2017 IBM i Predictions: Take Three
February 1, 2017 Alex Woodie
In our third and final installment of our 2017 IBM i predictions series, we hear from several more IBM i professionals, including those from Profound Logic, Fresche, and Curbstone. We also hear from a prominent voice in the youth movement taking place in the IBM i community, as well as from the founder of the IBM i community’s newest local user group, MAGIC.
Our first prediction comes from Stephanie Rabbani, a PHP expert who works at Alan Seiden Consulting. Rabbani has 14 years of developing on the IBM i platform and is involved in COMMON and other community groups. Her top five predictions start with:
“1. Continued momentum for open source on the IBM i. We are seeing excellent features continually being added by IBM, and we are seeing great and useful projects emerging from the IBM i community. We should see further collaboration this year in these areas, using Github or Bitbucket to share RPG, CL, PHP, Node.js, Java and many other languages.”
“2. We should see GA of Zend Server 9/PHP 7 on the IBM i this year. Some IBM i shops will start to migrate to this version and this should result in performance improvements, and developers will be able to take advantage of the new features such as return type hinting.”
“3. I believe more shops will adopt cloud IBM i offerings, either as a way to experiment and develop in a separate environment, or as a production solution to offload hardware costs and maintenance.”
“4. More SQL services. How awesome are these? Are you using SQL services? The list keeps growing — check them out here.”
“5. More and more ways to access your data. The IBM DB2 database continues to be as reliable as ever, and IBM i developers have so much choice when it comes to delivering that data to their users. There are PHP, Python, Ruby, Java, Node.js, RPG-CGI able to deliver your data to the web, to name a few. There are also web services such as XMLSERVICE and DB2Util where you can access your DB2 data via web service. These will continue.”
As the CEO of application modernization specialist Profound Logic, Alex Roytman knows a thing or two about adopting new technology. For 2017, Roytman sees new technology making an impact on IBM i.
“2016 was a year where we saw companies eagerly embracing modernization of their green-screen interfaces and RPG code. In fact, we conducted a survey that showed that GUI modernization, mobile development, and web services were top priorities of companies last year.”
“Going into 2017, however, we’re seeing a new and very exciting trend for IBM i modernization emerging: Node.js. Node has become one of the most widely adopted languages for business application development, and that includes businesses that run on IBM i. We’ve already started engaging with companies that are looking at Node as an alternative to riskier and more costly modernization alternatives, like re-writing in another language or migrating to a packaged application. The excitement around Node will only get bigger as more companies see its benefits!”
As the principal of Hamway Software Solutions, Laura Hamway knows what it’s like to run her own business. She’s now using her knowledge and experience with the Mid-Atlantic Group of IBM i Collaborators (MAGIC), the IBM i community’s newest user group, which she founded last year. That might give you an inkling of where she’s taking her predictions.
“2017 is the year to challenge your comfort zone! Whether that is learning new technology, a new skill for your career or a new hobby. Try something new and see where it can take you. The possibilities are endless when you are willing to move outside of your comfort zone. Things you thought were not possible can be done.”
“For me, Hamway Software Solutions is challenging me to get out of my comfort zone. I have been in the IBM i industry for over 25 years covering many roles, such as, programmer, developer and project manager. Now I need to get out of my comfort zone and I need to improve and extend my skills in the areas of marketing, public speaking and social media.”
“Make 2017 the year to extend your IBM i skills. Try learning a new RPG technique (using JSON, JDBC, advanced SQL) that you have been reading about. Learn a new language, PHP or .NET or improve your skills–on the IBM i of course! Try some Open Access! Another idea is to attend an IBM i conference or get involved with your local IBM i user Group. If you are nervous about talking in front of others, try doing a presentation at your local user group–that is always a friendly audience.”
“If everyone tries something new on the IBM i the results can be endless–show everyone what great things you can do!”
Fresche has made a mark in the IBM i modernization space with its acquisitions of Databorough, looksoftware, and Quadrant, which owned BCD Software. Now vice president of marketing and business development for Fresche, Marcel Sarrasin sees positive trends emerging in 2017.
“Open source will continue to gain momentum, Node.js in particular. IBM’s commitment to open source and its popularity on other platforms will continue to drive the growth of open source, as well as more and more solutions and support being offered by vendors. It also helps address a key concern on the platform which is attracting new developers which open source helps.”
