System iNetwork

June 15, 2009

Profound Logic Seeks Beta Testers for New Enterprise Portal for IBM i Apps

Profound Logic Software is finalizing a new enterprise portal product for IBM i and offering a beta program to get feedback on it. The portal, called Atrium, focuses on securely tying multiple applications together into one browser interface.

Atrium lets businesses eliminate green-screen menus that require users to drill down through various levels of options to access particular applications. It offers a tabbed layout that lets users launch multiple applications simultaneously without having to start a new session or back out of applications. Administrators can tailor the layouts for individual users or groups. Atrium provides integration of Profound Logic's modernization suite components (RPGsp Web applications, Genie enhanced screens, and iData database views) into one location with a single sign on. Users also can integrate third-party applications, websites, and data located on the i or other platforms.

"Atrium was based on the business needs and requests of our clients. We worked with several customers, who demonstrated a need to redesign the way their end users navigate between application screens," says David Russo, the Atrium product development team lead for Profound Logic. "It was also important to our clients that they had more control over user access to the individual applications once they were running on the web."

Atrium is scheduled to be released in late September, but Profound Logic is looking for businesses to help beta test the portal. Beta program information is available online. Fill out the beta request form.

--Rita-Lyn Sanders, Senior Industry Editor

Posted by rsanders on June 15, 2009 at 6:35 PM | Comments (0)

June 2, 2009

Credit Card Tokenization: Put All Your Data Eggs in One Basket—and Watch That Basket

I was on a call recently with Gartner, Inc., analyst John Pescatore to learn about credit card tokenization. Pescatore, who specializes in Payment Card Industry Data Security Standard (PCI DSS), encryption related to PCI DSS, and overall security of Internet systems for Gartner, explained that tokenization can reduce a company's odds of a data breach as well as reduce the cost and complexity of PCI DSS compliance and auditing. A couple of other Penton Media editors, including System iNEWS technical editor Mel Beckman, were also on the call, and I present our questions and Pescatore's answers here for your edification. [Editor's note: nuBridges Inc., a software company that recently released a tokenization product, arranged our discussion with Pescatore but did not attend the call or have any control over what was discussed.]

Pescatore: The basic issue we've seen from enterprises is that the PCI mandate says that certain types of data have to be masked or encrypted. However, encryption does carry costs and complexity, plus the real issue is that what businesses really need to do is minimize the number of places where they store the credit card data—because in order to encrypt card data, you need encryption keys. If you're storing this data in more places than you need, the odds get higher that your keys will get compromised. So in the past couple of years, we've seen a lot of movement away from blind encrypting.

Here's an example: A lot of pretty big companies don't have credit card payment as a big part of their business, but they have the PCI security requirement even for the small amount of payment processing they do. And they thought encrypting and other PCI security requirements were too complicated, so they outsourced the payment processing so they'd never store the card data, just a token. These companies could get full access to the transaction data, but the outsourced payment processor sends it to them without the card data. This idea of tokenization and masking started with these outsourcers. nuBridges is one of the first to work tokenization into a key management product. Now enterprises who either can't or don't want to outsource payment processing can do it themselves with tokenization. However, outsourced payment processors do have to get certified as PCI compliant.

Taking this approach, companies can keep their sensitive data in one database and use tokenization for other applications that need to look up credit card related data, thereby reducing the odds of a data breach. What's more important to most enterprises, however, is that now all those servers on which they used to store the sensitive data are no longer part of the PCI audit, because the only systems in the scope of the PCI audit are the systems that store and process the sensitive data. So what tokenization really does is limit the scope of the PCI audit, which reduces the cost of the audit and the cost of dealing with the audit.

Penton editor: Why don't companies just use the transaction ID instead of a token?

Pescatore: The basic goal is to replace the card data with something that's not the card data. But whatever you're using, you have to have a randomization process, and transaction numbers aren't truly random. Also, so many people's databases have been built to use what looks like a card number, and the transaction number isn't in that format. Well-designed tokenization approaches deal with both of those issues.

Penton editor: Is there no problem with collisions?

