Novell News

The IT infrastructure is a mass of incompatible systems with unique risk controls and policies, making compliance and risk management complex, time-consuming and costly. To address this, we recently expand our global partnership with SAP to help customers deliver confident business and IT governance, risk and compliance programs. The joint solution delivers:

• Performance – by improving predictability and automating and enforcing common controls while providing transparency to business processes across the organization
• Assurance – by lowering overall risk and increasing external and internal compliance
• Simplification – by eliminating resource silos and inefficiencies and by automating the process of discovering and remediating high-risk business problems

Companies also need experienced and proven guidance to help them integrate their siloed security and compliance efforts. Since 2008, Novell and Atos Origin have partnered to deliver this knowledge and experience helping customers meet stringent security, governance and compliance requirements.

“Today’s complex information security environment, combined with the pressure on budgets, requires an end-to-end approach that provides efficient solutions aligned with the business risk challenges,” says Paul Bray, senior vice president and head of global SAP for Atos Origin. “SAP’s Business Objects Governance, Risk and Compliance (GRC) and Novell’s Compliance Management Platform extension for SAP environments solutions combined with Atos Origin’s experience in integrating large security projects in complex IT environments enable customers to improve business predictability and performance, manage risk and reduce compliance costs.”

Visit the Novell booth (#140) to see this powerful solution in action at SAP Governance Risk & Compliance 2009.  You can also attend the session, Best Practices for Integrated IT governance Using Novell Compliance Management Platform Extension for SAP Environments, to learn more.

• Date: Wednesday, November 18
• Time: 10:15-12:00
• Location: Prague Congress Centre, Prague, Czech Republic

Today Tech Data, one of the largest global distributors of technology products announced Open Tech, a new channel for open source independent software vendors (ISVs) to market and sell their solutions to thousands of resellers nationwide.

This is a great step for Tech Data to recognize the cost reduction and performance optimization benefits of open source solutions.  SUSE Linux Enterprise is a robust platform that, combined with Novell’s entire product portfolio, empowers companies to build, manage, secure and measure mission-critical applications with a low cost of ownership.  A recent market survey, conducted by IDC and Novell, revealed that more than 72 percent of respondents are either actively evaluating or have already decided to increase their adoption of Linux on the server in 2009, with more than 68 percent making the same claim for the desktop.

Additionally, independent Software Vendors (ISVs) are demonstrating tremendous support for the SUSE® Appliance Program from Novell, the industry’s first, complete, end-to-end appliance solution that enables ISVs to rapidly build, update, configure and go to market with fully supported software and virtual appliances.

We’re pleased to support Tech Data Open Tech with dedicated Novell PartnerNet training programs and our world-class solutions. Our participation will help our developers and reseller partners become more profitable.

In the recent Gartner Report, “Magic Quadrant for User Provisioning,” Novell is recognized for its focus on partnerships.

“Novell’s network of smaller, regional-based integration and consulting continues to grow through established integration providers such as Atos Origin, Deloitte and Wipro, as well as global alliance partners such as HP and SAP.”

Mixed IT environments are a reality for all organizations, which means our customers depend on our ecosystem of partners to reduce cost, complexity and risk.  A great example of our partnership in action is highlighted in this SAP Insider article:

Let’s say an employee is changing roles from an accounting clerk to an accounting manager. For her new role, the accounting manager must have access to a new set of resources. For this, her organization needs to provide and track access, and instantly identify and provide alerts about any policy violations, such as gaining access to both the accounts payable and receivable systems. Properly setting up the accounting manager requires a strategic layering of technology, such as SAP BusinessObjects Access Control and the Novell Compliance Management Platform extension for SAP environments. This pairing helps companies ensure that business policies will be consistently enforced and monitored across SAP and non-SAP applications throughout the organization.

As John Dragoon appropriately says in this post, “Making IT work as one is who we are, what we do and it embodies the core values that we provide to our customers.”

Organizational hierarchy, roles and users change constantly. Anyone who has had to provision and de-provision more than just a few users knows that it’s like sorting water, particularly if using manual procedures, which is prone to error, time-consuming, costly and difficult to track.  These limitations expose an organization to risk.  There are different job functions one person should not have; the person collecting money should not be same person depositing money.

