JAVA Plugin Problem Resolved…in a ZFE

While not as big as the EU referendum, desktop managers and IT security managers are also absorbing significant news. But unlike the #Brexit, Jonny Crawford offers a little certainty as Oracle are sundowning, or ending support, for NPAPI.

It’s been a big day. It’s time for Reflection.

While not as big as the EU referendum, desktop managers and IT security managers are also absorbing significant news. But unlike the #Brexit, Jonny Crawford offers a little certainty …

What’s happening?

Browser manufacturers and Oracle are sundowning, or ending support, for NPAPI. This is the plug-in widget that supports their browser-based Java applets. This affects those running host environments globally.

What widget?

NPAPI is an initialism for the Netscape Plugin Application Programming Interface. It has been how software developers have written browser plugins for as long as I can remember. So when Oracle want to give the Java Runtime Environment (JRE) the ability to be a browser plugin, both the JRE and the browser must support NPAPI.

What are applets?

Java applets are full Java programs that run inside web pages. Technology has pretty much overtaken them these days – Java Script and HTML 5 offer all the webpage functionality devs need – but back in the 90’s Java applets made webpages walk and talk.

What do they do?

Applets and other NPAPI tech like MS Silverlight pop up whenever the user shifts from online ‘shopping basket’ to order fulfilment. Call centre staff for insurance companies and banks use them to input details into their in-house applications.

Why are Oracle doing this?

In short, because it makes their life more difficult.  NPAPI has significant security holes and performance issues that makes browser security and performance more difficult. This must also be partly customer-driven; insurance companies are not big on tech that may cause a data breach.

Why is this a problem?

Phasing out this unsecure and awkward technology is not without challenges. These applets are buried pretty deep, often connecting the host application to either a back office system or customer-facing app. Work-arounds include launching the applet outside of the browser, which is neither sustainable nor future-proof.

A bigger issue is that Chrome, Firefox and MS Edge no longer recognize or support Java applets or their plugins, such as NPAPI. Google has even removed the technology completely to make way for HTML5.

Thin clients need plug-in support when connecting applications to a host but if the browsers no longer support these plugins, the end result is frustration for employees and customers alike.

Back to the call centre. They need a technology to connect to the host for productivity, lower call volumes and avoiding the necessity to flick between desktop and browser applications. If they can’t have the plug-in, then what is the alternative?

blogpic

Here’s an idea

Replace a thin client host with an HTML5 connection. Remove your company from the resource-intensive cycle of installing, configuring, patching, and managing traditional software across multiple desktops.

Micro Focus Host Connectivity solutions use no Java plugins. Micro Focus Reflection ZFE is efficient and secure browser-based terminal emulation. It uses a true, zero-footprint client that reduces IT costs and desktop management time. With Reflection ZFE, the host screens use HTML5, and therefore any browser. Lower client management costs can reduce the TCO.

What’s next?

Look towards the next generation of Host Connectivity solutions. Contact Micro Focus. It’s the right call.

 

#DevDay Report – so what does COBOL look like now?

David Lawrence reports back from the latest Micro Focus #DevDays and what COBOL looks like these days. With Partners like Astadia it seems like anything’s possible…..including Mobile Augmented Reality! Read on.

To most people, COBOL applications probably look like this:

dlpic1

and are thought to do nothing more than this:

DLpic2

These applications are likely to be COBOL-based. After all, COBOL is the application language for business. With over 240 billion (with a b) lines of code still in production, the fact is that COBOL is used in thousands, if not millions, of applications that have nothing to do with finance.

It’s called the COmmon Business Oriented Language for a reason. The reason is that it was designed to automate the processing of any business transaction, regardless of the nature of the business.

Did you realize that COBOL is also widely used by municipalities, utilities and transportation companies?

At our Nashville Micro Focus DevDay event on June 21, the audience was treated to a very interesting presentation by a major American railroad organization, where they showed us how their COBOL application inventory runs their daily operations (scheduling, rolling stock management, crews, train make up and dispatch).

Earlier in the month we heard from a client who was using COBOL applications to capture, monitor and analyze game and player statistics in the world of major league baseball.

Many attendees of our COBOL and mainframe app dev community events, DevDay, are managing crucial COBOL applications as the lifeblood of their business. From managing retailers’ stock control systems, to haulage and logistics organziations’ shipments and deliveries, from healthcare, pharma and food production organizations, to major financial service, insurance and wealth management systems.

Those applications contain decades of valuable business rules and logic. Imagine if there was a way to make use of all that knowledge, by say using it to more accurately render a street diagram.

You say “Yes, that’s nice, but I already have Google Maps.” All very well and good. But what if you are a utility company trying to locate a troublesome underground asset, such as a leaking valve or short circuited, overheating power cable?

Astadia has come up with a very interesting solution that combines wealth of intelligence built into the COBOL applications that are invariably the heart and brains of most large utilities or municipalities with modern GPS-enabled devices

DevDay Boston

I had a chance to see this first hand at DevDay Boston. DevDay is a traveling exposition that features the newest offerings from Micro Focus combined with real life experiences from customers.

Astadia, a Micro Focus partner and application modernization consultancy, visted our Boston DevDays and showed us their mobile augmented reality application which enhances street view data with additional information needed by field crews.

Steve Steuart, one of Astadia’s Senior Directors, visted our Boston DevDays, and introduced the attendees to ARGIS, their augmented reality solution that helps field engineers locate underground or otherwise hidden physical infrastructure asset such as power and water distribution equipment.

