At XYPRO, we are committed to not only improving our existing product line but also paying close attention to our customers’ requests. We’ve always enjoyed an open communication with our customers and the market and in 2011 we plan even more dedication to that cause. One of the ways we’re doing that is through our Quarterly Surveys. They’re short (5 questions) and painless. But what’s in it for you? Well, besides helping us to continue providing you with the best HP NonStop security, auditing, Fips-validated encryption and compliance products on the market, you get a chance to win a shiny new iPad. And unlike your odds for appearing on X Factor or American Idol, you have a great chance to win! Give us your feedback at www.xypro.com/survey.
Hurry, drawing for the first quarter iPad winner is on March 9th
Lisa Partridge
www.XYPRO.com
Thursday, February 24, 2011
Wednesday, January 19, 2011
From The CEO’s Desk
As we look back on 2010, we see a year that’s had the most amazing changes to the NonStop platform’s security profile in many years. By now, everyone should know that HP is bundling XYGATE Merged Audit (XMA) software in the HP NonStop Operating System Mission-Critical Edition software package. This means that many HP NonStop customers no longer need to ask for audit waivers due to missing security functionality.
The NonStop server now meets many more compliance requirements, making it easier to justify it as the core of any mission-critical application. In fact, payment industry specialist and Qualified Security Assessor (QSA), Witham Laboratories, in cooperation with Knightcraft Technology, has created the most comprehensive HP NonStop Payment Card Industry Data Security Standard (PCI DSS) white paper in existence.
This document was created to assist HP NonStop users in their PCI compliance projects by showing how Safeguard and Guardian can be configured to meet PCI DSS and highlighting the requirements where compliance cannot be achieved without the use of third party solutions (solutions mentioned in the paper are from the XYGATE suite). For a copy of this document, visit www.knightcraft.com.
Because of our geographically diverse customer base, XYPRO sales reps and security specialists travel hundreds of thousands of miles a year so that we can support our customers, HP, and the many HP user groups around the world. Last year, XYPRO had a presence at the HP NonStop Symposium, CTUG (Canada), BITUG (United Kingdom), OZTUG (Australia), SATUG (South Africa), SUNTUG, GTUG, OTUG, and many, many other regional NonStop User Groups around the world.
Additionally, we attended several other industry conferences, such as the PCI Europe Annual Meeting (Netherlands), ACI Customer Events in Asia, Africa, Europe and North America and as new members of PCI Security Standards Council (https://www.pcisecuritystandards.org) we proudly took part in both their European and North American Meetings.
While we also enjoyed success with our new Webinar series in 2010, attending conferences like the (incredibly successful) NonStop Symposium and EXPO in San Jose, is our primary way to meet directly with our customers. Far more than a marketing opportunity, these conferences provide an in person forum for informal conversation, direct exchange of information with customers about what works, and what needs to be improved, and what new features and solutions they need so that they can ensure the security of the information on their HP NonStop servers.
What We See for 2011
We predict 2011 will bring as much excitement and good things as 2010. There’s a lot of talk and trends occurring, and we’re keeping our finger on the pulse.
As we kick 2011 into high gear, we certainly plan to address these issues and more. So be sure to follow us on our Blog, Tweets, Facebook, LinkedIn or visit us at any of this year’s NonStop RUGs, HP Discover, ACI User Group Meetings, PCI Security Standards Council gatherings and other industry events. We’ll keep our events page updated at www.xypro.com so keep checking back!
The NonStop server now meets many more compliance requirements, making it easier to justify it as the core of any mission-critical application. In fact, payment industry specialist and Qualified Security Assessor (QSA), Witham Laboratories, in cooperation with Knightcraft Technology, has created the most comprehensive HP NonStop Payment Card Industry Data Security Standard (PCI DSS) white paper in existence.