With the latest version of Novell Roles Based Provisioning Module, organizations can automate the process and empower business users to control access and authorization. This capability reduces dependence on IT organizations for routine provisioning tasks. By eliminating the complexity of provisioning, security officers and IT directors can spend time and resources on what really matters – growing the business.

Enhancements include:

• A dashboard-based interface that provides role relevant information including a holistic view of tasks, requests and role/ resource assignments.
• Integration with an organization’s existing role systems to create a unified set of enterprise wide roles, enabling consistent business policy across application landscapes.
• Instant information on user access rights including when and how they received the rights, and to which applications thereby simplifying compliance initiatives.
• Integration with existing applications, allowing users to access password self- service, and roles and workflow related functionality from third-party applications such as SAP, all with a single password.

To learn more about Novell Roles Based Provisioning go here.

Randy Hardin, lead systems engineer at University of Dayton I.T., is responsible for securing every system that accepts credit card transactions at the university.  A long time Novell customer, Hardin uses Sentinel Log Manager to collect real-time data from the university’s wide array of payment systems so his team can easily search, validate and report – with confidence – that the university meets PCI DSS requirements at all times.

In this podcast, Brian Singer of Novell talks to Hardin about the challenges of PCI DSS in a university environment. Hardin discusses how he and his team can more efficiently meet PCI DSS requirements, while also securing the university’s many payment systems with Sentinel Log Manager.

 

 University of Dayton Flyers win with Sentinel Log Manager : Play Now | Play in Popup | Download

On July 21 Novell announced its Cloud Security Service offering that is currently in development and slated for release later this year. The service will enable cloud providers and software as a service (SaaS) vendors to ensure their offerings meet the strict security and compliance standards required by global businesses.

As part of our beta group, Novell is working with PivotLink, a provider of business intelligence solutions delivered via Software as a Service (SaaS). Early results of this collaboration effort were demonstrated at a Cloud Single Sign-On (SSO) interoperability event at Catalyst Conference North America on July 29, 2009. Participants included SalesForce.com, Google Apps, eXpresso Corp, WebEx and others.

By working with Novell, PivotLink can better support their customer’s security standards and policies in a cloud computing environment. This is done by integrating PivotLink’s existing business intelligence application and database security with Novell’s access management technologies so PivotLink can deliver secure single sign-on to its enterprise customers.

In this podcast, Dale Olds, distinguished engineer at Novell, and Mike Van Gorkom, program manager at PivotLink, discuss the results of the interoperability event at Catalyst.

SSO is one aspect of Novell Cloud Security Service, more can be found on our website: www.novell.com/cloud.

 

 Novell and PivotLink discuss security assurance and trust in cloud computing [9:06m]: Play Now | Play in Popup | Download

by Brian Singer, product marketing manger, Identity and Security, Novell

One of the trends we noticed when we started developing Novell Sentinel Log Manager is that when organizations realize they need a compliance strategy, the first place they look is log management. A log management tool can take care of a good portion of your PCI-DSS, SOX, and HIPPA requirements right out of the box. If you look at what’s actually deployed and used today, you will see a lot of organizations trying to fulfill all their compliance needs only using a log management tool.

The problem with this approach is while you may be able to meet the bare minimum in terms of compliance, that’s not good enough anymore. Compliance mandates from government and industry bodies try to mitigate overall risk. However, in this world, simply being compliant is not enough – just read this story in Bank InfoSecurity about a recent data breach of a company that was PCI-compliant.  As Ben Goodman mentions in this ZDNet article, information that could have prevented a data breach is often available prior to the breach, but not acted upon.

Organizations are beginning to realize they need to do more with their data than just report to auditors where its stored and archived every quarter. This presents a problem.  Most log management tools were originally built for the singular purpose of collecting and archiving logs. Providing the capability to analyze the data was an afterthought, and was shoehorned in by most vendors. They store log files in proprietary formats, and don’t provide a way to access the data using outside analytic tools. You know the information to stop a breach is in your log files, but you can only get at that data with tools provided by your inflexible log management vendor! That’s the problem we set out to solve. Sentinel Log Manager stores data in an open flat-file format, which means you can get access to the data with any tool from any vendor you choose. It’s also extremely easy to forward event monitoring feeds, which gives you flexibility as your security needs grow and change.