Pescatore: Part of the issue around doing this securely is first off a token can't be easily translated into the card data. The second thing is that issue of collision, since there are only so many digits to play with. Any tokenization approach needs to be designed and implemented to be secure and to include techniques that assure collisions are avoided.

Penton editor: Why don't credit card companies do tokenization themselves? They could give you the token.

Pescatore: Several years ago, MasterCard came up with the idea of one-time credit card numbers, while Visa proposed an approach called "Secure Electronic Transactions." It turned out that what that would mean is that every merchant would have to update the software they use. But Visa and MasterCard were doing it two different ways, so it sort of died on the vine.

Merchants said, why don't the credit card companies store the data? We don't want to store it. The idea of tokenization has been around for a long time, but it's just that now that we've gone through PCI, there's a critical mass of merchants who have gotten compliant the hard way (encryption), and now they want to make it less complicated and reduce the cost. It's starting to reach the critical mass of (a) it's a good idea and (b) it can make things cheaper. Since encryption is now required, tokenization is seen as less expensive.

Penton editor: Can tokenization protect other data, such as Social Security numbers, medical data, and financial information?

Pescatore: What it really gets down to is that there's some public ID and some sensitive value, and what you want to do is break the association between the public ID and the sensitive information. So tokenization or encryption are definitely technologies that, on any of these privacy issues, can be used to break that association. The benefit of tokenization is that it reduces the complexity of handling the keys of encryption. But tokenization done badly can be a very bad sense of security if the token provided allows the attacker to figure out the information, or if it's done in a manner that breaks the legacy application.

Here's one key issue: We have standards for encryptions (FIPS 140-2). Tokenization--no standards for that yet. The tokenization vendors have to pay an outside security firm to test their solution. Probably the PCI will come out with guidelines for tokenization in the next year or so, so that there will be some way to certify tokenization.

The question most companies looking at tokenization ask themselves is, is it easy to get it going without breaking my legacy applications? Their due-diligence level is that the vendor had the solution tested by a reputable third party.

Penton editor: Does Gartner have a checklist it gives its clients to tell them what to look for in their tokenization solution?

Pescatore: Not directly aimed at tokenization yet, no. There aren't enough products out there yet. Most of the questions we've been getting from Gartner clients about this have been around those outsourced payment services. As late as 2008, we were getting no questions about tokenization products, because there really weren't any such products. All the questions were around what Gartner thought about outsourcing payment processing and what Gartner thought of tokenization, which some vendors were offering.

I always tell clients that tokenization does not eliminate the need for encrypting the card data. You'll still do that in the one trusted central database that you keep secure. But it comes down to, "Put all your eggs in one basket and really watch that basket." You'll still have to do encryption right and tokenization right. Tokenization promises to get things to a higher level of security and reduce the cost of getting there.

—Linda Harty, executive editor & availability/security/networking/connectivity editor

Posted by lharty on June 2, 2009 at 9:27 AM | Comments (1)

May 27, 2009

IBM i Shops: Too Many People Have Too Much Access to Too Much Info

I spoke with Philip Lieberman, CEO of Lieberman Software, recently and got some information that you can use to help you help your company tighten its security belt. Programmers beware: You may be making a common but preventable security mistake that can cost you—and your company—big time.

What do you see as the most critical security issue facing IT—and the companies they serve—today?

Lieberman: In most organizations, too many people have too much access to too much information too much of the time. Back in the days of mainframes, there were mandatory access controls, but in the world of personal business computers and remote users along with GenX and GenY, the entire nature of controlling access to sensitive information has gone out the door. But the risks haven't changed. What's happened is the technology has changed and the population has changed, so we see many organizations ripe for a breach.

The issue really comes down to providing delegation of responsibility. It's partially an organizational/business change and partially an implementation of software to control these access points. IT auditors find this issue a key part of any serious IT audit—whether it's federal government or Governance, Risk, and Compliance (GRC).

The concern is one not of ROI but of business continuation and, increasingly, routine GRC—looking at risk management and risk mitigation and dealing with it organizationally and technologically. It comes down to answering two questions: Are there any locks on the doors? And are there systems in place to make sure people are doing the right things at the right times in the right places for the right reasons?

