Category Archives: HP Security

  • 0

Speed up and optimize software delivery through DevOps

Category : HP Security

Download this Forrester Report—The Need for Speed: Drive Velocity and Quality with DevOps.

Does your Enterprise need a little more zip in its software delivery? Download this February 2017 Forrester DevOps playbook written by industry experts for infrastructure and operations (I&O) professionals. A complimentary copy can be yours, right now. Just fill out the form!

 Great products are no longer enough. Today’s customers demand speed and quality. This need for speed requires changes across the entire organization and delivery toolchain. This 17-page report provides a detailed discussion on how to achieve and sustain the speed of DevOps.
Three Key Takeaways:

Build a combined product team responsible for what you deliver to customers

  •   Move developers, along with operations, quality assurance, and release managers, into a single team that works on the entire pipeline, from commit to deployment across specific applications

Evaluate Your Progress with the five critical DevOps metrics

  •   The five critical DevOps metrics are: 1) time-to delivery; 2) deployment frequency; 3) change volume; 4) success rate; and 5) time-to-recovery

Prioritize Automation

  •   Dev and Ops pros must assemble a loosely-coupled (API-centric) tool chain, including elements like application release automation (ARA), and must integrate that tool chain with the continuous deployment pipeline
EXCERPT:

DevOps gives I&O leaders and their development peers a way to achieve the speed and quality that customers demand. This report offers I&O leaders the six-step checklist they need to achieve the speed of DevOps as well as the operating model for sustaining that speed.


  • 0

What to Look for in a Credible Unified Endpoint Management (UEM) Solution

Category : HP Security

Invest in a Unified Endpoint Management (UEM) solution that actually meets your device management needs. (No, all UEM solutions are not created equal.) This video outlines the capabilities to look for when you’re ready to move forward with UEM.

Source: http://content.microfocus.com/uem-at-its-best-web/video?sf66353688=1


  • 0

Getting Cloud Migration Right–Moving to AWS

Category : HP Security

Fri, Nov 3, 2017 11:00 AM – 12:00 PM EDT

Hybrid IT is the answer for maxed-out IT teams buried by demands for new digital services. Blending traditional IT models with newer ones—such as cloud—can give you the agility you need to compete in the digital world. But how can you quickly and reliably move servers to the cloud without business disruption? This webinar tells you how.

You’ll learn:

• How hybrid IT can optimize service delivery without sacrificing cost, availability, and reliability.

• What to look for in a server-migration solution when moving to Amazon Web Services (AWS).

• How cloud migration can enhance IT agility and business competitiveness as you drive digital transformation.

The demand for digital services often requires an accelerated move to the cloud. Don’t act without doing your research. Start with this webinar


  • 0

COBOL to the core

Category : HP Security

A COBOL Context

Micro Focus has evolved to become a much larger organization nowadays. At that heart of that organization sits COBOL technology. In the recent press publication, “Why New CEO Will Keep COBOL a Key Focus of Micro Focus”, Chris Hsu, CEO of Micro Focus explains why this technology is so significant both to Micro Focus and our customer community.

As outlined by Micro Focus’ executive chairman Kevin Loosemore, the ethos driving Micro Focus is that their “customers […] can maximize the value of existing IT investments and adopt new technologies — essentially bridging the old and new.”

The Micro Focus COBOL history is a perfect illustration of customers continuing to derive value and future innovation from previous IT investments. “Forty years ago, Micro Focus had COBOL, predominately mainframe COBOL, and helped in the development of COBOL applications,” Hsu said. “Today, COBOL is still one of the largest assets in the portfolio.”

The COBOL secret?

COBOL’s popularity is actually no secret at all. It doesn’t receive the same fanfare as other contemporary technology; it quietly goes about running the global economy, supporting large-scale enterprise systems across many major sectors and industries. Various sources reinforce the ubiquity of COBOL – over 90% of the fortune 100, the vast majority of major banks and insurers, with large footprints across retail, healthcare, government, automotive and other sectors. Hsu comments, “Mission-critical applications in COBOL still run most of the major at-scale transaction systems, such as credit-card processing [and] large travel logistics”.

