This paper details the need for more focused middleware security auditing and testing that goes beyond traditional perimeter testing methodologies. It provides an overview of the historical result of implementing middleware products such as WebSphere MQ (WMQ) in an "out-of-the-box" manner without security measures, and without knowledge of today's more stringent regulatory environment which has lead to the increased risk of failed audits on a variety of recently enacted regulatory measures. These measures, which were all passed well after the initial growth of messaging middleware, include the Healthcare Insurance Portability & Accountability Act (HIPAA) enacted in 1996, the Sarbanes Oxley Act (SOX), passed in 2002, and the Payment Card Industry Data Security Standard (PCI DDS) enacted in 2006.
Credit Union Times is the nation's leading independent source for breaking news and analysis for credit union leaders. For more than 20 years, Credit Union Times has set the standard for editorial excellence and ethical, straight-forward reporting.