Attachmate Masks IBM i, z/OS Data Within the Emulator

November 8, 2011 Alex Woodie

Ensuring the security of information is the main driver behind Attachmate‘s latest terminal emulation software release. New features unveiled last week in Reflection 2011 R2, such as the capability to mask data on live screens and the capability to prevent users from logging on via unencrypted connections, are designed to prevent the unauthorized access of data from host systems, including IBM i and z/OS servers.

Locking down enterprise host systems is not always a straightforward task. While industry regulations like PCI DSS and HIPAA are pretty clear in describing what types of activities won’t be tolerated, it’s another task entirely to implement those requirements in the real world, with its multitude of different host platforms, business processes, and even traditions.

As one of the largest providers of terminal emulation software, Attachmate stands at the critical junction–or the interface, if you will–between the employees who work on host systems and make the company run, and the enterprise applications that corporations rely on to enforce business policies and automate repetitive tasks. To that end, Attachmate has built security into its emulators for years, with support for features like encrypted sessions, public key infrastructure (PKI) certificates, single sign-on, and smart card authentication.

But with the addition of its new data masking technology, Attachmate is taking its security up a level. This feature will prevent workers from seeing sensitive pieces of read-only data on 5250 and 3270 screens, such as a complete credit card number, while showing employees enough of the data to still be able to do their job. The new data masking capability will also obscure data as workers enter it, preventing criminals from getting sensitive data by peering over employees’ shoulders.

The inclusion of data masking is potentially of very great benefit to Reflection customers, considering that implementing data masking has heretofore been a pretty complicated task (akin to encrypting tables in a database) that also required the licensing of a separate data masking product. Attachmate says the feature support is patent-pending, and that it does support Japanese.

Reflection 2011 R2 also gives administrators more granular control over their users, such as by requiring users to connect to certain applications over encrypted lines, and allowing admins to assign different levels of access to private information on host screens.

“With all of the news of sensitive customer data being compromised by large organizations, security is top of mind for our enterprise customers,” states Attachmate vice president of marketing Eric Varness in a press release. “As such, we’re delivering a game-changing new capability that enables organizations to protect sensitive data on host screens, facilitating compliance with industry and government regulations, like PCI DSS.”

Attachmate added several other new features to Reflection 2011 R2. It gets a new “Web browser mode” that provides “browser-like” capabilities and gives users access to more screen real estate, without requiring users’ fingers to leave the keyboard, the company says. It also gets a new Visual Studio .NET control that developers can use to add features to and enhance the legacy host application, but without directly modifying it.

Reflection 2011 R1 runs on Microsoft Windows 7, and takes advantage of that operating system’s user account control (UAC) security mode. It also supports Office 2010 productivity features, such as the ribbon user interface. It has also been certified for deployment atop VMware virtualization software, and has achieved VMware Ready status.

Attachmate also unveiled Reflection Suite for X 2011 R2, a new release of its X server product that gives users access to graphic-intensive X Windows applications that are commonly used in the manufacturing, chip design, oil exploration, healthcare, telecom, and finance industries.

Reflection Suite for X also includes text-based 5250, 3270, and VT emulators, and with R2, the vendor provides some of the capabilities that it offers in the host-based versions of Reflection, including the Ribbon interface, and new capabilities for locking down macros and application searches, among other benefits.

Reflection Suite for X is also newly “firewall friendly,” enabling remote users to access corporate and local assets, without compromising permissions or security policies. R2 also gives administrators the capability to centrally manage Reflection X Advantage user configurations and Unix/Linux access from the Reflection for the Web (RWeb) Administrator console, which saves time and enables real-time updates, the vendor says. This release also brings native 64-bit support for Windows 7.

Reflection is one of three families of terminal emulation software offered by Attachmate. Its EXTRA! line of emulators is most often used by Attachmate’s IBM i customers, while the Reflection line (obtained with its acquisition of WRQ years ago) sees more use in Unix environments. Nonetheless, the Reflection products do contain 5250 emulation capabilities.

The Reflection product suite includes seven specific products, each with overlapping features. The first Reflection R1 product to be released was Reflection Suite for X, which was unveiled last year alongside Reflection for the Web 2008 R3. In June, Attachmate rolled out Reflection for the Web 2011.

Users of various Attachmate emulation products can upgrade to Reflection 2011, including users of EXTRA! and myEXTRA! For more information, see the vendor’s website at www.attachmate.com.