Strong Authentication. The Device Is The Key™

NetAuthority irrefutably identifies and authenticates connected devices.

In today’s world of mobility, cloud computing, virtual workforces, social networks, and online businesses, stronger authentication for identity and access management is more critical than ever. Security vulnerabilities are skyrocketing and malicious attacks are being unleashed in unprecedented numbers with increasing sophistication, resulting in massive information and economic losses.

Identity and Access Management has historically focused on the attributes of a person’s identity. User ID and passwords are still often the only form of authentication used by organizations.   Traditional forms of multi-factor authentication are not designed to address the explosive growth in internet-connected devices and online activity and are unable to meet the needs of scalability, ease of use, affordability, and mass-deployment that the online-connected world requires.

Today’s organizations are faced with the following challenges:

•  Knowing the devices that are connected to applications and networks without owning them
•  Knowing that the devices accessing the network are actually in the hands of authorized users
•  Implementing access authentication solutions that are secure, cost-effective, easy-to-use, and highly scalable
•  Implementing access authentication solutions that provide flexibility and multi-dimensional security that complements existing systems and infrastructure
•  Ensuring that regulatory compliance requirements and security best practices are addressed

NetAuthority’s Device Authentication Services addresses these issues and more through:

•  Irrefutable identification of the device via its Dynamic Device Key and links the user with the identified device, for strong authentication security.
•  Notifications and alerts providing organizations with immediate visibility to unauthorized users attempting to gain access, unauthorized devices, and more.  Organizations are now empowered to quarantine or even blacklist devices for greater security.
•  Flexible, mass-deployable, user transparent, and cost-effective strong authentication solution, unlike other “something I have” authentication methods.
•  Secure service API to interface with existing user management systems,monitoring systems,and log management solutions to leverage prior investment
•  SaaS-based service, so strong authentication can easily be implemented based on an organization’s assessment of risk and information assets.
•  Satisfying regulatory and best practices requirements for strong authentication and compliance.

NetAuthority’s Device Authentication Service provides strong authentication security with unprecedented control and visibility to both the Who and What is accessing online applications, accounts and information.

To learn more about our Device Authentication Service for strong authentication and compliance, please contact us at netauthority@xypro.com


Barry Forbes
VP of Sales & Marketing
XYPRO Technology Corporation

www.xypro.com

HP Discover 2012 – Whatever’s happening in Vegas, it’s NonStop!

I’ve just returned from HP’s biggest user event for the year, Discover 2012.  As we from the NonStop crowd have come to expect, this years’ conference was large and impressive – similar to what we’ve seen in previous years.  I for one was pleasantly surprised with the conference layout this year.  There’s no getting around the fact that, as a conference hosting towards 15,000 people, there’s going to be some significant distances (and crowds!) involved, but this year it seemed easier to find what you were looking for, with other things like registration and meals handled better than previously.  One standout improvement was the location of the NonStop partners – we had our own signposted area, co-located with the HP NonStop group, which meant much less traipsing back and forth to engage with our HP colleagues.

In terms of content, we saw some excellent keynote sessions.  Meg Whitman took the stage on Tuesday morning to outline her three-pronged corporate strategy, focussed on cloud, security and information optimisation (or big data management).  This in turn was layered over the 4 main areas of offering that HP provides – infrastructure, software, services and solutions.  All good stuff.  Meg went on to discuss a number of HP customer case studies, which (by my count) were all NonStop customers, perhaps bar one.  State Bank of India, a massive NonStop user in the card payments space, was one example, and as we all know, they’ve been happy NonStop users for many years.  It was great to see NonStop getting such prominence, even if it was implied – and this fact was referred to by other HP NED/BCS execs over the coming days.  Meg then introduced Jeffrey Katzenberg, from Dreamworks, who gave a very entertaining presentation, including live animals (!), and a sneak-peak of the upcoming Madagascar movie – some of the stats around production of a Dreamworks animated presentation are quite astounding.  The 2 ½ minute Madagascar promo that we saw took an amazing 6TB of storage.  Three seconds of animation can take a skilled animator a week to complete.  Each movie takes an average of 5 years to produce, and 3D is complicating things even further.  Of course, HP provides the infrastructure that underpins everything Dreamworks does, and this was refreshing to hear from such a creative environment where hardware components are often assumed to be of a different flavour.

