Well, another very successful SunTUG meeting just finished and, while there were other important topics (e.g., modernization, integration, replication), the predominant area of discussion was data security. The focus on protecting sensitive data makes a lot of sense given that the SunTUG user community is composed of many sophisticated HP NonStop customers in industries like payments, financial services, and telecommunications.
Recently, HP made big news when it announced the acquisition of Voltage Security—the industry leader in Format Preserving Encryption (FPE) and Secure Stateless Tokenization (SST). SunTUG 2015 was the first HP NonStop user group meeting since that announcement and it was a great opportunity to highlight Voltage’s unique approach to data-centric security and Voltage’s partnership with XYPRO for the HP NonStop area.
Voltage and XYPRO coordinated their sessions to provide a two-part series on data protection for the enterprise and for the HP NonStop—these were the session titles with links to the presentations:
Part 1: Voltage Security: Data-centric Security for HP NonStop and Enterprise-wide Environments
Part 2: XYPRO: Optimizing Voltage Tokenization and Encryption for HP NonStop Environments
The 2-part series went very well—here’s a summary from those sessions of what differentiates the combined Voltage and XYPRO solution:
Voltage Security provides industry-leading tokenization and encryption
• Standards-based: all cryptography is standards based (AES) and
publicly validated
• Industry-proven: used by large payment processors, financial
institutions, retailers, and telcos
• Multi-platform support: HP NonStop, z/OS, Solaris, Windows,
Linux, Stratus, AIX, etc.
• Support for wide variety of data types: payments, other PII
(e.g., SSN, DoB)
• Stateless key management: no keys to store, manage or
distribute/replicate
• Flexible: full/partial encryption, masked, and tokenized data from the same interface
• Runs natively on NonStop: tokenization and encryption happen
natively on NonStop
View the Voltage Presentation
XYPRO XDP optimizes Voltage for NonStop environments
• No application changes required on NonStop
• Support for nowaited/non-blocking encryption/tokenization
• Support for NonStop’s OS personalities and executable types
• Multiple language support: C, TAL and COBOL
• Distributed architecture provides fault-tolerance, parallelism
and scalability
• Built-in access control and auditing, as with all XYGATE products
View the XYPRO Presentation
More information about XYGATE Data Protection (XDP) is available on XYPRO’s website.
Finally, a couple short, heart-felt notes of appreciation: SunTUG 2015 was, as usual, a very well run affair with strong attendance—thank you SunTUG team and HP NonStop users! Also, thank you to the HP team for your presentations and involvement—your updates on the HP NonStop business and technology were exciting and provided a great start to an energetic conference.
Ken Scudder
Business Development and Strategic Alliances
XYPRO Technology Corporation
Tuesday, March 10, 2015
Tuesday, February 17, 2015
The Shelf is for the Elf, Not Security
Businesses are managing more data than ever—and spending more money, year after year, to protect that data. Yet spending money on security doesn’t equate to actually being secure.
A recent study by Osterman Research discussed how prevalent the “shelfware” problem is becoming. The report showed that businesses spent an average of $115 USD per user on security software, hardware and services in 2014, an increase of 44% from 2013, yet nearly 30% of that security investment was underutilized or never implemented.
Small businesses, those with less than 1,000 users, were impacted more, with an average spending of $157 per user, yet the same underutilization pandemic still exists.
“The numbers were pretty eye popping,” said Josh Shaul, Trustwave’s vice president of product management. “We expected some security software on the shelf. What we found was companies are pouring money down the drain, while the folks approving these purchases are getting a false sense of security.”
Considering the security landscape we currently live in, CEOs, CISOs and board members have taken notice. Cybersecurity is now just as important in the board room as the bottom line. The problem is now important enough to where non-technology business leaders put more emphasis on security. No one wants their company to be the next Sony or Anthem (from a data breach perspective). Budgets are being allocated and money is being spent on protections, but, as the Osterman Research study shows, a large part of that security investment is sitting around doing nothing—it’s unimplemented shelfware.
As you’re reading this, you’re probably looking over at your white board thinking “Yeah, we still have to implement that”. Trust me, you’re not alone.
So why are security solutions sitting around collecting dust?
The main reasons – IT departments are just too busy to properly implement what was purchased. Revenue generating tasks and keeping the engine running take precedence over something that may happen. This is followed closely by not having enough staff available and not understanding the purchased software well enough. According to the same report, the year 2014 finished with 49% of security positions left unfilled.
Interestingly enough, the least serious reason contributing to not getting security properly implemented was the IT staff not understanding the security problems they faced. On the contrary, IT understands the security problems and threats to the organization very well, they just lack the resources to implement the right solutions.
So how do you solve the problem?
Vendor professional service groups and security service providers can help ensure security technologies are properly installed, monitored and maintained throughout their lifecycle. The report surveyed that 79% of IT professionals believe leveraging managed services would reduce or eliminate the possibility that security goes unused in their organization.