“The need for RPG and COBOL skills is going to continue to increase as resources retire and integration and new development requirements grow. Progressive IBM i shops are going to start training new developers on RPG and adopting open source technologies to overcome these challenges, while others will look to outsourcing application services to achieve their goals.”
Ira Chandler, the CTO of secure payment provider Curbstone, is an ardent IBM i supporter, as well as a security expert and sometime-prognosticator of IBM i’s future. We let Chandler wrap up this year’s batch of industry predictions with his thoughts on the payment card industry.
“Looking forward can benefit from looking back. Updating my thoughts last year on the payments space, the ‘disturbing trend’ of the banks rejecting chargeback defense of credit card accepting merchants is growing even stronger. And it seems to be expanding beyond penalizing just those merchants who are slow to adopt EMV (chip and PIN), and is more prevalent across the board. This means merchants, moving forward, should have better records of the authentication transaction when they obtain with Address Verification results and the matching of the Security Code (CVV). That is the basis for the defense, but even that is now proving ineffective.”
“The de-clawed European ‘chip and PIN’ technology, EMV, that, in the US, forsake PINs for weak and useless signatures has finally been challenged in court by Home Depot, Wal-Mart, Kroger, and others, suing Visa and others. Nothing will come of it, as Americans are too lazy to remember a 4 digit PIN to do real two-factor authentication–at least according to card issuer Capital One. We do predict that two factor authentication will become the norm as we move forward for all logins. Two-factor is finally mandated by the current PCI standard 3.2 when credit cards are involved. Also, networks will be implementing two factor authentication extensively, even within internal operations from which a merchant is typically shielded, such as the secure FTP settlement file submissions. Two-factor requires something you have and something you know, in its simplest form. Get ready–it is about to permeate our world.”
“Five years ago we thought that the security reporting requirements for merchants who accept credit cards would intensify. Yep. As of January 31, 2017, even the smallest merchant has to complete a PCI Self-Assessment Questionnaire (SAQ), and have an officer of the company sign an affidavit that it is accurate. Then it must be submitted to their bank or acquirer. Not doing so jeopardizes their right to accept credit cards. If their infrastructure has workstations into which the card data is keyed, the entire infrastructure is ‘in scope.’ That also qualifies them for the largest of the SAQ flavors, the SAQ D. With over 500 questions delving into every single device and system, this can take months to complete.
“The industry is moving in this direction, and the prediction is that proving security and PCI compliance will become more demanding for all levels of merchant, even the smallest who was somewhat insulated before. We see that any company accepting credit card payments must find a solution that employs ‘remote tokenization’ and integrated ‘virtual terminal’ functionality so their existing infrastructure does not touch card data. The old days of keying cards into a green screen or GUI on the Power running IBM i are going away quickly.”
“One of the most horrifying escalations will be when, like the Level 1 largest merchants are required to do, the smaller merchants must hire third-party PCI Qualified Security Assessors to formally audit and report. Currently, only huge merchants must hire third-party auditors–that will change and trickle down. Big bucks, tons of time, and coming to the smaller merchants.”
“We have seen–yes, really–V5R3 and V5R4 merchants struggle to achieve the new more secure ciphers, like TLS 1.2 and SHA-2. Just as 7.1, 7.2, and 7.3 are easily capable of them, currently, we predict a series of new versions of online communications protocols and ciphers to protect the data that is increasingly traversing the public Internet. Just as vulnerabilities have been proven with SSL and other protocols, these current ones will fall, also, as skills and computing power grow. We predict that the never-ending ‘improvement’ of communications protocols required by the PCI will challenge Power Systems on IBM i shops. Expect an increasing reliance on formal certificates issued by a Certificate Authority to be required on the merchant’s system to authenticate it to the authorization networks.”
“Communications done with IBM i Java require that the Java licensed programs contain support for these advanced protocols. In contrast, those operating system applications like FTP, POP, SMTP, and other clients depend on what DCM can do. The relentless march of protocol advances will make it a requirement to maintain your PTFs, and, to upgrade OS versions more often than before.”
“The wide-spread implementation of EMV, weak as it is, will push fraud from counterfeit physical cards to using stolen data for e-commerce and ‘call center’ telephone purchases. We predict that merchants will be quick to find solutions for that, as they will not easily give up the traditionally lower risks of e-commerce and phone order operations. We think merchants will intensify their requirement that products bought on e-commerce will be delivered only to the authenticated billing address of the card used.”