Its status as a valued computer language, in a diverse technology market, has persisted. One respected measurement, the TIOBE index shows COBOL at number 23 as of October 2017. More significantly it shows COBOL as present in the top 30 since 1987, one of only 3 languages that can make that claim over that period.

What’s so good about COBOL?

COBOL can be traced back to the pioneer Grace Hopper in the late 1950’s and has evolved over the decades thanks to care and attention from Micro Focus (and others). Over the years it has developed a reputation and staying-power, largely thanks to five key characteristics. We have blogged about those strengths previously, but it is significant how much of that truth remains.

Foresight – Ensuring enterprise applications meet tomorrow’s needs today

As a modern language, COBOL supports all contemporary deployment architectures, leading edge technology and composite applications. It will integrate with Java, C++ & C#, deploy to cloud, mobile.NET and JVM, and runs across over 50 market leading platforms. Micro Focus invests tens of millions of dollars each year so our customers have a simple path to future innovation

Heritage – Five decades of heritage, thousands of organizations, billions of lines of value

New applications often mean delivering business value through new channels. Using the business logic built into existing COBOL applications provides a springboard for accelerated delivery of IT services. Furthermore, other apps and systems can easily access COBOL logic and data through APIs and integration points

Portability – COBOL: the original write once, run anywhere technology

Micro Focus COBOL technology enables the same application to run unchanged across many platforms. This portability means COBOL developers can focus on building application value rather than on the nuances of the operating system

Fitness-for-purpose – Engineered for building enterprise-class business applications

Today’s enterprise applications must offer robustness, strong data manipulation, accuracy, speed and accessibility. Micro Focus COBOL products offer numerical arithmetic accuracy to 38 digits, strong and rapid data manipulation and SORT capability, with a proven record of thousands of live deployments

Readability – Ease of use means developers can focus on business

COBOL is simple to understand, read and code. Other language syntax is, by comparison, opaque and unintuitive. COBOL is far cheaper to maintain as a result. COBOL products work using standard IDEs, putting COBOL in a familiar, productive environment

What has changed?

Within in a few years, the IT world has changed immeasurably – Blockchain, AI, IoT, mobile devices along with the increasing ‘Digitization of everything’. Meanwhile, Java came of age, the Mainframe turned 50, and Linux turned 25. Core business systems need to modernize for the digital age.  This is driving the appetite for modern tooling to help transform core COBOL systems.

Micro Focus thinks change and growth is the norm. The COBOL franchise is literally three times the size it was back in 2001, Chris Hsu said. “This has to do with the fact that [Micro Focus] continue to make the COBOL applications accessible on newer platforms,” he added. “While customers are moving some of their apps to public cloud, a lot of their business-critical apps are remaining on-premise,” Hsu said, “and the data is being spread across everything. What our software does is manage and simply the complexity that customers now have to manage across a set of deployment models from mainframe to public cloud.”

It could be argued that in Enterprise IT, the only constant is change. Indeed that’s exactly what we have argued before.

Challenges Ahead

Upholding and developing COBOL’s reputation is a Micro Focus cultural objective – and the facts are on our side. Hsu says “Micro Focus has been around for 40 years. That COBOL software is unbelievably efficient and relevant today”. In the October 2017 Gartner symposium, the keynote address predicted that 90% of all of today’s applications will still be in use in 2023. Valuable systems endure; COBOL systems. It’s hard to argue against that.

Source: https://blog.microfocus.com/micro-focus-cobol-to-the-core/

Author: Derek Britton


  • 0

Best Practices in Release and Deployment Management

Category : HP Security

Automation is the quickest route to high performance, but ineffective release management contributes to up to 80% of production incidents.

Find out how to build on the success of automation by optimizing toolchains, simplifying handoffs, and standardizing processes. Adopting key best practices will accelerate your DevOps transformation.

Request the white paper to learn:

  • When Agile methods and continuous integration aren’t enough
  • 4 questions you need to ask when improving software releases and deployments
  • How to increase your responsiveness to the business
  • When Excel and Word reach their breaking point while tracking testing
  • The 2 most important practices high performers use to become more efficient

Discover how to streamline your release process and improve operational efficiency.