I watched as Steve explained and demonstrated ARGIS overlaying, in real time, the locations of manhole covers and drains in the vicinity of the Marriott onto a Google Maps image of the area surrounding the Marriott Hotel . .. Steve explained that ARGIS was using the GPS in the tablet and mining the intelligence from the COBOL application used by the Boston Department of Public works department to track the locations in real time, superimposed over the street view, the precise location of the network of pipes and valves supplying water to the area

Here’s a picture .. certainly worth a thousand words, wouldn’t you say?

Below you see how the Astadia‘s ARGIS Augmented Reality system sources the data of the local utility company’s COBOL application inventory to give clear visual indications of the locations of key field infrastructure components (e.g. pipes, valves, transformers) over a view of what the field engineer is actually seeing. Nice to have when you’re trying to work out where to dig, isn’t it?

Poc1

Very imaginative indeed, but at the heart of this new innovation, the important data and logic comes from, guess where? . . yes, it comes from a COBOL application. Micro Focus solutions help mine and reuse those crucial business rules locked up in our customers’ portfolio of proven, reliable COBOL applications. This will prolong their longevity and flow of value to the business. Why take all that risk and spend millions to replicate intelligence that already exists, but which has been hard to utilize effectively?

Afterwards, I spoke with Steve – Astadia’s senior director who remarked: “As long as Micro Focus continues to invest in COBOL, COBOL will continue to be relevant.”

Speaking afterwards with Micro Focus’ Director of COBOL Solutions, Ed Airey, he commented

“We are always thrilled to see how our partners and customers are taking advantage of the innovation possible in our COBOL technology to build applications that meet their needs in the digital age. Astadia’s ARGIS product is great. I’m not surprised to see how far they’ve been able to extend their application set in this way – Visual COBOL was designed with exactly that sort of innovation in mind. The only constant in IT is change, and with Micro Focus COBOL in their corner our customers are able to modernize much faster and more effectively than they realize”.

See real world applications and how they can be modernized at a Micro Focus DevDay near you. For more information on our COBOL Delivery and Mainframe Solutions, go here.

David Lawrence

Global Sales Enablement Specialist

DLblog

Neuer Sicherheitsstandard PCI DSS 3.2. – Die Daumenschrauben für die Finanzindustrie werden angezogen – Teil 2

Mit den neuen Sicherheitsanforderungen hat das PCI Security Standard Council ein klares Zeichen gesetzt, wie sensible Daten von Kreditkarteninhaber zu schützen sind. Den Firmen wurde zwar noch eine Schonfrist für die Umsetzung der neuen Anforderungen bis zum 1. Februar 2018 gewährt wird, die entsprechenden Weichen dafür sollten aber bereits heute gestellt werden. Erfahren Sie, wie eine effektive und starke Authentifizierungs-Stratgie Ihnen hilft, das Passwort-Problem zu lösen und compliant zu bleiben.

Im ersten Teil meines Blogs zum neuen Sicherheitsstandard PCI DSS 3.2 berichtete ich über die geänderten Sicherheitsanforderungen, die den konsequenten Einsatz einer Multi-Faktor-Authentifizierung für Administratoren bei Banken, Händler und alle anderen, die mit Kreditkarten arbeiten, nun zwingend vorschreibt. Auch wenn den Firmen noch eine Schonfrist für die Umsetzung der neuen Anforderungen bis zum 1. Februar 2018 gewährt wird, sollten bereits heute die entsprechenden Weichen dafür gestellt werden. Es gibt eine Vielzahl von Herstellern, die unterschiedliche Multi-Faktor-Authentifizierungsverfahren anbieten, und die Anzahl der Authentifizierungsmethoden wächst rasant weiter. So gab die HSBC Bank in Großbritannien vor kurzem bekannt, dass sie ab Sommer 2016 eine Kombination aus Sprachbiometrie- und Fingerabdruckverfahren für die Authentifizierung beim eBanking für über 15 Millionen Kunden einführen wird.

thumb

Das Ende statischer Passwörter und einfacher Pins… es gibt bessere Lösungen für eine sichere Zukunft

Die Authentifizierung, die den Zugriff auf das eigene Bankkonto ermöglicht, erfolgt dann per Smartphone, Stimmen-ID und Fingerabdruck. Innovative Hard- und Software ermöglicht eine eindeutige Identifizierung der Stimme anhand von mehr als 100 Merkmalen, wie beispielsweise Schnelligkeit, Betonung und Rhythmus – auch im Falle einer Erkältung! Ein anderes interessantes Verfahren, an welchem Micro Focus und Nymi derzeit arbeiten, ist die Authentifizierung über den eigenen Herzschlag. Hierfür legt sich der Nutzer ein Armband an, welches den Herzschlag per EKG auswertet und individuelle Muster erkennt und prüft.

Jedes Unternehmen hat unterschiedliche Anforderungen und Voraussetzungen für die Implementierung solcher MFA-Lösungen, und somit gibt es keine „one-size-fits-all“-Lösung. Unterschiede bestehen vor allem bei der Integrationsfähigkeit mit Remotezugriffsystemen und Cloud-Anwendungen. Wie löst man also das Passwort-Problem am besten?

