NonStop Forward
by Phil Ly

Future Proofing NonStop – Security and Standardization

With cyber-crimes increasing at an alarming rate daily, securing and protecting enterprise data is a top priority for all organizations. NonStop has long been touted by users as the company’s “crown jewel” for overseeing mission-critical applications, so it should be a top priority to protect NonStop applications and its content. That being said, it is important for NonStop users to avoid using custom solutions that might create the misconception that the platform is non-compliant and/or legacy. Instead, NonStop users should forge ahead in embracing industry standards and protocols. There is no shortage of such solutions, as many products are available from HPE and third-party partners to help users adopt industry-standard best practices in securing NonStop.

Here are some examples of what we TIC have done to help our clients add security to NonStop applications:

Data encryption

Many organizations used to feel that data exchange within the corporate network was already fully protected by internal firewalls. That is no longer the case, as breaches within corporate networks have skyrocketed in the past several years. Therefore, all communication traffic in and out of the NonStop should be protected via data encryption. Today, almost all of our clients have added TLS to protect the SMTP and FTP data transfers on NonStop. In addition, we have also worked with our clients to protect their data-at-rest by using standard encryption and tokenization tools from third-party partners.

Use standard protocols

In the past, it was not uncommon for some Nonstop users to develop custom, in-house solutions for NonStop to exchange data with other external platforms, like Windows or Unix. This includes homegrown versions of file transfer or client/server applications using TCP/IP. In time, these programs have become difficult to support (e.g. the developer has left), and most do not include any form of security protection. We have helped clients migrate their custom programs to standard secure FTP, as well as secure REST services. This allows has allowed these companies to leverage the built-in security benefits of the standard tools, plus the assurance of continuous support in the long run.

Integrated authentication

Many organizations are adopting industry-standard tools for authentication and authorization. For example, most web applications today use OAUTH2, coupled with an enterprise directory or identity servers. Guardian security does not natively fit into that framework, but it can be accessed with RESTful API. Recently, we helped one of our clients develop an interface between NonStop and Ping Identify Server using a RESTful API, thereby enabling the NonStop applications’ security to be managed within the same enterprise framework as other applications.

Future proofing NonStop requires a continuous improvement process. Adopting modern tools to secure NonStop application and its data content is a critical, important step. By leveraging modernization and implementing best practices, we can continue to ensure NonStop’s relevance in the enterprise.

Print Friendly, PDF & Email
About Phil Ly 5 Articles

Phil Ly is the president and founder of TIC Software, a New York-based company specializing in software development and consulting services that integrate NonStop with the latest technologies, including Web Services, .NET and Java. Phil’s passion for NonStop, and educating the larger technology community – both industry veterans and next gen alike – on the power the platform leverages, are central to TIC’s business philosophy. While Phil (and TIC) have always evangelized modernization as a NonStop keystone, he is especially focused, as of late, on identifying applications and services to “future proof NonStop,” so as to extend the platform’s efficacy and impact for years to come. Prior to founding TIC in 1983, Phil worked for Tandem Computers in technical support and software development.

Be the first to comment

Leave a Reply

Your email address will not be published.


*