Does Lieberman Software have products that address these problems?

Lieberman: We have about 10 different products, ranging from password synchronization tools to privileged identity management tools to local security management tools. Some of our products are used by IT administrators, and others are used by CSOs, CIOs, and IT auditors. But, "products" are really the smallest part of the solution to the problem of security. The biggest part has to do with systems integrators and organizations implementing compartmentalization and controls. That's 95 percent of all the work. The technology that we sell provides the framework for technical implementation, but the bulk of the work is in the hands of the security pros who implement these processes within organizations.

These professionals work with the organization to decide on the methodology to use to control access to privileged systems. That's the hard work. It also represents a large opportunity for resellers and systems integrators. To many organizations, if they're not aware of our technology, it appears as though a solution is not technically feasible. So they tell their auditors that the problem is not solvable. The unfortunate consequence of not implementing a solution is that they could literally lose control of everything within the organization due to lack of physical, logical, and procedural controls.

One area we've been pressing forward aggressively in is shared password management. Our products run on all platforms, including the i, of course, but also mainframes, PCs, Unix, and Linux. A lot of organizations use the same passwords to access everything, for everybody in the IT department. What we're offering are different, ever-changing passwords for every system and approved access based on an employee's duties and business needs (segregation of duty). Many IT shops don't segregate duties, meaning that they allow anyone in IT access to anything they want. And when people leave the company, IT typically doesn't change or eliminate these passwords.

The decision to implement control systems requires a buy-in by C-level executives. It's an interesting situation. Back in the days of the mainframe, the IT department controlled access. Today, control has gotten lost, and many of the C-level executives may understand physical security and physical segregation (e.g., physical stock control, dealing with employee theft at the physical level), but they're really not educated in the fact that some of the largest losses can occur at the IT level (logical level).

Does Lieberman Software help educate people?

Lieberman: What we do is work with the consultants—the IT auditors and resellers. What we're looking for is additional trusted partners to work with.

The big issue is that companies have so many systems and passwords, that without an automated system, most organizations lose control of the security. We have the software that globally manages all that. When companies put the software in place, it discovers all machines and accounts and also how and where they're used. This information is used by auditors, security professionals, and IT managers to regularly update credentials and change the locks when employees leave—a key part of virtually every security standard (e.g., PCI, Sarbanes-Oxley, HIPAA).

It's a battle on a daily basis to try to get companies into a better posture. We see a spectrum of different clients, from those who work with and embrace the IT auditors and their assistance, to those who see auditors as just an annoyance. It's interesting to see the relative results in the financial meltdown happening today. Those companies that treated the auditors as their friends have gotten through this crisis better, whereas the others have not really weathered the effects very well. [Editor's Note: For an article that backs up this assertion and helps you figure out how to get more comfortable with auditors, read "Keep Auditors at Bay," by Robert S. Tipton.]

It's really a no brainer to implement these systems, because the benefit is obvious: You get to stay in business. But some CEOs, CFOs, and CIOs are reluctant to spend the money on IT security because it means less money for the bottom line (short term) and their bonuses.

Based on what you've seen in the field, do you have any security advice for programmers?

Lieberman: Programmers sometimes have some really bad habits. They'll embed passwords right into their programs. Then there will be a defect in their program, and that allows someone to see the source code, and then really bad things happen. Websites have gotten compromised and then exposed employee records, credit card numbers, and other sensitive data. All this ends up happening because of embedded credentials in web pages or because insecure websites become exposed. It's easy to embed passwords in programs, and it's harder to code correctly by using impersonation or programmatic password lookups. This is really where it gets into the weeds of implementation. There are inherent capabilities in the OS to hide or encrypt passwords, and there are also APIs that allow passwords to be retrieved. And there's integrated authentication that passes credentials to the actual database and allows the database to decide what that user can and cannot see.

Another problem we see is that programmers don't have their applications tested or validated for security by a third party or even in-house. Many of them don't have the expertise or the resources to get the testing done.

Some good advice is to always consider the consequence of a security breach: loss of your job and possibly even loss of the company.

