OK well maybe “hits the stands” is not exactly accurate since developerWorks WebSphere Technical Journal is an online format. But “hits the browser” just doesn’t roll off the tongue as nicely. OK well maybe “roll off the tongue” is not exactly accurate… [STACK OVERFLOW ERROR]
My latest developerWorks article WebSphere MQ, PCI DSS and security explores what it might look like if we were to apply the PCI Data Security Standard to WebSphere MQ. In fact, some customers are already looking at doing just this, although it is not clear yet how or if PCI DSS impacts WebSphere MQ. The premise of the article then is to ask “what is considered reasonable care or due diligence in the absence of a formal security standard?” I conclude that the common practice of using prevailing practices as the standard is pretty much worthless in the WMQ community because the prevailing practices almost always allow anonymous administrative access. If there is no formal standard and prevailing practices are of no use then it might be reasonable to use PCI DSS as a guideline, even for industries that do not handle card payments and where PCI DSS clearly has no formal regulatory authority. The article then goes on to explore what it might look like if we did in fact apply PCI DSS to WebSphere MQ.
As always, I welcome thoughts and feedback. The developerWorks article includes a feedback form on the bottom, you can contact me through my web site or add comments to this blog entry.