Other notable sessions included the HP NonStop: The Platform for Continuous Business, presented by Ric Lewis and Randy Myer, which for most of us was our first chance to see Ric presenting on NonStop.  He came across as very aware of the value that NonStop brings to HP, and very understanding of the considerable legacy that a lot of us bring to the NonStop environment.  Everyone at the show seemed extremely upbeat about the enthusiastic way Ric has jumped into his role.  If you want to hear more from Ric and Randy, I would recommend this interview that they gave at the show: http://t.co/XGTj3Fq2 

Closer to home, Karen Copeland, NonStop Security Product Manager, presented a couple of times on NonStop security.  It’s always great to see what’s coming up in this critical area, and it’s even nicer when you see a few of your products forming an important part of the HP product roadmap.  As usual, Karen did an excellent job.

Another interview I’ve come across since the show completed is Rafal Los (Twitter: @Wh1t3Rabbit), Chief Security Evangelist at HP, interviewing HP NED Master Technologist Justin Simmonds – Raf is well known in security circles and Justin does a great job of bringing him up to speed on NonStop.  Take a listen at http://bit.ly/Ks8Cez.

Wednesday evening saw the hosting of the NonStop Community Reception, which was held thanks to the generosity of twenty-one NonStop vendors, at the Grand Lux Café.  This turned out to be a fantastic event, not just for catching up with old friends, but for making new ones as well, with many different vendors and NonStop users represented.  Indeed, we estimated there to be over 200 people there at the peak of the gathering – it got quite cozy in that relatively small room!  Still, a great night – thank you again to all the vendors who helped make it possible.

Things started winding down on Thursday, with many having just enough energy to checkout the entertainment for the week – Sheryl Crow and Don Henley.  Excellent food and cocktails were a welcome accompaniment to some fantastic music.

All in all, another excellent conference.  We look forward to the NonStop Technical Boot Camp that was just announced for San Jose Oct 14-16, and to doing it all again in Vegas next year!

Andrew Price

XYPRO Technology Corporation
HP NonStop Server Security
and Encryption Solutions

XYPRO Technology to Distribute Voltage SecureData Encryption Solution

Voltage’s FPE, Tokenization, and Masking solutions added to XYPRO’s comprehensive security offerings

XYPRO Technology Corporation, the market leader in HP NonStop server security, audit, compliance, and FIPS-validated encryption solutions, today announced that it would begin reselling the Voltage SecureData solution suite, to complement its existing NonStop security products.

Voltage SecureData is a comprehensive data-centric security solution, uniting end-to-end encryption, tokenization and data masking for the protection -- end-to-end – of sensitive information, including data subject to compliance, such as PCI DSS, and without impacting business process, work flow and applications. Leveraging patented technology and solution innovations, including Voltage Identity-Based Encryption™ (Voltage IBE™) and Voltage Format-Preserving Encryption™ (Voltage FPE™), Voltage SecureData is the most comprehensive data protection platform, securing data as it is captured, processed and stored across the variety of devices, operating systems, databases and applications. It is used by corporate enterprises, financial institutions, healthcare organizations, government agencies, utilities, retailers and service providers.

“XYPRO is extremely pleased to bring the Voltage SecureData solution to our customers,” said Andrew Price, director, Product Management at XYPRO. “As PCI, GLBA, Basel III, OCC, HIPAA, FISMA, FedRAMP, FERC, NERC and other compliance regulations continue to demand protection of sensitive data, our customers need a range of options for that protection. Voltage SecureData, with its support for Format-Preserving Encryption, tokenization and data masking is the most comprehensive enterprise-wide solution for end-to-end data encryption.”

"We are excited to add XYPRO to our list of global distributors. As the technology and market leader in data-centric security for the NonStop platform, this was a logical step for us, and we look forward to helping XYPRO customers meet their data security and compliance requirements,” said Jeremy Stieglitz, vice president of Business Development, Voltage Security.

About XYPRO
Founded in 1983, XYPRO Technology Corporation is the market leader in HP NonStop server security, audit, compliance assessment and FIPS-validated encryption solutions. XYPRO solutions meet the strict requirements of companies who manage, access and transport sensitive data using heterogeneous hardware platforms and multiple communications media. XYPRO helps mission critical businesses manage their security risks, protect assets and gain a competitive edge through compliance, while improving efficiency.
 www.xypro.com

About Voltage
Voltage Security®, Inc. is the world leader in providing data-centric encryption and key management solutions for combating new and emerging security threats. With innovative, powerful and easy-to-use encryption and tokenization solutions for protecting sensitive business data, Voltage customers are able to address privacy regulations and best practices from around the world. Voltage customers adopting data-centric encryption include some of the largest companies in the world across a wide variety of industries including payments, financial, insurance, medical, e-commerce and more. Voltage solutions include three groundbreaking encryption approaches: Identity-Based Encryption™ (IBE), Format-Preserving Encryption™ (FPE), and Page-Integrated Encryption™ (PIE). Voltage solutions have changed how enterprises protect their most valuable assets—their customer data. Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureData Payments™, Voltage SecureFile™, Voltage SecureData Web™ and Voltage Cloud Services™, which provides cloud scale encryption and key management for their businesses, partners and customers. The company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. To learn more about Voltage customers please visit voltage.com/customers.