On the other hand, nobody ever got a bonus for something bad not happening. No manager would say, "Hey, good job, we didn't hacked today." The problem with security is that it's inevitable that there will be a breach. As the saying goes, “Expect the worst; hope for the best.” But developers aren't taught that way. They're taught to just get the job done.

Is this situation getting better or worse?

Lieberman: It's not getting better; it's getting worse. Cloud computing is going to make the situation completely out of control—not like it isn't already!

The question is longevity. What is your allegiance to any organization and its long-term survival? Do you operate in a mode of protecting your job and organization, or are you just going from one fire to another without thinking about long-term survival? It's a thought-provoking problem. Consider that the greatest offenders may not even be the low-level employees but the C-level employees—those who seek only short-term profits and have no interest in investing in security training, security products, or secure programming.

Does your company have any new products or releases coming out?

Lieberman: In terms of updates and what goes on going forward, we're adding additional connectors for our privileged identity management solutions. For example, we have recently added connectors to most Security Incident and Event Manager (SIEM) systems. These systems reach out into all the systems in an organization and look at the audit logs as well as process critical events in realtime. They consolidate that info, present alerts, and can also prepare security compliance reports. They're part of an ongoing intrusion and compliance analysis system, and they are also used for availability. What we do for these SIEM systems that have embedded credentials that allow them to talk to other systems is make connectors that go out and keep credentials automatically updated. We make connectors for different systems, different versions of Unix, Linux, and IBM i. We're always updating these to deal with the evolving needs of our customers. Connectors deal with discovery of systems and management of privileged credentials. The basic idea is that a human would normally be requesting these credentials, but these automated systems operate autonomously and need help being updated as things change. Normally this is a manual process, but it really can't be done manually in any practical way.

—Linda Harty, executive editor & availability/security/networking/connectivity editor

Posted by lharty on May 27, 2009 at 10:29 AM | Comments (0)

May 12, 2009

IBM Power Systems Try-Before-You-Buy Offer

IBM is offering a no-cost 60-day trial of the Power Systems 520 server running either IBM AIX, IBM i, or Linux. According to the IBM web page that contains the offer, here's how the program works:

1. Choose a configuration.
2. Fill out the contact information. You will be contacted within 24 hours to clarify and validate the information.
3. If approved, an IBM Business Partner or IBM Sales Representative will then contact you to arrange shipment and extend a trial agreement to you. Our program goal is to have the machine arrive at your location no later than 1 week after signing the trial agreement.
4. Should you decide not to keep the machine at the conclusion of the 60 day trial, please notify the IBM Business Partner or IBM Sales Representative, pack the machine in the original packing material, and return it to the address specified by the IBM Business Partner or IBM Sales Representative.

For complete information about the offer, visit IBM's website.

--Linda Harty, executive editor & security/availability/networking/connectivity editor

Posted by lharty on May 12, 2009 at 1:53 PM | Comments (0)

May 11, 2009

MPG, CCSS Create Marketing Alliance to Benefit IBM i Customers

Midrange Performance Group, Inc. (MPG), and CCSS USA Corp. have announced a marketing alliance to better serve the requirements of their IBM i system monitoring and capacity planning customers.

CCSS develops QMessage Monitor, QSystem Monitor, and QRemote Control, which help users monitor and manage IBM i servers. "Cohesive industry alliances such as this will substantially benefit IT Managers that face a complex landscape of system issues, many of which include dependencies or interactions with other areas of the system. For them, solutions that can accommodate a 'big picture' vision of their needs are unquestionably more valuable." says Ray Wright, CEO of CCSS.

MPG, developer of Performance Navigator and Power Navigator, provides capacity planning, performance management, and problem determination support for the IBM i and AIX/Linux platforms. "This alliance will enable us to serve our customers in a more effective and cost efficient way," says Randy Watson, president of Midrange Performance Group. "Between our two companies, we cover the full range of system management requirements for the IBM i customer."
--Rita-Lyn Sanders, Senior Industry Editor, Programming & Systems Management

Posted by rsanders on May 11, 2009 at 11:50 AM | Comments (0)

May 4, 2009

iFusion.net Protects Yet Uses IBM i Data for Mixed App Dev

At COMMON Reno, LANSA rolled out one of the company's more significant new products--iFusion.net. Its overall design comes with some particularly compelling propositions for IBM i-focused companies that find themselves shouting over widening chasms of new application development. More specifically, the divide comes from core enterprise applications and data on IBM i systems . . . and Microsoft-focused app solutions delivered via the 2007 Microsoft Office System, Office SharePoint Server 2007, Microsoft SQL Server, or applications built with the .NET Framework.

