Business Management

Integrating Host Systems with Modern Security Frameworks

Provided by Micro Focus

Category Business Management

Type White Paper

Length 11

Publish Date February 07 2018

Date posted February 07 2018

Overview

Once upon a time, host systems lived in a secure world. Host data traveled a protected path to and from a trusted terminal. The host knew who the user was, where the data came from,
and where the data was going. Times have changed. Today we have open networks, service-oriented architectures, and hackers who hack faster than IT can patch. Host security hasn’t kept up. Traditional host-access security leaves data dangerously exposed in a number of ways:
Weak, Decentralized Authentication
 
Simple eight-character passwords may be all that stand between a malicious hacker and your
critical host data. Host-based authentication, by itself, cannot leverage the full power of the
identity management system used by the rest of the enterprise.
Weak, Decentralized Authorization
 
Once logged onto the corporate network, a user has easy access to your host applications.
That means an attacker need only steal a user’s eight-character host credentials to trespass into
personal data fields.
Decentralized Auditing
 
Host-access auditing is performed by each host, based on each user’s host ID. When multiple
hosts are involved, security administrators have to examine the logs on each one—comparing
the user ID for each host to the user ID for the enterprise—to build a complete audit trail.
Problematic Encryption
 
Until the arrival of SSL/TLS encryption in the 1990s, data and passwords traveled between
the client and the host in clear text. There was no safe haven from prying eyes. SSL/TLS solved
the encryption problem, but not without a catch: Encrypted traffic cannot be monitored in the
DMZ—which means IT security is forced to allow traffic through without knowing anything
about the content.
 
Lack of Centralized Control
Because authentication, authorization, and auditing can be applied only at individual hosts,
the central security team cannot effectively monitor and enforce the use of enterprise
security policies.

Recommended for You

phil-muncaster

How a Washington crackdown on Huawei could backfire for everyone

Phil Muncaster reports on China and beyond

dan2

5G is over-hyped and expectations need reining in

Dan Swinhoe casts a critical eye on the future

keri-allan

What can we learn from tech initiatives in the Middle East?

Keri Allan looks at the latest trends and technologies

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should the government regulate Artificial Intelligence?