###

Voltage Identity-Based Encryption, Voltage Format-Preserving Encryption, Page Integrated Encryption, Voltage SecureMail, Voltage SecureData, Voltage SecureData Payments, Voltage SecureData Web, Voltage SecureFile, and Voltage Cloud Services are trademarks of Voltage Security, Inc. All other trademarks are property of their respective owners.

Join XYPRO for Our Next Two Webinars Covering: Database Management and Security & Compliance Professional Services

Database Management  May 24, 2012 - 8:00 AM Pacific

Register Now


Database Management Solutions for the HP NonStop. XYPRO offers Merlon Software Corporation’s database management software solutions on a global scale. Merlon’s products provide companies who rely on NonStop servers for storing and processing vast amounts of data with the means to efficiently administer even the most complex database environments.  Join Ken Waterson (Merlon Software) and Kevin Boham (XYPRO) for a comprehensive overview of Merlon-The Total NonStop Database Solution.  Register Now.

Security & Compliance Professional Services - May 31, 2012 - 8:00 AM Pacific

Register Now

Security & Compliance Professional Services Webinar: The mission of XYPRO’s Professional Services group is to not only service what we sell, but to make the process as painless, efficient and robust as possible. From project management for our products and services to training and support, our aim is to ensure your operational readiness and security. Partnering with XYPRO Professional Services guarantees the products are effective, efficient and fully implemented.  This webinar will explain the benefits of leverageing the XYPRO PRO Services in detail, with additional emphasis on XYPRO’s PCI XPress Service, a comprehensive offering covering all aspects of PCI compliance as it relates to your NonStop server.  Register Now.

Barry Forbes

VP of Sales & Marketing

XYPRO Technology Corporation

www.xypro.com

Shedding Some Light on SCTUG

At the spring SCTUG we had the pleasure of having Randy Meyer, Director NonStop Product Management, Strategy & Technology-HP, do a presentation on the “Nonstop roadmap for the next 3 years and beyond”. This presentation focused on data center elasticity, converging systems onto both the private and public cloud, and touched on their relationship with Intel and how that influences changes in the future.

One very interesting bit of information Randy mentioned was that they are currently in the works to sell several  blades to a few very large mobile phone carriers in Japan. The purpose of these systems was to create a gateway to allow U.S. phones to work in Japan, creating essentially a “GSM Phone Gateway”.

Our next presentation was done by Randy Ireland and Khody Khodayari of NTS, where they showed off their new performance analyzer, NTS Bridge. It collects all of its metrics from the NonStop using under-the-covers system calls and uploads it into the NTS group. It then analyzes the data, running it through multiple sets of analyzers, then it compiles a report within minutes and sends it back to the customer.  The report outlines possible pitfalls, system degradation and can pinpoint system issues and specific timeframes, which allows the customer to play back the data to make tuning decisions. They also build a gadget that shows the status of every NonStop in your infrastructure. It is no different than a system monitoring system, but they condensed it down to a Windows desktop gadget. One thing they kept pointing out was that these systems were basically built by kids fresh out of school without any NonStop experience. The presenters reiterated several times that you don’t need to have NonStop experience to work on NonStop.

Justin Simond’s, Master Technologist Enterprise Architect - HP, presentation "Migrating from Oracle to Nonstop" was focused on the external costs and overhead of running on Oracle vs. the Nonstop. He highlighted several benefits of running dbs on NonStop, lower DBA costs, size of the database, number of transactions etc. This was certainly the most technically detailed of the presentations.

Jay Price
Sales Representative
XYPRO Technology Corporation
www.xypro.com

Does the P in PCI stand for “Painful”?

Let’s see if we can do something about that…

At a recent tradeshow I attended, I was involved in many customer discussions about PCI DSS.  PCI compliance continues to be a big deal for many HP NonStop users, and the issue isn’t going away.  Indeed, the card schemes are mandating PCI compliance in more and more countries for the card issuers, in addition to the merchant acquirers who have had to be compliant for some time now.

Many software vendors offer products that assist with PCI compliance, but at the end of the day, compliance is an ongoing process, not just a product.  For a lot of organizations who process Cardholder Data (CHD), achieving compliance will take a multi-month project.

