Monday, July 11, 2011

Hard on the outside, soft and chewy on the inside…

The title refers to a great quote from a recent Tom Kemp article on Forbes.com http://blogs.forbes.com/tomkemp/2011/07/05/as-hacks-proliferate-new-security-technology-emerges-to-monitor-privileged-it-users/, explaining that the old way of securing a computer system (let only trusted people logon, then let them do whatever they want), no longer suffices.  Of course, on NonStop we’ve always had more control over our users than that, but it’s worth considering whether further improvements to security are in order. 

These days, with SOX, HIPAA and PCI regulations insisting that we more closely monitor all actions performed by all users, the “hard on the outside, chewy on the inside” approach is not enough.  Guardian and Safeguard allow some level of control over file access, and utility program execution, but do not give the fine-grained access control, nor the necessary level of auditing, that is required. 

The XYGATE Access PRO suite, and the Access Control module it includes, greatly extend the basic access control capabilities providing by the native NonStop security subsystem.  NonStop security administrators can control the specific commands and subcommands that each user can issue from any NonStop utility program.  Users can also be granted access to specific commands that would normally be outside their capabilities, meaning that shared access to Super and Manager IDs is no longer required for those users to be able to do their job.  All commands are audited, and full keystroke logging is also supported.

Once you have implemented more granular access control, the next step in securing your system is to put a good level of auditing in place.  The PCI Data Security Standard (DSS) requirement 10, for example, states “Track and monitor all access to network resources and cardholder data”.  What this means will be specific to your application and environment, but again, it will require more than the standard Guardian/Safeguard levels of security to achieve compliance. 

XYGATE Access PRO supports all this functionality, and has done so since 1990, back when PCI was just a glimmer in someone’s eye.  Whilst the NonStop has always had an enviable security record, my new colleagues at XYPRO have constantly been thinking of ways to ensure that our customers reduce their risk of finding themselves on the front page due to a security incident.  For more information on XYGATE Access PRO, see https://www.xypro.com/index.php?id=24 or contact me at andrew_p@xypro.com.

Andrew Price
Director, Product Management
XYPRO Technology Corporation

No comments:

Post a Comment