For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Subscribe to
Computerworld 40 years of the most authoritative source of news and information for IT leaders.
|
|
|
|
February 02, 2004 (Computerworld) -- ... who believe that incompatibility among security products impedes their efforts to lock down their systems. Vendors "need to open up their security model, so companies can apply the product to their own security needs," argues Allen Kerr, vice president of IT infrastructure and information security at Premera Blue Cross in Mountlake Terrace, Wash. Kerr points to vendors that claim, for example, that a product is compliant with the Health Insurance Portability and Accountability Act, which is good. But that doesn't help him when he needs to extend the product to be compliant with patient health information strictures set by individual states. "I say, open up the security model so I can be compliant across the board," he concludes. Phil Attfield, an IT security consultant in Fall City, Wash., agrees. "Security is infrastructure now," he says, "and it needs to have policy enforcement standards set across the board." Unless vendors open up their APIs, that's not possible. Ron Moritz, chief security strategist at Computer Associates International Inc., acknowledges the problem and says it will take until 2006-07 for the application programming interfaces in CA's eTrust security applications to be available to users for customization.
Another brewing security issue that worries Kerr and other corporate information security heads who were at a CA-sponsored dinner at Safeco Field in Seattle last week is outsourcing. "What people worry about is securing the transmission of data," he says. "But that's the simplest part." Karen Worstell, chief information security officer and vice president of IT risk management at Redmond, Wash.-based AT&T Wireless Services Inc., says there's "no difference between Tukwila, [Wash.,] and Bangalore" in the way IT managers need to treat their outsourcers. However, she suggests that you develop service-level agreements that specify how the information can be used by outsiders, who can see it and whether work on an application can be subcontracted out. "And you need to monitor or audit the outsourcer once or twice a year," Worstell advises. She says she believes that the Sarbanes-Oxley Act changed the way IT has to think about outsourcing deals. "Now you can outsource the work, but not the responsibility," she wisely says.
The mainframe gravy train keeps getting longer for Attachmate Corp. The Bellevue, Wash.-based company will release its MyExtra Smart Connector Mainframe Edition late this month. The new version of the software, which already exists as a server-based product outside the mainframe, now runs directly in an OS/390 or zSeries environment. Plus, the latest version will add VSAM and DB2 connectors to its IMS and CICS links. Attachmate Vice President Markus Nitschke says application writers can use the mainframe-based version to tie information inside disparate databases running on the big iron with a single SQL join command. And, he boasts, performance jumps at least 100 times by running the connectors directly on the mainframe as opposed to on an external server.
Once those mainframe-based programs are humming along, you can goose those Web-based applications with an intelligent queuing system from Warp Technology Holdings Inc. in New York. Warp SpiderQ, which ships later this quarter, can manage hundreds of thousands of inbound page requests, as opposed to a typical Web server that bogs down at around 2,000 requests. Chief Technology Officer Greg Parker claims that companies can avoid throwing more hardware at performance problems by using SpiderQ and that it's ideal for Web sites that suffer intermittent demand spikes. It can also be a weapon against denial-of-service attacks, he says. Maybe he should give SCO a call.
Many mainframe developers are familiar with Relativity Technologies Inc.'s Cobol, PL1 and other language tools. Now the Raleigh, N.C.-based company is opening its software development environment to third-party products. The first two companies to sign on are Trinity Millennium Group Inc. in San Antonio and Software Migrations Ltd. in Hertfordshire, England. The former is offering a bevy of languages, including Visual Basic, PowerBuilder and Oracle Forms, that can be accessed through Relativity's software. The latter is putting its assembler tools into the product. Users can leverage a single interface to access multiple language parsers and tools, as well as a central database for business rules, components, documentation and other functions.
See more columns by Mark Hall.
Make Good Code
On March 15, Catalyst Systems Corp. in Glencoe, Ill., will ship its Openmake 6.3 build management tool. The upgrade lets application development managers better control the build process. The new version will now run on WebSphere and Oracle application servers as well as Tomcat, an open-source server. Pricing is $300 per client and $3,000 per server.
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
 |
|
All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone |
 See your link here
|
 |
||||||||
| ||||||||
| ||||||||
| ||||||||
|
Why SaaS is Vital to Email and Web Security
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
Get this white paper now!
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
- Microsoft promises four patches next week
- Google gives away home-cooked Web application security scanner
- Storm botnet stages Fourth of July attacks
- More top stories
Security Management ZoneSecurity management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones
|
 Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.New baits 
|
"Security Directions" virtual trade show2008's Code-Red Security Issues for Protecting the EnterpriseWebcasts, white papers, demos, and more. Presented in a unique 3-d environment. Enter our show right now! Click here to enter
|
 In SecuritySecurity's important, and risk must be addressed, right? Sure, but watch for four signs your policies go a bit overboard. Click here to read the latest column by Jon Espenschied |
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDG Connect
IDG World Expo
Infoworld
The Industry Standard
ITworld
JavaWorld
LinuxWorld
MacUser
Macworld
Network World
PC World
Playlist
Copyright © 2008 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission of Computerworld Inc. is prohibited.
Computerworld and Computerworld.com and the respective logos are
trademarks of International Data Group Inc.
|
