2024HPE Nonstop NewsMarch 2024 Helping BASE24 Customers Meet PCI DSS V4.0 by Kelly Luna March 15, 2024 written by Kelly Luna From our market-leading card data discovery to our all new format-preserving tokenization, the Security Compliance Suite from HPE and 4tech Software has always focused solely on helping NonStop users meet their security and compliance obligations. In 2010, we launched our first product, PANfinder, which, as the name suggests, is a payment card data discovery solution designed exclusively for the HPE NonStop platform and specifically for PCI DSS scope verification. You could say it was a bit ahead of its time because it’s only with the advent of PCI DSS V4.0 (Requirement 12.5) that proper scope verification has finally been mandated – until DSS V4.0, scope verification was, unfathomably, only ‘recommended’ by PCI DSS! Our first customer was a large European payment processor that runs both BASE 24 and CONNEX. Since those early days, PANfinder has been deployed by banks, switches, and retailers around the globe. To date, PANfinder has never failed to identify live card data in unknown locations, helping users address their errant data, reduce their PCI DSS scope, and reduce their risk. Jumping forward 14 years to today, our latest product is the result of several years of development and investment – HPE Tokenator (TK) – which addresses the need for BASE24 customers (or any NonStop user for that matter) to protect their card data at all times. TK protects sensitive data by replacing it with format-preserved tokens, so in the event that any secured data is hacked/stolen, it would be worthless to thieves. TK has multiple implementation options to suit your organization’s policies and BASE24 environment – from an intercept-based model, which requires no application changes to a more traditional installation using the fully documented Tokenator API. Then there’s the option of vaulted or vaultless tokenization – both of which include the all-important Key Rotation functionality as required by PCI DSS. Rounding off the Security Compliance Suite is HPE Integrity Detective (ID). ID is both the most user-friendly and the most comprehensive integrity monitoring solution available on the HPE NonStop. It’s pointless monitoring all your critical NonStop files if you’re not also monitoring all corresponding subsystem processes (E.G., Pathways, Netbatch, SSH, etc.), so we made sure ID does both. From all Guardian and OSS files to all Safeguard objects to CLIMs and even third-party solution configurations with a COM interface, ID monitors for changes and produces alerts in real time. As with all our solutions, ID is 100% NonStop based, so there’s no need for any additional hardware or external database and the headaches that bring. While we are NonStop based, we are also enterprise-enabled, with all of our solutions being able to send events directly to your enterprise SIEM. The Security Compliance Suite is available exclusively from Hewlett Packard Enterprise. If you have any technical questions or would like to initiate a POC, the team at 4tech Software will be happy to help, but for sales information, it’s your HPE representative you’ll need to contact. For more information, visit www.4tech.software or contact your HPE account representative. March 15, 2024 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2021Data SolutionsGDPRHPE NonStop ComplianceSecurity GDPR 2021 – Compliance and Penalties; 3 Years Later by Steve Tcherchian September 21, 2021 by Steve Tcherchian September 21, 2021 The General Data Protection Regulation, or GDPR, is a major piece of legislation adopted in 2018. It is designed to address the protection and responsible use of every European Union citizen’s personal data. However, GDPR is not an EU-only regulation. It affects ANY business or individual handling the data … 0 FacebookTwitterPinterestEmail
ArticlesC2 Summer 2021Security PCI DSS 4.0 Is Coming. Will You Be Ready? by Steve Tcherchian June 15, 2021 by Steve Tcherchian June 15, 2021 Since the release of PCI-DSS 3.0 in 2013, the PCI Security Standards Council has been quite busy. A little over a year after it was published, the council released PCI-DSS 3.1, followed by several new templates and supplements, including the “Migrating from SSL and early TLS Information Supplement” in … 1 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2021DataSecurity ‘New Nacha supplementing data security requirements coming up’ by Thomas Gloerfeld March 23, 2021 by Thomas Gloerfeld March 23, 2021 Nacha is a non-profit organization that convenes hundreds of diverse organizations to enhance and enable electronic payments and financial data exchange within the U.S. and across geographies. Through the development of rules, standards, governance, education, advocacy, and in support of innovation, Nacha’s efforts benefit the providers and users of … 0 FacebookTwitterPinterestEmail
C2 Fall 2020 End-to-End Cloud Data Security: Shouldn’t It Be a No-Brainer? by Trevor J. Morgan & Mark Bower September 22, 2020 by Trevor J. Morgan & Mark Bower September 22, 2020 Hardly a week goes by without news of a high-profile data breach. Sometimes, the damage is quite limited either due to the low market value of the apprehended data, the strength of the data security in place, or even the sloppiness of the threat actor… 0 FacebookTwitterPinterestEmail
C2 Summer 2020 Robust security strategy for your hybrid IT by Thomas Gloerfeld June 23, 2020 by Thomas Gloerfeld June 23, 2020 What Is Hybrid IT? At its most basic level, hybrid IT is a blend of cloud-based and on-premises IT services. When applications and data were all maintained on-premises (or in-house) standardization was a best practise and security was much simpler. Now that the business and IT are realising the … 0 FacebookTwitterPinterestEmail