Thursday, March 29, 2012

I lost my wallet!

What may be a nuisance for each of us may not be treated anywhere near as lightly by companies. Becoming aware of intrusions and even loss of data is becoming a concern for all companies – even those dependent upon NonStop!

Security is never far from my thoughts, and as mobile as I am visiting places and meeting with colleagues, I always plan ahead and expect the worse. On more than one occasion I have forgotten to pick up my credit card after paying an expense, and there have even been times where pick-pockets have worked their subtle magic.

Simply forgetting to pick up a handbag has also generated its fair share of problems – leaving it behind at a friendly Starbucks was quickly remedied, but leaving a handbag behind in a London Taxi? That was even more worrisome, bordering on sheer panic as it held the family passports, airline tickets, cash and credit cards. Fortunately, my sharp eye for cars allowed me to identify the taxi as a VW diesel minivan – the only one operating to the west of London, and within an hour we had the bag returned.

As most of us realize these days, the loss of such information usually triggers a whole lot of fence-mending. We need to call credit / debit card issuers and get new cards, and then we need to call all the companies with which we have set-up auto transfers based on the credit cards now lost. Information about us, lost in this way, can often lead to identity theft, so just a moment’s lapse in our personal security can lead to a lifetime of damage.

We do so much to protect what uniquely identifies us that when we come to realize that it’s all out in the open – passports and drivers licenses, credit and debit cards, and even medical insurance information – the shock that sets in when we realize that now someone else possesses it all often overwhelms us.

Securing our networks, our systems and our applications is every bit as big a concern for companies today. This morning there came news of a “Microsoft-led operation resulted in the takedown of key servers associated with the infamous ZeuS and SpyEye banking Trojan botnets on Friday,” according to a report of March 26th, 2012, in The Register – a widely read UK based publication.

Under the heading of “Microsoft takes down ZeuS botnets Disrupted ... but not dismantled”, the reporter then explains how “ZeuS and SpyEye are essentially cybercrime toolkits for the creation of customized banking Trojans. Many cybercrime gangs use ZeuS as the launch pad for banking fraud so there are many different zombie networks at play. Microsoft has detected more than 13 million suspected infections of ZeuS and SpyEye-related malware worldwide, with more than 3 million in the United States alone.”

The NonStop community reads these reports with perhaps passing interest, as after all, the NonStop platform is not likely to become the target of such criminals – a conclusion reached following many years where security was a part of the attributes that made the NonStop platform as desirable as it has become. Availability, scalability, data integrity and security after all provide a compelling reason as to why to continue with running sensitive, mission-critical applications on NonStop.

However, for vendors such as comForte this only strengthens their own observations about potential vulnerabilities likely to be present even among the more secure NonStop systems, and only helps solidify their position as a much-valued partner of NonStop development (NED). For many years now comForte has enjoyed a partnership with NED and a number of comForte products are being OEM-ed through the NonStop sales channel.

At first there was comForte SSH being sold as HP NonStop SSH; then shortly thereafter MR-Win6530 was added as a modern terminal emulator for the system console as part of the console product offering. More recently, the decision by NED to add the comForte SSL product to comForte SSH and to bundle them both as a part of the NonStop OS has helped upgrade network security.

However, with these products being an integral part of the HP products in support of NonStop, comForte is introducing a number of add-on components to ensure security is even better managed. To ensure nothing is in the open, and to protect against unauthorized sniffing and even casual surfing, comForte provides a new product SecureLib/SSL-Application Transparent (AT) to further help users shift down any remaining “exposures” of even protected data without requiring additional programming.

Furthermore, comForte has entered into a partnership with 4techsoftware to distribute PANfinder – a software product that is a “comprehensive, yet inexpensive data discovery software solution; it searches systems for hidden and unmasked/unencrypted payment card data.” No more vague responses such as yes, we think that about covers all the files we work with and need to secure. After all today companies must "identify and document the existence of all cardholder data in their environment, to verify that no cardholder data exists outside of the currently defined cardholder data environment (CDE)” according to the Payment Card Industry Data Security Standard (PCI-DSS) V2.0.

“PANfinder is one of these products which makes you think ‘I wish *I* had that idea’ when someone else comes up with it,” comForte’s Thomas Burg responded in a recent email. “Using a product such as PANfinder is the natural first step for any PCI audit of a NonStop system. It will make life easier for auditors as well as people responsible for securing the NonStop system. Not having had the idea myself, I am glad we are working with the folks from Australia who created this great product.”

Security will always remain a concern for all of us, whether it’s our private lives or our business. Companies have become increasingly sensitive to any bad press that may befall them should they be exposed – losing a wallet and calling a few card issuers becomes a moot point when the numbers climb past the millions. Providing security solutions for the NonStop community will continue to be fertile ground for the more adept middleware vendors. There’s simply no room for complacency or tardiness when it’s your business at stake, a situation that in time more companies within the NonStop community will only become aware of all too readily!

No comments:

Post a Comment