XYPRO’s Professional Services Team is regularly brought in by Fortune 1000 companies to perform security assessments of HP NonStop server environments. Our XYPRO PS team ensures XYGATE security products such as Merged Audit and User Authentication, which have been shipped with the operating system as part of the NonStop security bundle on all new HP NonStop servers since late 2010, are properly configured and deployed to address your organizations specific needs. Whether those needs are auditing, compliance, monitoring, or help with your overall security initiative, XYPRO’s PRO Services Team can be an invaluable partner to protect your business and the investment you’ve made in security.
And that can help everyone sleep better at night. Unless you have one of those elves. They’re creepy.
Steve Tcherchian, CISSP
XYPRO Technology
A recent study by Osterman Research discussed how prevalent the “shelfware” problem is becoming. The report showed that businesses spent an average of $115 USD per user on security software, hardware and services in 2014, an increase of 44% from 2013, yet nearly 30% of that security investment was underutilized or never implemented.
Small businesses, those with less than 1,000 users, were impacted more, with an average spending of $157 per user, yet the same underutilization pandemic still exists.
“The numbers were pretty eye popping,” said Josh Shaul, Trustwave’s vice president of product management. “We expected some security software on the shelf. What we found was companies are pouring money down the drain, while the folks approving these purchases are getting a false sense of security.”
Considering the security landscape we currently live in, CEOs, CISOs and board members have taken notice. Cybersecurity is now just as important in the board room as the bottom line. The problem is now important enough to where non-technology business leaders put more emphasis on security. No one wants their company to be the next Sony or Anthem (from a data breach perspective). Budgets are being allocated and money is being spent on protections, but, as the Osterman Research study shows, a large part of that security investment is sitting around doing nothing—it’s unimplemented shelfware.
As you’re reading this, you’re probably looking over at your white board thinking “Yeah, we still have to implement that”. Trust me, you’re not alone.
So why are security solutions sitting around collecting dust?
The main reasons – IT departments are just too busy to properly implement what was purchased. Revenue generating tasks and keeping the engine running take precedence over something that may happen. This is followed closely by not having enough staff available and not understanding the purchased software well enough. According to the same report, the year 2014 finished with 49% of security positions left unfilled.
Interestingly enough, the least serious reason contributing to not getting security properly implemented was the IT staff not understanding the security problems they faced. On the contrary, IT understands the security problems and threats to the organization very well, they just lack the resources to implement the right solutions.
So how do you solve the problem?
Vendor professional service groups and security service providers can help ensure security technologies are properly installed, monitored and maintained throughout their lifecycle. The report surveyed that 79% of IT professionals believe leveraging managed services would reduce or eliminate the possibility that security goes unused in their organization.
XYPRO’s Professional Services Team is regularly brought in by Fortune 1000 companies to perform security assessments of HP NonStop server environments. Our XYPRO PS team ensures XYGATE security products such as Merged Audit and User Authentication, which have been shipped with the operating system as part of the NonStop security bundle on all new HP NonStop servers since late 2010, are properly configured and deployed to address your organizations specific needs. Whether those needs are auditing, compliance, monitoring, or help with your overall security initiative, XYPRO’s PRO Services Team can be an invaluable partner to protect your business and the investment you’ve made in security.
And that can help everyone sleep better at night. Unless you have one of those elves. They’re creepy.
Steve Tcherchian, CISSP
XYPRO Technology
Monday, February 9, 2015
HP’s Voltage acquisition great for XYGATE Data Protection
Here at XYPRO we’ve been very pleased at the news of HP acquiring Voltage Security.
XYPRO, as a long time partner of both Voltage and HP, sees the acquisition as a great fit. XYPRO already works with Voltage Security to optimize SecureData for the HP NonStop platform, and provides a range of capabilities to quickly and easily implement on HP NonStop. With XYGATE Data Protection (XDP) customers can take advantage of SecureData’s range of data protection options, including Format Preserving Encryption (FPE) and Secure Stateless Tokenization (SST) with no changes to NonStop applications or their databases. XDP adds the following critical NonStop-specific capabilities:
- Support for both Native (code 800) and non-Native (code 100)
applications
- Support for applications written in any HP NonStop-supported
language
- Nowaited/non-blocking encryption calls
- Built-in access control and auditing, as with all XYGATE products
- Intercept library for environments where the customer’s application
cannot be changed
- Simple SDK for environments where full application control is
preferred
- Integration with a full range of Voltage SecureData APIs, allowing for
all data types to be easily protected
- Support for all NonStop databases – Enscribe, SQL/MP and SQL/MX
The XDP solution fully supports Voltage’s approach to data centric security, allowing for data to be protected right across the enterprise, from the point of acquisition of the sensitive data, through the HP NonStop, and on to whatever other platforms and applications need that data.
For more information about XYGATE Data Protection click here.
XYPRO extends congratulations to both Voltage and HP. We look forward to continuing our strong partnership with these two great companies.