This document was created to assist HP NonStop users in their PCI compliance projects by showing how Safeguard and Guardian can be configured to meet PCI DSS and highlighting the requirements where compliance cannot be achieved without the use of third party solutions (solutions mentioned in the paper are from the XYGATE suite). For a copy of this document, visit www.knightcraft.com.
Because of our geographically diverse customer base, XYPRO sales reps and security specialists travel hundreds of thousands of miles a year so that we can support our customers, HP, and the many HP user groups around the world. Last year, XYPRO had a presence at the HP NonStop Symposium, CTUG (Canada), BITUG (United Kingdom), OZTUG (Australia), SATUG (South Africa), SUNTUG, GTUG, OTUG, and many, many other regional NonStop User Groups around the world.
Additionally, we attended several other industry conferences, such as the PCI Europe Annual Meeting (Netherlands), ACI Customer Events in Asia, Africa, Europe and North America and as new members of PCI Security Standards Council (https://www.pcisecuritystandards.org) we proudly took part in both their European and North American Meetings.
While we also enjoyed success with our new Webinar series in 2010, attending conferences like the (incredibly successful) NonStop Symposium and EXPO in San Jose, is our primary way to meet directly with our customers. Far more than a marketing opportunity, these conferences provide an in person forum for informal conversation, direct exchange of information with customers about what works, and what needs to be improved, and what new features and solutions they need so that they can ensure the security of the information on their HP NonStop servers.
What We See for 2011
We predict 2011 will bring as much excitement and good things as 2010. There’s a lot of talk and trends occurring, and we’re keeping our finger on the pulse.
As we kick 2011 into high gear, we certainly plan to address these issues and more. So be sure to follow us on our Blog, Tweets, Facebook, LinkedIn or visit us at any of this year’s NonStop RUGs, HP Discover, ACI User Group Meetings, PCI Security Standards Council gatherings and other industry events. We’ll keep our events page updated at www.xypro.com so keep checking back!
Also, be sure to fill out our short five question survey and be entered into our quarterly drawing to win an iPad.
Sheila Johnson
CEO, XYPRO Technology Corporation
www.XYPRO.com
Tuesday, December 21, 2010
Lessons from Data Breaches of 2010
SecurityWeek recently published “Lessons from the Most Interesting Data Breaches of 2010” and some of the article’s highlights may really surprise you. For example, the article states that there has been a 93.7% drop in the volume of data stolen from 2009 to 2010. An analysis from the Privacy Clearinghouse, a public database which records all breaches of personal and sensitive information belonging to US citizens, shows that about 230 million data records were taken in 2009 and only 13 million so far this year. It’s a positive number, but keep in mind that 2009 saw two major breeches with Heartland and the Veteran’s Administration. Of course, this drop also underscores the security investments companies have made over the past few years. Indeed, such efforts and investments have paid off in greatly enhanced security, helping to make data breaches extremely difficult.
Another interesting and key finding of the article touches on the value of data shifting from lower to higher. We here at XYPRO have seen this trend for quite some time!
2 Key Lessons from the article
So, what can be done to avoid data loss and breaches as we move into 2011? Below are two key lessons to consider:
1. Enforce data is accessed only by authorized parties. At a minimum, they should block access from former staff and from employees attempting to access data beyond their need-to-know level.
XYGATE customers easily achieve this role-based access control goal with the Access PRO software solution. Access PRO functionality provides the core of a well-secured HP NonStop system. With this software in use, Individual accountability with full keystroke audits is achieved, while restricting each user to a list of authorized actions based on that user's job functions.
2. Block access from any illegitimate application. Security controls should be able to block an unauthorized process (the malicious code).
XYGATE customers rely on the ability to restrict all NonStop SUPER and Sensitive user access to “least privilege” based on multiple criteria, including IP address.
Like many of our clients who use XYGATE, you too can implement XYGATE for Role Based Access Control, keystroke auditing, and SSO authentication. FIPS validated encryption and automated compliance analysis completes the solution. Indeed, as we enter a new year, it’s a great time to reflect on where your security measures stand now, and what you need to do to safeguard yourself in the future.