EXCERPT

The velocity and complexity of application releases continue to increase as businesses adapt to new economic conditions. Manual deployments, poor collaboration between teams, and lack of control of the release process all lead to poor quality releases at a high cost to the business. In order to achieve higher levels of performance, organizations should use an Agile and lean approach to release management.

Request Now


  • 0

Worried by PGP private key exposure stories? You don’t have to with contemporary Identity-Based Encryption.

Category : HP Security

This Register blog post shows precisely why older static and complicated public key infrastructure (PKI)-oriented key management models introduce more risk from user error and have catastrophic consequences if exposed.  Their origins in the pre-web era’s epoch may have worked for a few techy users, but that’s quite different to today’s high threat, highly connected internet.

While this particular key might be used for all sorts of things like signing documents, patches, it could also be used for decrypting email. What’s worse is there’s no easy way to easily revoke PGP (Pretty Good Privacy) keys apart from a lot of manual digging and hard coding efforts. Messy indeed. This key leakage likely happened because ownership and control over the key itself was handled by someone who was not expert in key management – who exposed it by accident to the planet.

Yet that’s pretty much what most everyday internet users are – not experts in key management – and neither should they be. Secure Email communications should not be for the realm of the few experts that can figure out complicated key management, key splitting, private/public components and protection. Yes, users should be aware of strong passwords and good internet practice, but not have to be deep experts. That would be a bit like requiring you to be an expert in lock technology every time you wanted to pop out to the shops and come back to unlock your front door.

This is why a technology called Identity-Based Encryption (IBE) was invented by the founders of Voltage Security with crypto experts at Stanford, like Dr. Dan Boneh, and why SecureMail was created to make secure email communications much easier without end users having to worry about keys, key management and all the mess and great responsibility that comes with it.

With IBE, a well-accepted standard (IEEE, ISO etc), a person’s identity and other easy-to-manage parameters (like time of day) becomes their public key. The actual keys used to encrypt and decrypt are generated on the fly using state-of-the-art cryptography in real time. This means that keys don’t need to be stored or managed by people, but computed on demand. This stateless model also means avoiding the dreaded key store, database or vault which itself is a pain to manage and backup, and a target for attack and creates its own share of messy problems. Nobody wants to be the key-store backup guy taking every Friday to sync and restore a load of PGP keys that are keys to the kingdom.

With IBE, this modern on-demand generation also permits total control based on changing risk scenarios when deciding accesses to data. Unlike PGP where the key has to be locally unlocked by that end user again from a local file or store, IBE separates authentication and key generation. So, we can make good decisions at the time we need the key. Do I trust the end user right now? Are they authentic? Is their history of behavior showing a sign they are compromised and keys should not be generated, or is the user in a trusted location and this allowed to access data? That’s far more aligned to today’s risk-driven need for privacy and security. Also, problems like meeting e-discovery needs for court responses or allowing DLP systems to decrypt to see content before transmission are all solved by this stateless, IBE approach. Powerful stuff indeed, and a perfect  balance of providing enterprise control with support for legal or government processes – controlled by the data owner at all times.

In addition, unlike PKI and PGP where your key has to be good….well, more or less forever, IBE keys are automatically rotated by time as it changes – automatically. So a compromise of a privacy key like in the above new story doesn’t create a “forever fixing it” problem that the PGP users are now going to have to figure out, it only impacts a small portion of time – and data processed in it. Risk is easier to manage, even in a compromise.

If you’d like to try this for yourself, you can. SecureMail cloud has free trials, and enterprises interested in a simpler, more friendly yet end-to-end secured email solution should take a look at SecureMail.

