Archive for June, 2015

E-Crime Singapore: Data and Device Centric: The Two Security Strategies for your Enterprise

Wednesday, June 10th, 2015

What better place to host the latest E-Crime & Information Security Series than steamy Singapore: The modern gateway to the Asia Pacific Rim. The Marriott Tang Plaza acted as a fitting host on the bustling and extravagant Orchard Road in the heart of Singapore.

The show was well attended from a variety of delegates across APAC to and including the financial sectors, gaming and hospitality, education and government to entertainment sectors.

XYPRO provided its part through a strong representation of two primary pillars of security; Data-Centric and Device-Centric Security through our product partnerships with HP Security Voltage and Device Authority.

Between topics of “Today’s Enterprise Security”, “Changing Landscape and Threats in Payment Security” to “Are your E-Payment Systems Vulnerable to fraud, laundering  and other financial crimes?”, the reoccurring themes kept popping up as pain points with Authentication and the security of data, most notably, your clients’ data! This is an important distinction in the fact that your customers are entrusting you with the protection of their data! We have all heard the numerous public breaches and the staggering financial costs both directly and indirectly but also of course the numerous fallout and repercussions to your business both financially and to your reputation.

It was therefore with great interest that a majority of the delegates were quite engaged with our offering and approach to Data and Device-Centric security. Taking a Data-Centric approach with HP Security Voltage is exactly what the name implies in that we protect the data itself by neutralizing a potential breach through the adoption of Tokenization and Format Preserving Encryption (FPE) of the Data, PANs and other valuable information. So regardless of whether our perimeter defenses fall under a calculated persistent attack; the intrinsic value and costly compromises with such a data breach are relegated as virtually innocuous.

Device Authority takes a novel approach to Authentication by utilizing the Device itself as the key. No more can we rely on Username and Password as the defining factor for gainful entry onto our critical systems. There needs to be a manner to which we can ensure access to not only the rightful individuals but also the devices to which they plan to gain entry with. Our devices provide a stable form factor to provide a unique and identifiable signature of the device itself linked with the credentials of a given user; thereby drastically reducing the threat surface by eliminating millions of risky entry points onto our systems through the provisioning of only a few trusted devices that are linked to our given credentials.

Today’s hackers penetrate through multiple layers of defense. Increasingly it is highlighted by security researchers that multi-layer protections need to be in place, to protect network, system, application and personal data. Regulatory bodies across the globe are also providing guidelines for layered security and compliance policies. Naturally delegates were so intrigued to discover the add-on of Device-Centric security to fend off threats from external systems prior to connection, and the flexibility of tokenization and FPE to ensure maximum data protection even after a breach has occurred.

In a typical payment system environment, XYPRO is already aiding numerous organizations’ security by enabling authentication, role based authorization, security policy and centralized log management for intrusion detection. These Device-Centric and Data-Centric solutions bring significant value to our comprehensive suite of solutions, additional options and greater security assurance to your ever expanding interconnections.

It was interesting to note from our discussions with the delegates that many were determining which approach to take? Secure Authentication protocols to ensure the Identity and the Integrity of users or shore up your Data defenses with Tokenization/Format Preserving Encryption to neutralize a breach before it occurs by rendering data useless in the wrong hands. As self-serving as the answer sounds, the answer of course is both. There is no magic bullet for security. A comprehensive approach to [Multifactor Authentication with Device Authority] and a [logical deployment of Tokenization / FPE with HP Security Voltage] is a sound investment across your enterprise and will continue to be a prominent focus for XYPRO and its clients.

Angelo Nicolaides
XYPRO Technology Corporation
Sales Executive

Did Someone Say ”Downtime”?

Tuesday, June 9th, 2015

All I have ever really known with complete certainty in my near thirty-year relationship with NonStop has been that HP NonStop computers are mission critical servers that are truly fault tolerant and have full redundancy capabilities for a single reason: they need to be available all the time.  Availability is the primary directive.  Or at least it was.

Very recently, I had the opportunity to spend some time with some friends at a longtime customer.  This customer is one of the top five US Banks and takes very seriously the need for NonStop and its reliability and availability.  I was told that the senior executives at this bank have indicated there is a single circumstance under which they would accept, and actually prefer, downtime. That circumstance is a security breach. After all, a downtime event is recoverable. A security breach is not.

The words “downtime” in the NonStop world are sheer blasphemy. How can this be? Uptime is critical to a successful business model in the industries that rely on NonStop.  Uptime ensures customers’ service expectations are met, delivers financial benefits and avoids penalties for downtime.  Uptime also comes with bragging rights and prestigious awards.Mgmt Concern of Breach 1

Like so many of us in this great community, my introduction to Tandem was far too many years ago and in a very different world than we are a part of today.  I was in high school.

