Back to articles

Access management in MQ environments to ensure data security

IT monitoringSecurity

June 2024 | Daniele Sabetta, Scott Treggiari

Ensuring data security through access control and management in MQ environments are the main reason why our partner Avada has developed the unique Trusted Spaces™ functionality in Infrared360®. Should administrators, engineers, developers, helpdesk agents, and managers all have the same visibility and type of access to the enterprisemessaging and integrationinfrastructure? According to Gartner, no, and we couldn’t agree more.

Let’s face it: there are situations where someone other than theMQ administrator needs to gain visibility oraccess to a queue, the Qmgr command, or even a message in a queue.

Granular accesses to data based on roles and permissions

An application team manager claims that the support team has reported a problem with a production transaction for the application, but the message is not being processed.

Before they ask you to remove it or change it, they necessarily have to look at it, because only they know what the transaction content, format, character set, etc. should contain. They don’t want the situation to escalate into an SEV2 incident, so they ask you to drop everything you are doing and become a forensic investigator right away.

An application developer needs to test the new application to make sure that it takes messages from one queue, processes them, and the broker application correctly transforms them and places them in another outgoing queue. It is necessary to verify that the original message exits, is found in the application’s input queue, and then is displayed in a new way in the broker’s output queue. Also, once this is done, you will want to automate the sending of transactions in this stream.

Because these situations, and many others like them, not only exist but are quite common, identity and access management for MQ environments is critical.

That’s why Avada created Infrared360®: to make life easier for MQ administrators. The Trusted Spaces™ feature allows users to see and work only in their areas of expertise and promotes more secure collaboration between departments, teams, locations and partners. This powerful feature allows or restricts visibility of objects such as queues, topics, consumers, channels, applications, flows and other integration-type server resources based on user permissions or role.

Users can be assigned visibility only to objects in their middleware environments for which they have access. This can be extremely granular, down to individual message types on specific queues.

Visibilità degli oggetti in base agli ambienti middleware degli utenti

As for objects made visible to users, they can access (modify/manage) only those objects they have permission to act on. This too can be extremely granular, down to individual message types on specific queues.

Accesso agli oggetti in base ai permessi

The benefits of a collaborative and safe approach

  • Administrators, application managers, and system managers (such as z/OS, IBMi, NSK, etc.) can apply a collaborative and secure approach to troubleshooting that reduces MTTR (mean time to restore or recovery).
  • Administrators and development teams can securely collaborate to speed up testing and decrease TTD (deployment time).
  • Compliance and security managers can relax.
  • Administrators can focus on the most important activities.
  • Helpdesks are not being inundated with support requests.
Gestione dell'identità e degli accessi per gli ambienti MQ

Identity and access management for MQ environments can be easily accomplished with Infrared360® without introducing new security protocols that require new skills to understand and manage.

The Trusted Spaces™ approach to enterprise messaging provides secure collaborative capabilities for resolving alerts and incidents before they become serious (and costly) problems. Avada Software has helped reduce resolution times and decrease the annual hours spent resolving these types of issues by nearly 90 percent.

Read also

Monitoring middleware health: the importance of a proactive approach
#IT monitoring

Monitoring middleware health: the importance of a proactive approach

Learn the importance of a proactive approach to middleware monitoring to optimize IT performance and prevent critical issues in business systems.

Read the rest of the article
Optimized management of enterprise messaging and MQ queues with Infrared360®
#IT monitoring

Optimized management of enterprise messaging and MQ queues with Infrared360®

Managing MQ queues and enterprise messaging with Infrared360®: monitoring and automation for optimal performance.

Read the rest of the article
Efficient integration of IT systems in bank mergers and acquisitions
#Fintech & insurtech

Efficient integration of IT systems in bank mergers and acquisitions

Learn how Infrared360® simplifies IT systems integration after mergers and acquisitions by improving security, efficiency and collaboration.

Read the rest of the article

Contact us for more information

Contact us

Frequently asked questions about MQ environments

Data security is the set of practices, technologies and policies designed to protect sensitive information from unauthorized access, loss, corruption or theft. It includes encryption, backup, access control and continuous monitoring to prevent breaches. In the business environment, data security ensures business continuity and compliance with regulations such as GDPR.

To properly manage data access, it is necessary to control who can access digital resources and information, ensuring that only authorized users can view or modify them. This process includes authentication, role-based authorization and activity monitoring. Effective management reduces the risk of breaches, supports data security, and ensures that people have access only to the information they need for their work.