XYPRO partners with CyberArk and SailPoint to maximize enterprise identity governance and security investments for HPE NonStop servers.
Integrate HPE NonStop servers with CyberArk Privileged Access Security Solution
Steve Tcherchian, CISSP / CISO and Director of Product /XYPRO Technology
Expanding on the recent strategic SailPoint partnership and integration for the HPE NonStop Server, XYPRO is thrilled to announce our partnership with CyberArk, the leader in privileged access security.
One of the most severe security risks to any organization is stale privileged accounts or the misuse, compromise or sharing of those accounts. Privileged accounts have elevated access to perform administrative functions. They can be administrator accounts, service accounts, firecall or emergency accounts, database connection accounts and applications accounts among others. Most of these accounts were set up ages ago when an application or system was deployed. They typically have multiple integration points and because of the risk of “brea
king something,” the passwords for these accounts are rarely rotated, and likely shared and improperly stored.
According to the Varonis 2018 Global Data Risk Report – 65 percent of companies have over 500 accounts with passwords that are never rotated. Passwords that are never rotated – or only rotated on an infrequent basis – have a higher likelihood of showing up in online password dumps and being used to infiltrate networks. Simply put – they’re a cyber criminal’s best friend.
Ensuring privileged account passwords are stored properly, changed regularly, meet complexity and compliance requirements, and are audited can be overwhelming to implement and manage. Current solutions for requesting and managing access to privileged accounts are manual, complex and frequently do not map to the core business initiatives. Unfortunately, governance is often an afterthought, leaving many enterprises vulnerable to increased security risks and potential non-compliance with external regulations or internal corporate mandates.
Why integrate your HPE NonStop servers with CyberArk?
To address this need, XYPRO has worked closely with CyberArk and our mutual customer base to deliver the only CyberArk integration for the HPE NonStop server. XYPRO’s XYGATE Identity Connector for CyberArk bridges the existing gap on HPE NonStop servers between identity governance and enterprise password management.
In today’s ecosystem where privileged account abuse is the most common way for hackers to compromise a system, proper credential storage and accountability is paramount in risk mitigation. Relying on manual methods is resource intensive, error prone and leaves gaps.
A password vault is the ideal way to automate these activities and address compliance needs.
Using XYGATE Identity Connector (XIC), your HPE NonStop servers can now seamlessly integrate with the CyberArk Privileged Access Security Solution, the most used and trusted privileged access security solution, allowing end-to-end password management of NonStop privileged accounts, such as SUPER.SUPER.
An organization typically stores privileged accounts and passwords, including NonStop account credentials, within the CyberArk Privileged Access Security Solution password vault. A user then requests access to a privileged NonStop account for a specified amount of time; for example, they may be granted access to the SUPER.SUPER account for two hours. Once approved, CyberArk securely releases the password to the user. When that two-hour time window expires, CyberArk automatically expires the current password within the vault and assigns the account a new password.
CyberArk would contain the new password for the account while the NonStop would still have the old password. The NonStop administrator must specifically be told to update the NonStop password to keep it in sync with the CyberArk Privileged Access Security Solution password vault. This manual process is typically executed via insecure methods such as email, SMS or simply writing it down in a text file stored on someone’s desktop. What is even riskier is that until this manual process is completed, which can be hours, days or more, the NonStop user originally granted access for only two hours has access to the privileged account the entire time; much longer than was originally authorized. This time-consuming process creates a serious security risk and compliance issue on the NonStop.
Using XYGATE Identity Connector for CyberArk, this process becomes automated, updating the NonStop server’s account password as soon as the password is rotated in the CyberArk Privileged Access Security Solution password vault, ensuring the user who was approved for access to the privileged account for two hours cannot log on to that account after the authorized time window has expired.
Most organizations already have active projects to extend their existing CyberArk and SailPoint investments into the rest of the enterprise platforms, processes and applications, of which the HPE NonStop can now be included with those integrations.
XYGATE Identity Connector for CyberArk comes packaged as a lightweight, easy to deploy, executable using a micro service framework that runs on your existing NonStop servers. Simply configure the service XML with the specific HPE NonStop server properties and run the deployer. XYGATE Identity Connector deploys quickly in a JAVA Virtual Machine (JVM) on OSS. No other software is required. Installation is simple, quick and secure. XYGATE Identity Connector for CyberArk supports both HPE NonStop user accounts and aliases.
Configuration from the CyberArk side is just as easy. Configure your IP address, port and credentials to connect to XIC and immediately begin vaulting your passwords and taking advantage of your already established corporate policies within the CyberArk Privileged Access Security Solution.
Why integrate your HPE NonStop with SailPoint IdentityIQ?
Complementing our new CyberArk partnership and integration is our HPE NonStop integration with SailPoint that we announced in March 2018.
Without centralized identity management, onboarding and off-boarding activities become a manual process, which is not only time consuming but introduces unnecessary security risk and compliance concerns. XYGATE Identity Connector for SailPoint provides complete control over who has access to your NonStop servers from a single enterprise location.
XYPRO’s XIC solution simplifies requirements and compliance activities. When an identity is disabled through SailPoint IdentityIQ, the corresponding account is immediately disabled on all NonStop servers on which the identity was provisioned. When that identity is removed using IdentityIQ, the account is immediately removed from all NonStop servers, ensuring the removal of stale accounts, improving your relationship with your auditors and strengthening your security procedures at the same time.
Using XYGATE Identity Connector for SailPoint, HPE NonStop customers can now integrate their NonStop servers with their SailPoint IdentityIQ, enabling seamless participation within the enterprise.
SailPoint’s industry-leading, powerful access certifications, governance controls and logical workflows allow NonStop customers to take full advantage of the capabilities provided by SailPoint that have long been available for other platforms.
To learn more about XYGATE Identity Connector, please contact your XYPRO Account Executive or visit www.xypro.com/identity.
Steve Tcherchian, CISSP
CISO and Director of Product
Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Information Security Officer and the Director of Product for XYPRO Technology. Steve is on the ISSA CISO Advisory Board, the NonStop Under 40 Executive Board and part of the ANSI X9 Security Standards Committee. A dynamic tech visionary with over 15 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience for customers in the Mission-Critical computing marketplace