SecurityWeek recently published “Lessons from the Most Interesting Data Breaches of 2010” and some of the article’s highlights may really surprise you. For example, the article states that there has been a 93.7% drop in the volume of data stolen from 2009 to 2010. An analysis from the Privacy Clearinghouse, a public database which records all breaches of personal and sensitive information belonging to US citizens, shows that about 230 million data records were taken in 2009 and only 13 million so far this year. It’s a positive number, but keep in mind that 2009 saw two major breeches with Heartland and the Veteran’s Administration. Of course, this drop also underscores the security investments companies have made over the past few years. Indeed, such efforts and investments have paid off in greatly enhanced security, helping to make data breaches extremely difficult.
Another interesting and key finding of the article touches on the value of data shifting from lower to higher. We here at XYPRO have seen this trend for quite some time!
2 Key Lessons from the article
So, what can be done to avoid data loss and breaches as we move into 2011? Below are two key lessons to consider:
1. Enforce data is accessed only by authorized parties. At a minimum, they should block access from former staff and from employees attempting to access data beyond their need-to-know level.
XYGATE customers easily achieve this role-based access control goal with the Access PRO software solution. Access PRO functionality provides the core of a well-secured HP NonStop system. With this software in use, Individual accountability with full keystroke audits is achieved, while restricting each user to a list of authorized actions based on that user's job functions.
2. Block access from any illegitimate application. Security controls should be able to block an unauthorized process (the malicious code).
XYGATE customers rely on the ability to restrict all NonStop SUPER and Sensitive user access to “least privilege” based on multiple criteria, including IP address.
Like many of our clients who use XYGATE, you too can implement XYGATE for Role Based Access Control, keystroke auditing, and SSO authentication. FIPS validated encryption and automated compliance analysis completes the solution. Indeed, as we enter a new year, it’s a great time to reflect on where your security measures stand now, and what you need to do to safeguard yourself in the future.
Companies from across the globe have relied on XYGATE to cover all of their HP NonStop security requirements. In fact, XYGATE is used by six of the world’s top 10 bank processors*.
Click here to read the entire SecurityWeek article.
*As reported in the 2010 FinTech 100
Tuesday, December 21, 2010
Friday, November 12, 2010
The PCI Security Standards Council Updates PCI DSS (V2.0)
Changes are logging-focused & intended to help businesses improve compliance and security
The PCI Security Standards Council (XYPRO is a member) officially unveiled updated versions of compliance with changes meant to clarify the requirements organizations face. The changes are coming as a direct result of the feedback the PCI Security Standards Council has received, and should help your business with its security and compliance efforts.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside. In fact, the council is pushing hard for centralized logging, stating that:
“If you don’t use a centralized logging facility your auditors will have to look in more places, and chances are, if they have to look in more than one place...you’ll wind up missing some of this stuff. It is a "proven fact that every time we find a breach, it’s always found in the log.”
This change also coincides with HP adding XYGATE Merged Audit Software with every new NonStop server order.
This centralization of NonStop Audit can also be sent Off-box to a centralized logging facility like HP's CLW and Arcsight offerings, meeting the Centralized Logging Facility requirement at the Enterprise Level.
There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.
The new versions will become effective Jan. 1. For more information, you can click here.
For more information about the XYGATE Solution, visit www.xypro.com.
The PCI Security Standards Council (XYPRO is a member) officially unveiled updated versions of compliance with changes meant to clarify the requirements organizations face. The changes are coming as a direct result of the feedback the PCI Security Standards Council has received, and should help your business with its security and compliance efforts.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside. In fact, the council is pushing hard for centralized logging, stating that:
“If you don’t use a centralized logging facility your auditors will have to look in more places, and chances are, if they have to look in more than one place...you’ll wind up missing some of this stuff. It is a "proven fact that every time we find a breach, it’s always found in the log.”
This change also coincides with HP adding XYGATE Merged Audit Software with every new NonStop server order.
This centralization of NonStop Audit can also be sent Off-box to a centralized logging facility like HP's CLW and Arcsight offerings, meeting the Centralized Logging Facility requirement at the Enterprise Level.
There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.
The new versions will become effective Jan. 1. For more information, you can click here.
For more information about the XYGATE Solution, visit www.xypro.com.
Wednesday, November 3, 2010
CTUG 2010
The much anticipated CTUG (Canadian Tandem User Group) has come and gone and, as expected, was a great success for all in attendance. Content for this year’s event was excellent with a great update from Randy Meyer on the state of HP NonStop, growth, and technology advancements. It is always great to hear from the proverbial “Horse’s Mouth” and also reassuring that HP NonStop is not only surviving, but thriving!
Naresh Bangia of AJB Software delivered an interesting and informative presentation on the exciting results of their port of .NET to NonStop. With a “Live” demo which included a “drag and drop” example of NonStop code to Windows that executed perfectly on both OS’s! All this with a weak signal on a mobile wireless internet stick that required some comedic and creative physical positioning within the conference room to maintain connectivity.
Jim Johnson of the Standish group also presented on their recent paper “Roadmap to the Megaplex” covering the overall CTUG theme of Modernization and showed just how profitable modernizing applications and utilities can be.
As always, the Q and A session highlighted some interesting facts and brought up many discussion points. Dick Bird, Michelle Bates, and Randy Meyer all provided answers which inevitably lead to more questions. The end to the Q and A session was achieved only by the enticement of the much anticipated CTUG prize draw where all 20 partners who participated in the “Passport to Prizes” program, HP Canada, and CTUG had donated fabulous gifts as appreciation to those attending the event.
XYPRO was among the 9 partner presentations which were held throughout the day and Kevin Boham provided modernizing insight on Security for the NonStop to an attentive and interactive audience.
CTUG and XYPRO were glad to welcome those out of province attendees from Quebec as well as the many faithful and new from Ontario. Their attendance from near and far indicates the continued need for NonStop events such as CTUG. With attendance nearing 140, CTUG had exceeded its capacity and were glad the Fire Marshalls didn’t pay an unexpected visit.
The day’s closing reception also kept the majority of attendees into the evening for some socializing, good food, and drinks to cap off an excellent day.
More indicative of the continued commitment to NonStop was the record attendance for the education day where CTUG had 44 registered students for a one-day class on Java Servlets/NSJSP in the NonStop.
As a CTUG board member as well as a Partner for the event, I now have the short term opportunity to decompress after months of planning and executing. …short term as XYPRO is planning their next attendance at a regional event… NENUG in the Boston area on November 9th.
Barry Forbes
XYPRO Technologies, Director of Sales, Eastern USA and Canada
President, CTUG
Naresh Bangia of AJB Software delivered an interesting and informative presentation on the exciting results of their port of .NET to NonStop. With a “Live” demo which included a “drag and drop” example of NonStop code to Windows that executed perfectly on both OS’s! All this with a weak signal on a mobile wireless internet stick that required some comedic and creative physical positioning within the conference room to maintain connectivity.
Jim Johnson of the Standish group also presented on their recent paper “Roadmap to the Megaplex” covering the overall CTUG theme of Modernization and showed just how profitable modernizing applications and utilities can be.
As always, the Q and A session highlighted some interesting facts and brought up many discussion points. Dick Bird, Michelle Bates, and Randy Meyer all provided answers which inevitably lead to more questions. The end to the Q and A session was achieved only by the enticement of the much anticipated CTUG prize draw where all 20 partners who participated in the “Passport to Prizes” program, HP Canada, and CTUG had donated fabulous gifts as appreciation to those attending the event.
XYPRO was among the 9 partner presentations which were held throughout the day and Kevin Boham provided modernizing insight on Security for the NonStop to an attentive and interactive audience.
CTUG and XYPRO were glad to welcome those out of province attendees from Quebec as well as the many faithful and new from Ontario. Their attendance from near and far indicates the continued need for NonStop events such as CTUG. With attendance nearing 140, CTUG had exceeded its capacity and were glad the Fire Marshalls didn’t pay an unexpected visit.
The day’s closing reception also kept the majority of attendees into the evening for some socializing, good food, and drinks to cap off an excellent day.
More indicative of the continued commitment to NonStop was the record attendance for the education day where CTUG had 44 registered students for a one-day class on Java Servlets/NSJSP in the NonStop.
As a CTUG board member as well as a Partner for the event, I now have the short term opportunity to decompress after months of planning and executing. …short term as XYPRO is planning their next attendance at a regional event… NENUG in the Boston area on November 9th.
Barry Forbes
XYPRO Technologies, Director of Sales, Eastern USA and Canada
President, CTUG
Thursday, October 7, 2010
San Jose – let’s not forget the way...
Well, the Big Event is over. The vendors have packed up their booths, the booze is all gone, and the HP product managers, developers, and execs are safely home in their remote offices. And even though the weather was almost the same, everyone in attendance overwhelmingly preferred San Jose to that other city. The HP NonStop Symposium and EXPO turned out to exceed everyone's expectations not only in terms of Customer attendance but also HP and Partner involvement.
Yes, this was the biggest and best NonStop event in years (and with a killer Tandem-style beer bust) where we proved beyond a doubt that there is still life in the NonStop family and the platform that runs mission critical applications for the world's largest companies. This year we were also able to spend time with customers that we have not seen in a while and the attitude was very much like the old (ITUG) days. Far more Europeans, Latin Americans and Asian customers were present than at HPTF in 2009 – several of whom were actively seeking tools to aid PCI compliance projects.
There were dozens of business and technical sessions, including standing-room-only customer how-to's, NonStop software and hardware roadmaps, and presentations from Vendor Partners. PCI compliance was a common theme throughout the event and it’s only going to increase. Packed presentations by end-users Netherlands-based Equens and Wells Fargo Bank and HP’s Karen Copeland and Wendy Bartlett show just how in tune the NonStop Community is with PCI Compliance. That illustrates just how much of our mission critical and confidential information is trusted to a NonStop! It's amazing how much customers are willing to share their experiences because of the pride they have in their NonStop server applications tuned to perfection, secure and protected from disaster.
XYPRO specifically enjoyed an unprecedented amount of coverage at this event as we were lucky enough to have it take place right around the time our XYGATE Merged Audit software solution begins automatically shipping on all new H and J systems. The interest level is extremely high and we are thrilled at the positive response!
Yes, a pleasant time was had by all and I hope that we remember it for a long time. The level of international customer attendance was inspiring! The XYPRO customer dinner was very well received and we would like to thank everyone who attended.
It may seem a disappointment hearing that next year’s event will be part of the HP Software / Tech Forum conference at the Venetian hotel in Vegas, but your voices may have been heard. In his keynote, Winston Prather said that this event would be restructured to retain the strong community feel that this Symposium displayed. The big question is whether or not HP will be sending the same number of NonStop product managers and developers and it will be interesting to see how the big tent event achieves the incredible dynamic we all experienced in San Jose. The amount of interaction with HP staff and customers was simply something we hadn't enjoyed in years and everyone seemed to revel in the long overdue opportunity.
