comforte Purchases SQL/MP and SQL/MX
Seamless Intercept Technology from TANDsoft

TANDsoft Inc. is pleased to announce the sale to comforte AG of TANDsoft’s Sensitive Data Intercept (SDI) for the exclusive use of tokenization and encryption of NonStop SQL/MX and NonStop SQL/MP data. SDI seamlessly intercepts SQL/MP and SQL/MX database access calls. It is an essential component in comforte’s SecurDPS suite of data protection products. With the acquisition, comforte strengthens its position as the only vendor to offer transparent column level tokenization and encryption on HPE NonStop.

TANDsoft specializes in interception technology. NonStop customers use its solutions to enhance application functionality without the need for application modifications nor, for that matter, source code. comforte is a global leader in enterprise data security and cloud-native tokenization as well as connectivity and digital enablement solutions on HPE NonStop. They serve over 500 enterprise customers worldwide.

OEM partners since 2014, the two companies collaborated in the past to successfully implement the protection of NonStop SQL data for comforte customers. SDI’s SQL/MP and SQL/MX components for column level interception now are the property of comforte.

In addition to the technology purchased by comforte, Sensitive Data Intercept serves as the foundation for several other TANDsoft products. For instance, SDI-Trace enables NonStop users of Enscribe, SQL/MP, and SQL/MX to view data written to and read from disk, to audit who or what is accessing sensitive data, and to log the dates and times of access.

The SecurDPS product suite provides the technology to protect sensitive data with minimal efforts and without changing existing applications. SecurDPS allows organizations to take complete control of their sensitive data, thereby lowering compliance costs and significantly reducing the risk of data breaches.

To learn more about any or all TANDsoft products, contact Jack Di Giacomo (+1 514-695-2234 / jack.digiacomo@tandsoft.com) or Dieter Orlowski (+1 303-263-4381 / dieter.orlowski@tandsoft.com.)

Contact comforte’s Thomas Gloerfeld (+44 782 4818237 / t.gloerfeld@comforte.com) for information about SecurDPS, or visit www.comforte.com.

TANDsoft is a global provider of innovative HPE NonStop software solutions for use in time virtualization, application modernization, security, and business continuity. Many NonStop customers use our intercept technology to enhance application functionality with no program modifications. Check us out at www.tandsoft.com.

President Biden's Cybersecurity Order 101: The Essesntial Guide

On May 12th, 2021, President Biden released the “Executive Order on Improving the Nation’s Cybersecurity”. It’s primary goal is to secure our national digital landscape. What we’re seeing is an overdue, full-force reaction to the threats to cybersecurity and operational infrastructure.

This order is primed for success due to the increase and impact of cyberattacks targeting the US government and critical infrastructure. The size and scope of this document would imply that it has been something in the works for some time. It’s a lot to read and it can be hard to discern how the digital community will be required to respond to it, but we will break it down...

Much of the document is a delegation of assignments to discover the gaps in our nation’s security implementations. It also calls upon the vast array of governmental agencies to remove barriers to sharing threat information among one another when breaches, malware and unauthorized data is distributed.

This is a watershed moment for cybersecurity because federal agencies are now required to implement multi-factor authentication (MFA) across their IT environment. In terms of cybersecurity protection, MFA provides the best bang for the buck. It's only a matter of time before this requirement makes it down to the financial services and the payments industry as well as other critical infrastructure sectors.

Another focus area are the risks posed by third parties. Most of these attacks have found their way into government agencies through insecure third parties. This executive order requires all third parties working with the federal government to strictly adhere to these basic, yet powerful guidelines or risk losing their contracts and being blacklisted.

Read More Here…

BrightStrand International

NonStop(tm) Services

No smoke, no mirrors, no snake oil.

Just NonStop Services to suit you.

www.BrightStrand.com

Newsletters

Missed a Newsletter? Catch Up Here

Find out about Tandemworld

Top 5 Global Bank relies on TANGO for superior agility & Impressive cost savings

THE CLIENT
This Lusis Payments customer is one of the largest financial institutions in the world. The organization has over 10 million global customers. They provide tailored banking solutions for personal, small business, commercial and cross border payments.

