What is a Leap Second?
Fig. 1 History of Leap Seconds (Source: IERS)
The time when the civil clock was defined by the position of the sun over Greenwich UK is long gone. Instead, atomic clocks (International Atomic Time – TAI) have become the tick-tock in the clock of civilization. However, there is still a need to synchronize the perceived time of day (Universal Time – UT1 or variations thereof) with the official time used in civil life and commerce (Universal Coordinated Time – UTC).
This coordination is the task of the International Earth Rotation and Reference Systems Service (IERS) at the Observatoire de Paris. IERS can name specific dates (at end of June or December, but also end of March or September), to insert or remove single seconds (so called leap seconds) to make sure the predicted difference between UTC and UT1 stays below 0,9s. In January 2015, the IERS announced that the next leap second will be inserted on the night (UTC time zone) between June 30 and July 1st 2015.
Recent updates by Oracle have introduced two different versions of Java and there is also a major version upgrade to Java 8 in the queue. As SEEBURGER Business Integration Suite (BIS 6) and the SEEBURGER B2B Portal depend on the Java platform to run on different enterprise platforms, here is some information about what is happening in development at SEEBURGER.
Installing enterprise software can be an arduous task. Manually answering prompts with technical parameters in multiple environments (‘what was the IP address of the TEST database again?’) can be time consuming and error prone.
Today, we’ll look at how you can use the SEEBURGER BIS silent setup in order to minimize errors, shrink install times, and leverage your existing configuration management and server automation tools to install SEEBURGER BIS.
The ‘Silent Setup’ is an installation option that allows administrators to provide a response file to the BIS installer to specify common parameters like the database connection details and which packages to install.
As data patterns change, governance takes a higher priority and security becomes more complex, Financial Services Institutions are looking to invest in modernizing their transmission platforms. SEEBURGER is ready for this MFT 3.0 drive guided by our significant Banking, Insurance and Financial Services clientele around the world.
M&A strategy for FSI with SEEBURGER
Over the past 15 years, the legacy of mergers and acquisitions, economic cycles, legislation, globalization, diverse lines of business and rapid technological change have conspired to dramatically increase the complexity and fragility of a financial institution’s data transmission platform and community. (more…)
Welcome to the first of our series of seven posts on choosing an FSI secure data transmission platform!
Over the last 5 years, banking infrastructure decision makers are increasingly being faced with new legislation and compliance regulations that change how IT systems are managed and monitored. IT budgets are expended managing these changes and although projects that create value for clients are required for business agility, IT is under pressure to do more with less funding.
The costs of running legacy environments, especially with an increased data exchange volume, further eat away money budgeted for value add IT projects. These changes mean IT infrastructure investors are requiring more out of their IT investments – with considerations for scalability and flexibility at the top of list of requirements.
At the same time, with the ability to switch banks vastly simplified, current and potential clients are informing themselves about the advantages and disadvantages of service providers. The speed at which banking can be integrated with a business can be a major factor in standing out – and ahead – of the competition. (more…)
The GNU Bash (“Bourne Again Shell”, /bin/bash) is reported to have security vulnerabilities nicknamed “Shellshock” CVE-2014-6271.
The Shell is installed and used on nearly all Linux, Unix and MacOS X systems. There are various attack vectors known, where the weakness of the bash shell can be exploited. Among those are also unauthenticated attacks against CGI-Scripts (Web Server), DHCP Clients (System Service) or Login Shells.
Similar to the Heartbleed vulnerability, this is affecting all infrastructure services.
The weakness is actively exploited. It is therefore strongly recommended to update all affected systems with patches provided by the vendor.
There is the potential that the increased focus on bash will lead to further vulnerabilities being discovered in the coming days. We recommend you monitor your systems and the further development closely.
SEEBURGER has analyzed all SEEBURGER products and infrastructure services.
SEEBURGER is not aware of any possibility for an unauthenticated attacker to control environment variables.
For any questions about your SEEBURGER environment please contact us by opening an incident ticket. If you are not a customer and would like further information, please email us at: email@example.com with the subject line, ‘Shellshock Security Vulnerability’
Customers can login to our knowledge base for more information here: Service Portal
Here is a short Q&A about SEEBURGER products and services in response to the recently announced security threat called Heartbleed:
Are SEEBURGER products affected?
No. SEEBURGER products are not directly affected by the Heartbleed Open SSL issue. But we do recommend that your company review any use of Open SSL to ensure your system’s security.
Are SEEBURGER platforms or cloud services affected?
No. SEEBURGER products (except BIS5) do not use the OpenSSL library for network servers and we also do not ship or require the library in standard operation. SEEBURGER BIS5 Client Adapters P7 and FTP are not using a version of OpenSSL affected by the Heartbleed bug.
SEEBURGER’s Secure Edge, as well as SEEBURGER BIS6, PI adaptors, SEEBURGER Web-Applications (E.g. IMartOne) and our secure file transfer solutions MFT/SEEFX are based on the Java platform which protect against programming errors common to implementations in the C or C++ programming language.
So is my company totally safe?
Although we can confirm that our products and services are not affected, systems which connect to SEEBURGER products and services may have vulnerabilities and we encourage you to perform your own security audit.
