Future Proofing NonStop – Security and Standardization
With cyber-crimes increasing at an alarming rate daily, securing and protecting enterprise data is a top priority for all organizations. NonStop has long been touted by users as the company’s “crown jewel” for overseeing mission-critical applications, so it should be a top priority to protect NonStop applications and its content. That being said, it is important for NonStop users to avoid using custom solutions that might create the misconception that the platform is non-compliant and/or legacy. Instead, NonStop users should forge ahead in embracing industry standards and protocols. There is no shortage of such solutions, as many products are available from HPE and third-party partners to help users adopt industry-standard best practices in securing NonStop.
Here are some examples of what we TIC have done to help our clients add security to NonStop applications:
Many organizations used to feel that data exchange within the corporate network was already fully protected by internal firewalls. That is no longer the case, as breaches within corporate networks have skyrocketed in the past several years. Therefore, all communication traffic in and out of the NonStop should be protected via data encryption. Today, almost all of our clients have added TLS to protect the SMTP and FTP data transfers on NonStop. In addition, we have also worked with our clients to protect their data-at-rest by using standard encryption and tokenization tools from third-party partners.
Use standard protocols
In the past, it was not uncommon for some Nonstop users to develop custom, in-house solutions for NonStop to exchange data with other external platforms, like Windows or Unix. This includes homegrown versions of file transfer or client/server applications using TCP/IP. In time, these programs have become difficult to support (e.g. the developer has left), and most do not include any form of security protection. We have helped clients migrate their custom programs to standard secure FTP, as well as secure REST services. This allows has allowed these companies to leverage the built-in security benefits of the standard tools, plus the assurance of continuous support in the long run.
Many organizations are adopting industry-standard tools for authentication and authorization. For example, most web applications today use OAUTH2, coupled with an enterprise directory or identity servers. Guardian security does not natively fit into that framework, but it can be accessed with RESTful API. Recently, we helped one of our clients develop an interface between NonStop and Ping Identify Server using a RESTful API, thereby enabling the NonStop applications’ security to be managed within the same enterprise framework as other applications.
Future proofing NonStop requires a continuous improvement process. Adopting modern tools to secure NonStop application and its data content is a critical, important step. By leveraging modernization and implementing best practices, we can continue to ensure NonStop’s relevance in the enterprise.