THE NEED: Freedom from a Constraining Legacy Payments Platform
The client's business was becoming severely constrained by their 28 year-old legacy payments system. The high cost of ownership, lengthy development times, and soaring maintenance challenges became urgent pressures for change. The legacy software was widely utilized throughout the client's vast line of banking services. It was therefore crucial that the new solution would provide a highly extensible architecture, facilitate low-risk migration projects, and have the robustness to handle diverse and high-growth volumes.

Additional high-priority requirements included;

a demonstrable reduction in application lifecycle costs,
increased efficiencies in supporting new regulations and scheme mandates, and
the agility to continually, and rapidly, adapt to changing consumer needs.

THE SOLUTION: TANGO by Lusis Payments
The client performed an extensive study of all leading payments solution providers. This analysis showed the decisive advantages of selecting TANGO from Lusis Payments. The TANGO solution far exceeded all of the client's business and technical requirements. TANGO's architecture, flexibility, and cost of ownership advantages were identified as particularly compelling.

THE RESULTS: Cost Savings, Scalability and Growth
The switchover to TANGO provided the client with an immediate 50% reduction in total cost of ownership. The initial implementation was followed by several additional phases including ATM, remote banking, DCC and others.

For more information about converting your Legacy system to TANGO, please visit www.lusispayments.com/user-profiles or contact Brian Miller at Brian.Miller@lusispayments.com.

Gravic Offers Two Add-on Products to HPE Shadowbase Suite

We are pleased to offer the following add-on products to the award-winning HPE Shadowbase data replication suite of products for our HPE NonStop customers.

HPE Shadowbase Compare is now being sold into every NonStop Business Continuity (BC) solution, regardless of the data replication product in use

HPE Shadowbase Compare validates that the target matches the source and is how users can validate and verify that their replication configuration is correct, complete, and working properly. This link includes additional information about the benefits of HPE Shadowbase Compare (including a new, short video).

2. HPE Shadowbase Essentials is now being sold into every NonStop Data and Application Integration (DI/AI) solution, regardless of the data replication product in use.

HPE Shadowbase Data and Application Integration solutions allow customers to replicate their NonStop data to and from other database and application environments, including replicating Enscribe to SQL, or between the NonStop and Other Server target databases such as Oracle, SQL Server, Sybase, DB2, SAP HANA, MySQL, Postgress, etc. The HPE Shadowbase Essentials bundle includes data transformation and mapping facilities, DDL and schema format conversion utilities, and data cleansing functions that simplify these complex tasks. Please visit this link for more information.

We are always happy and available to answer any questions you may have and discuss these add-on products with you. Please contact us.

Gravic Presents on HPE Shadowbase Product Updates at

Upcoming BITUG Little SIG

Gravic will be presenting HPE Shadowbase Product Updates at this virtual event on June 22 (4:30-9:30 EDT). We will review HPE Shadowbase product updates and new developments in our main solution areas of Business Continuity (BC), Data and Application Integration (DI&AI), Data Validation (Compare and Repair), and the Essential Software Bundle.

We will also discuss audited vs. non-audited environments and why TMF and audited databases should be a critical and required backbone for modern HPE NonStop mission-critical applications. If you would like to attend, then please register at this link.

Please Read our HPE Shadowbase Spring Newsletter!

We hope that you will enjoy reading and finding a lot of interesting and helpful information in our Spring Newsletter:

· Executive Vice President’s Letter

· Focus on Product Management

· Development News

· Deployment News

· Delivery and Support Tips

· New Video and Articles

If you do not receive our newsletters, and would like to be added to our mailing list, then please contact us.

Hewlett Packard Enterprise globally sells and supports Shadowbase solutions under the name HPE Shadowbase. For more information, please contact your local HPE Shadowbase representative or visit our website. For additional information, please view our Shadowbase solution videos: https://vimeo.com/shadowbasesoftware.