But hey, the next event is 9 months away and if customers take the time to communicate their preference - another NonStop Symposium in San Jose? You never know...
Lisa Partridge
Yes, this was the biggest and best NonStop event in years (and with a killer Tandem-style beer bust) where we proved beyond a doubt that there is still life in the NonStop family and the platform that runs mission critical applications for the world's largest companies. This year we were also able to spend time with customers that we have not seen in a while and the attitude was very much like the old (ITUG) days. Far more Europeans, Latin Americans and Asian customers were present than at HPTF in 2009 – several of whom were actively seeking tools to aid PCI compliance projects.
There were dozens of business and technical sessions, including standing-room-only customer how-to's, NonStop software and hardware roadmaps, and presentations from Vendor Partners. PCI compliance was a common theme throughout the event and it’s only going to increase. Packed presentations by end-users Netherlands-based Equens and Wells Fargo Bank and HP’s Karen Copeland and Wendy Bartlett show just how in tune the NonStop Community is with PCI Compliance. That illustrates just how much of our mission critical and confidential information is trusted to a NonStop! It's amazing how much customers are willing to share their experiences because of the pride they have in their NonStop server applications tuned to perfection, secure and protected from disaster.
XYPRO specifically enjoyed an unprecedented amount of coverage at this event as we were lucky enough to have it take place right around the time our XYGATE Merged Audit software solution begins automatically shipping on all new H and J systems. The interest level is extremely high and we are thrilled at the positive response!
Yes, a pleasant time was had by all and I hope that we remember it for a long time. The level of international customer attendance was inspiring! The XYPRO customer dinner was very well received and we would like to thank everyone who attended.
It may seem a disappointment hearing that next year’s event will be part of the HP Software / Tech Forum conference at the Venetian hotel in Vegas, but your voices may have been heard. In his keynote, Winston Prather said that this event would be restructured to retain the strong community feel that this Symposium displayed. The big question is whether or not HP will be sending the same number of NonStop product managers and developers and it will be interesting to see how the big tent event achieves the incredible dynamic we all experienced in San Jose. The amount of interaction with HP staff and customers was simply something we hadn't enjoyed in years and everyone seemed to revel in the long overdue opportunity.
But hey, the next event is 9 months away and if customers take the time to communicate their preference - another NonStop Symposium in San Jose? You never know...
Lisa Partridge
Tuesday, September 28, 2010
ITUG 2010
ITUG 2010 (also called The Connect NonStop Symposium and Expo) opened with an amazing dinner hosted by XYPRO at Scotts seafood restaurant in San Jose. Among the 130+ attendees was a real cross-section of the HP NonStop community. Aussies, South Africans, South Americans, Asians, and Europeans joined the North Americans for a most amazing 3-course meal with dessert and entertainment.
For those who managed to get out of bed on Tuesday, 499 other show attendees joined them at the San Jose convention center-and the mood was incredible. Everyone was happy to be back in San Jose at a NonStop show instead of in Las Vegas in the middle of Summer!
It was really heartwarming to some and interesting to others that even with HPTF (the heretofore-described show in Las Vegas), people came to this event. I personally know of several NonStop customers who never intended to come to San Jose but went to Las Vegas. They determined the NonStop symposium was the place to be and are here with bells on and very happy they came.
The San Francisco bay area is in the middle of a heatwave, so people can close their eyes and pretend that they're in Vegas, then open them up to see dozens of NonStop product managers, developers, and execs who find it a lot more pleasant to drive the 5 miles down highway 280 from Cupertino than to take a 90-minute flight to Vegas after waiting an hour in the security line.
What happens in Vegas stays in Vegas, but what happens in San Jose has a big influence in Cupertino, helping build better products for the best computer system in the world. And isn't that a grand thing?
Lisa Partridge
XYPRO
For those who managed to get out of bed on Tuesday, 499 other show attendees joined them at the San Jose convention center-and the mood was incredible. Everyone was happy to be back in San Jose at a NonStop show instead of in Las Vegas in the middle of Summer!
It was really heartwarming to some and interesting to others that even with HPTF (the heretofore-described show in Las Vegas), people came to this event. I personally know of several NonStop customers who never intended to come to San Jose but went to Las Vegas. They determined the NonStop symposium was the place to be and are here with bells on and very happy they came.
The San Francisco bay area is in the middle of a heatwave, so people can close their eyes and pretend that they're in Vegas, then open them up to see dozens of NonStop product managers, developers, and execs who find it a lot more pleasant to drive the 5 miles down highway 280 from Cupertino than to take a 90-minute flight to Vegas after waiting an hour in the security line.
What happens in Vegas stays in Vegas, but what happens in San Jose has a big influence in Cupertino, helping build better products for the best computer system in the world. And isn't that a grand thing?
Lisa Partridge
XYPRO
Friday, September 17, 2010
XYGATE Software Exceeds Regulatory Auditing Requirements for HP NonStop Systems
State of the art auditing & compliance solution to ship with latest HP Integrity NonStop operating system
(September 14, 2010) Simi Valley, CA – XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop server environments, today announced its audit and reporting solution, XYGATE Merged Audit (XMA) software, will be included in the HP NonStop Operating System Mission-Critical Edition software package.
This XMA software addition will allow customers to better monitor the state of their mission-critical systems. XMA collects, filters, normalizes, and writes audit data from a variety of sources across dozens of systems in an HP NonStop system network. The software then writes data to a consolidated NonStop SQL database. These advances will allow security administrators to efficiently produce reports based on audit data from one or multiple sources, create real-time alerts for specific events, and feed many off-box central audit logging devices or SIEMs (Security Incident Event Monitor), such as the HP Compliance Log Warehouse (CLW), facilitating Integrity NonStop server participation in an Enterprise Security Program.
“Security has changed drastically over the last five years,” said Sheila Johnson, XYPRO’s CEO. “Starting in September, customers who purchase new HP NonStop servers running on the J Series or H Series platform will receive XMA on their system.”
HP NonStop customers who wish to upgrade their existing systems can purchase an OS upgrade package that includes XMA software and entitles them to new versions of the product going forward. XMA software also continues to be available for individual purchase and direct support from XYPRO.
“In the current climate, many businesses are under increasing pressure to comply with regulatory audit standards – all while protecting their mission-critical data and resources,” said Randy Meyer, Director of NonStop Product Management, Strategy and Technology at HP. “HP is working with XYPRO to provide clients with solutions that simplify risk management and increase effectiveness of system monitoring in complex information security environments.”
“Bundling XMA software as part of the OS distribution provides customers with greater consistency, significant savings, comprehensive audit consolidation, and reporting,” said Lisa Partridge, XYPRO’s Vice President of Sales & Marketing. “We are excited to work with HP to bring best-of-class security to the HP NonStop user community.”
(September 14, 2010) Simi Valley, CA – XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop server environments, today announced its audit and reporting solution, XYGATE Merged Audit (XMA) software, will be included in the HP NonStop Operating System Mission-Critical Edition software package.
This XMA software addition will allow customers to better monitor the state of their mission-critical systems. XMA collects, filters, normalizes, and writes audit data from a variety of sources across dozens of systems in an HP NonStop system network. The software then writes data to a consolidated NonStop SQL database. These advances will allow security administrators to efficiently produce reports based on audit data from one or multiple sources, create real-time alerts for specific events, and feed many off-box central audit logging devices or SIEMs (Security Incident Event Monitor), such as the HP Compliance Log Warehouse (CLW), facilitating Integrity NonStop server participation in an Enterprise Security Program.
“Security has changed drastically over the last five years,” said Sheila Johnson, XYPRO’s CEO. “Starting in September, customers who purchase new HP NonStop servers running on the J Series or H Series platform will receive XMA on their system.”
HP NonStop customers who wish to upgrade their existing systems can purchase an OS upgrade package that includes XMA software and entitles them to new versions of the product going forward. XMA software also continues to be available for individual purchase and direct support from XYPRO.
“In the current climate, many businesses are under increasing pressure to comply with regulatory audit standards – all while protecting their mission-critical data and resources,” said Randy Meyer, Director of NonStop Product Management, Strategy and Technology at HP. “HP is working with XYPRO to provide clients with solutions that simplify risk management and increase effectiveness of system monitoring in complex information security environments.”
“Bundling XMA software as part of the OS distribution provides customers with greater consistency, significant savings, comprehensive audit consolidation, and reporting,” said Lisa Partridge, XYPRO’s Vice President of Sales & Marketing. “We are excited to work with HP to bring best-of-class security to the HP NonStop user community.”
Wednesday, September 8, 2010
From the CEO's Desk
We all know that the sun never sets on the HP NonStop server empire—especially in the financial industry. Worldwide, a large number of credit card and funds transfer transactions are either switched or cleared by NonStop servers. And since the bulk of those mission-critical NonStop servers protect their confidential information with XYPRO software, we felt that it was time that we had a seat at the payments processing table.
But rather than sitting back and listening, we wanted to have an active voice, to ensure that the needs of our users were addressed as new standards were implemented. To get that seat, XYPRO joined the PCI Security Standards Council as a participating member, which allows us to work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.
Anyone who has read the PCI DSS knows that many of the requirements are aimed at so called “industry standard” servers and not big iron like the NonStop server. How many times have you been asked what anti-virus software is running on your server? Wouldn’t it be nice to stop hearing that question from your auditors?
In other news, the traditional NonStop Summit is back. Rather than hopping a plane to Las Vegas in summer, walking what seems like 4 miles from the hotel to the convention center every day, and fighting the crowds of gamblers and tchotchke divers hanging out at the Mandalay Bay, we get to be back among our own circle of friends just minutes from NonStop Central (or Cupertino, as Google Maps calls it). All of your favorite vendors have booths and are just as excited to be back in San Jose as I know all of you are. HP will be sending dozens of NonStop developers and product managers who can spend time with you to understand how to make their products better by meeting your needs.
In my last blog entry, I alluded to a number of exciting activities that I could not talk about—until now. If you’ve attended one or more Security SIGs, you’ll remember that the same requests get made over and over and every time HP recognizes that there are opportunities for improvement. Unfortunately, the development dollars just aren’t there to address every issue and HP needs to prioritize.
A substantial number of security upgrades have been made by HP, including longer passwords, better user management, a more secure password encryption algorithm, and so on. HP has been listening to you and over the past year, they quietly have been working to bundle selected third party products into the base NonStop OS.
At the summit, HP and XYPRO will jointly announce and demonstrate some of the most frequently requested security functionality being added to the NonStop OS at a low cost to customers. Current XYPRO customers don’t need to worry about past decisions or future support, since we have a migration path for you.
Watch for our press release later in September and be sure to drop by our booth at the Summit to see what’s cooking. If you just can’t wait, you can read Scott Uroff’s article in the July/August issue of Connect Magazine for a clue.