Eine effektive Authentifizierungs-Strategie

Es gibt drei Kernpunkte, die Unternehmen bei der Planung eines für sie passenden Authentifizierungsverfahren berücksichtigen sollten:

  • Abbildung der Business Policies in modularen Richtlinien – vorhandene Richtlinien sollten wiederverwendbar, aktualisierbar und auch auf mobile Endgeräte erweiterbar sein. Das erleichtert die Verwaltung der Zugriffskontrolle für die IT-Sicherheit, da der Zugriff für das Gerät dann im Falle eines Sicherheitsvorfalls schnell entzogen werden kann.
  • Verbesserte Nutzbarkeit mobiler Plattformen. Einige Legacy-Applikationen verwenden zwar ein Web-Interface, sind jedoch weder für den mobilen Zugriff noch für regelmäßige Aktualisierungen ausgelegt. Die Verwendung von Single-Sign-On (SSO) Mechanismen für native und Web-Applikationen kann hier durchaus hilfreich sein.
  • Flexibler Einsatz unterschiedlichster Authentifizierungsmechanismen für ein angemessenes Gleichgewicht zwischen Sicherheitsanforderungen, betrieblicher Handlungsfähigkeit und Benutzerfreundlichkeit. Das Authentifizierungsverfahren sollte immer genau dem jeweils erforderlichen Schutzniveau anpassbar sein. Unterschiedliche Benutzer oder Situationen erfordern unterschiedliche Authentifizierungen – die verwendete Methode muss sowohl zur Rolle als auch zur Situation des Benutzers passen.

Die Planung eines für sie passenden Multi-Faktor-Authentifizierungsverfahren sollten Unternehmen jedoch nicht nur am Status Quo ihrer Anforderungen ausrichten, der Blick sollte sich auch auf zukünftige Bedürfnisse richten. Zu berücksichtigen sind insbesondere die zentrale Verwaltung und Steuerung von Benutzern und Endpunkten, sowie die TCO, und ob neue Anforderungen wie Cloud Services und Mobile Devices über das gleiche MFA-Produkt ohne weitere Add-on Module abgesichert werden können.

Thomas Hofmann

Systems Engineer – Micro Focus Switzerland

TomHofmann

 

The Cloud: small step not quantum leap

Ed Airey, Solutions Marketing Director for our COBOL and mainframe products, looks at how the right technology can take the enterprise into the Cloud – and how one customer is already getting great results.

We have often used the Micro Focus blog to consider the next wave of disruptive technology; what it is and what it means for the enterprise.

We have looked at mobile technology and the far-reaching aspects of phenomena such as BYOD. Enterprise customers running mature, well-established tech have managed all of these with varying degrees of success.

The key to linking older, COBOL applications with more contemporary customer must-haves, such as web, mobile and Internet of Things apps, is using an enabling technology to help make that transition.

The Cloud is often thought of as synonymous with new companies running modern infrastructures. The default target profile would be a recent start-up using contemporary tech and delivery processes. They can set up in the Cloud and harness the power of on-demand infrastructure from the get-go.

But what about…

The enterprise, however, looks very different. Its business-critical business systems run on traditional, on-premise hardware and software environments – how can it adapt to Cloud computing? And what of business leaders concerned about cost, speed to market, or maximizing the benefits of SaaS? Where can developers looking to support business-critical applications alongside modern tech make the incremental step to virtual or Cloud environments?

Micro Focus technology can make this quantum leap a small step and help organizations running business-critical COBOL applications maximize the opportunity to improve flexibility and scale without adding cost.

Visual COBOL is the enabler

With the support of the right technology, COBOL applications can do more than the original developers ever thought possible. The advent of the mobile banking app proves that COBOL apps can adapt to new environments.

Visual COBOL is that technology and application virtualization is the first step for organizations making the move to the Cloud. A virtually-deployed application can help the enterprise take the step into the Cloud, improve flexibility and increase responsiveness to future demand. It can help even the most complex application profiles.

Modernization in action

Trasmediterranea Acciona is a leading Spanish corporation and operates in many verticals, including infrastructures, energy, water, and services, in more than 30 countries.

Their mainframe underpinned their ticketing and boarding application services, including COBOL batch processes and CICS transactions. Although efficient, increasing costs and wider economic concerns in Spain made the mainframe a costly option that prevented further investment in the applications and the adoption of new technologies.

Virtualization enables enterprises to prepare their applications for off-site hosted infrastructure environments, such as Microsoft Azure. It is a simple first stage of a modernization strategy that will harness smart technology, enabling organizations to leverage COBOL applications without rewriting current code.

Using the Micro Focus Visual COBOL solution certainly helped Acconia, who worked with Micro Focus technology partner Microsoft Consulting Services to port their core COBOL applications and business rules to .NET and Azure without having to rewrite their code.

As Acconia later commented, “We can reuse our critical COBOL application … [this was] the lowest risk route in taking this application to the Cloud. Making our core logistics application available under Microsoft Azure … has not only dramatically reduced our costs, but it also helps position our applications in a more agile, modern architecture for the future”.

And as the evidence grows that more enterprises than ever are looking at the Cloud, it is important that their ‘first steps’ do not leave you behind.

Find out more here www.microfocus.com/cloud

social-step-into-the-cloud-600x300

IT-Sicherheit auf dem richtigen Kurs – Micro Focus als Overall Leader im Kuppinger Cole Report ausgezeichnet

Auch dieses Jahr hat das auf die Themen Identity & Access Management sowie digitale Transformation spezialisierte, internationale Analystenhaus KuppingerCole eine detaillierte Analyse von 17 Access Management und Federation Anbietern erstellt. Micro Focus wurde hierbei als marktführend in den Kategorien Produkt, Markt und in der Gesamtwertung als Leader eingestuft. Lesen jetzt im Blog die wichtigsten Aussagen des Reports.