Companies from across the globe have relied on XYGATE to cover all of their HP NonStop security requirements. In fact, XYGATE is used by six of the world’s top 10 bank processors*.
Click here to read the entire SecurityWeek article.
*As reported in the 2010 FinTech 100
Another interesting and key finding of the article touches on the value of data shifting from lower to higher. We here at XYPRO have seen this trend for quite some time!
2 Key Lessons from the article
So, what can be done to avoid data loss and breaches as we move into 2011? Below are two key lessons to consider:
1. Enforce data is accessed only by authorized parties. At a minimum, they should block access from former staff and from employees attempting to access data beyond their need-to-know level.
XYGATE customers easily achieve this role-based access control goal with the Access PRO software solution. Access PRO functionality provides the core of a well-secured HP NonStop system. With this software in use, Individual accountability with full keystroke audits is achieved, while restricting each user to a list of authorized actions based on that user's job functions.
2. Block access from any illegitimate application. Security controls should be able to block an unauthorized process (the malicious code).
XYGATE customers rely on the ability to restrict all NonStop SUPER and Sensitive user access to “least privilege” based on multiple criteria, including IP address.
Like many of our clients who use XYGATE, you too can implement XYGATE for Role Based Access Control, keystroke auditing, and SSO authentication. FIPS validated encryption and automated compliance analysis completes the solution. Indeed, as we enter a new year, it’s a great time to reflect on where your security measures stand now, and what you need to do to safeguard yourself in the future.
Companies from across the globe have relied on XYGATE to cover all of their HP NonStop security requirements. In fact, XYGATE is used by six of the world’s top 10 bank processors*.
Click here to read the entire SecurityWeek article.
*As reported in the 2010 FinTech 100
Friday, November 12, 2010
The PCI Security Standards Council Updates PCI DSS (V2.0)
Changes are logging-focused & intended to help businesses improve compliance and security
The PCI Security Standards Council (XYPRO is a member) officially unveiled updated versions of compliance with changes meant to clarify the requirements organizations face. The changes are coming as a direct result of the feedback the PCI Security Standards Council has received, and should help your business with its security and compliance efforts.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside. In fact, the council is pushing hard for centralized logging, stating that:
“If you don’t use a centralized logging facility your auditors will have to look in more places, and chances are, if they have to look in more than one place...you’ll wind up missing some of this stuff. It is a "proven fact that every time we find a breach, it’s always found in the log.”
This change also coincides with HP adding XYGATE Merged Audit Software with every new NonStop server order.
This centralization of NonStop Audit can also be sent Off-box to a centralized logging facility like HP's CLW and Arcsight offerings, meeting the Centralized Logging Facility requirement at the Enterprise Level.
There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.
The new versions will become effective Jan. 1. For more information, you can click here.
For more information about the XYGATE Solution, visit www.xypro.com.
The PCI Security Standards Council (XYPRO is a member) officially unveiled updated versions of compliance with changes meant to clarify the requirements organizations face. The changes are coming as a direct result of the feedback the PCI Security Standards Council has received, and should help your business with its security and compliance efforts.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside. In fact, the council is pushing hard for centralized logging, stating that:
“If you don’t use a centralized logging facility your auditors will have to look in more places, and chances are, if they have to look in more than one place...you’ll wind up missing some of this stuff. It is a "proven fact that every time we find a breach, it’s always found in the log.”
This change also coincides with HP adding XYGATE Merged Audit Software with every new NonStop server order.
This centralization of NonStop Audit can also be sent Off-box to a centralized logging facility like HP's CLW and Arcsight offerings, meeting the Centralized Logging Facility requirement at the Enterprise Level.
There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.
The new versions will become effective Jan. 1. For more information, you can click here.
For more information about the XYGATE Solution, visit www.xypro.com.