Before I close, I wanted to mention “The Most Significant Breach Of U.S. Military Computers Ever.” This has nothing to do with NonStop servers, or even HP. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.
It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. There is only one protection against rogue software or a rogue user in the enterprise and that is encryption at a very granular level. It will take an attacker a lot longer to steal your information if they need to do it one small piece at a time as it is displayed on someone’s screen than if they can just download an entire unencrypted file in one shot.
Scott Uroff wrote an article in the January/February issue of The Connection magazine that can help you understand the importance of selecting the right encryption algorithm and how to properly implement it. If you have questions, Scott will be at the XYPRO booth and the Summit to answer them.
Don’t pick up an unknown flash drive and connect it to your network, but do come to the NonStop Summit. See you there!
Sheila Johnson
XYPRO, CEO
But rather than sitting back and listening, we wanted to have an active voice, to ensure that the needs of our users were addressed as new standards were implemented. To get that seat, XYPRO joined the PCI Security Standards Council as a participating member, which allows us to work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.
Anyone who has read the PCI DSS knows that many of the requirements are aimed at so called “industry standard” servers and not big iron like the NonStop server. How many times have you been asked what anti-virus software is running on your server? Wouldn’t it be nice to stop hearing that question from your auditors?
In other news, the traditional NonStop Summit is back. Rather than hopping a plane to Las Vegas in summer, walking what seems like 4 miles from the hotel to the convention center every day, and fighting the crowds of gamblers and tchotchke divers hanging out at the Mandalay Bay, we get to be back among our own circle of friends just minutes from NonStop Central (or Cupertino, as Google Maps calls it). All of your favorite vendors have booths and are just as excited to be back in San Jose as I know all of you are. HP will be sending dozens of NonStop developers and product managers who can spend time with you to understand how to make their products better by meeting your needs.
In my last blog entry, I alluded to a number of exciting activities that I could not talk about—until now. If you’ve attended one or more Security SIGs, you’ll remember that the same requests get made over and over and every time HP recognizes that there are opportunities for improvement. Unfortunately, the development dollars just aren’t there to address every issue and HP needs to prioritize.
A substantial number of security upgrades have been made by HP, including longer passwords, better user management, a more secure password encryption algorithm, and so on. HP has been listening to you and over the past year, they quietly have been working to bundle selected third party products into the base NonStop OS.
At the summit, HP and XYPRO will jointly announce and demonstrate some of the most frequently requested security functionality being added to the NonStop OS at a low cost to customers. Current XYPRO customers don’t need to worry about past decisions or future support, since we have a migration path for you.
Watch for our press release later in September and be sure to drop by our booth at the Summit to see what’s cooking. If you just can’t wait, you can read Scott Uroff’s article in the July/August issue of Connect Magazine for a clue.
Before I close, I wanted to mention “The Most Significant Breach Of U.S. Military Computers Ever.” This has nothing to do with NonStop servers, or even HP. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.
It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. There is only one protection against rogue software or a rogue user in the enterprise and that is encryption at a very granular level. It will take an attacker a lot longer to steal your information if they need to do it one small piece at a time as it is displayed on someone’s screen than if they can just download an entire unencrypted file in one shot.
Scott Uroff wrote an article in the January/February issue of The Connection magazine that can help you understand the importance of selecting the right encryption algorithm and how to properly implement it. If you have questions, Scott will be at the XYPRO booth and the Summit to answer them.
Don’t pick up an unknown flash drive and connect it to your network, but do come to the NonStop Summit. See you there!
Sheila Johnson
XYPRO, CEO
Friday, August 27, 2010
Product Spotlight: Safeguard PRO
SAFECOM is the original user interface to Safeguard, the native HP NonStop™ server security program. Both were developed at a time when highly trained HP NonStop technical staff managed HP NonStop security exclusively. However, today’s security requirements are not only more complex and scrutinized, but security is often managed by an information security department whose staff rarely consists of single-platform experts. Instead they are information security specialists with responsibilities across many different computer platforms.
Why Safeguard PRO?
Safeguard PRO brings together all the capabilities of the XYGATE Safeguard enhancement modules to offer you a single source for achieving your Safeguard-related security requirements. A friendly and intuitive user interface adds to the ease of use and allows the Security Administrator, whose responsibilities can span several computer platforms, to take care of the HP NonStop platform with ease.
What Do I Get with Safeguard Pro?
The XYGATE Safeguard PRO package consists of 5 integrated modules, each addressing specific Safeguard security requirements. Every aspect of Safeguard Administration, Audit, Authorization, and Authentication (including interfacing to LDAP) is enhanced and made efficient with XYGATE Safeguard PRO.
XYPRO’s Safeguard PRO is an enhanced Safeguard manage¬ment, configuration and reporting package that extends the capabilities of Safeguard with unrivaled user authentication, password quality and object security power.
How Do I Learn More about Safeguard PRO?
Click here to learn more. You can download free product information and view a product demo.
Why Safeguard PRO?
Safeguard PRO brings together all the capabilities of the XYGATE Safeguard enhancement modules to offer you a single source for achieving your Safeguard-related security requirements. A friendly and intuitive user interface adds to the ease of use and allows the Security Administrator, whose responsibilities can span several computer platforms, to take care of the HP NonStop platform with ease.
What Do I Get with Safeguard Pro?
The XYGATE Safeguard PRO package consists of 5 integrated modules, each addressing specific Safeguard security requirements. Every aspect of Safeguard Administration, Audit, Authorization, and Authentication (including interfacing to LDAP) is enhanced and made efficient with XYGATE Safeguard PRO.
XYPRO’s Safeguard PRO is an enhanced Safeguard manage¬ment, configuration and reporting package that extends the capabilities of Safeguard with unrivaled user authentication, password quality and object security power.
How Do I Learn More about Safeguard PRO?
Click here to learn more. You can download free product information and view a product demo.
Thursday, August 12, 2010
Donkey Rodeo SIG, London.
At the start of the recent BITUG (British Isles Tandem User Group) DR SIG in London, NTI’s Dave Ross asked the attendees to think about what the letters D.R. stood for, with prizes for the most creative suggestions. More on the results of that at the end.
As you’d expect from a DR SIG, the day was focused on Disaster Recovery or Data Replication as is becoming more commonly used, because of the multi-purpose uses for modern DR set-ups. The list of attendees was a little longer than usual, which I’m thinking is down to two possible reasons. The first could be that DR is a fairly hot topic and people want to keep up to speed. The second might have been NTI’s exclusive booking of a London Eye (huge Ferris wheel on the Thames) capsule for a post SIG hurrah. Either way, it was great to see a good turn-out.
By the end of the day, it was time for the D.R. Suggestions to be aired. Around ten made the final cut with Digital Renaissance being one, Demand Ransom was possibly another, but Deny Responsibility was deemed the winner! I can’t remember if the prize was a crisp £20 note or a Tandem T-Shirt, as there were a few mini competitions during the day. Either way, everyone went home happy, especially those with extra cash/clothing and those who got an invite to the post SIG London Eye trip.
The next BITUG SIG covers Migration and Solutions, 13th October.
www.bitug.com
Dan Lewis
XYPRO, Europe
As you’d expect from a DR SIG, the day was focused on Disaster Recovery or Data Replication as is becoming more commonly used, because of the multi-purpose uses for modern DR set-ups. The list of attendees was a little longer than usual, which I’m thinking is down to two possible reasons. The first could be that DR is a fairly hot topic and people want to keep up to speed. The second might have been NTI’s exclusive booking of a London Eye (huge Ferris wheel on the Thames) capsule for a post SIG hurrah. Either way, it was great to see a good turn-out.
By the end of the day, it was time for the D.R. Suggestions to be aired. Around ten made the final cut with Digital Renaissance being one, Demand Ransom was possibly another, but Deny Responsibility was deemed the winner! I can’t remember if the prize was a crisp £20 note or a Tandem T-Shirt, as there were a few mini competitions during the day. Either way, everyone went home happy, especially those with extra cash/clothing and those who got an invite to the post SIG London Eye trip.
The next BITUG SIG covers Migration and Solutions, 13th October.
www.bitug.com
Dan Lewis
XYPRO, Europe
Friday, August 6, 2010
XYPRO TECHNOLOGY CORPORATION joins PCI Security Standards Council as newest Participating Organization
XYPRO to participate in key standards setting body protecting payment cardholder data
FOR IMMEDIATE RELEASE
Simi Valley, CA/USA, August 6, 2010 —XYPRO Technology Corporation, a leading provider of data security software and services for HP NonStop Server environments, announced today that it has joined the PCI Security Standards Council as a new participating organization. As a Participating Organization, XYPRO will work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.
The PCI DSS, endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity. More information on the council and the standard can be found at www.pcisecuritystandards.org.
As a Participating Organization, XYPRO will now have access to the latest payment card security standards from the Council, be able to provide feedback on the standards and become part of a growing community that now includes more than 500 organizations. In an era of increasingly sophisticated attacks on systems, adhering to the PCI DSS represents an entity’s best protection against data criminals. By joining as a Participating Organization, XYPRO is adding its voice to the process.”
“The PCI Security Standards Council is committed to helping everyone involved in the payment chain protect consumer payment data,” said Bob Russo, General Manager of the PCI Security Standards Council. “By participating in the standards setting process, XYPRO demonstrates they are playing an active part in this important end goal.”
“XYPRO is dedicated to helping businesses achieve unified security and compliance within their HP NonStop server environments,” said Sheila Johnson, CEO at XYPRO. “We are extremely excited to participate in the PCI Security Standards Council, as it further demonstrates our mission and commitment to closing the security gap.”
About PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of PCI security standards. For more information, please visit www.pcisecuritystandards.org
About XYPRO
XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services. Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through compliance while improving efficiency. www.xypro.com
# # #
Media contacts
XYPRO Technology PCI Security Standards Council
Lisa Partridge Ella Nevill
805-583-2874 781-876-6248
Lisa_P@xypro.com enevill@pcisecuritystandards.org
FOR IMMEDIATE RELEASE
Simi Valley, CA/USA, August 6, 2010 —XYPRO Technology Corporation, a leading provider of data security software and services for HP NonStop Server environments, announced today that it has joined the PCI Security Standards Council as a new participating organization. As a Participating Organization, XYPRO will work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.
The PCI DSS, endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity. More information on the council and the standard can be found at www.pcisecuritystandards.org.
As a Participating Organization, XYPRO will now have access to the latest payment card security standards from the Council, be able to provide feedback on the standards and become part of a growing community that now includes more than 500 organizations. In an era of increasingly sophisticated attacks on systems, adhering to the PCI DSS represents an entity’s best protection against data criminals. By joining as a Participating Organization, XYPRO is adding its voice to the process.”