Andrew Price
VP Technology
XYPRO Technology Corporation
XYPRO, as a long time partner of both Voltage and HP, sees the acquisition as a great fit. XYPRO already works with Voltage Security to optimize SecureData for the HP NonStop platform, and provides a range of capabilities to quickly and easily implement on HP NonStop. With XYGATE Data Protection (XDP) customers can take advantage of SecureData’s range of data protection options, including Format Preserving Encryption (FPE) and Secure Stateless Tokenization (SST) with no changes to NonStop applications or their databases. XDP adds the following critical NonStop-specific capabilities:
- Support for both Native (code 800) and non-Native (code 100)
applications
- Support for applications written in any HP NonStop-supported
language
- Nowaited/non-blocking encryption calls
- Built-in access control and auditing, as with all XYGATE products
- Intercept library for environments where the customer’s application
cannot be changed
- Simple SDK for environments where full application control is
preferred
- Integration with a full range of Voltage SecureData APIs, allowing for
all data types to be easily protected
- Support for all NonStop databases – Enscribe, SQL/MP and SQL/MX
The XDP solution fully supports Voltage’s approach to data centric security, allowing for data to be protected right across the enterprise, from the point of acquisition of the sensitive data, through the HP NonStop, and on to whatever other platforms and applications need that data.
For more information about XYGATE Data Protection click here.
XYPRO extends congratulations to both Voltage and HP. We look forward to continuing our strong partnership with these two great companies.
Andrew Price
VP Technology
XYPRO Technology Corporation
Monday, February 2, 2015
XYPRO Welcomes an Already Exciting 2015!
Lisa Partridge, CEO
2014 was an eventful year for XYPRO. It was a year of
changes in leadership and infrastructure improvements driven by our belief that
our customers’ requirements and experience are at the center of everything we
do. The management buy-out announced at the end of April was a significant
moment in XYPRO’s evolution and generated lots of energy and excitement on our
team. As a pioneer in the HP NonStop server space since 1983, and as
specialists in mission critical security since 1990, XYPRO is strongly positioned
to continue to innovate and grow with HP, the industry and our customers.
We are particularly thrilled to be extending the security
capabilities of the flagship XYGATE suite of security and encryption solutions
to the new HP NonStop X platform. We partnered with HP to port and test the
XYGATE software that is part of the NonStop Security Bundle shipped on the new
platform, as well as the entire XYGATE suite. XYGATE is ready for generation
NonStop X!
I’m also pleased to be able to report another year of record
growth for XYPRO. Not only have we increased both XYGATE and partner product
sales but we’ve also made great strides in our human resourcing, adding great
new talent to the XYPRO team. We’ve welcomed people to XYPRO that bring new
skills, enthusiasm and experience to our engineering, finance, services and
sales organizations. Additionally, our intern program burst forth in 2014, with
nearly a dozen young people contributing to our cultural innovation and
operational improvements across all departments.
2014 was also a year where cyber-crime and data breaches
were too frequently headline news. XYPRO implemented processes and incident
management procedures that allowed us to be agile and respond rapidly to
multiple public vulnerability announcements and the concerns and questions from
our customers quickly, thoroughly and efficiently.
One of our most important core values is “Care Enough”.
Quality is the result when you care enough to make sure it’s right. This core
value, implemented company-wide is a cornerstone of the XYPRO culture. Another
one of our tenets is striving for “Operational Excellence”. As XYPRO continues
to grow and support more customers than we ever have before, we are making sure
to focus on the fundamental building blocks of process and procedure,
continually fine-tuning them to improve the quality and predictability of our
releases. The new team members have specific experience in this area and the
metrics we gather during and following a release are analyzed for areas of improvement.
The significance of these processes get communicated regularly to the entire
company, reinforcing everyone’s role in operational excellence and
acknowledgment of everyone’s contribution to the end result.
XYPRO is committed to continuing to strive for excellence in
everything we do, to always maintain open communication channels, and to keep
our customers’ experience our central focus. When you make the effort to ensure
you’ve done all you can to answer that question, fulfill that request, meet that
deadline, or discover the solution – we all win.
At XYPRO, one of our top priorities for 2015, is bringing
Data-Centric Security to the HP NonStop community. XYGATE Data Protection
(XDP), in partnership with Voltage Security, provides enterprise-wide, Format
Preserving Encryption (FPE), Secure Stateless Tokenization (SST) and Key
Management. No keys to manage, store or distribute.
https://www.xypro.com/xypro/products/xygate_data_protection
Also, as we move into high gear for 2015, I’d like to point
you to the summary of a very informative blog series published over the course
of last year: XYPRO’s Top 10 HP NonStop Security Fundamentals:
http://blog.xypro.com/?p=534 Protecting mission-critical systems has many
aspects and can seem overwhelming at times; XYPRO’s Top 10 security blog
outlines the most important security considerations for the HP NonStop to
ensure that those systems have strong security, in addition to
high-availability and fault-tolerance.
Finally, we recognize you run your most important business
applications and processes on the HP NonStop server and keeping it safe from
data loss, tampering or even inadvertent harm is mission critical. We
appreciate the trust our customers place in XYPRO solutions and services to
help them protect those systems. We’re looking forward to 2015, and another
successful year serving the HP NonStop community.
Subscribe to:
Posts (Atom)