Vendor Conflicts Bug Security Chiefs ...

... who believe that incompatibility among security products impedes their efforts to lock down their systems. Vendors "need to open up their security model, so companies can apply the product to their own security needs," argues Allen Kerr, vice president of IT infrastructure and information security at Premera Blue Cross in Mountlake Terrace, Wash. Kerr points to vendors that claim, for example, that a product is compliant with the Health Insurance Portability and Accountability Act, which is good. But that doesn't help him when he needs to extend the product to be compliant with patient health information strictures set by individual states. "I say, open up the security model so I can be compliant across the board," he concludes. Phil Attfield, an IT security consultant in Fall City, Wash., agrees. "Security is infrastructure now," he says, "and it needs to have policy enforcement standards set across the board." Unless vendors open up their APIs, that's not possible. Ron Moritz, chief security strategist at Computer Associates International Inc., acknowledges the problem and says it will take until 2006-07 for the application programming interfaces in CA's eTrust security applications to be available to users for customization.

Another brewing security issue that worries Kerr and other corporate information security heads who were at a CA-sponsored dinner at Safeco Field in Seattle last week is outsourcing. "What people worry about is securing the transmission of data," he says. "But that's the simplest part." Karen Worstell, chief information security officer and vice president of IT risk management at Redmond, Wash.-based AT&T Wireless Services Inc., says there's "no difference between Tukwila, [Wash.,] and Bangalore" in the way IT managers need to treat their outsourcers. However, she suggests that you develop service-level agreements that specify how the information can be used by outsiders, who can see it and whether work on an application can be subcontracted out. "And you need to monitor or audit the outsourcer once or twice a year," Worstell advises. She says she believes that the Sarbanes-Oxley Act changed the way IT has to think about outsourcing deals. "Now you can outsource the work, but not the responsibility," she wisely says.

The mainframe gravy train keeps getting longer for Attachmate Corp. The Bellevue, Wash.-based company will release its MyExtra Smart Connector Mainframe Edition late this month. The new version of the software, which already exists as a server-based product outside the mainframe, now runs directly in an OS/390 or zSeries environment. Plus, the latest version will add VSAM and DB2 connectors to its IMS and CICS links. Attachmate Vice President Markus Nitschke says application writers can use the mainframe-based version to tie information inside disparate databases running on the big iron with a single SQL join command. And, he boasts, performance jumps at least 100 times by running the connectors directly on the mainframe as opposed to on an external server.

Once those mainframe-based programs are humming along, you can goose those Web-based applications with an intelligent queuing system from Warp Technology Holdings Inc. in New York. Warp SpiderQ, which ships later this quarter, can manage hundreds of thousands of inbound page requests, as opposed to a typical Web server that bogs down at around 2,000 requests. Chief Technology Officer Greg Parker claims that companies can avoid throwing more hardware at performance problems by using SpiderQ and that it's ideal for Web sites that suffer intermittent demand spikes. It can also be a weapon against denial-of-service attacks, he says. Maybe he should give SCO a call.

Many mainframe developers are familiar with Relativity Technologies Inc.'s Cobol, PL1 and other language tools. Now the Raleigh, N.C.-based company is opening its software development environment to third-party products. The first two companies to sign on are Trinity Millennium Group Inc. in San Antonio and Software Migrations Ltd. in Hertfordshire, England. The former is offering a bevy of languages, including Visual Basic, PowerBuilder and Oracle Forms, that can be accessed through Relativity's software. The latter is putting its assembler tools into the product. Users can leverage a single interface to access multiple language parsers and tools, as well as a central database for business rules, components, documentation and other functions.

See more columns by Mark Hall.

Make Good Code

On March 15, Catalyst Systems Corp. in Glencoe, Ill., will ship its Openmake 6.3 build management tool. The upgrade lets application development managers better control the build process. The new version will now run on WebSphere and Oracle application servers as well as Tomcat, an open-source server. Pricing is $300 per client and $3,000 per server.


Copyright © 2004 IDG Communications, Inc.

Shop Tech Products at Amazon