“The PCI Security Standards Council is committed to helping everyone involved in the payment chain protect consumer payment data,” said Bob Russo, General Manager of the PCI Security Standards Council. “By participating in the standards setting process, XYPRO demonstrates they are playing an active part in this important end goal.”
“XYPRO is dedicated to helping businesses achieve unified security and compliance within their HP NonStop server environments,” said Sheila Johnson, CEO at XYPRO. “We are extremely excited to participate in the PCI Security Standards Council, as it further demonstrates our mission and commitment to closing the security gap.”
About PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of PCI security standards. For more information, please visit www.pcisecuritystandards.org
About XYPRO
XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services. Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through compliance while improving efficiency. www.xypro.com
# # #
Media contacts
XYPRO Technology PCI Security Standards Council
Lisa Partridge Ella Nevill
805-583-2874 781-876-6248
Lisa_P@xypro.com enevill@pcisecuritystandards.org
Thursday, July 29, 2010
Security Breaches: Do Companies Need to See It Get Worse Before It Gets Better?
One would think that with all of today’s security standards and compliance requirements that data leaks and security breaches would be few and far between. Of course, one would be wrong to think that. Indeed, in the healthcare sector alone the numbers are staggering. In a recent report published by Healthcare Info Security the official federal list of major healthcare information breaches dating back to last September included 119 incidents affecting almost 5 million Americans. About 20 incidents were added to the list in the last 30 days.
The total of those affected by major breaches grew by approximately 1.5 million in the past month, primarily as a result of two large cases.
In one case, South Shore Hospital in South Weymouth, Mass. reported that unencrypted backup computer files containing personal, health and financial information on about 800,000 people may have been lost by a company that a Massachusetts Hospital hired to destroy the files. On the breach list, the business partner involved is identified as Iron Mountain Data Products Inc.
In the other case, WellPoint Inc., which owns Blue Cross and Blue Shield plans in 14 states, announced in late June that it was notifying 470,000 people who applied for individual health insurance coverage that their information may have been breached on a website.
Don’t Make the List
Organizations that suffer from security breaches can’t hide and pretend it didn’t happen. Under the Health Information Technology for Economic and Clinical Health Act's breach notification rule, which went into effect last September, breaches affecting more than 500 individuals must be reported to the Department of Health and Human Services' Office for Civil Rights and the news media as well as the individuals affected within 60 days. It’s definitely a list you don’t want to be on.
Get Informed & Get Secure with XYPRO
For more than 25 years, XYPRO has been helping businesses, including healthcare organizations secure their mission-critical systems and information. We help ensure that our customers never make lists like the ones mentioned above. You can learn more about how we do it from our webinar archive at www.xypro.com/webinars.
The total of those affected by major breaches grew by approximately 1.5 million in the past month, primarily as a result of two large cases.
In one case, South Shore Hospital in South Weymouth, Mass. reported that unencrypted backup computer files containing personal, health and financial information on about 800,000 people may have been lost by a company that a Massachusetts Hospital hired to destroy the files. On the breach list, the business partner involved is identified as Iron Mountain Data Products Inc.
In the other case, WellPoint Inc., which owns Blue Cross and Blue Shield plans in 14 states, announced in late June that it was notifying 470,000 people who applied for individual health insurance coverage that their information may have been breached on a website.
Don’t Make the List
Organizations that suffer from security breaches can’t hide and pretend it didn’t happen. Under the Health Information Technology for Economic and Clinical Health Act's breach notification rule, which went into effect last September, breaches affecting more than 500 individuals must be reported to the Department of Health and Human Services' Office for Civil Rights and the news media as well as the individuals affected within 60 days. It’s definitely a list you don’t want to be on.
Get Informed & Get Secure with XYPRO
For more than 25 years, XYPRO has been helping businesses, including healthcare organizations secure their mission-critical systems and information. We help ensure that our customers never make lists like the ones mentioned above. You can learn more about how we do it from our webinar archive at www.xypro.com/webinars.
Thursday, July 15, 2010
The Secret to Fitness...
I may have found the key to improving my overall health, when recently I had the good fortune of teaching a one-week XYGATE class for one of XYPRO's customers in Porto Alegri, which is the capital of Rio Grande do Sul and is Brazil's southernmost state. Porto Alegri is a pretty city, with tree-lined streets and colorful sunsets over Lake GuaÃba.
The company, along with a number of other international high-tech businesses, including HP, leases buildings on the campus of the Pontifical Catholic University of Rio Grande do Sul (PUCRS). The companies agree to accept students for internships and on-the-job training. The companies pay rent, which supplements the university's income. In addition, all of the extra people on campus makes having a big variety of restaurants and other businesses, including a fairly large mall on campus, feasible. This is such a wonderful idea—I’m surprised more universities aren't doing it.
This was my first experience teaching where more than half of the students were watching via video conference from multiple time zones. However, the Brazilian folks were experts on setting everything up, and the class came off without any problems.
I also had my first taste of the yerba mate tea and saw how it is brewed. Perhaps that is the secret to their fitness! Some studies have shown that this tea has anti-obesity, cholesterol lowering and antioxidant properties. All I know is the vast majority of citizens appeared extremely fit regardless of age or gender. Well, I'll let you know how it goes in a few months...
Terri Hill
XYGATE Security Specialist
The company, along with a number of other international high-tech businesses, including HP, leases buildings on the campus of the Pontifical Catholic University of Rio Grande do Sul (PUCRS). The companies agree to accept students for internships and on-the-job training. The companies pay rent, which supplements the university's income. In addition, all of the extra people on campus makes having a big variety of restaurants and other businesses, including a fairly large mall on campus, feasible. This is such a wonderful idea—I’m surprised more universities aren't doing it.
This was my first experience teaching where more than half of the students were watching via video conference from multiple time zones. However, the Brazilian folks were experts on setting everything up, and the class came off without any problems.
I also had my first taste of the yerba mate tea and saw how it is brewed. Perhaps that is the secret to their fitness! Some studies have shown that this tea has anti-obesity, cholesterol lowering and antioxidant properties. All I know is the vast majority of citizens appeared extremely fit regardless of age or gender. Well, I'll let you know how it goes in a few months...
Terri Hill
XYGATE Security Specialist
Friday, July 9, 2010
XYGATE is Profiled in the Roadmap to the Megaplex
High-profile guide by Standish Group highlights XYGATE’s sophisticated security features
(July 8, 2010) Simi Valley, CA – XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop™ Server environments, today announced that it has been included in the Standish Group’s Roadmap to the Megaplex. The guide offers timely information to help organizations maximize their current investment in HP NonStop server applications. The Roadmap to the Megaplex also offers return on investment scenarios and provides compelling reasons to modernize the NonStop applications and environment.
XYPRO’s security and access control suite, XYGATE, is highlighted in the Roadmap’s Security Modernization section. XYGATE is a comprehensive security, compliance, auditing and FIPS 140-2 validated encryption software solution for HP NonStop environments. Security modernization is the process of changing the traditional security and protection systems from passive to proactive. Government and industry regulations mandate much of this change. The Standish Group reports that 69 percent of organizations have an active and concentrated effort to meet regulatory compliance. Investment in security is minimal when compared to the financial penalties levied for non-compliance or the monetary impact of a breach.
The Roadmap to the Megaplex highlights XYGATE’s ability to greatly enhance an organization’s security environment and enable protection of their intellectual property and confidential information. “The security process is challenging and ever-evolving as organizations strive to protect our personal data, their corporate assets and meet regulatory compliance,” said Sheila Johnson, XYPRO CEO. “One way to make the process simpler is to deploy a centralized security management system with highly sophisticated security capabilities but that is straightforward to use, such as XYGATE.”
XYGATE’s implementation is simple and requires little training for the experienced NonStop security administrator. XYGATE’s intuitive wizards are designed to help security administrators set up rules and roles quickly. The XYGATE suite has been efficiently designed to meet organizations’ goals to protect data and improve productivity while achieving granular security, audit and compliance mandates.
“The Roadmap to the Megaplex is a critical document for organizations seeking to maximize their investments in NonStop applications,” said Lisa Partridge, XYPRO Vice President. “We are thrilled that XYGATE’s rich security, audit and compliance features have been profiled as an avenue for organizations to enhance and protect their HP NonStop server environment.”
About XYPRO
XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services. Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through improved efficiency. www.xypro.com
About the Standish Group
The Standish Group is based in Boston, Massachusetts and is the Information Technology leader in project and value performance. We are a group of highly dedicated professionals with years of practical experience in assessing risk, cost, return and value for Information Technology (IT) Investments.
www.standishgroup.com
(July 8, 2010) Simi Valley, CA – XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop™ Server environments, today announced that it has been included in the Standish Group’s Roadmap to the Megaplex. The guide offers timely information to help organizations maximize their current investment in HP NonStop server applications. The Roadmap to the Megaplex also offers return on investment scenarios and provides compelling reasons to modernize the NonStop applications and environment.
XYPRO’s security and access control suite, XYGATE, is highlighted in the Roadmap’s Security Modernization section. XYGATE is a comprehensive security, compliance, auditing and FIPS 140-2 validated encryption software solution for HP NonStop environments. Security modernization is the process of changing the traditional security and protection systems from passive to proactive. Government and industry regulations mandate much of this change. The Standish Group reports that 69 percent of organizations have an active and concentrated effort to meet regulatory compliance. Investment in security is minimal when compared to the financial penalties levied for non-compliance or the monetary impact of a breach.
The Roadmap to the Megaplex highlights XYGATE’s ability to greatly enhance an organization’s security environment and enable protection of their intellectual property and confidential information. “The security process is challenging and ever-evolving as organizations strive to protect our personal data, their corporate assets and meet regulatory compliance,” said Sheila Johnson, XYPRO CEO. “One way to make the process simpler is to deploy a centralized security management system with highly sophisticated security capabilities but that is straightforward to use, such as XYGATE.”
XYGATE’s implementation is simple and requires little training for the experienced NonStop security administrator. XYGATE’s intuitive wizards are designed to help security administrators set up rules and roles quickly. The XYGATE suite has been efficiently designed to meet organizations’ goals to protect data and improve productivity while achieving granular security, audit and compliance mandates.
“The Roadmap to the Megaplex is a critical document for organizations seeking to maximize their investments in NonStop applications,” said Lisa Partridge, XYPRO Vice President. “We are thrilled that XYGATE’s rich security, audit and compliance features have been profiled as an avenue for organizations to enhance and protect their HP NonStop server environment.”
About XYPRO
XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services. Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through improved efficiency. www.xypro.com
About the Standish Group
The Standish Group is based in Boston, Massachusetts and is the Information Technology leader in project and value performance. We are a group of highly dedicated professionals with years of practical experience in assessing risk, cost, return and value for Information Technology (IT) Investments.
www.standishgroup.com
Tuesday, June 22, 2010
Viking Longtrip
Three days at the end of May saw Sean Bicknell and I head to the ninth annual VNUG (Viking NonStop User Group) conference held this year at Gällöfsta Manor, about half an hour north of Stockholm.