The Changing Landscape of the Post-Pandemic IT Infrastructure

IT and security teams face new challenges associated with the trajectory of IT infrastructure as organizations prepare for a new normal coming out of the pandemic. In a short time, the pandemic has established a new operating model for many organizations.

Modern IT infrastructure is becoming highly diverse and dynamic, leaving many IT and security teams with a growing complexity problem. The rapid shift to remote work has further exacerbated the problem, leaving many IT and security teams blind to the personal networks and devices powering their remote workers.

Digital transformation initiatives have also accelerated the use of modern cloud operating models, as businesses seize the opportunity to engage digitally within this new standard. Managing and securing this increasingly complex environment begins with a basic understanding of the individual IT assets involved in operating the business. From core business applications to productivity and collaboration tools, security teams must consider every part of the IT infrastructure.

Collectively, these assets represent an attack surface that must be protected against an ever-expanding threat landscape used by cyber-criminals to compromise infrastructure and carry out malicious activities. When IT and security teams lack visibility into any part of their attack surface, they lose the ability to meet security and operational objectives, putting the business at risk.

While the move to the public cloud was already well underway, the pandemic further accelerated the use of cloud-delivered productivity and collaboration tools while motivating businesses to expedite digital transformation initiatives, widely leveraging public cloud infrastructure.

These trends have spread data across a wide variety of infrastructure, multiple cloud service providers, and numerous SaaS applications, creating new complexity in securing and managing data privacy for critical data assets.

When IT and security teams lack understanding about where critical data assets reside, they cannot protect critical assets and uphold regulatory compliance laws.

Developers are under pressure to build and ship applications faster than ever and update applications frequently through automated processes. Corporations are now deploying applications developed on containers straight into production, managing them with orchestration tools such as Kubernetes, and running them in the cloud.

As a result, productivity increases, but so does the risk. Striking a balance between speed and security requires a strategy to proactively address cloud-native security requirements with developers and the operations team to ensure protection is built into the software development lifecycle. That allows an organization to detect security issues earlier in the development lifecycle without slowing down the whole works.

Organizations must implement a central security strategy to ensure secure access to information across the different cloud environments. The unified policies should govern access and control, regardless of whether the security gateways and services are located onsite or on the Cloud.

An organization has to consider deploying the right security solutions for cloud-based business operations. Strengthening network and IT infrastructure security are crucial for businesses. When it comes to cloud security, it is not just about simply placing a firewall at the peripheral of the cloud Infrastructure. From a security standpoint, it includes a comprehensive analysis of the current policies, procedures, and security standards that are in place.

Depending on the findings and current security stance, the organization will have to implement numerous security tools, including Intrusion Prevention and Detection Systems, Identity Access Management, and Multi-factor Authentication.

The use of Identity and Access Management (IAM) within cloud application deployments will become more relevant as organizations modernize security approaches and technologies to align with access to the public cloud. Identity management lets you define core identities for all resources and users, provide access to those resources, offer a centralized, enterprise-wide mechanism to store and read those identities, and manage how you can operationally leverage each.

Minimize security gaps with

Multi-Factor Authentication

Modern authentication methods represent a more robust security structure, and also provide a better user experience when logging into applications. MFA also makes it easier for auditors to get answers to critical compliance questions; providing information such as which users are granted access to which system, and also how the access policy is being reliably enforced. Additionally, some of the modern MFA applications available today also include reporting capabilities, which ensure that

compliance standards, such as PCI DSS, are being met.

CSP Authenticator+™ supports numerous authentication factors for NonStop. It provides a RESTful interface that supports multi-factor authenticated logins on NonStop systems. CSP Authenticator+ resides on the NonStop Platform and uses an OSS “bridge” to connect to the RESTful interface of the CSP Authenticator+ web server.

CSP Authenticator+™ Dashboard

CSP Authenticator+ can provide authentication services via Safeguard Authentication SEEP, or Pathway and Non-Pathway servers. Almost any application, including TACL, can now easily support multi-factor authentication (MFA).