Source: https://www.voltage.com/encryption/worried-pgp-private-key-exposure-stories-dont-contemporary-identity-based-encryption/

Author: MARK BOWER


  • 0

The Attack on Enterprises for PII and The Need for User Behavior Analytics (UBA)

Category : HP Security

Information is the key. Information is what executives, employees, buyers, sellers, competition, and partners are in search of. Hackers are also in search of this same information and more. The information for individuals and enterprises is at the center of every business and security division worldwide.  The protection of this information is key.  The personally identifiable information (PII) companies have for their customers, clients, employees, and transactions is extremely valuable.  The cyber-attack and cybercrime statistics are across the news:

The steps to protect PII within organizations and to be aware of the possibility of insider leaks is at the forefront of security operations (SecOps) and security operations centers (SOC) globally.  The focus of cybercrime has begun its shift away from vulnerabilities within hardware and software and has shifted to focusing on people.  Malware, phishing attacks, ransomware and other methods have become the central focus for hackers and the “bad guys”.  There is also a threat of irregular behavior by employees that can lead to the release of PII, credentials, critical company information and resources.  Companies and SecOps teams need to strengthen their stance on these threats which affect their enterprise as much, if not more, than external attacks.

User Behavior Analytics.jpg

As a solution to internal security concerns and threats of the release of information, enterprises have begun to employ security information and event management (SIEM) and user behavior analytics (UBA) solutions within their environment. SIEM solutions allow organizations to detect known threats from threat intelligence collected and implemented into the environment.  UBA solutions allow organizations to track inside behavior activity through key machine learning to identify data leaks, account compromise, or insider abuse.  Through the detection of anomalies by inside behavior companies are able to stay ahead of potential breaches.

Another critical factor to the protection of PII for companies is the increase in remote workers.  Remote workers are more prevalent as companies grow and expand their presence and these workers often time utilize non-traditional methods for accessing company resources.  Through UBA, companies are able to monitor worker activity, patterns, and behavior to ensure security throughout their environment.

Protecting PII for internal use, customers, and clients is of the utmost important for enterprises.  Implementing intelligent solutions with adaptability, analytical capabilities, and customization allow organizations to protect themselves from known threats outside of the environment and also protect themselves from insider threats by employees and resources.

ArcSight Enterprise Security Manager (ESM)

ArcSight Enterprise Security Manager is a comprehensive real-time threat detection, analysis, workflow, and compliance management platform with increased data enrichment capabilities. ArcSight detects and directs analysts to cyber-security threats, in real time, helping SecOps teams respond quickly to indicators of compromise.  By automatically identifying and prioritizing threats, teams avoid the cost, complexity and extra work associated with being alerted of false positives. ESM allows SecOps organizations the ability to have a centralized, powerful view into their multiple environments creating workflow efficiency for streamlined processes.  Through improved detection, real-time correlation, and workflow automation, SOC teams can resolve incidents quickly and accurately.

ArcSight User Behavior Analytics (UBA)

ArcSight analytics solutions enable enterprises to detect advanced cyberattacks in real-time, giving security teams the insights needed to investigate and remediate threats quickly. Working symbiotically with SIEM technology, our solutions analyze and correlate every event across your IT environment, prioritize the highest risks, and display the resulting data in a customizable dashboard. An advanced analytics solution giving enterprises visibility into their users, network, data, and applications. ArcSight Analytics makes it much easier to gain information and anticipate, recognize, and mitigate threats.

For more information on SIEM award-winning ArcSight ESM, please visit:
https://www.microfocus.com/arcsightesm

For more information on ArcSight User Behavior Analytics, please visit:
https://www.microfocus.com/uba

Source: https://community.saas.hpe.com/t5/Protect-Your-Assets/The-attack-on-enterprises-for-PII-and-the-need-for-User-Behavior/ba-p/1615579#.Wczf4GhSxPZ

Author: Ray McKenzie


  • 0

ACI Worldwide Success Story

Category : HP Security

“The Silk tools are now instrumental to our software release schedule and support is very important to us. Micro Focus support is very responsive and professional and has not let us down.”

ACI Worldwide, the Universal Payments (UP) company, powers electronic payments for over 5,100 organizations around the world. More than 1,000 of the largest financial institutions rely on ACI to execute $14 trillion each day in payments and securities.

CHALLENGE

Through its comprehensive suite of software and SaaS-based solutions, ACI delivers real-time, immediate payments capabilities and enables the industry’s most complete omni-channel payments experience. A continuous integration process ensures application testing is at the center of the software development lifecycle at ACI, and every day, over 10,000 tests are executed.