Day one was either an education day, or a golf tournament. I was looking forward to a round of golf, but striking British Airways cabin staff had other ideas. Our rescheduled flight meant I’ll have to wait until next year to play my first golf in Sweden. At least with an extra year to practice I’ll increase my chances of not coming last!
The real business began on the morning of day two. Around 10 vendors set up their booths and a range of HP updates, vendor pitches and user presentations kicked off at 9.30am. Our presentation was originally scheduled to be the final one of the event on day three, but a last-minute cancellation by one of the speakers meant we were moved to the afternoon of day two – no complaints there.
For XYPRO’s 20 minute slot we took a look at a few of the PCI-DSS requirements which can’t be met on a NonStop with native software. This scenario applies to far more requirements than we had time to cover, but it was more than enough time to take a high-level look at three of the key PCI-DSS related tools we have to offer.
The first was XUA (XYGATE User Authentication) which provides logon controls via IP address, thus ticking the PDC-DSS 1.3.2 box: Limit inbound Internet traffic to IP addresses within the DMZ. XUA also provides far more functionality with the likes of LDAP-integrated Single Sign On, granular log-on control, time-related log-on restriction, full audit and more – not only providing extra uses, but also covering other PCI-DSS requirements including (but not limited to) 7.2, 8.1 and 8.5.13.
Following the theme of using one XYGATE solution to crack several different PCI-DSS nuts, were XSW (XYGATE Security Compliance Wizard) which is by far the best file-integrity/change-detection tool on the market and XMA (XYGATE Merged Audit) which chiefly consolidates and exports NonStop audit data and provides real-time alerts. XSW and XMA apply to a long list of PCI requirements, so if you’re just starting a PCI project, be sure to take a look sooner rather than later.
PCI-DSS is a fairly hot topic in Europe right now and Sean and I thought his presentation was well received at the time. Those thoughts were backed up a few days after the event, when the delegate feedback forms were returned, showing the XYPRO presentation to have scored the highest of the event – no mean feat when HP’s Mittal Parekh is in town – the man is so passionate he could talk about a paint drying process and I’d still be riveted!
It’s a VNUG tradition to have some sort of group activity on the evening of day two. This year’s was kept under secret until they’d got everyone herded into a large empty conference room: line dancing! I won’t deny that my heart sank when they first announced it, but I don’t mind admitting it was actually great fun – never thought I’d find myself saying that! I’ll also admit that it’s far more difficult than it looks!
The event drew to a close at around 3.30pm on day three, giving us time to reflect on a well attended and very friendly VNUG event. Our thanks to Tommy and the rest of the VNUG board for putting on another great conference. With 2011 being the tenth anniversary, they’ve promised us an even more memorable event next year – we’re looking forward to it already.
www.vnug.biz
http://blog.xypro.com/
Dan Lewis
XYPRO European Marketing Manager
Register today for the Global HP NonStop Symposium & Expo, 26-29th September - www.NonStopSymposium.com
Day one was either an education day, or a golf tournament. I was looking forward to a round of golf, but striking British Airways cabin staff had other ideas. Our rescheduled flight meant I’ll have to wait until next year to play my first golf in Sweden. At least with an extra year to practice I’ll increase my chances of not coming last!
The real business began on the morning of day two. Around 10 vendors set up their booths and a range of HP updates, vendor pitches and user presentations kicked off at 9.30am. Our presentation was originally scheduled to be the final one of the event on day three, but a last-minute cancellation by one of the speakers meant we were moved to the afternoon of day two – no complaints there.
For XYPRO’s 20 minute slot we took a look at a few of the PCI-DSS requirements which can’t be met on a NonStop with native software. This scenario applies to far more requirements than we had time to cover, but it was more than enough time to take a high-level look at three of the key PCI-DSS related tools we have to offer.
The first was XUA (XYGATE User Authentication) which provides logon controls via IP address, thus ticking the PDC-DSS 1.3.2 box: Limit inbound Internet traffic to IP addresses within the DMZ. XUA also provides far more functionality with the likes of LDAP-integrated Single Sign On, granular log-on control, time-related log-on restriction, full audit and more – not only providing extra uses, but also covering other PCI-DSS requirements including (but not limited to) 7.2, 8.1 and 8.5.13.
Following the theme of using one XYGATE solution to crack several different PCI-DSS nuts, were XSW (XYGATE Security Compliance Wizard) which is by far the best file-integrity/change-detection tool on the market and XMA (XYGATE Merged Audit) which chiefly consolidates and exports NonStop audit data and provides real-time alerts. XSW and XMA apply to a long list of PCI requirements, so if you’re just starting a PCI project, be sure to take a look sooner rather than later.
PCI-DSS is a fairly hot topic in Europe right now and Sean and I thought his presentation was well received at the time. Those thoughts were backed up a few days after the event, when the delegate feedback forms were returned, showing the XYPRO presentation to have scored the highest of the event – no mean feat when HP’s Mittal Parekh is in town – the man is so passionate he could talk about a paint drying process and I’d still be riveted!
It’s a VNUG tradition to have some sort of group activity on the evening of day two. This year’s was kept under secret until they’d got everyone herded into a large empty conference room: line dancing! I won’t deny that my heart sank when they first announced it, but I don’t mind admitting it was actually great fun – never thought I’d find myself saying that! I’ll also admit that it’s far more difficult than it looks!
The event drew to a close at around 3.30pm on day three, giving us time to reflect on a well attended and very friendly VNUG event. Our thanks to Tommy and the rest of the VNUG board for putting on another great conference. With 2011 being the tenth anniversary, they’ve promised us an even more memorable event next year – we’re looking forward to it already.
www.vnug.biz
http://blog.xypro.com/
Dan Lewis
XYPRO European Marketing Manager
Register today for the Global HP NonStop Symposium & Expo, 26-29th September - www.NonStopSymposium.com
Thursday, June 17, 2010
In Memoriam: Lauren Uroff
- Sheila Johnson, CEO
When professionals join XYPRO, we like to think that they are joining more than just a software corporation; they are joining a close-knit family. To be sure, it’s close to impossible not to get incredibly attached to the wonderful, talented people that comprise the XYPRO family. So, it is with great sadness that we had to say goodbye to one of our long-time XYPRO family members, Lauren Uroff. We are indeed in deep mourning, but at the same time, trying to celebrate the wonderful and rich life Lauren led. Over the past few weeks, we have heard so many touching and uplifting stories about Lauren—she simply made a positive, lasting impact on everyone she knew.
Kristie Rusk is one of the many people who Lauren deeply touched.
Below, Kristie offers her memories and tribute to our Lauren.
I’ve been an employee of XYPRO since 1987. I’ve been here longer than any other XYPRO employee, except for Sheila Johnson, our CEO. When I look back at these past 23 years, each year has it’s own “memorable moment” associated with it, some of them good and some of them bad. In 1994, we had the infamous Northridge earthquake and I have memories of us all ducking under the conference room table during aftershocks. In 2001, it was the 9/11 attacks while the ITUG conference was being held in Anaheim. We scrambled to find places for our customers to stay who were unable to fly home. In 2006, we had two “XY-babies” born within a few weeks of each other and two more babies were born in 2008. This year promises to have its share of good memories for XYPRO. But sadly, the one event that I will remember 2010 for is the loss of my co-worker and friend, Lauren Uroff.
Lauren joined XYPRO in 1992 as a QA Analyst and later that year, her husband Scott also joined XYPRO. They quickly became vital members of the XYPRO team. Together, they helped build the XYPRO Security products to become the leading edge products they are today. Lauren was intensely proud of her work. When we began to offer XYGATE classes here at the XYPRO offices, Lauren was key to the building and teaching of those class materials. She loved working with customers and if she met you, either on the phone or in person, she never forgot your name! As valuable an asset Lauren was to XYPRO, for me, she was one of my closest friends here at the office. Lauren and I shared many things over the years. We held down the fort by ourselves at the office while everyone was attending ITUG Conferences, we laughed in the lunchroom about the latest “news of the day”. Lauren was bright, witty, an avid reader, a seeker of knowledge – from the silly to the sublime. Our conversations ranged from deep and philosophical to arguments about who we liked better on “Top Chef”.
As proud as Lauren was of her work, her greatest pride was her family, her husband Scott and her son James. After James was born, she changed her status at XYPRO from full-time employee to that of an independent contractor, so that she could have the flexibility in her schedule to play an active role in his life. She spent many hours volunteering at his school and never missed a concert or karate practice. She was determined that he be a well-rounded and polite young man.
In 2009, Lauren was diagnosed with cancer. She worked from home as often as she could, but her presence at the office became less and less. In December, while preparing to come back to the office on a regular basis, we got the devastating news that the cancer had spread. Three months later in March 2010, we lost her.
It is sad to think that the newer employees here at XYPRO will never get the opportunity to know or work with Lauren. But, it helps to know that Lauren’s legacy will live on in the quality of the XYPRO products that she helped build, the customers who she helped support and most importantly in the lives of her family.
Kristie Rusk
-Vice President of Finance
When professionals join XYPRO, we like to think that they are joining more than just a software corporation; they are joining a close-knit family. To be sure, it’s close to impossible not to get incredibly attached to the wonderful, talented people that comprise the XYPRO family. So, it is with great sadness that we had to say goodbye to one of our long-time XYPRO family members, Lauren Uroff. We are indeed in deep mourning, but at the same time, trying to celebrate the wonderful and rich life Lauren led. Over the past few weeks, we have heard so many touching and uplifting stories about Lauren—she simply made a positive, lasting impact on everyone she knew.
Kristie Rusk is one of the many people who Lauren deeply touched.
Below, Kristie offers her memories and tribute to our Lauren.
I’ve been an employee of XYPRO since 1987. I’ve been here longer than any other XYPRO employee, except for Sheila Johnson, our CEO. When I look back at these past 23 years, each year has it’s own “memorable moment” associated with it, some of them good and some of them bad. In 1994, we had the infamous Northridge earthquake and I have memories of us all ducking under the conference room table during aftershocks. In 2001, it was the 9/11 attacks while the ITUG conference was being held in Anaheim. We scrambled to find places for our customers to stay who were unable to fly home. In 2006, we had two “XY-babies” born within a few weeks of each other and two more babies were born in 2008. This year promises to have its share of good memories for XYPRO. But sadly, the one event that I will remember 2010 for is the loss of my co-worker and friend, Lauren Uroff.
