Macro 4 enterprise content management software adds blockchain integration and document redaction for data privacy and compliance

Columbus DW 8.4 increases safeguards for sensitive personal data

Macro 4, a division of UNICOM® Global, has released a new version of its Columbus DW enterprise content management software that helps organizations to strengthen data protection and regulatory compliance. A new document redaction feature restricts access to sensitive personal information by automatically obscuring selected words or images on documents held in the Columbus DW system. To support compliance with regulations governing document processing, Columbus DW integrates with the blockchain to provide an additional trusted record of events such as how, when and by whom documents have been accessed, updated or deleted.

“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it. Columbus DW 8.4 is designed to help you do exactly that,” said Jim Allum, Director, Commercial and Technical at Macro 4.

Also new in Columbus DW 8.4 comes support for cloud object storage. This feature enables organizations to reduce costs and increase storage flexibility by moving documents and other unstructured data into the cloud.

These enhancements will be followed in early 2019 by the introduction of a new Columbus mobile app that allows business users to work with documents securely on a smartphone or tablet.

Document redaction provides added protection for sensitive information

Columbus DW 8.4 enables organizations to prevent viewing of sensitive text or images using a variety of redaction methods which include the replacement of selected content with random characters, ‘X’s, black boxes, or blank space. The document itself can still be accessed for operational business use.
Redacted views can be applied to all users or to certain job roles or individuals.

“You can limit access to sensitive data to just those staff who actually need to view it as a legitimate part of their job, in line with the GDPR principle of data minimization,” said Allum. “Does a call center agent or accounts administrator really need to see information such as a person’s payment history or financial status when viewing bills or contracts, for example? If not then it’s best practice to redact it.”

A related capability is data anonymization. This is a process by which ‘live’ production data can be altered to create anonymous document samples for application testing. All original text can be replaced with random, but similar, characters to produce realistic documents for thorough testing, without exposing any real business data.

Blockchain integration delivers trusted audit facility

Columbus DW 8.4 integrates with the Hyperledger blockchain framework to provide an additional auditing mechanism for legal and regulatory compliance, as Allum explained:

“One of the core requirements of a legal archive is the ability to capture all the events happening around the documents you’re holding and to validate those events with the same level of integrity and security as the document itself,” said Allum. “For example, if customers exercise their ‘right to be forgotten’ under the GDPR you need a reliable record of the fact that you’ve deleted their data. Columbus DW gives you absolute proof that what should happen has actually happened by recording it on the blockchain.”

Columbus DW 8.3 introduced the capability to record document-related events using the same tamper-evident hashing mechanism as the blockchain, with the option to trigger business processes or email notifications when events occur. Columbus DW 8.4 builds on this functionality by enabling the same record to be committed to the blockchain to independently verify that the information has not been tampered with.

“By cross-checking the hashes stored locally, in the Columbus tamper-evident audit log, with the hashes recorded on the tamper-evident blockchain, it is possible to prove conclusively that nothing has been changed,” added Allum.

Cloud object storage increases affordability and flexibility

Columbus DW customers can now store documents and other unstructured content on cloud object storage. Columbus DW 8.4 supports OpenStack Swift, IBM Cloud Object Storage, and Amazon S3.

“Cloud object storage is relatively low cost and provides greater flexibility because it is very easy to scale as your requirements grow,” said Allum. “We’re giving our customers access to these benefits while ensuring very fast search speeds for users by storing document indexes locally in Columbus DW.”

Customers can choose to ‘mix and match’ storage destinations, for example by moving certain documents to the cloud while keeping others locally.

Both private on premises and public cloud storage is supported.

About Columbus DW

The Columbus DW enterprise content management software helps organizations manage the diverse documents and data that business processes and customer communications depend on. Enterprise content can be shared via email, the web, social media and instant messaging without the cost and disruption associated with changing core business systems. Columbus DW manages information throughout its lifecycle and ensures timely deletion at end of life to meet regulatory archiving obligations, while analysis capabilities deliver business insights.

Columbus DW is a core component of the Columbus enterprise information management suite.

 

Macro 4’s session manager Tubes improves mainframe security through easy roll-out of multi-factor authentication (MFA)

Tubes for z/OS is fully enabled for MFA, and comes with real-time Splunk reporting for monitoring application access

Crawley, UK, July 25, 2018 – Macro 4, a division of UNICOM® Global, has launched a new version of the Tubes for z/OS session management software that enables enterprises to quickly roll out IBM’s multi-factor authentication system for z/OS as they bid to make access to mainframe applications more secure.

Tubes for z/OS 7.8 has a new multi-factor authentication capability which provides a simple way for organizations to introduce additional security tests or ‘factors’, such as a randomized PIN or a fingerprint scan, to strengthen mainframe access security.

According to Keith Banham, Mainframe R&D Manager at Macro 4, improving security is a growing priority as modernization initiatives are exposing mainframe applications to new threats:
“Mainframe applications are becoming much more connected to the outside world, with users logging on from outside the data center on mobile devices. That’s great for digital business but this increased openness also provides more opportunities for hackers, so you need to strengthen your defenses.