Micro Focus dreimal als Leader ausgezeichnet im aktuellen KuppingerCole Leadership Compass Access Management & Federation

Für IT-Verantwortliche wird es zunehmend schwerer den richtigen Kurs für ihre IT-Sicherheitsstrategie in einer stetig komplexeren IT-Landschaft einzuschlagen. Mit der digitalen Transformation, dem aktuellen Top-Thema, steuert eine große Welle an Veränderungen und Herausforderungen auf die IT zu. Waren es bislang eher die Sensoren im Haus und am Körper von Fitnessfanatikern, die Smartwatch, die Heimautomatisierung und das vernetzte Auto, die die Berichterstattung zum Internet of Things dominiert haben, so werden in Zukunft die durch die Verschmelzung von IT und Industrie entstehenden komplexen Beziehungsgeflechte von Verbindungen, Maschinen und Identitäten unser Verständnis vom Internet der Dinge prägen. Egal ob aktuelle Geschäftsprozesse, bestehende IT-Infrastrukturen oder existierende Kundenbeziehungsmodelle – kein Aspekt bleibt unberührt vom Einfluss der Digitalisierung. Und spätestens nach dem der Europäische Gerichtshofs (EuGH) vergangenen Oktober das Safe-Harbour Abkommen für ungültig erklärt, schwirren wieder deutlich mehr Fragen als Antworten durch die IT-Welt. Wie können innovative Identity Management-Konzepte entwickelt werden? Wie schützt man Daten und vernetzte Objekte besser vor unberechtigten Zugriffen? Wie kann ihre Vertrauenswürdigkeit nachgewiesen und Datenschutz gewährleistet werden?

Next Generation ID – von der taktischen IT-Herausforderung zur  strategischen Infrastruktur

Bis zum Jahr 2020 wird es kaum noch ein Objekt geben, das nicht automatisch identifiziert, lokalisiert und mit anderen Objekten vernetzt werden könnte. Das betrifft vor allem auch bisher nicht vernetzte Bereiche wie Öffentliche Infrastrukturen, Autos, Heimelektronik oder Gesundheitsinformationen bis hin zu politischen Nachrichten. Sicherheit und ein vertrauensvoller Umgang mit Identitäten, sowie schützenswerten Daten und Prozessen haben deshalb oberste Priorität. Vor allem müssen für Personen und Objekte wirksame Möglichkeiten bereitgestellt werden, automatische Identi-fizierungen oder Vernetzungen zu kontrollieren und gegebenenfalls zu unterbinden.
Kunden benötigen Lösungen für neue Geschäftsherausforderungen wie beispielsweise das Onboarding von Geschäftspartnern oder Systemen, Kundenzugänge für Services, Zugang zu Cloud-Diensten und vielen mehr. Die IT muss reagieren und eine Standardinfrastruktur für alle diese verschiedenen Kommunikations- und Kollaborationsbedürfnisse in der ‚Connected Enterprise‘ schaffen. Als Resultat muss Access Management und Federation sich von einer taktischen IT Herausforderung hin zu einer strategischen Infrastruktur verändern, welche die Geschäftsagilität fördert.

Martin Kuppinger, Gründer und leitender Analyst von KuppingerCole, kommentiert den aktuellen Leadership Compass, dass eine der größten Herausforderungen von Access Management darin bestünde, die komplexen Beziehungen von Dingen, Geräten und Menschen zu steuern und die Authentifizierung von Dingen zu unterstützen. Des Weiteren führe die Verwaltung von Millionen von vernetzten Dingen zu neuen Anforderungen an die Skalierbarkeit. Das auf die Themen Identity & Access Management sowie digitale Transformation spezialisierte, internationale Analystenhaus KuppingerCole erstellt einmal pro Jahr eine detaillierte Analyse von 17 Access Management und Federation Anbietern und stuft sie jeweils als marktfolgend, Herausforderer oder marktführend ein.

  • Produkt: Führende Unternehmen in dieser Kategorie stellen die Spitzenprodukte im jeweiligen Marktsegment bereit.
  • Markt: Marktführende Unternehmen verfügen über einen großen, globalen Kundenstamm und ein starkes Partnernetzwerk zur Unterstützung ihrer Kunden.
  • Innovation: Führende Unternehmen in diesem Bereich sind Vorreiter neuer Ideen, Geräte oder Methoden in ihrem Marktsegment.
  • Gesamtwertung: Insgesamt führende Unternehmen werden anhand einer Kombination aus der Leistung ihrer Produkte, aus ihrer Marktpräsenz und aus ihren Innovationen identifiziert.

Micro Focus wird im Leadership Compass Access Management and Federation 2016 von KuppingerCole als marktführend in den Kategorien Produkt, Markt und in der Gesamtwertung als Leader eingestuft.

LC_Access_Federation_Overall_Leader

Insbesondere die erneute Spitzen-Position in der Gesamtbewertung sowie die Auszeichnung, dass Micro Focus als erster Anbieter eine vollständige Integration von Federated Services von Anfang an für webbasierte und cloud-basierte Anwendungen ermöglichte, verstehen wir als eine besondere Auszeichnung für unsere Arbeit. Dies ist ein weiterer Beweis dafür, dass Micro Focus  Anforderungen und Entwicklungen des Markts genau versteht, stets neue und  innovative Lösungen bereitstellt, um die Herausforderungen des digitalen Zeitalters zu bewältigen. Über einen standardbasierten Identitätsverbund ermöglicht es Micro Focus  sicher auf Anwendungen bzw. Dienste anderer Unternehmen oder Cloud-basierte Dienste zuzugreifen, ohne dass sich Anwender erneut anmelden müssen. Darüber hinaus entfällt durch den Verbund die Notwendigkeit von redundanten Identitätsspeichern oder Benutzerverwaltungsprozessen.