Lauren joined XYPRO in 1992 as a QA Analyst and later that year, her husband Scott also joined XYPRO. They quickly became vital members of the XYPRO team. Together, they helped build the XYPRO Security products to become the leading edge products they are today. Lauren was intensely proud of her work. When we began to offer XYGATE classes here at the XYPRO offices, Lauren was key to the building and teaching of those class materials. She loved working with customers and if she met you, either on the phone or in person, she never forgot your name! As valuable an asset Lauren was to XYPRO, for me, she was one of my closest friends here at the office. Lauren and I shared many things over the years. We held down the fort by ourselves at the office while everyone was attending ITUG Conferences, we laughed in the lunchroom about the latest “news of the day”. Lauren was bright, witty, an avid reader, a seeker of knowledge – from the silly to the sublime. Our conversations ranged from deep and philosophical to arguments about who we liked better on “Top Chef”.
As proud as Lauren was of her work, her greatest pride was her family, her husband Scott and her son James. After James was born, she changed her status at XYPRO from full-time employee to that of an independent contractor, so that she could have the flexibility in her schedule to play an active role in his life. She spent many hours volunteering at his school and never missed a concert or karate practice. She was determined that he be a well-rounded and polite young man.
In 2009, Lauren was diagnosed with cancer. She worked from home as often as she could, but her presence at the office became less and less. In December, while preparing to come back to the office on a regular basis, we got the devastating news that the cancer had spread. Three months later in March 2010, we lost her.
It is sad to think that the newer employees here at XYPRO will never get the opportunity to know or work with Lauren. But, it helps to know that Lauren’s legacy will live on in the quality of the XYPRO products that she helped build, the customers who she helped support and most importantly in the lives of her family.
Kristie Rusk
-Vice President of Finance
Monday, May 10, 2010
Flat Screens, Light Bulbs and IBM, Oh My……
For me personally, EBUG (European BASE24 User Group) is quite a significant event for two reasons. Firstly it’s EMEA’s premier gathering for anyone with an interest in BASE24 and other related ACI products. And secondly, because it marks my first year of involvement/employment in the HP NonStop field – the 2009 EBUG in Prague last year was my first day on the job!
The big talking point from last year was ACI’s announcement that BASE24 ‘classic’ would be phased out within a couple of years and its new collaboration with IBM. It’s safe to say that this announcement wasn’t greeted with the warmth that ACI had expected.
A year later, we’re in Madrid, Spain, and there was far less controversy. ACI had obviously taken its customer’s feedback on board and stances have changed and relaxed. Deadlines for BASE24’s ‘sun-setting’ have been extended and it’s now talked about as the end of ‘support’ for BASE24 classic, as opposed to the product itself. It’s no huge surprise that ACI was still keen for as many of its customers as possible to migrate to BASE24-eps, pointing out that over 20 customers have now made the switch.
From what I gather, the IBM situation hasn’t seen the exodus from HP NonStop that certain parties might have been hoping for – I may be wrong, but I don’t know of any HP NonStop users who have jumped ship to IBM. In fact, I dare say that ACI/IBM bringing hardware to the fore has actually resulted in a few NonStop Blade upgrades for existing HP customers. I can only see that as a good thing. But don’t go thinking that IBM has admitted defeat, would there have been a ‘stand of the show’ award, IBM would have won it with ease...
In the XYPRO booth there were less plasma TVs and halogen light bulbs, but that didn’t mean there was any less activity. Many thanks to all those who dropped by for a chat, to pick up product info and to enter their business card to win an HP Netbook. The drawing was held at the gala evening meal and was won by Attila Biro of Comparex, so congratulations to him!
Overall it was another successful EBUG event and we look forward to next year’s, which we hear will be taking place in Germany.
XYPRO’s next few European events are a one day BITUG SIG on 19th May in London and a much larger Viking NonStop User Group (VNUG) annual meeting in Stockholm during the last week the month. If you’re going to either, we look forward to saying hi and perhaps sharing a beer or two in the bar...
Dan Lewis
European Marketing Manager
The big talking point from last year was ACI’s announcement that BASE24 ‘classic’ would be phased out within a couple of years and its new collaboration with IBM. It’s safe to say that this announcement wasn’t greeted with the warmth that ACI had expected.
A year later, we’re in Madrid, Spain, and there was far less controversy. ACI had obviously taken its customer’s feedback on board and stances have changed and relaxed. Deadlines for BASE24’s ‘sun-setting’ have been extended and it’s now talked about as the end of ‘support’ for BASE24 classic, as opposed to the product itself. It’s no huge surprise that ACI was still keen for as many of its customers as possible to migrate to BASE24-eps, pointing out that over 20 customers have now made the switch.
From what I gather, the IBM situation hasn’t seen the exodus from HP NonStop that certain parties might have been hoping for – I may be wrong, but I don’t know of any HP NonStop users who have jumped ship to IBM. In fact, I dare say that ACI/IBM bringing hardware to the fore has actually resulted in a few NonStop Blade upgrades for existing HP customers. I can only see that as a good thing. But don’t go thinking that IBM has admitted defeat, would there have been a ‘stand of the show’ award, IBM would have won it with ease...
In the XYPRO booth there were less plasma TVs and halogen light bulbs, but that didn’t mean there was any less activity. Many thanks to all those who dropped by for a chat, to pick up product info and to enter their business card to win an HP Netbook. The drawing was held at the gala evening meal and was won by Attila Biro of Comparex, so congratulations to him!
Overall it was another successful EBUG event and we look forward to next year’s, which we hear will be taking place in Germany.
XYPRO’s next few European events are a one day BITUG SIG on 19th May in London and a much larger Viking NonStop User Group (VNUG) annual meeting in Stockholm during the last week the month. If you’re going to either, we look forward to saying hi and perhaps sharing a beer or two in the bar...
Dan Lewis
European Marketing Manager
Thursday, April 22, 2010
Product Spotlight:SQLXPress
SQLXPress Can Help You Manage Your HP NonStop SQL Databases
In November, 2009, we announced our strategic partnership with Merlon. Since that time, we have really enjoyed educating our customers about the beneficial tools Merlon offers.
In today’s blog, we’d like to highlight a tool that provides comprehensive support for managing large, complex database environments. The solution, SQLXPress, is an essential companion product for SQL/MX and SQL/MP.
Simplify with SQLXPress
SQLXPress supports all standard DDL operations, and offers several advanced features that are not available with the command line interface, such as compare data definition language (DDL), two-way object relationship browsing, multi-object commands and partition key data analysis.
SQLXPress offers benefits database administrators, software developers, quality assurance analysts and technical support staff. With SQLXPress, users can benefit from the following:
• Simplified Database Administration
• Improved Application Performance
• Increased Productivity
• Easy-to-use Modern Graphical User Interface
• Simplified Data Browsing
• Easy Statistics Management
To learn more about this sophisticated database management tool click here.
Or look for our upcoming webcasts that feature all of our database and security tools.
In November, 2009, we announced our strategic partnership with Merlon. Since that time, we have really enjoyed educating our customers about the beneficial tools Merlon offers.
In today’s blog, we’d like to highlight a tool that provides comprehensive support for managing large, complex database environments. The solution, SQLXPress, is an essential companion product for SQL/MX and SQL/MP.
Simplify with SQLXPress
SQLXPress supports all standard DDL operations, and offers several advanced features that are not available with the command line interface, such as compare data definition language (DDL), two-way object relationship browsing, multi-object commands and partition key data analysis.
SQLXPress offers benefits database administrators, software developers, quality assurance analysts and technical support staff. With SQLXPress, users can benefit from the following:
• Simplified Database Administration
• Improved Application Performance
• Increased Productivity
• Easy-to-use Modern Graphical User Interface
• Simplified Data Browsing
• Easy Statistics Management
To learn more about this sophisticated database management tool click here.
Or look for our upcoming webcasts that feature all of our database and security tools.
Sunday, April 11, 2010
And the Winner is….
The winner of XYPRO’s Events survey drawing is:
Michael Crispyn, Vice President
Group Manager, Tandem Online Systems
Fifth Third Processing Solutions, LLC
Scott won the $100 Gift Card drawing for filling out our recent survey.
As promised, here are the results of XYPRO's Survey about which upcoming shows our customers/prospects will be attending.
75% of those who responded are going to the NonStop Summit in San Jose
25% of those who responded are going to HP Tech Forum - Las Vegas
Anastasia Valentine asked: Lisa-how many in total responded?
Lisa Responded:
48 people replied, about which show they or people from their company would be attending, speaking on behalf of about 60 individual attendees.
6 additional responders didn't say which show because they weren't sure yet.
3 said they no plans to attend either show.
We had several international "Yes" answers - which is also encouraging.
A couple of interesting comments in the "free form" field - 3 people said they weren't aware that the NonStop event in September was happening due to the lack of marketing,
but they were all aware that HPTF was happening.
So those percentages match up with Ernie Guerrera's poll of his customer base, if I recall correctly.
So if roughly 70-75% of those going to a show are coming to San Jose, we just have to make sure enough people know about the NonStop event to consider it. So please pass the word around!
Michael Crispyn, Vice President
Group Manager, Tandem Online Systems
Fifth Third Processing Solutions, LLC
Scott won the $100 Gift Card drawing for filling out our recent survey.
As promised, here are the results of XYPRO's Survey about which upcoming shows our customers/prospects will be attending.
75% of those who responded are going to the NonStop Summit in San Jose
25% of those who responded are going to HP Tech Forum - Las Vegas
Anastasia Valentine asked: Lisa-how many in total responded?
Lisa Responded:
48 people replied, about which show they or people from their company would be attending, speaking on behalf of about 60 individual attendees.
6 additional responders didn't say which show because they weren't sure yet.
3 said they no plans to attend either show.
We had several international "Yes" answers - which is also encouraging.
A couple of interesting comments in the "free form" field - 3 people said they weren't aware that the NonStop event in September was happening due to the lack of marketing,
but they were all aware that HPTF was happening.
So those percentages match up with Ernie Guerrera's poll of his customer base, if I recall correctly.
So if roughly 70-75% of those going to a show are coming to San Jose, we just have to make sure enough people know about the NonStop event to consider it. So please pass the word around!
Monday, March 29, 2010
Product Spotlight:Encryption PRO
Don’t Let this Be You!
As you’ve probably already heard, a hacker was able to break into the database of RockYou, which provides applications and services for social networking sites like Facebook and MySpace. This hacker obtained 32 million clear-text passwords! For whatever reason, the passwords of RockYou’s customers were not encrypted and were an easy target. RockYou is now encrypting all passwords and reviewing their current data security features to ensure that they meet industry standards and best practices. Of course, they’re undoubtedly wishing they would have taken this approach 32 million passwords sooner.
Protect Passwords with Encryption PRO
XYGATE Encryption PRO provides encryption for just about any type of communications between computer systems. These components enable you to encrypt interactive sessions, transaction sessions, file transfer sessions and databases or fields. Using software-based mechanisms, XYGATE provides encryption for not only HP NonStop servers and PC workstations, but also Unix, IBM OS390 and Z/OS, and many more....