My first introduction was not through employment, but from my father who had been working on a project to bring an ATM and Online-Teller network to the bank where he was employed.  He explained to me about this very special computer system that could process transactions very quickly and had two of everything so it was really reliable.  The year was 1983, I remember all of this and that my father was immensely impressed. Like a typical teenager, I didn’t really care much about this. I only really began to understand a few years later when I had the opportunity to learn and work with the Tandem myself.

Working part-time in the evenings while in college, I gained some exposure to the inner workings of a bank’s data center. It was a hub of activity with lots of people and with machines of all sizes. Reader-Sorters, Line printers, 9-track tape drives, massive disk packs, etc. There was also a prized area on the data center floor where the Tandems were kept. The Tandem operation also had a separate command control room where these systems were monitored. Everyone knew they were there, everyone knew they were special, not everyone knew why.

The Tandems would run all the time, literally.  This was their value.  In the data center, the Tandem NonStop II sat beside the gleaming new TXP. I still knew very little but I began to understand why these Tandems were special.

Later on, as we came to depend more and more on these machines, the systems in place to support their uninterrupted operation were big, important and becoming more sophisticated. As an operator, testing the UPS (Uninterrupted Power Supply) system, test-firing the diesel generator at least weekly and ensuring there was enough fuel to run for several days was a mandatory procedure. These were mission-critical computers.  They had to run all the time and the Tandem systems did.

The only thing that is constant in technology is change and striving to improve and speed up the way things work.  There is always something driving the need for even greater reliability and uptime.  A simple fire suppression system malfunction or even worse, a fire itself, could render the system unusable.  The growth of DR (Disaster Recovery) centers began in an upward direction.  In the unlikely event of a disaster, the remote DR center could, and had to, be up and running in a matter of minutes.  Availability was of paramount importance.

Business Continuity Planning was now the new buzzword in the Tandem community (along with remembering to call these computers NonStops following the acquisition of Compaq by HP).  With natural disasters such as earthquakes and hurricanes and now very unnatural terrorist threats, the NonStop server had real-time data replication in active-active environments, spanning very large distances to ensure that these computers were operating on individual power grids and fully separate communications infrastructure that could not be affected by the loss of availability at any single site.  The great Myth Busters TV show even blew up a NonStop server to prove just how quickly a failover and recovery could happen. These computers are truly mission critical and the customers who purchase and use them do so because their businesses rely on the ability to run without interruption.Outage cost per minute 1

For my thirty years on NonStop, the only direction I knew was that more uptime, and in most cases, continuous uptime, was the way to go.  Never did I suspect that there would be something that was so critically important to a business they would sacrifice this near perfection. Sadly, earthquakes, hurricanes, tornadoes, and even nuclear warfare are no longer the ultimate threat to uptime. It is the cyber-criminal.

As a vendor of HP NonStop server security solutions, it’s a positive thing to hear a customer say their focus on security is right up there and even ahead of availability and performance.  The revelation that unscheduled downtime is more acceptable than a security breach is not only a sign of these modern times but a continental shift in priorities for the majority of companies that rely on fault tolerant, mission critical servers.

And just as the needs for more uptime drove the development of more and more sophisticated solutions to avoid possible availability catastrophes, so too  the need to thwart the ongoing threats of cyber criminals and hackers drives the development and implementation of advanced security solutions, these days at lightning-speed..

Many of these solutions already exist in the form of strong encryption and tokenization of data, enhanced access controls, audit and analysis, continuous real-time monitoring and threat detection, security incident and event management, and more. It is a matter of time, education, commitment, investment and effort that this very present threat to downtime can be tackled.  We’re investing our best efforts and resources to staying ahead of the cyber criminals and hackers. It’s not too difficult to imagine what will we be the next phase in the evolution of the NonStop uptime story, but there is no doubt that security will always be a big part of the solution.

Please visit the XYGATE Overview to see our full range of security solutions.

Comprehensive Security Solutions for the HP NonStopTM Server for nearly 30 years, XYPRO®
Technology Corporation has provided
software solutions and professional services to companies who manage and transport
business-critical data on a large scale. Our security solutions and services help improve HP
NonStop server environments and enhance the jobs of those who operate them.
XYPRO’s comprehensive solution oering includes the following software packages:
• Access PRO • Audit PRO
• Compliance PRO • Encryption PRO
• Safeguard PRO
Each PRO package oers end-to-end security and consists of
specic modules designed to meet the various requirements within its area of specialty.

Barry Forbes
XYPRO Technology Corporation
VP of Sales and Marketing