“Tighter regulatory controls such as the GDPR are also raising the bar for security. Companies need to demonstrate that they’re using advanced access mechanisms such as multi-factor authentication to safeguard data privacy and security.

“There’s widespread recognition that the old single factor static password authentication system is no longer fit for purpose. In a poll of mainframe users we conducted last year, 67 per cent agreed that MFA is an important additional security measure.”

The Tubes session manager controls user access to all of an organization’s mainframe applications through a single sign-on, so rolling out MFA through Tubes saves effort and reduces risk as no additional systems changes are required, explained Banham:

“Many organizations will be running numerous applications on the mainframe, so trying to implement the new MFA system on each one individually – involving separately configuring and testing every application – would be a massive challenge. If they use a session manager such as Tubes to control end-user access to applications, then they only need to configure MFA in one place – Tubes – and the job’s done.

”Some older applications don’t support MFA at all, so more systems changes are needed to make them compatible. And do you really want to risk touching those old systems? With Tubes you’re talking about a few minutes’ work rather than weeks or months of effort.”

Introducing MFA through the Tubes session manager also minimizes the impact on users as it avoids the inconvenience of re-authenticating every time they log on to a different application, said Banham:
“Say you work with several mainframe applications and for each one you have to get a new access code from your mobile phone or pinpad every time you log on. The time all adds up and it can be frustrating, as well as reducing productivity. The beauty of using a session manager such as Tubes is that users need to go through the MFA authentication process only once and they are then automatically logged into any of the applications they are authorized to use.”

The Tubes software provides additional capabilities to make the introduction of MFA a more user-friendly experience. Help and guidance or reminder messages about the new authentication process can be easily added to the Tubes login screen, helping to reduce end-user frustration and wasted time as well as potentially reducing calls to the helpdesk.

The new version of Tubes also supports real-time management reporting through Splunk, allowing systems administrators to monitor and analyze application access from an easy-to-understand graphical dashboard. For example, information such as the patterns of access to specific applications can be used to identify suspicious online behavior, and response time data can be analyzed to assist capacity planning and performance management. Tubes management reporting also supports all leading business intelligence and reporting tools, including TIBCO JasperReports and Oracle Business Intelligence.

Tubes is a leading session management solution that provides secure, user-friendly access to mainframe applications. From a single sign-on, users can log in to all the applications they are authorized to access and switch easily from one application session to another, with no loss of context. An optional browser interface offers a way to instantly web enable mainframe applications; users are no longer tied to a computer running a terminal emulator and can access their applications from any PC or mobile device.

Due to its advanced functionality, Tubes dominates the session management replacement market and provides a fast and straightforward migration path for discontinued session managers such as IBM Session Manager.

The comprehensive session management capabilities of Tubes for z/OS 7.8 are also available in UNICOM’s latest offering, the Universal Gateway (UniGW®). UniGW® is a management dashboard designed to provide real-time insights into operational business performance.

 

Splunk application access reporting for Tubes for zOS

 

Macro 4 data management solution InSync helps IBM mainframe shops improve data governance as they embrace stricter privacy rules

InSync® includes support for Splunk reporting and enhanced features for test data generation and anonymization

Crawley, UK, July 10, 2018 – Macro 4, a division of UNICOM® Global, has introduced a new release of InSync®, the data management and manipulation solution for IBM Z. InSync 6.9 includes enhanced features to help mainframe users improve data governance as they seek to embrace stricter data privacy regulations such as the General Data Protection Regulation (GDPR).

To make it easy for companies to track and analyze all data manipulation activities in test and production environments, the new release supports real-time management reporting through Splunk, with easy-to-understand graphical dashboards. InSync management reporting also supports all leading business intelligence and reporting tools, including TIBCO JasperReports and Oracle Business Intelligence.

“InSync’s new reporting features enable companies to keep a close watch over which data sets are being handled, by which technicians, and to monitor the processes that are being applied to them,” explained Keith Banham, Mainframe Development Manager at Macro 4. “For example, are data privacy processes being correctly applied, such as the anonymization of personal data from the production environment before it is used in software testing by development teams?”

Where production data has to be anonymized, for example in application testing or when diagnosing data errors, InSync provides a data privacy function that allows the IT department to centrally define and administer how data sets from Db2, z/OS and now IMS databases are disguised. This ensures that every time someone accesses the data it is automatically disguised according to pre-defined rules.

In InSync 6.9 individual developers now also have the flexibility to define their own rules to disguise data when working on extracts from files that include sensitive data such as personal details.
A new bulk data creation facility within InSync allows development teams to generate sample test data easily and quickly without the need to create records from scratch or to copy production data. From a single data record the software can create multiple new records for testing purposes, using randomization or specific rules, which saves time and supports data privacy:

“If you have to do it manually, generating usable test data is often a long and laborious process that slows down software development,” said Keith Banham. “InSync can generate thousands of unique test records from a single record in just a few seconds – something that could take days if done manually.”

InSync is a comprehensive and cost effective data management and manipulation solution for IBM Z data sources including Db2, IMS, WebSphere MQ and other z/OS files. It is part of Macro 4’s integrated suite for mainframe fault analysis and testing.

 

InSync management reporting through Splunk