XYGATE Encryption is the ideal solution set for protecting data in transit. A variety of components provide privacy for many types of sessions:
• Between your HP NonStop servers,
• Between HP NonStop servers and your PC workstations
• Many other platforms.
Protecting the privacy of data at rest is achieved via encrypting files and databases. XYGATE makes it practical to encrypt files for online storage, entire databases, or just selected fields that contain sensitive information. Learn more at www.xypro.com
As you’ve probably already heard, a hacker was able to break into the database of RockYou, which provides applications and services for social networking sites like Facebook and MySpace. This hacker obtained 32 million clear-text passwords! For whatever reason, the passwords of RockYou’s customers were not encrypted and were an easy target. RockYou is now encrypting all passwords and reviewing their current data security features to ensure that they meet industry standards and best practices. Of course, they’re undoubtedly wishing they would have taken this approach 32 million passwords sooner.
Protect Passwords with Encryption PRO
XYGATE Encryption PRO provides encryption for just about any type of communications between computer systems. These components enable you to encrypt interactive sessions, transaction sessions, file transfer sessions and databases or fields. Using software-based mechanisms, XYGATE provides encryption for not only HP NonStop servers and PC workstations, but also Unix, IBM OS390 and Z/OS, and many more....
XYGATE Encryption is the ideal solution set for protecting data in transit. A variety of components provide privacy for many types of sessions:
• Between your HP NonStop servers,
• Between HP NonStop servers and your PC workstations
• Many other platforms.
Protecting the privacy of data at rest is achieved via encrypting files and databases. XYGATE makes it practical to encrypt files for online storage, entire databases, or just selected fields that contain sensitive information. Learn more at www.xypro.com
Thursday, March 18, 2010
XYPRO Recognized for Outstanding Support with Two Awards
Thank you to everyone we visited at the recent SATUG. It was a pleasure to meet with all of you and we look forward to our future partnerships. We are honored to announce that XYPRO received two awards at the event. The first was for Outstanding Support of SATUG and the second was presented to our regional representative, Morne Conradie. Morne received an individual recognition award for his Outstanding Contributions over the years. Thank you to everyone involved, as we continually strive to exceed your NonStop security, compliance and encryption needs.
See you in the SUN!
Please visit us at the Sunshine Summit in Tampa, Florida.
SUNTUG Conference- Friday, 19 March 2010 at Embassy Suites
Tampa - Airport/Westshore - 555 N. Westshore Blvd. - Tampa Florida 33609 - 813-875-1555
See you in the SUN!
Please visit us at the Sunshine Summit in Tampa, Florida.
SUNTUG Conference- Friday, 19 March 2010 at Embassy Suites
Tampa - Airport/Westshore - 555 N. Westshore Blvd. - Tampa Florida 33609 - 813-875-1555
Monday, March 8, 2010
SATUG and DUST 2010
XYPRO is Gearing Up for SATUG!
The SATUG 2010 Summit & AGM will take place on the 9th and 10th March 2010, followed by a training session on the 11th. SATUG will take place at the Emerald Casino and Hotel Resort in Vanderbijlpark, South Africa, and XYPRO is gearing up for this wonderful event. Along with gaining and sharing critical user group knowledge, attendees will have the opportunity to discover the newest solutions on the market!
Also, join XYPRO at the next DUST meeting - Tuesday 16 March!
The next DUST Meeting will be held on Tuesday, March 16th, at CVS Caremark in Scottsdale, AZ. The continental breakfast sponsored by XYPRO will start at 8:30 am with the meeting starting at 9:00 am. Lunch is sponsored by ACI Worldwide and will be brought in after the meeting. NTI will be giving an HP Mini again and there will be other door prizes.
The presentations are:
User Presentation from Wells Fargo on security. Chris Draper will be showing some of the things WFB does on the Tandem: user/HR processing, personnel info in the SAFEGUARD profile, separation of duties, etc. Mark Hammett is a contractor at Wells and will be discussing an alternative implementation of XYGATE Merged Audit and how it could be used to full advantage to achieve PCI compliance.
Jim Bowers of ACI Worldwide will present ACI and HP - 35 Years of NonStop.
Network Technologies International will do a short presentation on the latest with NTI and DRNet and their customer trends for 2010.
Please RSVP to Cathy (480-766-5440 or cathy.meurer@usfood.com) for both the meeting and lunch.
The SATUG 2010 Summit & AGM will take place on the 9th and 10th March 2010, followed by a training session on the 11th. SATUG will take place at the Emerald Casino and Hotel Resort in Vanderbijlpark, South Africa, and XYPRO is gearing up for this wonderful event. Along with gaining and sharing critical user group knowledge, attendees will have the opportunity to discover the newest solutions on the market!
Also, join XYPRO at the next DUST meeting - Tuesday 16 March!
The next DUST Meeting will be held on Tuesday, March 16th, at CVS Caremark in Scottsdale, AZ. The continental breakfast sponsored by XYPRO will start at 8:30 am with the meeting starting at 9:00 am. Lunch is sponsored by ACI Worldwide and will be brought in after the meeting. NTI will be giving an HP Mini again and there will be other door prizes.
The presentations are:
User Presentation from Wells Fargo on security. Chris Draper will be showing some of the things WFB does on the Tandem: user/HR processing, personnel info in the SAFEGUARD profile, separation of duties, etc. Mark Hammett is a contractor at Wells and will be discussing an alternative implementation of XYGATE Merged Audit and how it could be used to full advantage to achieve PCI compliance.
Jim Bowers of ACI Worldwide will present ACI and HP - 35 Years of NonStop.
Network Technologies International will do a short presentation on the latest with NTI and DRNet and their customer trends for 2010.
Please RSVP to Cathy (480-766-5440 or cathy.meurer@usfood.com) for both the meeting and lunch.
Friday, February 19, 2010
From the CEO's Desk
I hope everyone is getting a good start on 2010. We have received a large amount of positive customer feedback on our reseller relationship with Merlon and we thank you for that.
Traditionally at XYPRO, we begin each February with a week of Kick-Off sessions. All of us gather at our California headquarters to assess the previous year and set plans for the future. It’s a time of concentrated information exchange and collaborative brainstorming, with all teams participating ‘across all the aisles’. It’s an opportunity to discuss changes in the market and our customers’ needs. We go over feedback from customers and partners regarding current requirements and anticipate what security functions will be needed, both to meet future compliance regulations and to thwart security threats. A high priority includes looking at our products and evaluating how to improve and repackage them so that customers can easily purchase the modules that they need and use them to their best advantage.
There are a number of exciting activities afoot with us, some of which we can share, and some of which we need to keep secret for just a bit longer. What I can tell you is that we cut our first deal with a Neoview customer, so we’re now protecting a high profile decision support system built from the ground up on the most scalable and available data warehouse platforms.
After my last column, an HP press release announced enhancements to our favorite system, the NonStop Server. It quoted Diederick de Buck, technical architect for NonStop systems at Rabobank, who said that, “Rabobank looks to HP NonStop technology to handle our mission-critical financial services applications and help mitigate risks associated with virtual banking.”
As you might imagine, the best way to mitigate the risks associated with any online application is through the implementation of secure systems, secure networks, and secure applications. With NonStop as the foundation, all that remains is to protect your application and network communications – and we’re here to help you do that with products and consulting services.
The release also mentioned the new NonStop BladeCluster Express 1.2, which allows the creation of complex enterprise data center systems spanning a large geographic area and thousands of processors. Other enhancements include the capability for improved business decision-making by aggregating “islands” of information across an enterprise. Can you say, “cloud computing?”
While other companies are just starting to talk about the cloud, XYPRO customers, like a large travel booking site, have been building clouds out of NonStop servers for many years. And not just any cloud, but a scalable, available, and secure cloud. So when a C-level exec drops by and asks what you are doing about cloud computing, just point to your NonStop Servers and let him or her know that everything is under control.
In other news, a hacker was able to break into the database of RockYou, which provides applications and services for social networking sites like Facebook and MySpace, and obtained 32 million clear-text passwords. For whatever reason, the passwords of RockYou’s customers were not encrypted and were an easy target. Now that the horse has left the barn, RockYou has found religion and is encrypting all passwords and reviewing their current data security features to ensure that they meet industry standards and best practices. Do you have ENCRYPTPASSWORD set for your UserID file? Have you upgraded from DES to HMAC256 encryption? Call our tech support line if you want assistance with either of these.
And speaking of encryption, watch for our own Scott Uroff’s article in the next issue of Connection magazine. This article will describe the various types of encryption algorithms and how they work, point out the limitations when using specific encryption methods, and address how important it is for companies to use approved and certified encryption modules within their infrastructure.
To close, I want to mention that just like XYPRO, the US government also is working on advancements in data protection. The FIPS 140-2 Level 2 standard to which we certify our encryption products dates back to May 2001. This is one year after the Zero Latency Enterprise (ZLE) was first introduced and the same year that HP announced the merger with Compaq. This is pre-NonStop SQL/MX and well before Integrity NonStop. As you can imagine, we could not agree more that the standard needs to be updated and our cryptographers are already evaluating any changes needed to comply with this new standard when it is published next year.
Sheila Johnson
Traditionally at XYPRO, we begin each February with a week of Kick-Off sessions. All of us gather at our California headquarters to assess the previous year and set plans for the future. It’s a time of concentrated information exchange and collaborative brainstorming, with all teams participating ‘across all the aisles’. It’s an opportunity to discuss changes in the market and our customers’ needs. We go over feedback from customers and partners regarding current requirements and anticipate what security functions will be needed, both to meet future compliance regulations and to thwart security threats. A high priority includes looking at our products and evaluating how to improve and repackage them so that customers can easily purchase the modules that they need and use them to their best advantage.
There are a number of exciting activities afoot with us, some of which we can share, and some of which we need to keep secret for just a bit longer. What I can tell you is that we cut our first deal with a Neoview customer, so we’re now protecting a high profile decision support system built from the ground up on the most scalable and available data warehouse platforms.
After my last column, an HP press release announced enhancements to our favorite system, the NonStop Server. It quoted Diederick de Buck, technical architect for NonStop systems at Rabobank, who said that, “Rabobank looks to HP NonStop technology to handle our mission-critical financial services applications and help mitigate risks associated with virtual banking.”
As you might imagine, the best way to mitigate the risks associated with any online application is through the implementation of secure systems, secure networks, and secure applications. With NonStop as the foundation, all that remains is to protect your application and network communications – and we’re here to help you do that with products and consulting services.
The release also mentioned the new NonStop BladeCluster Express 1.2, which allows the creation of complex enterprise data center systems spanning a large geographic area and thousands of processors. Other enhancements include the capability for improved business decision-making by aggregating “islands” of information across an enterprise. Can you say, “cloud computing?”