I know it sounds confusing, but not if you're one of the companies that find themselves with at least two, if not more, camps trying to provide end users with actionable data and useful applications.

"Microsoft owns the desktop; IBM owns the server, and applications run in silos," says Steve Gapp, president of LANSA Americas.

The basic issue is, rather than risk letting .NET developers run amok with core enterprise data running on an i system, companies have fractured their enterprise information.

"Today, people are the middleware between the platforms and processes," Gapp notes.

Meta Data Repository to the Rescue

At the heart of iFusion.net is LANSA's answer: a meta data repository ensures that the rules that govern your database transactions are centrally maintained and enforced by all programs, regardless of the platform or development language (C#, VB.NET, RPG, COBOL, LANSA, Synon, SQL, PHP). The result?

Zero duplication of business rules, tighter security, faster performance, and more assured data integrity for organizations that depend on DB2 and SQL databases, LANSA says.

For example, "With iFusion.net, .NET applications have native access to everything your RPG applications can take advantage of," Gapp explains.

Basically, iFusion.net gives Microsoft Visual Studio and .NET Framework developers the authority to perform Create, Read, Update, and Delete transactions on the core databases without risk of jeopardizing data integrity or security--and this last point, Gapp says, is the most important issue for i-focused managers who have end users running a variety of apps in what has become mixed-mode environments.

Not Necessarily a War in Many Companies

LANSA's meta data repository architecture isn't new, and many of the components have already been in use by LANSA customers--but iFusion.net as a product designed to maintain core IBM i data while allowing diverse application access is new.

"Back in 1987, when we created the LANSA platform, every customer ran their critical applications on AS/400 servers. Today, most of our customers still have an IBM i server at the core, but we recognize that many have also made big investments in Microsoft products and skills. iFusion.net has been developed specifically for organizations who are running this mixed-mode environment, so they can concentrate on extracting value from their resources, rather than forcing everyone and everything to a common standard. This mixed mode environment is everywhere you look, so we hope that our neutral approach is something that everyone in the IT department can finally agree upon and move forward with--because end-users are getting tired of waiting," notes Pete Draney, director and CEO of LANSA.

To learn more, check out LANSA's focused site at http://www.iFusion.net.

Posted by cmaxcer on May 4, 2009 at 9:25 AM | Comments (0)

April 28, 2009

BCD Releases New Versions, Expands Features in its IBM i Product Line

Business Computer Design (BCD) is one of the vendors at COMMON Reno that announced it continues to invest in its IBM i product line. BCD made sweeping enhancements to many of the components that form its application modernization suite.

The enhancements include:

Catapult 7. A new release of Catapult, a PC and IBM i client/server application for automated report and document distribution, has been rewritten in Visual #C.NET, resulting in increased performance-- up to15 times faster. The rewrite takes advantage of modern controls and interfaces in C# that, for example, improved the email process. It also has been completely redesigned with a modern and intuitive user interface and a new Grab Rule Editor that improves the process flow when creating new distribution rules.

Clover 1.6. Clover, BCD’s real-time IBM i web reporting and querying tool, now has the ability to import query definitions from IBM DB2 Web Query for i. The Web Query definitions can be output as real-time web reports, graphs, spreadsheets, or interactive drill downs with optional prompts and filters, bringing new life to existing reports defined in IBM’s query tool. The following query options are all retained: selected fields, file joins, calculated fields, sort fields, comparisons and level breaks. You can further customize and modify the imported queries in the Clover IDE with the codeless SQL wizard. End users can access reports from a browser; no other PC software is required.

Presto 1.27. Presto now supports IBM i 5.1 and higher. Additionally, there is an option to run Presto without needing to install the WebSphere Application Server.

