We’ve all done it. You have driven your car to a car park, walked away, and then had a momentary pang of doubt about whether you locked your car. It has become second nature to lock your car. To keep it secure. The car even locks the doors itself when it is in motion. But when you park it and walk away, that’s when the uncertainty comes in, and also when your car is most vulnerable.
It is the same with your enterprise messaging. What happens when you use a product like WebSphere MQ to send a message across your enterprise? Well, of course, what is happening is the application takes some data and packages it in the contents section of a message structure, along with some header information to describe the message and the destination. The message is then dispatched. All in all that’s pretty similar to you getting in your car and driving to the shops to buy something like food for dinner, or presents for a birthday. There is a destination and something of value to be transferred. With a car, you have to park in a space in a car park. With messaging, instead of a car park you have a queue manager and queues.
Messages start in an application and a MQ Client packages the information to be moved into a message. This then is sent to a queue manager, to be written into a queue. According to the destination or other information, the message is then sent on to either another queue, another queue manager, or to the destination client application.
As far as securing the message goes, when the message is moving between the client application and the queue manager, then the MQ resources are secured by MQ built-in security definitions and the message and contents itself is secured while moving over the ‘wire’ by use of SSL. However while the message is encrypted by SSL as it moves, once it reaches the queue manager, and is written to the queue, it is unencrypted and thus sits on the queue without any encryption. Thus if the system with the queue manager is penetrated, the messages on the queues are available in the clear. This is the same as parking your car in a ‘secure car park’ but leaving the car unlocked as the car park is secure. Would you do that? I’m pretty sure I wouldn’t.
Now what would we like to happen? What would be smart would be a routine that ensured our car was locked, pretty much at all times unless people wanted to get in and out of it – subject to key rules – such as ensuring people could actually get out or in when they needed. For messages we would want to make sure the message contents were secure at all times, including when sitting in queues, but would continue to be available to the receiving applications, and of course would still expose the header information needed for routing etc.
What IBM offers for WebSphere MQ is WebSphere MQ Advanced Message Security, which is also available as part of the entitlement of WebSphere MQ Advanced. This is a policy-based encryption capability which allows message contents to be encrypted from sending application to receiving application. So the contents are encrypted while it flows over the network and while it sits in intermediary queues. The applications are unchanged, with just updated client libraries to be used. And the security is based on policies, so different rules might apply for different message contents, or different queue managers. After all there are some times when you have to leave your car unlocked. So I’m pretty sure you have rules for securing your car. Isn’t it about time you had rules for securing your messages?