Authentication methods such as RADIUS, RSA Cloud, Active Directory, and Open LDAP are supported. Additional authentication methods include RSA SecurID, Email, Text Message, and Google Authenticator. You can now enable MFA logins for different applications, making them more secure!

CSP Authenticator+ Key Features:

· Support for various authentication methods

· Browser-based user-friendly interface

· Standardized authentication across platforms

· Configurable for all or selected users

· Support for virtual addressing

CSP - Compliance at your Fingertips™

For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com

We Built the Wiki for NonStop Security ®

The CSP Team

+1(905) 568 –8900

The Growth of “Buy Now Pay Later”

The Credit Market is nothing new. People have always looked for ways to receive goods with the promise to pay later.

Since the original Travel and Expenses card for the travelling salesman was introduced back in the 1950s, credit cards have grown to meet the demand for business and consumer credit. The market is huge, with estimates of over 20 trillion dollars moving through it in 2020.

The world however is always evolving and the growth of “e” and m-commerce has seen a spike in the buy-now-pay-later culture. You may well think that Credit Cards offer this already, but let’s bear in mind that not everybody wants a credit card. They are to some degree associated with the banks and millennials and Get “Z”ers are not exactly admirers of banks. In addition while virtually everyone has a phone, they may not have a bank account.

So at the e/m-commerce check-out when you’re offered a way to pay, you’ll increasingly see the Buy-now-Pay-Later option offered by the likes of Klarna and others. This finance option is instant, at the point of sale, and very low on friction. There’s often a very simple sign-up, and it’s more convenient than any credit card application. Be careful how and where you tap. Grannies beware if you have shaky fingers.

With e-commerce and particularly m-commerce seeing annual growth of around 40% in some markets we are likely to see these new credit options continue to grow.

Sitting behind these BNPL choices are technologies such as OmniPayments OmniCloudX solution. Consumers want choice of payment options and OmniPayments is delivering it through its cloud-based solution. Merchants who want to manage their own payment choices can now deploy Buy-Now-Pay-Later with OmniPayments.

BNPL requires the dynamism of a true real time card processing system, one that can both create a virtual card record entry in real time, capture enough of the customer’s details and associate that purchase with that same card record, and be ready to generate communication with the clients to remind of the due payment and options for payment.

OmniPayments provide BNPL as part of its Card Management, Authorisation, Loyalty, and Fraud Management Portfolio.

For more information on how we can help you integrate Buy Now Pay Later services into your
internet payment gateway, please see our illuminating YouTube videos (https://www.youtube.com/watch?v=jHioqS1ZXOA), follow us on Twitter “@omnipayments” or visit www.OmniPayments.com for further information.

Ask TandemWorld

Got a question about NonStop ? ASK Tandemworld

Keep up with us on

Twitter @tandemworld

We are currently seeking skilled resources across the EMEA region,

contact us for More Info

www.tandemworld.net

PCI DSS 4.0 Is Coming. Will You Be Ready?

Since the release of PCI-DSS 3.0 in 2013, the PCI Security Standards Council has been quite busy. A little over a year after it was published, the council released PCI-DSS 3.1, followed by several new templates and supplements, including the “Migrating from SSL and early TLS Information Supplement” in April 2015 which highlighted the risks of SSL and TLS 1.0. The supplement described a migration plan as well as set a migration deadline of 1 July, 2016.

That migration deadline caused concern because SSL is so widely utilized in the payments industry. Organizations felt the tight deadline could significantly disrupt business. On the other hand, so can a data breach. The PCI Security Standards Council took notice and in April 2016, released PCI-DSS 3.2, which extended the migration deadline to 2018. Version 3.2 also clarified previous requirements and introduced new requirements around Personal Account Numbers (PAN) Masking and Multi-Factor Authentication (MFA).

In 2018 PCI DSS version 3.2.1 replaced version 3.2 to account for effective dates and SSL/early TLS migration deadlines that had passed. No new requirements were added in PCI DSS 3.2.1.

If you’ve been following the standards over the last year, you may already know that PCI DSS 4.0 is right around the corner, due out in mid-to-late 2021.