XDP Protecting BASE24 XPNET
Bank Protects BASE24/XPNET Audit Files with XYGATE Data Protection
XYPRO has been working with our customers to implement XYGATE Data Protection (XDP) in a variety of different environments.  One of our customers, a top 10 U.S. bank, runs a sizeable BASE24 installation, over multiple HPE NonStop Servers and physical locations.   BASE24’s middleware component, XPNET, provides an audit feature, essentially a trace function, for troubleshooting and other support functions.  This customer uses XPNET audits extensively throughout their enterprise, and their PCI assessors noted that those files can contain sensitive data, including PANs, and must be protected according to PCI DSS 3.4 requirements.
Encryption on HPE NonStop with no application code changes
The bank, already an HPE SecureData (formerly Voltage) enterprise user on other platforms, had previously hesitated to implement SecureData on NonStop because of the perception that implementing it would require extensive code changes.  However, XYPRO’s XDP product, through its Intercept Library, provides access to all HPE SecureData functionality with zero code changes to the core application.  The XDP Intercept Library intercepts all I/O calls and transparently invokes SecureData to apply either Format Preserving Encyption (FPE) or Secure Stateless Tokenization (SST) to protect any sensitive fields in the data being processed. This results in no sensitive data being written to disk in the clear, and allows customers to meet PCI and other regulatory requirements, without making costly changes to their application.
XYPRO tested XDP extensively with XPNET, requiring some careful engineering work with our own in-house BASE24/XPNET installation, as XPNET is supplied in object code form only, unlike most BASE24 components which ship with source.  While we were able to confirm that the vast majority of XPNET I/Os were already covered by the existing XDP functionality, there were a few unusual use cases that required some additional code in XDP.
Sensitive data protected in multiple environments
After that development work completed, we provided a new version of XDP to the customer, who were thrilled to have such significant concerns addressed and they have now gone live in a number of their environments.  The XPNET audit files, and the sensitive data they contain, are now protected, and the customer can move on with other business needs.
Going forward, XDP will be used to protect other parts of the customer’s BASE24 environment, and we look forward to working with them on those projects.
For more information on how XDP can help you address your data protection needs, please see the #3 entry in our Top 10 NonStop Security Fundamentals, XDP on our website, or contact your XYPRO sales rep.
 
Andrew Price
andrew@xypro.com
 
HPE NonStop Security