Where do I go if I want more information?
Customers can login to our knowledge base for more detailed information. Visit our homepage under hot topics: www.seeburger.com for our official response from our team, or for more information specific to the heartbleed bug visit heartbleed.com
by: John Applegate
So you’ve done sufficient due diligence during the software acquisition to have confidence that the solution will meet your technical requirements and the solution has been deployed. Now what? Job #1 is to focus on meeting business objectives. Here are three motivating factors that should drive your focus.
Focus on Business Objectives
- Capture Revenue: You want to do business with your customers in new ways but your legacy platform(s) are preventing you from on-boarding them or supporting the business model effectively. You need to get them on the new platform …fast. The new system must provide rich features and capabilities. For example, direct support for all data formats, dynamic routing capabilities, communication protocols available allows you to say ‘yes’, we can do that…today. This translates into faster time to revenue. And ultimately, this agility will make you more competitive to win more business.
- Mitigate Risk: Your new platform provides security that ensures data is protected from loss and that sensitive data is protected. It enforces compliance with external and internal security controls for transparency and visibility, and industry compliance standards like PCI-DSS and customer SLAs. It also supports business continuity. In a 24/7 financial world, your business needs to be up and running at all times.
- Reduce Costs: The solution you choose should not only improve operations, but should also help cut costs. The new platform will make you more efficient in how you support customers. For example, you should be able to offer self-service value-add capabilities such as track-and-trace visibility for internal business users (or even customers themselves to eliminate delays, improve customer relations, and cut down on laborious support activities that are a bottleneck. Additionally, shutting down the legacy platform saves operational and license/maintenance costs.
Accelerating the migration off of your legacy platform and building a methodology for on-boarding will make this promised ROI a reality. During the vendor selection process, the vendor’s solution for migration is equally as important as the technology itself. It’s imperative that the vendor has the tools and experience to *finish* your migration….not just start it. And be skeptical; not all vendors can deliver on their promise. Without the ability to actually conclude your migration, the shiny new platform will sit idle and your customers are stuck on the old platform with continued costs, risks and bottlenecks.
Bring Your Own Device (BYOD) is basically an official, unofficial or unwanted policy of employees bringing their own mobile devices to work to use for work purposes. They use their devices to access confidential company applications, data and files. BYOD exposes companies to significant risk. But it also offers companies significant opportunities. As far as the trend goes, employers are finding it next to impossible to stop it. When it comes to how you approach BYOD, you essentially have two options.
1) What can happen?
You’re exposing yourself to data breach risks, as well as potential regulatory non-compliance. You are also inadvertently sending a strong message to your employees that you find them too untrustworthy for BYOD and they should just accept the burden of managing multiple devices.
2) Next steps:
Deal with it
1) What can happen?
BYOD offers the potential to cut costs on the money you spend on mobile devices, including smartphones, laptops and tablets. You also increase employee morale by telling them you trust them to use personal devices for the benefit of the company. You are a flexible employer.
2) Next steps:
Put a solution in place that will ensure company data is secure from unauthorized data breach.
If you choose to accept the future of BYOD, you need a way to secure your data when it’s on employee’s personal devices. That’s where a solution like SEEBURGER SEE FX Mobile comes in. Considering we’re the recent Info Security Product Guide Awards gold winner in the BYOD category (our fourth award since its inception), you’d be hard pressed to find a better solution for mobile data security on employee’s devices. SEE FX Mobile allows users and the business to:
- Access files on the SEE FX server on the go without a laptop
- Subscribe to and synchronize the latest versions of files automatically
- Enforce corporate and regulatory security policies for mobile users
- Maintain a complete, integrated audit trail of all file exchanges
As a component of our SEEBURGER MFT solution (which is offered on a low monthly subscription basis or through a traditional license) SEE FX Mobile is a free downloadable mobile app—can’t beat that. And with clients like Keurig owner Green Mountain Coffee Roasters, the world’s largest investor-owned energy provider and the largest financial services firm in Northern Europe, it’s a tried-and-true solution that major companies know they can depend on. Learn more today by visiting our SEE FX Mobile and SEE MFT solution centers.
File transfer is more than a given at the average financial institution. The Financial Services Industry (FSI) thrives on information and devours it. In one day you might send and receive files in and out of the office, down the street and across the globe, and back and forth with agents, clients, brokers and more.
Combined with the amount of data flying around—the need for an efficient file transfer solution seems pretty clear. A solution needs to protect sensitive data while keeping a lid on costs. Unfortunately, legacy systems do neither. Weighed down by disparate FTP and script tools, and a lack of visibility and secure protocols, these systems become an endless road to nowhere once their last friend in IT retires.
A single, modern file transfer solution can resolve these problems. Modernization and consolidation go a long way towards improving security, and centralizing management and data transmission governance. They can also substantially reduce total cost of ownership (TCO). Factor in the costs of multiple toolsets, software licenses and maintenance agreements and the savings can quickly add up.
Visit our FSI Solution Center now to learn how a major insurance company modernized, consolidated and cut costs with SEEBURGER Managed File Transfer (MFT).