Monday, July 11, 2011

Hard on the outside, soft and chewy on the inside…

The title refers to a great quote from a recent Tom Kemp article on Forbes.com http://blogs.forbes.com/tomkemp/2011/07/05/as-hacks-proliferate-new-security-technology-emerges-to-monitor-privileged-it-users/, explaining that the old way of securing a computer system (let only trusted people logon, then let them do whatever they want), no longer suffices.  Of course, on NonStop we’ve always had more control over our users than that, but it’s worth considering whether further improvements to security are in order. 

These days, with SOX, HIPAA and PCI regulations insisting that we more closely monitor all actions performed by all users, the “hard on the outside, chewy on the inside” approach is not enough.  Guardian and Safeguard allow some level of control over file access, and utility program execution, but do not give the fine-grained access control, nor the necessary level of auditing, that is required. 

The XYGATE Access PRO suite, and the Access Control module it includes, greatly extend the basic access control capabilities providing by the native NonStop security subsystem.  NonStop security administrators can control the specific commands and subcommands that each user can issue from any NonStop utility program.  Users can also be granted access to specific commands that would normally be outside their capabilities, meaning that shared access to Super and Manager IDs is no longer required for those users to be able to do their job.  All commands are audited, and full keystroke logging is also supported.

Once you have implemented more granular access control, the next step in securing your system is to put a good level of auditing in place.  The PCI Data Security Standard (DSS) requirement 10, for example, states “Track and monitor all access to network resources and cardholder data”.  What this means will be specific to your application and environment, but again, it will require more than the standard Guardian/Safeguard levels of security to achieve compliance. 

XYGATE Access PRO supports all this functionality, and has done so since 1990, back when PCI was just a glimmer in someone’s eye.  Whilst the NonStop has always had an enviable security record, my new colleagues at XYPRO have constantly been thinking of ways to ensure that our customers reduce their risk of finding themselves on the front page due to a security incident.  For more information on XYGATE Access PRO, see https://www.xypro.com/index.php?id=24 or contact me at andrew_p@xypro.com.

Andrew Price
Director, Product Management
XYPRO Technology Corporation

Thursday, July 7, 2011

Large European Payment Processor Selects XYPRO to Meet its HP NonStop Server Security and PCI-DSS Requirements.

(July 6, 2011) Simi Valley, CA – XYPRO today announced that Equens SE has successfully implemented its XYGATE suite of security and compliance solutions. Equens will leverage XYGATE to improve its HP NonStop security and achieve PCI-DSS (Payment Card Industry Data Security Standard) compliance.

Equens is one of the largest pan-European payment processors, leading the market for future-proof payments and card processing solutions. With clients and partnerships in multiple European countries and an annual processing volume of 9.7 billion payments and 3.9 billion POS and ATM transactions, Equens SE has a European market share of more than 12.5%.

“When our security team started its PCI-DSS compliance project, we faced the same dilemma as many other large firms,” said, Stefan Dusée, Equens’ Security and Control Manager.  “We needed a solution that would allow us to meet PCI-DSS as cost-effectively as possible, but also went well above the minimum standards set out by PCI-DSS, thus potentially future-proofing our security standards.”

Equens created a detailed list of requirements, prioritised from “essential” to “desired” and developed a comprehensive RFP. Equens determined that XYPRO’s XYGATE security, compliance and auditing suite offered the best solution to meet their existing and future security and audit needs.

The XYGATE security suite includes role-based access control (RBAC), keystroke audit, user management, real-time alerts, user authentication and the most comprehensive audit and compliance software available for the NonStop server. Equens is using XYGATE security software not only to make its systems as secure as possible, but also for essential, time/labor-saving functionality.

 “We’re confident we made the right choice in selecting XYPRO for our HP NonStop security and compliance enhancements,” said Dusée. “Configuring such an extensive range of products presented quite a challenge, but XYPRO has provided excellent support and training services and the new tools are proving to be worthy investments.”

Barry Forbes, XYPRO’s VP of Sales and Marketing said “We are thrilled to announce Equens’ selection of XYGATE for its PCI-DSS security requirements.  As a valued customer, we know that Equens will continue to enjoy the same security benefits and efficiencies all XYGATE customers are accustomed to.”

About XYPRO
Founded in 1983, XYPRO Technology Corporation is the market leader in HP NonStop server security, encryption, audit and compliance solutions.

www.equens.com


Barry Forbes, XYPRO VP of Sales and Marketing