Wednesday, November 3, 2010
CTUG 2010
The much anticipated CTUG (Canadian Tandem User Group) has come and gone and, as expected, was a great success for all in attendance. Content for this year’s event was excellent with a great update from Randy Meyer on the state of HP NonStop, growth, and technology advancements. It is always great to hear from the proverbial “Horse’s Mouth” and also reassuring that HP NonStop is not only surviving, but thriving!
Naresh Bangia of AJB Software delivered an interesting and informative presentation on the exciting results of their port of .NET to NonStop. With a “Live” demo which included a “drag and drop” example of NonStop code to Windows that executed perfectly on both OS’s! All this with a weak signal on a mobile wireless internet stick that required some comedic and creative physical positioning within the conference room to maintain connectivity.
Jim Johnson of the Standish group also presented on their recent paper “Roadmap to the Megaplex” covering the overall CTUG theme of Modernization and showed just how profitable modernizing applications and utilities can be.
As always, the Q and A session highlighted some interesting facts and brought up many discussion points. Dick Bird, Michelle Bates, and Randy Meyer all provided answers which inevitably lead to more questions. The end to the Q and A session was achieved only by the enticement of the much anticipated CTUG prize draw where all 20 partners who participated in the “Passport to Prizes” program, HP Canada, and CTUG had donated fabulous gifts as appreciation to those attending the event.
XYPRO was among the 9 partner presentations which were held throughout the day and Kevin Boham provided modernizing insight on Security for the NonStop to an attentive and interactive audience.
CTUG and XYPRO were glad to welcome those out of province attendees from Quebec as well as the many faithful and new from Ontario. Their attendance from near and far indicates the continued need for NonStop events such as CTUG. With attendance nearing 140, CTUG had exceeded its capacity and were glad the Fire Marshalls didn’t pay an unexpected visit.
The day’s closing reception also kept the majority of attendees into the evening for some socializing, good food, and drinks to cap off an excellent day.
More indicative of the continued commitment to NonStop was the record attendance for the education day where CTUG had 44 registered students for a one-day class on Java Servlets/NSJSP in the NonStop.
As a CTUG board member as well as a Partner for the event, I now have the short term opportunity to decompress after months of planning and executing. …short term as XYPRO is planning their next attendance at a regional event… NENUG in the Boston area on November 9th.
Barry Forbes
XYPRO Technologies, Director of Sales, Eastern USA and Canada
President, CTUG
Naresh Bangia of AJB Software delivered an interesting and informative presentation on the exciting results of their port of .NET to NonStop. With a “Live” demo which included a “drag and drop” example of NonStop code to Windows that executed perfectly on both OS’s! All this with a weak signal on a mobile wireless internet stick that required some comedic and creative physical positioning within the conference room to maintain connectivity.
Jim Johnson of the Standish group also presented on their recent paper “Roadmap to the Megaplex” covering the overall CTUG theme of Modernization and showed just how profitable modernizing applications and utilities can be.
As always, the Q and A session highlighted some interesting facts and brought up many discussion points. Dick Bird, Michelle Bates, and Randy Meyer all provided answers which inevitably lead to more questions. The end to the Q and A session was achieved only by the enticement of the much anticipated CTUG prize draw where all 20 partners who participated in the “Passport to Prizes” program, HP Canada, and CTUG had donated fabulous gifts as appreciation to those attending the event.
XYPRO was among the 9 partner presentations which were held throughout the day and Kevin Boham provided modernizing insight on Security for the NonStop to an attentive and interactive audience.
CTUG and XYPRO were glad to welcome those out of province attendees from Quebec as well as the many faithful and new from Ontario. Their attendance from near and far indicates the continued need for NonStop events such as CTUG. With attendance nearing 140, CTUG had exceeded its capacity and were glad the Fire Marshalls didn’t pay an unexpected visit.
The day’s closing reception also kept the majority of attendees into the evening for some socializing, good food, and drinks to cap off an excellent day.