Weitere Informationen und den vollständigen „Leadership Compass: Access Management and Federation“ 2016 von KuppingerCole finden Sie hier (https://www.netiq.com/de-de/promo/identity-and-access-management/kuppingercole-report-leadershipcompass-access-management-landing.html)

Christoph

Christoph Stoica

Regional General Manager DACH

Micro Focus

Im Rausch der Daten – der Handel setzt zur EM die Big Data Brille auf

Nicht erst mit dem Anpfiff des Eröffnungsspiels ist die Fussball EM 2016 scheinbar allgegenwärtig. Bereits seit Wochen nutzt vor allem auch der Handel und die Konsumgüterindustrie das Sportereignis für seine vielfältigen Werbekampagnen im Internet und buhlt damit um die Aufmerksamkeit der Konsumenten. Das Ziel ist dabei klar: die Begeisterung für den Sport auf die eigene Marke übertragen, dabei möglichst viele Kundendaten sammeln und analysieren und natürlich den Absatz zu steigern. Christoph Stoica nimmt dies im aktuellen Blog zum Anlass, die sich sowohl für Untenrehmen als als für Privatpersonen verändernden Parameter des Datenschutzes näher zu erläutern.

Für Sportliebhaber bietet das Jahr 2016 einige Schmankerln, denn mit der Fußball-Europameisterschaft in Frankreich und den Olympischen Spielen in Rio reihen sich im Sommer in den ohnehin schon mit jährlich wiederkehrenden Sport-Events vollgepackten Kalender zwei TOP-Events ein. Das Super-Sportjahr 2016 freut aber nicht nur Sportsfreunde, sondern vor allem auch Handel und Konsumgüterindustrie. Sie alle buhlen bereits seit Wochen mit ihren Kampagnen im Internet um die Aufmerksamkeit der Konsumenten. Das Ziel ist dabei klar: die Begeisterung für den Sport auf die eigene Marke übertragen, dabei möglichst viele Kundendaten sammeln und analysieren und natürlich den Absatz zu steigern.

Noch vor dem Eröffnungsspiel zwischen Frankreich und Rumänien letztes Wochenende schwappte die Werbewelle über Deutschland hinweg wie nie zuvor. Sei es, ob Schweinsteiger & Co. als joggendes EM-Team werben, die „Fanhansa“ am Himmel kreist oder schmutzige Trikots nach dem Spiel dank Weltmeister-Waschpulver wieder in strahlendem Weiß leuchten – die Begeisterung für „König Fußball“ scheint alle Branchen ergriffen zu haben. Einige werden jetzt sicher sagen, dass gab es doch schon immer, schließlich fand man Lattenkracher-Brötchen, Volltreffer-Brot oder WM-Gulasch auch schon zu Zeiten des deutschen Sommermärchens 2006.

Ausverkauf der Daten – Quo vadis Datenschutz

Doch die Digitalisierung und die zunehmende Nutzung von social media und Online Werbung erschließt den Werbetreibenden ein neues lukratives Feld – das Geschäft mit Daten. So wie die Kinder eifrig Fussball-Bilder sammeln, so häuft die Industrie immer mehr persönlichen Daten an, analysiert das Kaufverhalten und erhält somit detaillierte Einblicke in das alltägliche Konsumverhalten der Menschen. Mittels Sozial-Plugins wie etwas dem „Like-Button“ werden die Wege und das Surfverhalten zahlreicher Facebook-Nutzer und selbst derjenigen, die nicht auf Facebook angemeldet sind, erfasst und geraten somit in die Datenbestände des US-Anbieters. Spuren im Sand verschwinden – die in der digitalen Welt nicht. Traditionelle Datenhändler kooperieren mit digitalen Datensammlern.

shutterstock_373201492

So besitzt beispielsweise der US-Marktführer Acxiom mittlerweile Dossiers von rund 700 Millionen Menschen, die bis zu 3000 Einzelinformationen je Person umfassen. Zu den gespeicherten Eigenschaften gehören Angaben zu deren Bildung, Wohnsituation, Beschäftigung, Finanzen, Interessen und Gesundheit. Mit 44 Millionen Deutschen zählt Acxiom auch bereits mehr als die Hälfte der hiesigen Bevölkerung zu seinem Bestand. Hinzukommt, dass mit dem vermehrten Einsatz von Metadaten dem Konsumenten die Kontrolle zunehmend entgleitet. Diese Datenschnipsel fallen meist durch das Raster der Datenschutzverordnungen, da jede Metainformation für sich genommen keine Auskunft über die Person geben kann. Doch sammelt man diese in großer Zahl, etwa durch Kreditkartennutzung, Standortdaten und Sensoren im Internet der Dinge, und wertet sie aus, so ergibt sich ein einwandfreies Bild über unser Verhalten, unsere Gewohnheiten und Vorlieben.

Die Datenspuren machen uns berechenbar: Versicherer und Banken können dank der Datenanalyse ihre geschäftstypischen Risiken zu Lasten der Kundinnen und Kunden verringern. Wenn Scoring-Anbieter Einschätzungen zur Kreditwürdigkeit auf der Basis von Standortdaten und Social-Media-Profilen auf Facebook, Xing und LinkedIn ermitteln oder Lebensversicherer Modelle erforschen, die mittels des Konsumverhaltens, des Lebensstils und des Einkommens das Risiko vorhersagen, wer an Diabetes, Bluthochdruck oder Depressionen erkrankt und dann höhere Beiträge zahlen muss und Krankenversicherungen mit Gutscheinen oder Rabatten für diejenigen locken, die Informationen über Ernährung, Fitness, Gesundheitsvorsorge und Lebensstil per Smartphone sammeln, dann wird das Recht auf Datenschutz ein teures Privileg. Denn Personen, die sich der „Überwachung“ Entziehen oder bei den digitalen Prämienprogrammen nicht mitmachen wollen, werden bereits durch die dem Unternehmen dadurch fehlenden Profilinformationen zu einem Risiko und müssen mit schlechteren Konditionen rechnen.

