Using IBM DataPower XI50 Appliance to Secure XML-based Web Services

Congratulations!!! Your IT organization, and more importantly your company, now enjoys the benefits of Service Oriented Architecture (SOA). These benefits include return on investment, code mobility and maintenance, agility, improved scalability and high availability.  But along with these rewards come some disadvantages.  These include degradation of application server performance and increased security concerns and risks.  The XML-based Web Services in use in your enterprise easily expose back-end systems to customers and partners.  Your Web Services pass through your enterprise network firewall and are based upon SOAP, XML and HTTP.  These all combine to introduce new threats and security exposures within your enterprise infrastructure.  These new type of threats can consist of some of the following below:

  • XML Denial of Service
    • Slowing down or disabling a Web Service so that service requests are hampered or denied
  • Unauthorized Access
    • Gaining unauthorized access to a Web Service or its data
  • Data Integrity and Confidentiality
    • Data integrity attacks of Web Service requests, responses or underlying databases
  • System Compromise
    • Corrupting the Web Service itself or the servers that host its Read more

Giving Thanks at PathMaker Group

This week is Thanksgiving and I have a lot reasons to be thankful. I enjoy my job, I work with great people, and we provide a valuable service to our clients by helping them make sense of an extremely complicated industry.

About ten years ago I set out to establish a company that would last and that would be comprised of people who enjoyed working together.  This didn’t happen accidentally.  From day one, the purpose and approach to building this company has been intentional and disciplined. And it’s not just been about finding good people or even great people.  It’s been about finding the right people.

When you examine PathMaker Group, you see . . .

  • People who successfully maintain a healthy balance between work life and personal life
  • People who are growing by fully understanding and utilizing our unique gifts and abilities, and as a result are making a significant difference in our work, families, communities and beyond
  • People who are committed to developing as leaders and passing on our lessons through coaching and mentoring
  • People who work in a culture promoting creativity and fun and thus produce standard setting thought leadership
  • People who achieve top-tier results because of our passion and commitment to discipline, quality and client satisfaction Read more

Identity Management in Higher Education

Introduction

Technology plays a crucial role in the universities and institutions where students, alumni, faculty, and staff depend on high-tech services and tools to study, live, work, and play. As these institutions embrace the Internet for student services, administrative systems, research projects, self-service, and profile management, online security is at a premium. Users must feel protected for web channels to grow and enhance the user experience. At the same time, compliance mandates have become more complex and university breaches become more numerous; both which threaten the institution’s assets and brand name. Institutions that cannot meet this security demand will suffer.

Pathmaker Group can help prepare educational institutions for these challenges by developing solutions for:

– Centralizing application access control.
– Providing strong, multi-factor authentication.
– Providing sophisticated real-time risk analysis and access prevention based on events and rules.
– Automating routine account management activities.
– Meeting regulatory requirements for reporting and attestation.
– Enabling new modes of inter-campus interactions.
– Protecting user identity data with a secure, scalable and highly available infrastructure.
– Bridging islands of user identity information across a variety of infrastructures. Read more

IBM Pulse 2012

Business Without Limits!

Pathaker Group is an IBM Premier Partner with the sales and technical certifications required to sell and implement an ever expanding array of best in class security solutions from IBM. Be sure to put Pulse 2012 on your calendar and stop by the Solution Expo and visit our booth. Business partners and customers will learn how IBM is shaping the IT Security Landscape with newly acquired technologies and integrated solutions to meet the growing challenges that we face.

Check out some info from IBM about Pulse!

Pulse 2012 returns to the MGM Grand in Las Vegas March 4-7, 2012 and we invite you to take part in the action! Experience first-hand how organizations in every industry are using Visibility Control Automation to improve the economics of their business infrastructures and speed the delivery of innovative products and services.

With over 7,000 attendees including industry-renowned speakers, Pulse 2012 is your ticket to hundreds of technology leadership sessions, industry-focused breakouts, and technical skill-building workshops. At this year’s conference you’ll have an opportunity to network with colleagues, participate in hands-on labs, and attend our largest-ever Solution Expo. Don’t miss this significant event!

The Pulse conference is now accepting session submissions! Visit the IBM Speakers page for the timeline, benefits and guidelines, or to answer the Call for Speakers today!” (IBM) Read more

Security and Identity Management Solutions for the Healthcare Industry

Do you work in the medical or healthcare industry? Is your company in need of security or identity management solutions? If so, here are some of the key ways in which PathMaker Group can provide value in this field.

Enterprise Single Sign-on Doctors and nurses have a lot of passwords to manage as well as using shared workstations creating potential issues around people sharing a user ID to an account and people leaving an application or patient information open on a shared workstation. With ESSO, PathMaker Group can give the users a secure way to store all their passwords and automating the login and logoff process.

  • ESSO can be paired with an RFID badge – a quick tap of the badge can log a user on or off from the workstation, saving the time of entering the user ID and password over and over again as they switch between machines all day. A proximity sensor can be added to workstations to automatically lock them when a user forgets to tap out as they walk away from the machine.
  • Shared Workstation Management – Shared machines can be configured to be locked when an ESSO user leaves the workstation. When the next user comes in, any apps left open by the prior user can be gracefully closed to prevent the new user from having patient access under the prior user’s account.
  • Context Management ESSO can further streamline the process of accessing patient records across multiple applications. Tools, such as CareFX Fusion Context Management, provide the ability to script the sharing of patient identification across applications, removing the need for constant searches and patient lookups. Read more

Addressing NIST’s New Risk Management Framework

The National Institute of Standards and Technology (NIST) created a series of publications that provide guidance for federal agencies on the implementation, certification and accreditation of federal information system security. The same guidelines hold true for all commercial agencies/companies as well.

So the question that comes to our mind What is NIST’s New Risk Management Framework? NIST describes the RMF model as a series of six repeating steps designed to identify the security mechanisms necessary for an IT system, implement those protections, and validate their proper operation over the systems lifecycle.

 

 

 

 

 

 

 

Read more