Human Resources Security Risks with WebFOCUS

Get acquainted with new technologies is an integral part of my work. It is always very interesting and educational. In elaborating a question of possibility to participate in WebFOCUS project with colleagues from Finland, I conducted research of the subject area applied to human resources and risks associated with it. The human factor is one of the most serious risks in IT industry. By the 1st of September, the Day of Knowledge, I wrote this article.

What is WebFOCUS

It is a mod­ern Busi­ness Intel­li­gence sys­tem for huge cor­po­ra­tions. Offi­cial web­site.

Minus­es

• High­ly pro­pri­etary. A fixed mar­ket share with­out per­spec­tives to expand. Ref­er­ence.
• Lack of pub­lic tuto­ri­als. Expen­sive learn­ing cours­es instead, $5600 for a basic course. Self-learn­ing guides cost $250 per guide and is time-lim­it­ed to read. Ref­er­ence.
• Win­dows-only IDE.
• 4GL lan­guage. Ref­er­ence.
• No open labour mar­ket to hire spe­cial­ists. Read below in ​“Web­FO­CUS Spe­cial­ist Por­trait” chapter.

Plus­es

• (Very) Detailed man­u­als. How­ev­er, they are use­less with­out tuto­ri­als. Doc­u­men­ta­tion of ver­sion 8.x, ver­sion 7.7.x.
• Cross-plat­form. Except IDE, which is Windows-only.
• 4GL lan­guage. It is a minus too, see above.
• Intend­ed to parse huge data sources. Can run on mainframes.
• Inno­v­a­tive. Ref­er­ence.
• Time proven sys­tem. Com­pa­ny and its BI prod­ucts exists since 1975.

Web­FO­CUS Spe­cial­ist Portrait

It is an employ­ee of a huge cor­po­ra­tion. His Web­FO­CUS train­ing and expe­ri­ence he get while work­ing at this cor­po­ra­tion. It is impos­si­ble to learn this sys­tem just googling and read­ing books at week­end. It is a high­ly spe­cial­ized expert. The BI skills itself can be obtained from uni­ver­si­ty sta­tis­tics cours­es, account­ing cours­es. This knowl­edge can be used across dif­fer­ent BI sys­tems. Web­FO­CUS tech­ni­cal knowl­edges can’t be used any­where else, i.e. in anoth­er BI sys­tem or in areas of appli­ca­tion pro­gram­ming. Such expert will not be able to quick­ly change his spe­cial­iza­tion, which high­ly lim­its its com­pet­i­tive advan­tages on the labour market.

Web­FO­CUS spe­cial­ist is always a pro­gram­mer. He can have begin­ner pro­gram­ming skills and work most­ly with IDE GUI and a bit with 4GL. It is usu­al­ly an employ­ee on a man­age­ment posi­tion with tech uni­ver­si­ty background.

He can be a junior devel­op­er. He will cre­ate dif­fer­ent reports based on requests from a manager.

He can be a senior devel­op­er. Then he will do SQL, Java, Web­FO­CUS API, HTML, CSS, JavaScript and oth­er spe­cif­ic lan­guages & tech­nolo­gies to join exist­ing cor­po­rate sys­tems with WebFOCUS. 

Sys­tem admin­is­tra­tor is a must-have employ­ee for Web­FO­CUS main­te­nance. The tech­nol­o­gy high­ly relat­ed to *nix sys­tems and Java stack. He may not have expert expe­ri­ence with Web­FO­CUS UI or pro­gram­ming skills, his main task is to guar­an­tee high lev­el of main­te­nance of sys­tems: Web­FO­CUS, as well as its data providers like data­bas­es and exist­ing cor­po­rate systems.

The Team

For suc­cess­ful oper­a­tions of BI tasks Web­FO­CUS sys­tem must be kept up to date. In a com­mon sce­nario it’s nec­es­sary to have 4 specialists:

1. A man­ag­er, who will invent report types and assign devel­op­ment tasks to programmer.
2. A pro­gram­mer (junior devel­op­er), who will car­ry out tasks relat­ed to report gen­er­a­tion and UI.
3. A senior devel­op­er, who will car­ry out low-lev­el pro­gram­ming tasks and engi­neer sys­tem inte­gra­tion with exist­ing cor­po­rate systems.
4. A *nix sys­tem admin­is­tra­tor, to main­te­nance Web­FO­CUS and its data sources.

It is a typ­i­cal in-house approach. Due to lack of open labour mar­ket for this spe­cial­i­ty the whole team must be trained inside the cor­po­ra­tion. Pay atten­tion that train­ing must include instill­ing high moral prin­ci­ples due to high secu­ri­ty risks (see chap­ter below).

In the present case in-house allows dis­trib­uted team. A man­ag­er and a sys­tem admin­is­tra­tor must work on-site, but both pro­gram­mers may work remotely.

Secu­ri­ty Risks

Busi­ness Intel­li­gence is one of the most sen­si­tive sources of pri­vate infor­ma­tion. Busi­ness indi­ca­tors of the com­pa­ny may be a tempt­ing tar­get for com­peti­tors. On the oth­er hand, the infor­ma­tion obtained by BI should be reli­able and time­ly. This impos­es restric­tions on the team:

1. High moral prin­ci­ples. This is a stan­dard require­ment for man­agers and sys­tem admin­is­tra­tors, but non-stan­dard for programmers.
2. High lev­el of pro­fes­sion­al­ism. Errors in data pro­cess­ing may lead to incor­rect mar­ket esti­mates and loss of com­pet­i­tive advantages.

The most pre­ferred way to elim­i­nate secu­ri­ty risks is to have trained in-house team. Anoth­er good option is to sign a long-term con­tract with exter­nal con­sul­tants, who will be able to take in-house approach.

Free­lancers is not an option at all. Even if you can find a free­lancer who declares Web­FO­CUS in his com­pe­tences (which is hard­ly pos­si­ble) don’t allow him to get into your BI data, even ​“to make a small fix in report”. It leads to poten­tial leak­age of con­fi­den­tial data and may harm your com­pa­ny much more than you will spend fund­ing in-house team.