Fazit

Dank Big Data sind Unternehmen und Behörden nun in der Lage, steigende Petabytes an persönlichen Daten für Analysezwecke zu speichern, in der Annahme, dass diese Daten irgendwann einmal einen Wert für sie darstellen könnten. Verbunden mit der Fähigkeit aus den von verschiedensten Quellen über einen langen Zeitraum angesammelten Datenschnipseln Trends abzuleiten und sukzessive ein an Details reichhaltiges Bild des Konsumenten aufzubauen, wird schnell klar wo das eigentliche Risiko liegt: die einzelne, mit wem auch immer geteilten Information ist nicht das Problem – es ist die Anhäufung und die Analyse all dieser Informationen die zu einem schleichenden Verlust an Privatsphäre führt. Die Unternehmen müssen verstehen, dass das Sammeln von privaten Daten ihrer Kunden mit der Bürde der Verantwortung einergeht, Datensicherheit und einen verantwortungsvollen Umgang bei der weiteren Verarbeitung zu gewährleisten. Im Streben nach Geschäftszielen muß stets auch das Streben der Gesellschaft und des Gesetzgebers nach digitaler Selbstbestimmung im Auge behalten werden. Die jüngste Datenschutzreform der EU leistet einen erheblichen Beitrag zu einer Vereinheitlichung der gesetzlichen Rahmenbedingungen in Europa – ein großer Schritt zur Vollendung eines digitalen Binnenmarktes. Unternehmen müssen nun ihren Beitrag leisten und Kontrollmechanismen implementieren um den Zugriff auf die Daten ihrer Kunden zu reglementieren, die Verarbeitung dieser Daten zu überwachen und im Falle von Datenmißbrauch effektive Gegenmaßnahmen einzuleiten.

Christoph

 

Christoph Stoica

Regional General Manager DACH

Micro Focus

The rise of Dynamic Mobile Ecosystems

When you think of Mobile Applications from a testing perspective one of the first big headaches that comes to mind, is just how dynamic Mobile ecosystems are. Owners of iOS devices are well accustomed to being prompted by frequent requests from Apple to upgrade the iOS Operating System throughout their ownership of an Apple device.

When you think of Mobile Applications from a testing perspective one of the first big headaches that comes to mind, is just how dynamic Mobile ecosystems are. Owners of iOS devices are well accustomed to being prompted by frequent requests from Apple to upgrade the iOS Operating System throughout their ownership of an Apple device.

The story for the Android ecosystem is even more complex, the market has a multitude of the big technology players such as “Samsung, HTC, LG, Sony etc..” each providing their own customized OEM version of the Android Operating System and most also running a different version of the Android base operating system at any given time.

To put this into perspective the graph (taken from Wikipedia) below highlights both the pace of releases for Android Operating System releases and how this correlates with the percentage of Android versions accessing Google Play within a given timeframe. For example as of February 2016, Android 4.4 “KitKat” is the single most widely used Android version, operating on 35.5% of all Android devices accessing Google Play.

Android-Graph

What are the challenges for application vendors?

From a high level perspective the major challenge for application vendors is the need to ensure that their applications function correctly within an evolving and fragmented market place. Application vendors now have an immediate need to ensure that their deployed applications are not only compatible on specific hardware devices but also that they function correctly on the most commonly used Operating System versions for each device. Some application vendors main focus is often on ensuring that their application is compatible with the latest Operating System running on the latest shiny new device, however as the graph above highlights, the majority of Google Play customers are not running on the latest Android versions at given time.

Failure to ensure that your application is compatible and provides the same user experience across as wide a spectrum of devices and operating system versions will not only hurt your businesses reputation but will affect the company bottom line. It does not make business sense to either lock out or deploy an app which is incompatible to a significant proportion of your potential customers or market space. According to returnonbehaviour.com 96% of unhappy customers do not complain whilst even more telling, 91% of those customers will never come back.

Therefore if we take a more granular insight and have a look at the key challenges stakeholders within an organization face; we can see that whilst the main challenge of a fragmented market place remains, it becomes intertwined with additional challenges which are unique to each department within an vendors organization. We can categorize some of these challenges as follows:

QA Department:

  • More devices & more market demands typically means slower and more complicated testing cycles
  • Frequent changes and reduced project cycle times make it harder to test thoroughly
  • Device combinations and changing environment makes it difficult to integrate into a formal continuous delivery environment

Development Department:

  • More devices & more market demands typically means slower and more complicated testing cycles
  • Frequent changes and reduced project cycle times make it harder to test thoroughly
  • Device evolutions along with changing business needs make it difficult to ensure user experience

Business Analyst/Product Manager

  • Device priorities are constantly changing so decision making abilities are hindered
  • Lack of visibility across delivery and testing assets slows business agility
  • The capability of business focused stakeholders to participate in quality activities

How using Silk Mobile can overcome these challenges

Silk Mobile is the new software bundle from Micro Focus, which is specifically tailored to address the key challenges faced by application vendors in today’s fast paced Mobile environment. It does this by utilizing the sophisticated testing functional capabilities of Silk Test Mobile, with the powerful performance capabilities of Silk Performer all managed and maintained from the test management tool Silk Central.