At XYPRO we’ve been helping customers achieve PCI compliance for many years – as one of our customers said sometime back “XYGATE software was integral to us achieving PCI compliance” – so we’ve spent some time thinking about how we can make that process less painful, quicker, and more manageable.

The result of that thinking is XYPRO’s latest product and services solution bundle – XYGATE PCI XPress.  XYGATE PCI XPress consists of the XYGATE products and functionality required to achieve PCI compliance, along with a set of packaged services to simplify your PCI DSS compliance process.  XYGATE PCI XPress ensures that:

• CHD is only accessible by authorized users and processes
• Role-based access controls are in place
• All necessary NonStop resources are secured according to the granular subject-operation-object model
• Access to any/all sensitive data and applications is tracked
• All relevant security and audit events are centralized, and optionally sent to your Security Information and Event Management (SIEM) device of choice
• Users can be authenticated against whichever user data store is in use in your environment, be it RSA SecurID, Active Directory, LDAP, or many other sources
• All necessary Best Practises are being followed

Many other important areas are also covered.

When installed and configured through the XYGATE PCI XPress package, XYGATE PCI XPress will help address at least 9 of the 12 high-level PCI requirements.

As part of the PCI Package, XYPRO will also provide a statement of work covering the services to be provided to implement these products, along with other system configuration work that will be required.  A project plan outlines all steps that we will undertake, all tasks that the customer is required to perform, and those that we will perform together.  Realistic timeframes are provided, and we will optionally manage the entire project if required.

From the onset of the project on through to its completion, we may also be engaged to coordinate with your QSA to ensure that your NonStop platform and application compliance proceeds smoothly. What could be simpler?

Our new Manager of Professional Services, Sales Support and Education, Rob Lesan, has put this solution together. If you would like more information on XYGATE PCI XPress, please contact Rob or me.

Andrew Price
Director, Product Management
Andrew_P@xypro.com
XYPRO Technology Corporation

Rob Lesan
Manager of Professional Services
Rob_L@xypro.com
XYPRO Technology Corporation

XYPRO Announces Global Distribution Agreement with IdentityForge

XYPRO to exclusively distribute the IdentityForge Advanced Adapter for HP NonStop servers

SIMI VALLEY, Calif.--XYPRO® Technology Corporation, specialists in HP NonStop server software since 1983, have announced their agreement to become the exclusive worldwide distributors of the IdentityForge (IdF) Advanced Adapter for the HP NonStop server.

Centralized User Provisioning is becoming an important solution to enterprise security, and helps to reduce the risk of data breaches. Identity Management solutions are widely deployed in many enterprise environments, but prior to the IdF Advanced Adaptor for HP NonStop, NonStop, users could not be managed by those Enterprise Identity Management systems. The IdF Advanced Adapter provides an industry standard, enterprise LDAPv3 interface for User and Alias provisioning and reconciliation and native real-time, bi-directional identity synchronization between the HP NonStop server and your enterprise identity management infrastructure or external application.

“Becoming a worldwide distributor for the IdF Advanced Adapter is another step XYPRO has taken to further our global footprint and reinforce our position as a worldwide leader of HP NonStop server security software and solutions,” said Lisa Partridge, President at XYPRO.

Using the IdF Advanced Adapter, the Oracle Identity Manager for User Provisioning and Identity Management can fully participate with the HP NonStop server software. The same is true for RACF, ACF2, TOP Secret, RED HAT, Oracle Solaris, Salesforce CRM, or HP /UX – the IdF Advanced Adapter for NonStop is compatible with them all.

“IdentityForge is excited to be working with XYPRO Technology, the acknowledged leader in HP NonStop security. This partnership was a natural fit for us as we look to expand our footprint in the NonStop market, and other mission critical environments,” said Chad Cromwell, Chief Technology Officer at IdentityForge.

This release of the HP NonStop (Tandem) Advanced Adapter includes certified, “out-of-the-box”, integrated solutions for Oracle Identity Manager (OIM), Microsoft Forefront Identity Manager (FIM 2010), IBM Tivoli (ITIM), SAP Netweaver, CA Identity Manager, VOICETRUST Biometrics, the Dot NET Factory EmpowerID, and any other standard LDAPv3 Client or LDAP Adapter. Businesses worldwide are already benefiting from the HP NonStop Advanced Adapter by utilizing the Oracle Identity Manager (OIM) NonStop solution to automatically incorporate NonStop accounts into their existing Identity Management infrastructure.

Read more news at: https://www.xypro.com/xypro/resources/news

Barry Forbes

VP of Sales & Marketing

XYPRO Technology Corporation

www.xypro.com