From the CEO's Desk

We all know that the sun never sets on the HP NonStop server empire—especially in the financial industry. Worldwide, a large number of credit card and funds transfer transactions are either switched or cleared by NonStop servers. And since the bulk of those mission-critical NonStop servers protect their confidential information with XYPRO software, we felt that it was time that we had a seat at the payments processing table.

But rather than sitting back and listening, we wanted to have an active voice, to ensure that the needs of our users were addressed as new standards were implemented. To get that seat, XYPRO joined the PCI Security Standards Council as a participating member, which allows us to work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.

Anyone who has read the PCI DSS knows that many of the requirements are aimed at so called “industry standard” servers and not big iron like the NonStop server. How many times have you been asked what anti-virus software is running on your server? Wouldn’t it be nice to stop hearing that question from your auditors?

In other news, the traditional NonStop Summit is back. Rather than hopping a plane to Las Vegas in summer, walking what seems like 4 miles from the hotel to the convention center every day, and fighting the crowds of gamblers and tchotchke divers hanging out at the Mandalay Bay, we get to be back among our own circle of friends just minutes from NonStop Central (or Cupertino, as Google Maps calls it). All of your favorite vendors have booths and are just as excited to be back in San Jose as I know all of you are. HP will be sending dozens of NonStop developers and product managers who can spend time with you to understand how to make their products better by meeting your needs.

In my last blog entry, I alluded to a number of exciting activities that I could not talk about—until now. If you’ve attended one or more Security SIGs, you’ll remember that the same requests get made over and over and every time HP recognizes that there are opportunities for improvement. Unfortunately, the development dollars just aren’t there to address every issue and HP needs to prioritize.

A substantial number of security upgrades have been made by HP, including longer passwords, better user management, a more secure password encryption algorithm, and so on. HP has been listening to you and over the past year, they quietly have been working to bundle selected third party products into the base NonStop OS.

At the summit, HP and XYPRO will jointly announce and demonstrate some of the most frequently requested security functionality being added to the NonStop OS at a low cost to customers. Current XYPRO customers don’t need to worry about past decisions or future support, since we have a migration path for you.

Watch for our press release later in September and be sure to drop by our booth at the Summit to see what’s cooking. If you just can’t wait, you can read Scott Uroff’s article in the July/August issue of Connect Magazine for a clue.

Before I close, I wanted to mention “The Most Significant Breach Of U.S. Military Computers Ever.” This has nothing to do with NonStop servers, or even HP. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.

It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. There is only one protection against rogue software or a rogue user in the enterprise and that is encryption at a very granular level. It will take an attacker a lot longer to steal your information if they need to do it one small piece at a time as it is displayed on someone’s screen than if they can just download an entire unencrypted file in one shot.

Scott Uroff wrote an article in the January/February issue of The Connection magazine that can help you understand the importance of selecting the right encryption algorithm and how to properly implement it. If you have questions, Scott will be at the XYPRO booth and the Summit to answer them.

Don’t pick up an unknown flash drive and connect it to your network, but do come to the NonStop Summit. See you there!

Sheila Johnson
XYPRO, CEO