More indicative of the continued commitment to NonStop was the record attendance for the education day where CTUG had 44 registered students for a one-day class on Java Servlets/NSJSP in the NonStop.
As a CTUG board member as well as a Partner for the event, I now have the short term opportunity to decompress after months of planning and executing. …short term as XYPRO is planning their next attendance at a regional event… NENUG in the Boston area on November 9th.
Barry Forbes
XYPRO Technologies, Director of Sales, Eastern USA and Canada
President, CTUG
Thursday, October 7, 2010
San Jose – let’s not forget the way...
Well, the Big Event is over. The vendors have packed up their booths, the booze is all gone, and the HP product managers, developers, and execs are safely home in their remote offices. And even though the weather was almost the same, everyone in attendance overwhelmingly preferred San Jose to that other city. The HP NonStop Symposium and EXPO turned out to exceed everyone's expectations not only in terms of Customer attendance but also HP and Partner involvement.
Yes, this was the biggest and best NonStop event in years (and with a killer Tandem-style beer bust) where we proved beyond a doubt that there is still life in the NonStop family and the platform that runs mission critical applications for the world's largest companies. This year we were also able to spend time with customers that we have not seen in a while and the attitude was very much like the old (ITUG) days. Far more Europeans, Latin Americans and Asian customers were present than at HPTF in 2009 – several of whom were actively seeking tools to aid PCI compliance projects.
There were dozens of business and technical sessions, including standing-room-only customer how-to's, NonStop software and hardware roadmaps, and presentations from Vendor Partners. PCI compliance was a common theme throughout the event and it’s only going to increase. Packed presentations by end-users Netherlands-based Equens and Wells Fargo Bank and HP’s Karen Copeland and Wendy Bartlett show just how in tune the NonStop Community is with PCI Compliance. That illustrates just how much of our mission critical and confidential information is trusted to a NonStop! It's amazing how much customers are willing to share their experiences because of the pride they have in their NonStop server applications tuned to perfection, secure and protected from disaster.
XYPRO specifically enjoyed an unprecedented amount of coverage at this event as we were lucky enough to have it take place right around the time our XYGATE Merged Audit software solution begins automatically shipping on all new H and J systems. The interest level is extremely high and we are thrilled at the positive response!
Yes, a pleasant time was had by all and I hope that we remember it for a long time. The level of international customer attendance was inspiring! The XYPRO customer dinner was very well received and we would like to thank everyone who attended.
It may seem a disappointment hearing that next year’s event will be part of the HP Software / Tech Forum conference at the Venetian hotel in Vegas, but your voices may have been heard. In his keynote, Winston Prather said that this event would be restructured to retain the strong community feel that this Symposium displayed. The big question is whether or not HP will be sending the same number of NonStop product managers and developers and it will be interesting to see how the big tent event achieves the incredible dynamic we all experienced in San Jose. The amount of interaction with HP staff and customers was simply something we hadn't enjoyed in years and everyone seemed to revel in the long overdue opportunity.
But hey, the next event is 9 months away and if customers take the time to communicate their preference - another NonStop Symposium in San Jose? You never know...
Lisa Partridge
Yes, this was the biggest and best NonStop event in years (and with a killer Tandem-style beer bust) where we proved beyond a doubt that there is still life in the NonStop family and the platform that runs mission critical applications for the world's largest companies. This year we were also able to spend time with customers that we have not seen in a while and the attitude was very much like the old (ITUG) days. Far more Europeans, Latin Americans and Asian customers were present than at HPTF in 2009 – several of whom were actively seeking tools to aid PCI compliance projects.
There were dozens of business and technical sessions, including standing-room-only customer how-to's, NonStop software and hardware roadmaps, and presentations from Vendor Partners. PCI compliance was a common theme throughout the event and it’s only going to increase. Packed presentations by end-users Netherlands-based Equens and Wells Fargo Bank and HP’s Karen Copeland and Wendy Bartlett show just how in tune the NonStop Community is with PCI Compliance. That illustrates just how much of our mission critical and confidential information is trusted to a NonStop! It's amazing how much customers are willing to share their experiences because of the pride they have in their NonStop server applications tuned to perfection, secure and protected from disaster.
