may feel like it casts a dark shadow over existing operations, but Rumba’s low-risk approach to modernization allows new devices to “plug in” to existing core application infrastructure and make your BYOD implementation a much more viable prospect.

Click here for more information on Rumba +.