Silk-Icons

This unique three pronged approach to testing and test management helps application vendors deliver end to end quality Mobile Applications on time and on budget by reducing the risk of customers experiencing an unsatisfactory user experience. Silk Mobile achieves this goal by delivering return of investment in three key areas:

Speeding up your testing

  • Leverage the cloud for coverage and accuracy
  • Collect and compare performance across the globe
  • Easily identify root cause of performance problems

Safeguard that your apps work anywhere

  • Quickly build cross platform/device automation tests
  • Easily document manual/exploratory testing
  • Understand and document application issues

Confirm that your apps meet customers’ expectations

  • Leverage the cloud for coverage and accuracy
  • Collect and compare performance across the globe
  • Easily identify root cause of performance problems

Each component of the Silk Mobile bundle plays a unique part in helping deliver these benefits

Silk Test Mobile provides:

  • The ability to build automated tests that can run on different browsers & different mobile applications across different operating systems, platforms and devices
  • The ability to increase test coverage faster with reusable test building blocks
  • IDE integration that enables developers to contribute to test automation

Silk Performer provides:

  • Ability to simulate users performance experience across multiple device/network bandwidth combinations
  • Ability to easily collect and compare transaction’s performance across different geographical locations
  • Ability to identify the root cause of application performance problems through powerful, end-to-end diagnostics capabilities
  • Ability to Leverage the cloud to reduce the cost and increase the accuracy of your performance testing

Silk Central provides:

  • Support for the full test lifecycle, from requirements to test execution over to resulting and issue tracking
  • The capability to business focused stakeholders to easily create and reuse automation assets via Keyword Driven Tests
  • The ability to quickly understand and document application issues across devices and platforms
  • The ability to easily document manual testing execution through screen shots, videos and status report on every step in any device

Silk Mobile utilizes the technology of each of software component in conjunction to offer a bundled testing solution that is greater than the sum of all its parts. This unified testing approach for Mobile Applications will significantly help improve “time to market“ and ensure that your application can withstand the rigours of an increasingly fragmented and rapidly evolving market place.

John

Are Your Ex-Employees Insider Threats?

Ron La Pedis reports back from the 2016 RSA Security Conference in San Francisco . If your Ex-Employees are threats to your cyber security what can be done about it?

2016 RSA Security Conference in San Francisco

I was intrigued by Session HUM-R03F at the 2016 RSA Security Conference in San Francisco. At first I thought that the HUM session names meant that the conference organizers finally put together a security comedy track that I could kick back and enjoy.  But after reading the session description, I determined that that the topic was not only no laughing matter, but it hit very close to home.

A long time ago, I was a networking engineer for a mainframe vendor and was reading some system logs to diagnose a problem. I saw a lot of remote logins from one particular account coming in late at night so I looked her up so that I could ask her manager what she might be doing. It turned out that not only did she not work at my organization any longer, she had gone to a competitor.

By reading other logs and matching timestamps, I determined that she was downloading source code for the products that she had worked on previously. When I reported this to my manager, he went to HR and got a list of employees that had been terminated over the past few months and asked me to see if their accounts were still active. To a one, they were – and that’s when A) we discovered that IT was not part of the staff termination process; and B) I started my security career.

lapenispic

Times have changed since then (at most organizations anyway), and IT is included in termination notifications so that the laptop and any USB sticks come back and system access can be disabled for terminated employees.

But sending an email to IT may not remove the insider threat of a terminated employee for many reasons:

  1. Lack of centralized access tracking
  2. Access to cloud accounts such as Salesforce.com and Google Docs
  3. Access to shared, and thus anonymous, privileged accounts such as root
  4. Company- or employee- initiated termination with notice

The first two issues are easily solved by implementing user-centric role-based tools and single sign on (SSO) while the third can be solved through the use of a privileged account control solution. The fourth issue of an employee who knows that they will be leaving your organization will take a hybrid approach.

Let’s take a look back at session HUM-R03F for some details. This session was presented by Dawn Cappelli, Vice President, Information Risk Management and Susan Schmitt, Senior Vice President, Human Resources, both of Rockwell Automation. Their task was to manage the technical and human aspects of insider threats due to reductions in force, outsourcing, global cultural and communication issues, termination for cause and other disciplinary issues.

Their premise is that the human threat to your organization’s information cannot be mitigated unless your IT and HR teams, people managers, processes, and technical tools are people-focused. The main issue is that while it’s impossible to sift through millions of security events, you can use a risk-based approach to filter out the noise and display only the specific events that can point to a threat.

Is an employee acting out of the ordinary? Do you believe that they might be preparing to trash your systems or data, or are they planning to take something with them when they leave? If they do leave, can you tell if and what they may have taken with them?

In a 2013 whitepaper sponsored by Symantec and researched by The Ponemon Institute (disclosure, I am a Fellow of The Ponemon Institute), half of the 3,317 surveyed individuals in six countries say they have taken information, and 40 percent say that they will use it in their new jobs. A study by the Software Engineering Institute says that 50% of insiders who steal IP do it within 1 month of leaving the company, 70% within 2 months, and over 80% take information within 3 months prior to their departure date.

Like the Ponemon study, the analysis shows that organizations can reduce their risk of insider theft of IP through increased review of departing insiders’ actions during a relatively small window of time prior to their departure – if you have the partnerships and tools to do so and you use them before the employee walks out the door.

What can be done?

Many organizations are already running some of these tools, starting with a Security information and event manager (SIEM). But unless you have solutions for identity management, user activity and change monitoring, privileged account management, and data loss prevention (DLP), your SIEM will force you to try to locate a needle in a haystack. Why are these additional products so important?