XYPRO specifically enjoyed an unprecedented amount of coverage at this event as we were lucky enough to have it take place right around the time our XYGATE Merged Audit software solution begins automatically shipping on all new H and J systems. The interest level is extremely high and we are thrilled at the positive response!
Yes, a pleasant time was had by all and I hope that we remember it for a long time. The level of international customer attendance was inspiring! The XYPRO customer dinner was very well received and we would like to thank everyone who attended.
It may seem a disappointment hearing that next year’s event will be part of the HP Software / Tech Forum conference at the Venetian hotel in Vegas, but your voices may have been heard. In his keynote, Winston Prather said that this event would be restructured to retain the strong community feel that this Symposium displayed. The big question is whether or not HP will be sending the same number of NonStop product managers and developers and it will be interesting to see how the big tent event achieves the incredible dynamic we all experienced in San Jose. The amount of interaction with HP staff and customers was simply something we hadn't enjoyed in years and everyone seemed to revel in the long overdue opportunity.
But hey, the next event is 9 months away and if customers take the time to communicate their preference - another NonStop Symposium in San Jose? You never know...
Lisa Partridge
Tuesday, September 28, 2010
ITUG 2010
ITUG 2010 (also called The Connect NonStop Symposium and Expo) opened with an amazing dinner hosted by XYPRO at Scotts seafood restaurant in San Jose. Among the 130+ attendees was a real cross-section of the HP NonStop community. Aussies, South Africans, South Americans, Asians, and Europeans joined the North Americans for a most amazing 3-course meal with dessert and entertainment.
For those who managed to get out of bed on Tuesday, 499 other show attendees joined them at the San Jose convention center-and the mood was incredible. Everyone was happy to be back in San Jose at a NonStop show instead of in Las Vegas in the middle of Summer!
It was really heartwarming to some and interesting to others that even with HPTF (the heretofore-described show in Las Vegas), people came to this event. I personally know of several NonStop customers who never intended to come to San Jose but went to Las Vegas. They determined the NonStop symposium was the place to be and are here with bells on and very happy they came.
The San Francisco bay area is in the middle of a heatwave, so people can close their eyes and pretend that they're in Vegas, then open them up to see dozens of NonStop product managers, developers, and execs who find it a lot more pleasant to drive the 5 miles down highway 280 from Cupertino than to take a 90-minute flight to Vegas after waiting an hour in the security line.
What happens in Vegas stays in Vegas, but what happens in San Jose has a big influence in Cupertino, helping build better products for the best computer system in the world. And isn't that a grand thing?
Lisa Partridge
XYPRO
For those who managed to get out of bed on Tuesday, 499 other show attendees joined them at the San Jose convention center-and the mood was incredible. Everyone was happy to be back in San Jose at a NonStop show instead of in Las Vegas in the middle of Summer!
It was really heartwarming to some and interesting to others that even with HPTF (the heretofore-described show in Las Vegas), people came to this event. I personally know of several NonStop customers who never intended to come to San Jose but went to Las Vegas. They determined the NonStop symposium was the place to be and are here with bells on and very happy they came.
The San Francisco bay area is in the middle of a heatwave, so people can close their eyes and pretend that they're in Vegas, then open them up to see dozens of NonStop product managers, developers, and execs who find it a lot more pleasant to drive the 5 miles down highway 280 from Cupertino than to take a 90-minute flight to Vegas after waiting an hour in the security line.
What happens in Vegas stays in Vegas, but what happens in San Jose has a big influence in Cupertino, helping build better products for the best computer system in the world. And isn't that a grand thing?
Lisa Partridge
XYPRO
Subscribe to:
Comments (Atom)
Posts
