WebSphere MQ v7.5 Security Concerns

Content contributed by Allan Bartleywood – Sr. MQ Subject Matter Expert
WebSphere MQ v7.5 security concerns seemed to be a resounding issue. We heard a lot of concerns regarding it while we were at the IBM Impact 2014 conference last week.

I do not believe it’s actually a concern for security when your organization is doing an upgrade to version 7.5, but more a concern as to whether your organization already has security enabled within your MQ environment.

At a lot of the organizations that I’ve consulted with, I’ve noticed that there is a lack of security actually implemented within the MQ environment.  WebSphere MQ has always had security implemented that was focused at the operating system level where it was running.

With this latest WebSphere MQ v7.5, security concerns, features have been added to meet today’s demands. This includes support for Advanced Message Security where the queue manager actually encrypts and decrypts Messages as they go through the environment on a put an get of an application.

You can actually configure the queue manager down to individual queues so that only certain queues will have messages encrypted.

This feature is providing the capability for messages to now meet compliance requirements like HIPAA and PCI Compliance. While data is in transit, it is in encrypted by the messaging transport without any special requirements being added to the applications.

This will, of course, mean that from the time a message put onto queue to the time a message just gotten off the queue, it has been included. Further security enhancements are provided to ensure that only certain applications will get the message decrypted from a given queue.

Now all of these features are out of the box with no added installs and compatibility issues being encountered.

Going back to whether organizations are actually implementing suitable levels of security within their messaging environment is another matter. What is quite often seen it is that administration and application usage of MQ is left open, that is it has not been unable at all.

This is normally due to a conscious decision or simply a lack of knowledge of the capabilities of the product; or a lack of understanding of the security policies and implications relating to the data that is being sent over the messaging environment.

It is not uncommon to see administrators using client connections to queue managers over the server connection channel with no authentication at all. It is also not uncommon to see the queue manager with channel authority disabled.

So are the security concerns about upgrading to version 7.5 related to a lack of understanding and knowledge of what the security capabilities are within 7.5 and pressure being put on IT for tighter security compliance, rather than whether 7.5 is capable of delivering services to these tighter security compliance requirements.

There are also situations where IT sees the requirement for better security compliance but the business doesn’t understand what is compliance are.

If you’re having WebSphere MQ v7.5 security concerns, please feel free to reach out to Wendy at TxMQ, [email protected] and let us answer your questions and guide your upgrade so all the proper security features are in place.

(Photo: Compliments of Still Burning)

IBM's key solutions for company growth and success

Recently, I had the opportunity to interview Nancy Pearson, VP BPM, SOA, & WebSphere Marketing, SWG at IBM about their solution categories and what it can do for your business.Check out her responses regarding what’s new and exciting with IBM technologies. I hope you find it as interesting as I did.
TxMQ: Can you please give a brief overview of the following IBM solution categories?

IBM:

  • BPM: The basic operational value proposition of business process management (BPM) is the ability to process more with less effort and higher quality. BPM provides three core benefits – efficiency, effectiveness and agility. We’re continuing to invest in our market-leading BPM portfolio, which includes products many of you may already be using, such as WebSphere Process Server, WebSphere Business Modeler, WebSphere Business Monitor, and WebSphere Lombardi Edition. You can discover, document, automate, and improve revenue-generating processes to drive growth, reduce cost, and optimize execution across your business network. IBM can help you get started with a BPM solution that will help deliver business agility by providing a prescriptive approach based on best practices from more than 5,000 customer engagements.
  • SOA: As business processes evolve, suppliers and regulations change. Organizations need to have seamless integration and connections within the boundaries of the organization and across trading networks. It’s vital to share services across domains to optimize business performance and improve flexibility.  They also need any-to-any connectivity to allow easy integration within and beyond the company – connecting systems throughout their dynamic business network.  In addition, it is also useful to have a federated approach that helps manage complexity – even as they share services across different domains.  We have leading integration and SOA capabilities that include WebSphere Message Broker, WebSphere DataPower, and WebSphere MQ products. We’re improving our capabilities in this area with WebSphere MQ Telemetry, which enables intelligent decision making based on remote real-world events. We’re also enhancing IBM Cast Iron appliances. IBM Cast Iron appliances help integrate on-premise applications with cloud-based apps. And you can build, run and manage an integration between applications and deploy it using a physical on-premise appliance, a virtual appliance, or completely within a multi-tenant cloud service.
  • Cloud: Your company needs to be able to respond quickly to business changes that effect your applications and services, all while managing costs. Virtualization and Cloud are key technologies that enable you to control costs while adding flexibility to the infrastructure that supports your applications and services. With Virtualization and Cloud technologies, you can simplify management of applications and services while optimizing the usage of your infrastructure resources. Given the inherent flexibility of virtualized infrastructure, you can roll out new products and services more dynamically. And you can ensure immediate application response with through elastic scalability. We’re continuing to invest in our core application infrastructure portfolio that includes CICS, WebSphere Application Server, and WebSphere Virtual Enterprise. We are announcing a new Feature Pack for Modern Batch for our WebSphere Application Server, which provides support for a Java Batch programming model for the development and deployment of batch applications. You can also migrate applications developed using the feature pack to IBM’s comprehensive batch platform, WebSphere Compute Grid, without making any application changes.

TxMQ: Can you describe the type of company or the business needs best served by one or more of these technologies?

IBM: Think about today’s business structure. It is a growing network of relationships between employees, customers, suppliers and partners. It encompasses the people, processes and systems inside and outside the organization. It continues to get broader and more complex. Above all, it’s always changing. Suppliers come and go. Regulations change. New relationships emerge. It’s become a truly dynamic business network.
The ideal business looking to integrate these products is businesses is looking to successfully deal with this change and complexity that are using these technologies. The new business environment will favor companies able to execute faster, with more dexterity, across their dynamic business network. That’s why the ability to help deliver agility with these capabilities is so important.
TxMQ: What benefit will be derived from implementing one or more of these integrated technologies?
IBM: Agile businesses have higher EPS growth, ROI and return on capital, with faster revenue growth than their industry peers.
Only IBM has the products and expertise to deliver on the promise of business agility. Using the best practices from thousands of customer engagements, deep industry expertise and market leading products, IBM can deliver a road map to help you achieve profitable growth and enable business agility. To get you started with a project that meets your business objectives, IBM Software Services for WebSphere (ISSW) offers IBM QuickStart services to accelerate the delivery of a deployed solution, helping you realize value quickly around BPM, rules, events, SOA, cloud computing and virtualization. IBM will get you up and running with a high ROI project in just 90 days, delivering great business value you can showcase around your organization. They’ll also set you up with a great proofpoint for taking further steps, should you choose to do so in the future. As business value is realized, you can extend those projects both vertically and horizontally to make your organization even more nimble. Such an integrated approach encompasses your business processes, relationships and infrastructures, helping you fully realize true business agility.
TxMQ: What company officials generally need to be a part of the decision to implement IBM technologies?
IBM: That’s an interesting question, because the issues being solved here are top-of-mind with many CEOs.  Just this year we published our most recent research based on interviews with over 1500 CEOs worldwide.  The full study can be found here:  www.ibm.com/ceostudy
CEOs are clearly interested in the power of these capabilities to transform their business.  More directly involved are the line of business executives that own the outcomes and the key processes used to deliver them.
I started with the business executives because these technologies are very much about aligning IT with the business – so it’s important for that connection to occur, as it makes sense for a project.  When an initial project begins, you typically see the LOB executives, their IT counterparts, and the IT managers in charge of the applicable applications and associated software infrastructure directly involved.
Clearly though, other IT executives, from the CIO to the chief architect, play a critical role in making sure that initial projects can be leveraged down the road , as capabilities are extended for the broader benefit of the organization.
TxMQ: How will the new technology allow companies to strengthen existing customer relationships?
IBM: A Smart SOA approach can help any business manage complexity and improve agility by enabling integration, interaction, and business execution across distributed value chains. With solutions for seamless, any-to-any integration and connectivity, within and beyond the organization, IBM can help you:

  • Maximize service reuse across your enterprise
  • Federate within and across SOA domains, including cloud and smart devices
  • Enhance flexibility and security across your enterprise

New IBM solutions simplify integrating your software-as-a-service (SaaS) and cloud applications with on-premises applications. With configurable access to today’s most prevalent SaaS and cloud applications, integration takes days versus weeks or months.
IBM, together with Sterling Commerce, helps you gain greater control over, and flexibility with, critical business processes within and beyond the enterprise. Sterling B2B Integration extends connectivity across channels to trading partners so you can:

  • Communicate efficiently across, and extend management of, trading partner communities
  • Eliminate “blind spots” and improve business performance with real-time business transaction visibility and performance metrics
  • Minimize business risk and achieve consistent policy enforcement and compliance

TxMQ: How difficult is the transition into these products and how much downtime can a company expect?
IBM: We continue to invest in making our solutions as simple and effective as possible.  To help our clientele transition to our products, we have introduced innovative new cloud-based offerings that enable you to get up and running quickly with minimal IT investment. Our new IBM Blueworks Live offering is a great example, allowing you to automate simple processes in just 90 seconds! We have also introduced WebSphere Hypervisor Editions for many of our offerings that significantly speed time to value for deploying and configuring environments. WebSphere Hypervisor Editions allow you to install and configure defined standard topology patterns in a matter of hours, and easily manage installation and deployment.
TxMQ: Are there any new and particularly exciting product updates within a specific industry?
IBM: We have delivered a lot of exciting product enhancements across multiple industries.  One of the really exciting announcements we have made is around IBM Blueworks live – a new BPM in the Cloud offering that allows knowledge workers to leverage the benefits of BPM in a cloud environment to capture, understand, collaborate on, and improve everyday processes that drive their businesses. Blueworks Live combines the best of our two previous BPM in the cloud offerings: the community from BPM BlueWorks and the process documentation of BPM Blueprint. On top of that, Blueworks Live adds in exciting new automation capabilities, creating a first-of-its-kind, best in class new offering to improve processes. BlueWorks Live helps turn the unstructured  activities of real business people into automated processes, with the added benefits of visibility, understanding, insight and control.
We also have enhanced our industry accelerators to include updated support for industry standards, more pre-built assets, and an enhanced industry asset navigator tool.  These industry accelerators cover a wide range of industries including Banking, Insurance, Healthcare and Telecommunications.
TxMQ: What’s the best way for a company to choose the right product to fit their needs?
IBM: The first step is to identify your business objectives. With all the complexity of a dynamic business network, starting down the road to business agility can seem challenging. The key to success is to use the right approach, an approach that starts with careful analysis that is focused on business value, and then expands slowly leveraging incremental successes along the way. By first documenting what your business pains and goals are, you can understand which area to focus on first. Are you trying to solve a process issue?  Do you need to establish better linkages across your dynamic business network with customers, suppliers and partners? Are you looking to control costs and add flexibility to your application infrastructure? IBM can help you identify the best solution to meet your business objectives and provide a roadmap for achieving those business goals.
TxMQ: How are the new versions of the aforementioned products better and more efficient than previous editions?
IBM: I’ve mentioned several of the updates already. The bottom line is that we’re bringing forward improved ways to be prescriptive in delivering business agility. With things like the new IBM Blueworks BPM in the cloud offering and new IBM QuickStart services, we’ve brought together the technology and expertise of IBM to engage both business and IT in projects that return real value in the short term, and set the foundation for extended value in the longer term.
TxMQ: Can you share any new and exciting products that companies can look forward to in 2011?
IBM: I can’t provide specific details around our planned announcements for 2011, I can tell you that we have a lot of exciting things planned. I would encourage you to register at www.ibm.com/impact for our Impact 2011 conference, which is being held in Las Vegas April 10 – 15th, 2011. At the conference, you can learn about our new products and announcements across BPM, SOA and Application Infrastructure. Impact 2011 will feature a world-class Technology Program with over 400 sessions on WebSphere BPM, SOA, commerce and cloud technologies. We will also have a Forbes sponsored Business Program with over 40 sessions addressing critical business topics and issues, and a state-of-the-art EXPO and Product Technology Center featuring the latest technologies from IBM and IBM Business Partners.