However, the lack of a centralized test repository meant that ACI didn’t have complete visibility, as James Griffiths, Automation Architect at ACI, explains: “We spent lots of time manually creating reports. The administrative overhead for reporting, assigning tests, and checking execution progress was just too high and we needed an automated solution to keep pace with the ever-changing and growing business requirements.”

SOLUTION

A thorough market review highlighted the Silk suite of products as a solution to improve test integration and management. Micro Focus Silk Test, Silk Central, and Silk Performer were soon implemented to create a streamlined, end-to-end, application testing process. The integration between the tools paid dividends straight away through the ability to integrate requirements and defects into the testing cycle; have a real-time test execution status; plan test execution and maintenance; and provide structured reporting.

Griffiths comments: “We really like the Silk Test scripting capability, which allows us to perform hands-off installs and updates to our payment solutions. Silk Performer helps us to execute multiple tests from command line by running a batch file. We have built a framework to automate the execution of load tests and the generation of custom reports to save time that can be dedicated to actual performance engineering. The Silk Performer features make it easy for us to analyze test results, create reports, and troubleshoot any errors.”

By running load and duration tests with Silk Performer, ACI can identify and fix system and code bottlenecks to ensure the application’s reliability and scalability. These non-functional requirements become critical considerations early in the software development life cycle, to avoid having to do costly fixes late in the cycle.

Using the automation features of Silk Test, ACI can test earlier in the development cycle using a continuous integration strategy. Through early testing, the application reliability and quality has increased considerably.

The partnership with Micro Focus throughout the implementation and subsequent use of the Silk solutions was great, as Griffiths adds: “The Silk tools are now key to our software release schedule and support is very important to us. Micro Focus support is very responsive and professional and has not let us down.”

RESULTS

Silk Central and Silk Test have eliminated the administrative overhead and automated test assignment and execution. A full reporting process is included.

Griffiths concludes: “We can deliver new software releases much faster using our Silk-powered testing process. We save two days of manual intervention during the install and update phase of each release. With nearly 60 releases each year, this adds up to a massive productivity gain for us; time we can now spend on developing new features and added value for our customers.”

Source: https://www.microfocus.com/success/stories/aci-worldwide/w_icid=LinkedIn&sf62924861=1

Author: JAMES GRIFFITHS


  • 0

Micro Focus Accelerates Deployment of Hybrid Cloud Workloads with Sensitive Data

Category : HP Security

Voltage SecureData Cloud for AWS enables consistent data security and privacy controls for scaled analytics, enterprise data processing, and mission critical transactions

Micro Focus today announced Voltage SecureData Cloud for AWS, an extension of SecureData, a market-leading platform for end-to-end data-centric security, developed for Amazon Web Services (AWS). Voltage SecureData Cloud for AWS enables consistent data protection across hybrid IT environments and is critical for meeting the needs of today’s high-scale data-driven enterprises concerned with privacy and security mandates.

The shift to hybrid IT is providing new value to businesses by delivering additional scalability and management, as well as helping to reduce IT costs. However, this has also created new complexities, risks and vulnerabilities in preserving privacy and protecting sensitive information, especially with more demanding data privacy and security regulations such as General Data Protection Regulation (GDPR), New York State Department of Financial Services (NYDFS), and Payment Card Industry Data Security Standard (PCI DSS) 3.2. According to Forrester, spending on global cloud security solutions to reach $3.5 billion by 2021 — an annual growth rate of 28% over the next five years. [1]

“Traditional infrastructure-centric security models are challenged as organizations deploy hybrid cloud workloads with sensitive data at DevOps speed,” said Mark Bower, Global Director Product Management, Data Security, Micro Focus. “Voltage SecureData Cloud for AWS provides quick-to-deploy, data-centric security to de-risk sensitive and regulated data directly from the cloud, empowering organizations with increased scalability for securing data processing and mission critical transactions.”