Log Management is the starting point on the path to compliance and security, but it is clearly not the destination. If your log management tool isn’t giving you control over your data, it’s not too late to express your inner control freak and take back what is yours.

Ben Goodman, principal technology specialist and marketing manager for Novell’s Compliance Management solutions, uses this simple barn analogy when discussing the people, processes, and policies that make up a good security and compliance management program: “Do you want to be the person that reports the barn doors are open 90 days after the cows escaped?”

Too many organizations equate the ability to demonstrate compliance with being “secure.” The Verizon Business RISK Team’s 2009 Data Breach Investigations Report, which evaluated 90 breaches that affected 285 million records, found that in an astounding 82 percent of those incidents, the data that could have pointed to the pending compromise was available, but not identified or acted upon.

In an article published by ZDNet, Ben provides sound advice on how IT security pros can streamline regulatory compliance efforts while also reducing risk. In other words, here’s some advice on how to implement a comprehensive barn watching program that actually keeps cows safe so Old MacDonald can focus on the business of E-I-E-I-O.

Organizations have invested millions in their security and compliance management programs. Unfortunately, many still don’t have the ability to ensure their systems are secure from breach and compliant with legal mandates. Duplicate compliance controls, security data sitting in dormant log files, and lack of an integrated security and compliance management strategy result in people manually updating spreadsheets that are often out of date before the final audit report even is printed.

Today we announced a comprehensive log management solution that expands the functionality offered in Novell’s security information and event management solutions. Novell Sentinel Log Manager simplifies fulfillment of audit requirements and improves security by streamlining the management of ever-increasing volumes of raw event data used for risk investigations and compliance reporting.

Randy Hardin, lead systems engineer at University of Dayton I.T., was part the beta test group for Sentinel Log Manager. A long time Novell customer, Hardin appreciates the interoperability capabilities Novell delivers. Challenged with finding an efficient way to demonstrate PCI DSS compliance, Hardin is looking to Novell Sentinel solutions to connect the university’s wide array of systems in order to collect data in real-time that can easily be searched and validated so he can report with confidence that the university is compliant at all times. Learn more about Novell Sentinel Log Manager here.

Managing user access, data storage and compliance are critical issues for most organizations. Currently, enterprise organizations that wish to do business in the cloud are offered limited, predesigned security features that are packaged as a part of a cloud provider’s service agreement. Cloud and SaaS providers are beginning to see that security is the #1 barrier to cloud adoption and are looking for ways to offer tailored security features that will lead to better success selling to larger enterprises.

With more than 15 years in the identity and access management industry, Novell understands that “cookie-cutter” security offerings inhibit the promise of flexibility, automation and scalability cloud computing offers. Cloud computing will not be successful if enterprise organizations are forced to sacrifice security policies in order to conduct business in the cloud. Cloud assets used by an enterprise must be treated as an extension of the data center. This includes the ability to seamlessly manage security policies, enforce regulatory compliance and conduct prudent business practices in the cloud.

This week we announced Novell Cloud Security Service, a solution that will help Cloud Providers and SaaS vendors assure their offerings meet the unique and strict security and compliance standards required by global businesses. This assurance is backed by more than 60 cloud-related patents and patent applications as well as Novell’s strong reputation for developing interoperable technologies that work harmoniously in mixed IT environments.  You can read more about this news in eWeek, Computerworld and Network World.

The Novell Cloud Security Service is currently in a limited private beta with select customers, including PivotLink. Both organizations will preview capabilities of Novell Cloud Security Service during an industry-wide interoperability demonstration at Burton Group Catalyst Conference, Wednesday, July 29, 2009 at the Hilton San Diego Bayfront.  Visit www.novell.com/cloud for information. Be sure to check back next week to receive a recap of the interop demo via podcast from Novell’s cloud security experts.