An Introduction to WebSphere MQ

Today, most companies rely on the stability of their technology to ensure that the business continually runs smoothly. The problem is, your company’s technology infrastructure is probably comprised of several types of systems. And more than likely, these systems are managed through different departments and quite possibly located throughout the entire country.
Therefore integrating your applications across your company and with key partners, suppliers and customers is the best way to provide security to your business. This is done through service oriented architecture or SOA.
What is WebSphere® MQ?
IBM WebSphere® MQ provides a flexible messaging backbone that allows you to integrate your existing IT programs with SOA. It works across a variety of industries, including banks, telecommunication companies, government agencies and more.
SOA allows your existing IT systems to respond to requests and change faster than ever before by acting as a universal translator between systems. Think of it this way… Each of your IT systems speaks a different language. WebSphere MQ translates all these languages quickly and easily so all your systems can work together quickly and efficiently.
And because WebSphere MQ is supported by almost every IT system, you shouldn’t need to replace your existing hardware or operating systems. This increases the reliability of data that is delivered throughout your systems. They all speak to a central hub, which then disburses the information accordingly.
Benefits of WebSphere MQ
1. Reliable – WebSphere MQ allows for instant, reliable data delivery. Information gets transferred quickly and simply with no delays. In addition, your data is insured if there is a temporary system outage.
The cost and penalties of lost data are severe, especially when the data is critical for your company’s success. Lost information can disrupt your daily processes and cost you dearly in both time and money. If the delay is large enough or severe enough in nature, the loss of customer trust can be detrimental, especially when it comes to the security of personal information such as account numbers or social security numbers.
2. Back-up – WebSphere MQ helps eliminate single points of failure in your system by providing backup to take over if a system failure occurs. It ensures that transported data is logged and up to date so that if failure does occur, the data can be reconstructed easily. It also preserves the integrity of the messages and the applications that are transmitting those messages.
3. Clustering – Clustering allows messages to be re-circulated around system parts that have experienced a network failure. Without this feature the messages may otherwise be undeliverable.
4. Security – Keeping your business information confidential is extremely important. WebSphere MQ makes security a priority addressing areas such as encryption, authentication, authorization, and privacy.
With built-in security features, your data will be protected as it moves throughout your technology infrastructure. In addition, it supports Secure Sockets Layering (SSL). SSL protects your site and technologies from fraudulent activity and keeps your users’ sensitive information secure.
5. Growth – WebSphere enables your business to grow by allowing full access to your IT systems. As your business and services grow, so to do your IT needs. WebSphere continues to allow everything to work together in a cohesive manner. The structure of your IT system is unique to your company alone. WebSphere MQ can be customized to fit your business needs individually.
IBM WebSphere MQ Facts:
– Used by more than 10,000 customers worldwide
– Controls and moves more than 10 billion messages every day
– Has more than 800 IBM Business Partners worldwide supporting it with software, solutions and services
– Supports more than $1 quadrillion worth of business transactions daily
ABOUT TXMQ
TxMQ offers a full range of WebSphere services. These include:
– Installation
– Systems assessment and architecture review
– Health check
– Upgrades
– Systems monitoring and maintenance
TxMQ, headquartered in Buffalo, NY provides flexible staffing solutions across all divisions and departments within a company. As a leading staffing agency, TxMQ provides placement of permanent and contract professionals within a wide variety of skill sets including Information Technology, Engineering and Manufacturing Operations, Accounting and Finance, Sales and Marketing, Human Resources, and Administrative Management.
Equip your company with the talent your team deserves. TxMQ can begin matching employees to your unique staffing needs today. Contact us today at 716-636-0070 ext 228, email [email protected] or visit us at to find the solution that’s right for you.
Follow us on Twitter and Facebook