Identity management enforces real-time identity and access management through policies that do not require human intervention—constant, consistent reconciliation against what role an employee is in and what he or she can access. An access review tool will let you collect then slice and dice user account information based on attributes such as groups, entitlements or high-risk applications. By integrating access review with your identity manager you can automate revocation for a closed-loop approach to user access.

A user activity and change monitoring solution enables your cyber security professionals to detect and respond to potential breaches in real time. This system can provide intelligent alerting of unauthorized configuration changes to systems and applications, or access and changes to critical files, all linked to a specific user account.

Privileged account management locks down named or shared administrator and root accounts and helps customers demonstrate that they are in control over who can access their environment with privileged entitlements. It helps them automatically track who is accessing which account, on which system and at what time. Additionally, intelligent, real-time keystroke or screen video logging will tell you exactly what they did with that account.

One way to protect privileged entitlements is to allow users to “check out” a password from a secure password vault for a specific period of time, then check it back in when they are done with it. Because Micro Focus Privileged Account Manager supports real-time keystroke logging, the session can be automatically terminated and the user’s access revoked if they are caught performing a risky activity, such as accessing restricted data or stopping a service.

Auditors can view recorded keystrokes and if an event requires further analysis, a workflow process escalates the event to the appropriate managers who can take immediate action.

Data loss prevention managers are available with various feature sets. Depending on the solution(s) that you install, a DLP can watch which files are being accessed or to where they are being moved, prevent the attachment of removable media on servers, desktops, and laptops, or can manage or prevent the copying of files to removable media, email, or cloud services.

Summary

Your IT and HR teams, people managers, and processes need to be partners. You need to be aware of changes in your employees’ behavior that could signal that they are about to sabotage systems or download confidential information. And while IT can respond to breaches, it cannot be their responsibility to allow or deny access; that should be up to your line of business managers – which means that you need access management tools in place that allow policies to be set by GUI and not by unintelligible strings of technospeak. Those tools better be in place before an employee who wants to harm your organization starts planning their exit.


LaPenis

 

 

 

 

Ron LaPedis

Global Sales Enablement Specialist

It is ‘game on’ for VOD and live stream suppliers

The latest summer of sport is almost upon us. Jonny Crawford, EMEA International Inside Sales Manager for Micro Focus, reflects on its implications for our customers – and reveals a winning offer to help them hit their goals…

I’ve been watching sport since I was a boy and pretty much every year calls itself the ‘summer of sport’. But this year is unquestionably a big one. Football tournaments both North and South of the equator, the Rio Olympics, the tennis at Wimbledon, Test Cricket, golfing majors – it’s all out there.

But things have moved on since my youth. These days the question isn’t so much what to watch, but how to watch it.

Mobile devices, live streaming and video on demand (VOD) are on the rise and the trend is likely to increase over the next 18-24 months – mobile video traffic alone is set to grow 825% over the next five years.

This year’s summer of sport will see more ‘spikes’ than the running track in Rio. The developers supporting these streaming and VOD applications must cope with the additional traffic all this coverage represents as well as a higher demand for a seamless streaming experience, whether the medium is a handheld device on the commute to work, sitting in the park or at home in front of their 50”, 4k television.

VOD

Developers must ensure these streaming applications deliver what the customers demand, or risk losing subscription fees. Advertisers, also, expect to see their products displayed to best effect. After all, there is plenty of competition out there. But it’s not easy.

Not many people watching ITV HD during the 2010 World Cup recall Steven Gerrard’s goal for England against the USA. That’s because they didn’t see it. The lesson for broadcasters and developers is that people remember what you got wrong a lot longer than what you did well.

The proliferation of platforms – mobile devices, tablets, desktop, internet TV – are all new opportunities for us punters to watch our preferred sport. But they are also just another headache as far as developers and testers and – anyone responsible for setting up these applications and keeping the running while the pressure’s on – are concerned.

Imagine a repeat of the Gerrard Incident. Supposing Harry Kane, Gareth Bale, Robbie Keane or Will Grigg nails a stunning volley while we’re all watching the buffering symbol, a ‘video not available’ notice or an everlasting ‘timeout’ icon. Imagine the language, the feedback on social media – and the impact on the revenue streams of the business offering the VOD or streaming service.

The winning combination

It doesn’t have to be this way. Micro Focus Silk has the perfect team to ensure the summer of sport streams stay up long after the sun goes down.

Switched-on content suppliers use Silk Performer to load and performance test exciting new stuff, such as http live streaming. They get metrics to gauge stream quality that significantly improves the user experience of download times, download-to-play ratios and the live streaming experience. They know they can handle all the loads that the summer of sport will throw at them and address performance issues before a ball is kicked, thrown or hit with something. Singtel already use this platform- and browser-neutral product to underpin their VOIP packages.

So, imagine yourself as a manager. Instead of a team, you are responsible for successfully deploying a streaming application. What’s the best way to get the peak performance from your star asset?

Silk Central: A unified platform to design, plan, execute and track all your functional and performance testing practices across every device and platform.

Silk Test Mobile: Build functional test automation that runs reliably across platforms and devices.

Silk Performer: Performance and load testing automation that represents your users across the globe on their devices, platforms and networks.

So for a glitch-free summer of sport then get in touch with me and we’ll talk tactics and formations. Better make it soon, though, as there is a lot of sport for me to watch over the next few weeks!

JC

 

 

 

 

Jonathan Crawford

EMEA International Inside Sales Manager