Nexus Portal 3.6. Version 3.6 of Nexus, BCD’s portal for secure and controlled access to enterprise information, is due to be generally available the end of May. This version has many new features, including a Google Search Appliance portlet that lets Nexus users search any network drives they index with the Google Appliance, in addition to the documents in the Nexus ECM. Besides users accessing all their documents from one location, they also get full text searching and search result text previews. Nexus 3.6 also offers performance improvements.

WebSmart PHP. WebSmart PHP’s built-in change management has added support for the FTP path to offer a more complete process. This enhancement automatically directs new content and makes it easier to publish, manage, and organize content on your website.

WebSmart ILE 8. The next version of WebSmart ILE, BCD’s rapid web application development tool, will be generally available June 1. It adds support for Lightweight Directory Access Protocol (LDAP), letting users create connections to different LDAP data sources and manage entries in those sources. It also includes new XML functions that simplify XML document processing and parsing. These functions let users open an XML document, parse the document into a tree, retrieve elements and their children, get sets and subsets of elements, traverse the document tree, and more. The functions also handle all memory management behind the scenes, so developers can focus on writing applications.

--Rita-Lyn Sanders, Senior Industry Editor, Programming & Systems Management

Posted by rsanders on April 28, 2009 at 7:16 PM | Comments (0)

Raz-Lee Enhances IBM i Security Solution's GUI

I got a chance to meet Raz-Lee Security Inc.'s husband-and-wife team of Shmuel and Milka Zailer on the expo floor during COMMON. Shmuel is the company's CEO/CTO, and Milka is its CFO/COO. Not only did I meet them, but I also got to sit in on Shmuel's COMMON session on Monday morning, "Tracking Application Activity via the DB-Journal; the Missing Dimension of Information Systems."

The company's main announcement at COMMON is of a major new GUI release of the iSecurity suite of System i Security solutions. Some of the highlights of this new release are:

• Preliminary access filter for data retrieval, reducing network load and reducing response time
• Drill-down capability from the Visualizer BI tool to the firewall or audit log, enabling specific event analysis down to the log-entry level
• Role-based navigation tree providing auditors with only the tree items they require
• Standard reports opened directly as GUI tables, with advanced Eclipse features for table management, including exporting directly to spreadsheet
• Reports stored in IFS as PC format files, opened directly in CSV, PDF, HTML formats
• SYSLOG supported in Audit and Action menus
• GUI support for Audit, Action, and Capture expanded

Also on display at Raz-Lee's booth were three of the company's other security offerings:

• Compliance Evaluator - gives managers a quick, comprehensive view of their system's compliance with industry and corporate policies and provides reports with various levels of detail.
• Authority on Demand - provides a solution for emergency access to critical application data and processes.
• AP-Journal - protects business-critical information from insider threats and from external security breaches. It issues realtime alerts on changes to data, records read, and open actions, and provides timeline reports on all changes over long periods of time.

For more information, visit razlee.com.

--Linda Harty, executive editor & security/availability/networking/connectivity editor

Posted by lharty on April 28, 2009 at 5:16 PM | Comments (0)

Vendors Invest in IBM i--News from the COMMON Expo Floor

It's clear to me from the number of IBM i announcements coming from vendors demoing their products on the expo floor at COMMON Reno 2009 that they're making significant investments in the IBM platform.

And the really cool thing is that many of those investments aren't just for today. Software vendors are doing more than maintaining their applications for customers. I've talked to software vendors that are so enthusiastic about the platform that they can barely contain themselves.

I've learned about re-writes of entire applications; major releases with money-saving, automation efficiencies; and the incorporation of cool technologies like PHP. I'll share them with you a few at a time.

Here's a start:

In the education arena, Profound Logic has launched Profound Logic TV, a blog dedicated to providing YouTube-based videos and tips for the IBM i community. The blog and website contain articles and videos focused on the latest trends, ideas, and technologies surrounding application development and modernization on IBM i. There is also opportunity for viewer interaction. The first three videos on the site cover AJAX on IBM i. Each is three to five minutes in length.