Voltage SecureData Cloud for AWS provides easily scaled AWS SecureData services, allowing enterprises to quickly launch on AWS in order to reduce their time to market while incorporating best-in-class data security. With its unique stateless architecture, high scalability and increased agility, SecureData Cloud for AWS is able to handle carrier-grade application workloads and analytic data volumes.

Voltage SecureData Cloud for AWS:

· Enables customers to seamlessly maintain data security, easily deploy and take advantage of AWS capabilities for scaling and operation.

· Embeds data security consistently and seamlessly across hybrid cloud environments to lower data risks on workloads off and on-premises.

· Extends a platform agnostic security strategy that simplifies deployment of a trusted modern IT architecture to the cloud.

· Enables organizations to secure and de-identify structured data, enabling deeper utilization and sharing with trusted third parties, ingested in big data environments or on the cloud, such as AWS.

· Streamlines compliance for regulations such as the General Data Protection Regulation (GDPR) and PCI by eliminating live personal data exposure.

Availability:

Voltage SecureData Cloud for AWS will be available globally in September 2017. To learn more about SecureData Cloud for AWS, visit www.voltage.com.


  • 0

Law v. Technology

Category : HP Security

A great number of the cases that make it to the United States Supreme Court hinge upon the Fourth Amendment (henceforth 4A) to the U.S. Constitution. The protections this Amendment offers against unreasonable search and seizure need frequent interpretation against changing technology.

In early June, the high court agreed to hear Carpenter v. United States. Timothy Carpenter’s 2013 armed robbery conviction was based partly on cellphone metadata—location information showing where he (or his cellphone, anyway) was at various times. Had this metadata been obtained through a probable cause warrant, the case would not have been considered by SCOTUS (Supreme Court of the United States); however, because no warrant was obtained, the contention is that this was a violation of his 4A freedom from unreasonable search and seizure.

This case may sound similar to the Constitutional challenges to the NSA metadata collection revealed by the Snowden leaks. It differs in that the NSA program was much broader and less targeted; SCOTUS has thus far declined to hear several cases stemming from the program, but has agreed to rule on Carpenter.

Previous, long-standing rulings have established the Third-Party Doctrine (3P), which states that information voluntarily given to third parties is not covered by 4A. This evolved in the 1970s, specifically with regard to phone “pen registers”—landline metadata, showing numbers called by a target phone number (Smith v. Maryland). The contention then was that by dialing a phone, the target was aware that this information was being sent to a third party, and thus was giving up his or her reasonable expectation of privacy. Cellular location data is clearly at least somewhat different; the Court will decide whether it is different enough. Like all cases that reach the high court, there have been a variety of past decisions on this exact issue, in both directions, at various court levels.

There has been increasing pressure for the Court to reconsider 3P as people have become more aware of the amount of personal data that is being captured and stored by companies. It is one thing for a company to reveal that I am a customer, sharing with law enforcement the information I provided them when I signed up; it is not necessarily the same thing for a cellular provider to share information about the location of my cellphone every time it moves. I may know that they have this information, but I may not; worse, the cellphone will continue to be observed when it is not in public spaces, such as within my car or home, which are not public spaces and in which the courts have held that I do have a reasonable expectation of privacy.

A key 4A term is “reasonable”: not only is that word subject to interpretation, but that interpretation will quite reasonably vary over time. In the 18th century, nobody imagined electronic bugs, much less cellphones, remote laser listening devices, or spy satellites! These change the equation significantly. In United States v. Jones, 3P was ruled not to apply to a GPS tracker placed on a vehicle without a warrant. In that decision, Justice Sonia Sotomayor wrote that “it may be necessary to reconsider [3P]…This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks”. This reflects the court’s awareness that societal and technological changes have effects on interpretation of the Constitution.

For most of us, automated personal data collection and storage by new technology is usually just an annoyance (unless it is unprotected, and gets stolen and used); for someone like Carpenter, facing a 116-year prison sentence, it is clearly much more serious. If the Court rules in his favor, it is difficult to imagine how the more general NSA program can be defended constitutionally. It will be interesting to see how this case shakes out, and its impact on our privacy (or lack thereof).

Source: https://www.voltage.com/technology/law-v-technology/

Author: Phil Smith


Support