While other companies are just starting to talk about the cloud, XYPRO customers, like a large travel booking site, have been building clouds out of NonStop servers for many years. And not just any cloud, but a scalable, available, and secure cloud. So when a C-level exec drops by and asks what you are doing about cloud computing, just point to your NonStop Servers and let him or her know that everything is under control.
In other news, a hacker was able to break into the database of RockYou, which provides applications and services for social networking sites like Facebook and MySpace, and obtained 32 million clear-text passwords. For whatever reason, the passwords of RockYou’s customers were not encrypted and were an easy target. Now that the horse has left the barn, RockYou has found religion and is encrypting all passwords and reviewing their current data security features to ensure that they meet industry standards and best practices. Do you have ENCRYPTPASSWORD set for your UserID file? Have you upgraded from DES to HMAC256 encryption? Call our tech support line if you want assistance with either of these.
And speaking of encryption, watch for our own Scott Uroff’s article in the next issue of Connection magazine. This article will describe the various types of encryption algorithms and how they work, point out the limitations when using specific encryption methods, and address how important it is for companies to use approved and certified encryption modules within their infrastructure.
To close, I want to mention that just like XYPRO, the US government also is working on advancements in data protection. The FIPS 140-2 Level 2 standard to which we certify our encryption products dates back to May 2001. This is one year after the Zero Latency Enterprise (ZLE) was first introduced and the same year that HP announced the merger with Compaq. This is pre-NonStop SQL/MX and well before Integrity NonStop. As you can imagine, we could not agree more that the standard needs to be updated and our cryptographers are already evaluating any changes needed to comply with this new standard when it is published next year.
Sheila Johnson
Thursday, February 4, 2010
XYPRO to Sponsor & Present at MEXTUG
XYPRO is muy entusiasmados to be sponsoring and presenting at the upcoming MEXTUG. The one-day event is scheduled for 24, February and will be held at the HP offices in Mexico City, Mexico.
MEXTUG is packed with informative, timely presentations, not only from product experts, but also users themselves. See Agenda
Here’s a sneak peak
An educational presentation on the Native NonStopSecurity provided by Guardian, Safeguard and Atalla.
A representative from Raymond James will explain how they currently comply with HP NonStop security requirements, and future plans going forward.
A representative from Banorte will give a presentation on their successful experience monitoring & controlling of their operational environment as well as their ATM & POS network.
Attendees will also have the chance to participate in an interactive survey about future MEXTUG content.
Last but not least, XYPRO is sponsoring the raffle. Attendees have the chance to win an HP NetBook (must be present to win)—so be sure to register! View Agenda.
Lisa Partridge
MEXTUG is packed with informative, timely presentations, not only from product experts, but also users themselves. See Agenda
Here’s a sneak peak
An educational presentation on the Native NonStopSecurity provided by Guardian, Safeguard and Atalla.
A representative from Raymond James will explain how they currently comply with HP NonStop security requirements, and future plans going forward.
A representative from Banorte will give a presentation on their successful experience monitoring & controlling of their operational environment as well as their ATM & POS network.
Attendees will also have the chance to participate in an interactive survey about future MEXTUG content.
Last but not least, XYPRO is sponsoring the raffle. Attendees have the chance to win an HP NetBook (must be present to win)—so be sure to register! View Agenda.
Lisa Partridge
Thursday, January 28, 2010
Product Spotlight: Access PRO
Software that Addresses Your Auditing Concerns
How happy would you be to be able to solve NonStop PCI Requirements 7, 7.1, 7.2, 8, 8.1, 8.2, 8.5, 8.5.6, 8.5.8, 8.5.15, 8.5.16, 10, 12.3.8, and 12.3.9,with a single package from XYPRO?
XYGATE Access PRO software was designed with the fundamental HP NonStop security requirements in mind and addresses those issues most likely to concern an experienced security analyst or auditor as well as being required by compliance regulations.
Why Access PRO?
XYGATE Access PRO provides you with the following:
- Individual accountability, restricting each user to authorized actions based on that user's job function, all without the use of any shared user ids.
- Auditing as detailed as you need it to be (down to the keystroke)
- Logon to logoff session controls and load-balancing
- A convenient single spooler and peruse utility with advanced security and archiving functions.
Passing your audits will become a routine experience. Users will have the access and privileges they need to do their jobs, increasing resources available to focus on other areas that also affect profitability.
Detailed benefits of XYGATE Access PRO and the entire suite of XYGATE Security and Access Control software are highlighted in the free solutions papers available on our website: “PCI Compliance”, "SOX Compliance " and "HIPAA Compliance ". Visit www.xypro.com
Monday, January 25, 2010
Overwhelmed with PCI reporting requirements? XSW (part 3 of 3)
PCI compliance requires a diverse set of specific checks and reports on many different parts of an HP NonStop system; databases, security access, application models, networks, encryption, users, and so on. Manual HP tools each have unique export formats; some in a report-type format, but most as unstructured text, which is usually helpful at all. In fact, trying to create manual PCI reports for an HP NonStop system is a recipe for losing your hair!
Using XYPRO’s Security Compliance Wizard (XSW) you can load this diverse data into a consistent and query-able format, cutting PCI reporting down to size. XSW can then be used to create PCI reports in a standard printable format, regardless of whether the data concerns Users, Safeguard, disk files, PATHWAY, OSS files and directories, SQL/MX or Network information.
To start off, XSW provides you with over a hundred standard PCI reports and cross-references the PCI naming conventions to HP NonStop terminology, making it easier for you to complete the PCI reporting task. For cycles of compliance, as required for PCI, XSW automatically provides this service and gives consistency to the reporting and checking. So save your hair and time and get XSW!
-Ellen Alvarado
NonStop Security Specialist
Using XYPRO’s Security Compliance Wizard (XSW) you can load this diverse data into a consistent and query-able format, cutting PCI reporting down to size. XSW can then be used to create PCI reports in a standard printable format, regardless of whether the data concerns Users, Safeguard, disk files, PATHWAY, OSS files and directories, SQL/MX or Network information.
To start off, XSW provides you with over a hundred standard PCI reports and cross-references the PCI naming conventions to HP NonStop terminology, making it easier for you to complete the PCI reporting task. For cycles of compliance, as required for PCI, XSW automatically provides this service and gives consistency to the reporting and checking. So save your hair and time and get XSW!
-Ellen Alvarado
NonStop Security Specialist
Friday, January 15, 2010
Powerful software for managing disk resources on HP NonStop servers
In November 2009, XYPRO announced its strategic partnership with Merlon Software Corporation of Toronto, Canada. This partnership has already proven successful and we are very happy to be aligned with a company that provides the NonStop community such effective products.
XYPRO represents Merlon’s database management software solutions on a global scale, and today we would like to highlight their disk management solution, Discover. Discover provides a safe and efficient mechanism for monitoring disk resource usage on HP NonStop servers. It replaces manual methods of tracking disk and file growth, reduces the risk of human error, and frees up operations and support staff for other tasks.
Why Discover?
Most applications depend on the availability of sufficient disk space in order to function correctly. If a disk volume becomes short of free space, an application may not be able to allocate the disk space required in order to continue running.
In addition, individual disk files may only grow to a pre-configured size. If an application continually adds new data to a file it will eventually encounter a "no space" error condition - even if there is free space available on the disk.
Either of these situations can cause part, or all, of an application to become unavailable. Discover enables you to avoid these conditions by taking corrective actions before they occur.
Discover continuously monitors disk and file usage, and predicts potential disk full and file full conditions before they occur. You can configure Discover to automatically invoke corrective actions, or to alert an operator that manual intervention is required.
Discover’s key features include the following:
• Prevention of application outages due to disk or file full conditions
• Continuous monitoring of disk utilization
• "SpaceMaker" technology for improved disk space allocation
• File attribute monitoring
• Automatic reload of key sequenced files
• User disk space quotas
• Corrective measures initiated automatically
• Comprehensive reporting
• Worksheets
• Discover Utilities
• The Recycle Bin
• Backup and Archive Support
In addition, Discover is work-flow oriented. It organizes "action items" which are required in order to ensure the availability of your data. You can learn more about Discover and all of Merlon’s products by clicking here.
-Lisa Partridge
XYPRO represents Merlon’s database management software solutions on a global scale, and today we would like to highlight their disk management solution, Discover. Discover provides a safe and efficient mechanism for monitoring disk resource usage on HP NonStop servers. It replaces manual methods of tracking disk and file growth, reduces the risk of human error, and frees up operations and support staff for other tasks.
Why Discover?
Most applications depend on the availability of sufficient disk space in order to function correctly. If a disk volume becomes short of free space, an application may not be able to allocate the disk space required in order to continue running.
In addition, individual disk files may only grow to a pre-configured size. If an application continually adds new data to a file it will eventually encounter a "no space" error condition - even if there is free space available on the disk.
Either of these situations can cause part, or all, of an application to become unavailable. Discover enables you to avoid these conditions by taking corrective actions before they occur.
Discover continuously monitors disk and file usage, and predicts potential disk full and file full conditions before they occur. You can configure Discover to automatically invoke corrective actions, or to alert an operator that manual intervention is required.
Discover’s key features include the following:
• Prevention of application outages due to disk or file full conditions
• Continuous monitoring of disk utilization
• "SpaceMaker" technology for improved disk space allocation
• File attribute monitoring
• Automatic reload of key sequenced files
• User disk space quotas
• Corrective measures initiated automatically
• Comprehensive reporting
• Worksheets
• Discover Utilities
• The Recycle Bin
• Backup and Archive Support
In addition, Discover is work-flow oriented. It organizes "action items" which are required in order to ensure the availability of your data. You can learn more about Discover and all of Merlon’s products by clicking here.
-Lisa Partridge
Thursday, January 7, 2010
Use XSW create Safeguard access reports
(part 2 of 3)
If you are trying to make sense out of your tens of thousands of Safeguard records and ACLs, don’t expect Safeguard to help you. There is no HP tool that provides any level of extraction, except streamed text, and none to analyze access maps from Safeguard.
Using XYPRO’s Security Compliance Wizard (XSW) can create Safeguard access maps in minutes! XSW can generate Safeguard access maps for users or user groups and the access that is granted or denied across Safeguard ACL types, including patterns. These reports are a primary requirement of PCI, SOX and HIPAA.
-Ellen Alvarado
NonStop Security Specialist
If you are trying to make sense out of your tens of thousands of Safeguard records and ACLs, don’t expect Safeguard to help you. There is no HP tool that provides any level of extraction, except streamed text, and none to analyze access maps from Safeguard.
Using XYPRO’s Security Compliance Wizard (XSW) can create Safeguard access maps in minutes! XSW can generate Safeguard access maps for users or user groups and the access that is granted or denied across Safeguard ACL types, including patterns. These reports are a primary requirement of PCI, SOX and HIPAA.
-Ellen Alvarado
NonStop Security Specialist
Subscribe to:
Posts (Atom)