"It's an opportunity to introduce people to web development and modernization and what it's about," says Philip Roestamadji, marketing director for Profound Logic. "We're not trying to push concepts on TV, we're trying to explain concepts."

The company plans to release a new video on the website every two weeks, and hopes to offer videos from people outside Profound Logic as well as within.

Also in application development, Aldon and Business Computer Design (BCD) are partnering to bring process automation and efficiency to web application development and modernization projects involving PHP and RPG-CGI. The companies have integrated Aldon Lifecycle Manager, a change management solution, with BCD's WebSmart ILE and WebSmart PHP products for IBM i and multi-platform web development. The integrated solution provides automated processes and deployment, inventory management, project and compliance reporting, and increased visibility into project status. "Customers want a single solution to manage their environments," says Dan Magid, Aldon's product strategist.

"As we watch the open source, multi-platform, and IBM i worlds merge, it's important to make sure process doesn't fall by the wayside," says Matt Scholl, CEO and president of Aldon. "We're excited to work with BCD."

--Rita-Lyn Sanders, Senior Industry Editor, Programming & Systems Management

Posted by rsanders on April 28, 2009 at 9:19 AM | Comments (0)

April 27, 2009

Quadrant Software Announces New Release of Doc Management Solution at COMMON

I met with Quadrant Software's director of marketing, Daniel Kuperman, on the COMMON expo floor today and learned about FastFax, Formtastic, and IntelliChief. FastFax lets IBM i shops send out purchase orders, invoices, and other business documents via fax and integrates with email. Formtastic is an electronic forms package that eliminates the need for preprinted forms—the forms are printed along with the data that populates them—reducing the cost of creating and distributing documents. IntelliChief is a document management, archival, and workflow solution. All three products integrate with each other and comprise a paperless process management solution, allowing for electronic purchasing, receiving, and paying.

Kuperman explained the new capabilities that IntelliChief 2.5 includes. Here are highlights of a few of them:

Performance metrics. From the moment a document is created or captured up to when it is distributed or archived, IntelliChief is tracking it. How many orders have been fulfilled? How long did it take to fill them? Has an invoice been approved? All this information is recorded in a history table, and version 2.5 lets users run reports against it, for example, to compare last year's orders with this year's.

Matching of workflow documents. When a document enters workflow, IntelliChief verifies whether other documents are waiting for a match and determines if they can now be routed to their final destination. This new workflow feature saves time and adds intelligence to document processing, instead of relying on manual user intervention.

Enhanced web form usage. IntelliChief's WebForm module lets users use a browser to create and fill out a form, such as a purchase order. Version 2.5 enhances the form so that users can re-edit it, instead of having to reenter the original data or re-create the form from scratch, before it's finalized and approved. When the web form is complete, it is stored in the archive as an image document, preventing future edits.

Other improvements include:

• Improved notifications
• Viewer improvements for handling multiple documents
• Document attachment options
• Hardware and software updates (support for MS Server 2008 and MS SQL 2008)

Kuperman asked me what my "beats" are in the IBM i world, and when I mentioned availability, he told me of another advantage inherent in the IntelliChief solution:

"Most disaster recovery solutions focus on the hardware, but what they don't consider is the paper. If you have a disaster, for example a flooded office, what happens to your file cabinets? If, instead of paper, you have your documents in electronic format—such as IntelliChief—you have all your documents electronically accessible from anywhere if a disaster occurs, because they're part of your HA/DR system."

On top of that, Kuperman added, when it comes time for a compliance audit, a document management solution puts everything that an auditor might ask you for at your fingertips.

IntelliChief 2.5 is free to existing IntelliChief customers. For more information, visit IntelliChief.com, email sales@quadrantsoftware.com, or visit booth #302 during the COMMON expo this week.

--Linda Harty, executive editor & security/availability/networking/connectivity editor

Posted by lharty on April 27, 2009 at 6:26 PM | Comments (0)

June 2009

Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Blog Policy

We welcome your comments and opinions and encourage lively debate on the issues. However, Penton Media reserves the right to delete or move any content that it may determine, in its sole discretion, violates or may violate its Terms of Use or is otherwise unacceptable. For more information, see Penton Media's Terms of Use.