Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Press Releases

Press Releases (1359)

NEWARK, Calif. – Tegile Systems, the leading provider of flash-driven storage arrays for virtualized server and virtual desktop environments, today announced it has been chosen by the world’s largest producer of crude oil to provide a new storage solution. 

Saudi Petroleum Overseas Limited (SPOL), the London office of the national oil company, has implemented Tegile’s Zebi HA2100 arrays to consolidate its storage solution, and ensure the safety of its email and intranet data. 

Faced with an increasingly complex storage situation which included antiquated technology, contracts coming to end-of-life, unresponsive and inefficient functionality, and complex systems, SPOL needed a storage solution that would combat these challenges while future proofing business critical data. The two primary areas of immediate focus were the email environment and the Energy Infonet knowledge portal that hosts numerous industry reports and data sets which provide business intelligence to the executive teams. The company was also under pressure to migrate its email and intranet data in a timely manner, before contracts ran out and servers were shut down by incumbent providers. 

SPOL were exploring its options with a range of other suppliers, however, according to Paul Savvides at SPOL, the team came away from the initial meeting thinking that Tegile was the best technical solution.  

“Tegile met all our requirements and at our first meeting the team instilled the confidence in us that they could get the job done efficiently, meeting our expectations within a short period of time. Hosting our intranet data was a high priority as our executives rely on this business intelligence – we needed a fast and reliable storage solution, which we knew Tegile could provide. It hasn’t’ disappointed either, the size and specifications we were advised on fit our needs perfectly,” says Savvides. 

SPOL implemented two Tegile HA2100 dual controller storage arrays with 48GB of memory and 600GB of SSD each. Each device was tested extensively prior to implementation and SPOL ‘burned them in’ for a full month to ensure a smooth transition. However, it took the company only 72 hours to transfer and secure all email and intranet data sets – resulting in minimal downtime for staff and enabling SPOL to meet its deadline. 

“The storage arrays are coping with everything we throw at them and we are seeing significant return on investment already – everything from cost efficiencies to increased functionality. A primary example is a historical query that continually timed out with our previous storage solution. The Tegile boxes completed the query in 12 seconds which is fantastic. As a result of this we are working to push the boxes to the limit to see exactly what they are capable of – our email and intranet data sets will never get smaller so it is very reassuring to know that the arrays have so much more potential than what we are currently using them for.” 

SPOL has experienced significant storage functionality across the board with key benefits including – 

•	Faster and more responsive virtual machines: the Tegile storage arrays complete backups significantly faster than previous equipment and the technicians have noticed a huge difference in query response times
•	Improved user interface: the user interface is simple and concise, enabling users to quickly learn how to operate the system and get the most from the storage arrays 
•	Increased functionality: The deduplication and compression functionality, unique to Tegile, ensures smarter use of storage and means that SPOL does not need to purchase as many storage arrays, resulting in cost as well as equipment efficiencies 
•	Flexible connectivity options: Tegile supports more connectivity environments than its competitors, such as iSCSI, FC and NAS, which provides SPOL with different options and ensures it is not locked into one fixed system
•	Cost savings: these come in the form of hardware and resource savings now that the storage system is faster, more responsive and able to hold more data than its predecessor.

“We anticipate that 2014 will be the year that customers start to break away from incumbent vendors and take a really good look at new storage solutions from startups, which is what we are seeing here,” said Rob Commins, vice president of marketing at Tegile Systems.

“With a number of contracts coming to end of life, SPOL had the opportunity to completely change its storage solution, taking into consideration current challenges as well as future business requirements. Traditionally, an increase in performance is achieved by scaling the number of disks or spindles used. However, by leveraging our deduplication and compression functionality, SPOL is using its storage in a smarter way – resulting in cost efficiencies and giving the ability to build on capacity while simultaneously condensing its hardware.”  

About Tegile Systems
Tegile Systems is pioneering a new generation of flash-driven enterprise storage arrays that balance performance, capacity, features and price for virtualization, file services and database applications. With Tegile’s line of all-flash and hybrid storage arrays, the company is redefining the traditional approach to storage by providing a family of arrays that accelerate business critical enterprise applications and allow customers to significantly consolidate mixed workloads in virtualized environments.

Tegile’s patented IntelliFlash™ technology accelerates performance and enables inline de-duplication and compression of data so each array has a usable capacity far greater than its raw capacity. Tegile’s award-winning solutions enable customers to better address the requirements of server virtualization, virtual desktop integration and database integration than other offerings. Featuring both NAS and SAN connectivity, Tegile arrays are easy-to-use, fully redundant and highly scalable. They come complete with built-in snapshot, remote-replication, near-instant recovery, onsite or offsite failover, and VM-aware features. Additional information is available at www.tegile.com. Follow Tegile on Twitter @tegile.

Hybrid Cloud Solution Connects Local Storage to the Cloud

PITTSBURGHAvere Systems, a leading provider of enterprise storage for the hybrid cloud, today announced that the Inova Translational Medicine Institute (ITMI) has chosen Avere for access to the world’s largest, centralized repository of whole genome sequence data. ITMI, a research and development arm of Inova Health System, will use Avere’s FXT Series Edge Filers with FlashMove™ software to move data into and out of the Amazon Simple Storage Service (Amazon S3). This solution will allow Inova to build its database with unlimited capacity scaling in the cloud while lowering the cost of data storage.

“Inova Translational Medicine Institute's storage infrastructure is comprised of world class SGI HPC storage, traditional on-premises NAS filers, and Amazon's S3 and Glacier services. Avere's approach and vision for hybrid cloud storage aligns perfectly with our integrated environment and we see their solutions as the glue that allows us to tie together disparate systems and treat the cloud as an on-premise data center, without the maintenance overhead,” said Greg Eley, CTO at Inova Translational Medicine Institute.

ITMI’s mission is to use genetic information to effectively manage or even prevent conditions such as cancer, heart disease, stroke and diabetes. Avere’s hybrid cloud framework will provide ITMI with a highly available, secure and scalable data storage solution for managing its database of 5000 complete whole genome sequences. In addition, Avere’s FlashMove software enables the flexibility and agility for ITMI to migrate massive amounts of data without disruption, supporting the organization’s goal of adding 20,000 whole genome sequences over the next two years.

“ITMI is changing the face of health care through predictive modeling, innovative genome research and a pioneering approach to personalized medicine,” said Ron Bianchini, president and CEO of Avere Systems. “As ITMI progresses toward its goal of assembling the world’s largest whole genome sequence database, Avere is excited to be a crucial partner in supporting the database’s exponential growth.”

About Avere Systems

Avere is radically changing the economics of data storage. Avere’s hybrid cloud solutions give companies – for the first time – the ability to put an end to the rising cost and complexity of data storage by allowing customers the freedom to store files anywhere in the cloud or on premises without sacrificing the performance, availability or security of their data. Based in Pittsburgh, Avere is led by veterans and thought leaders in the data storage industry and is backed by investors Lightspeed Venture Partners, Menlo Ventures, Norwest Venture Partners Tenaya Capital, and Western Digital Capital. For more information, visit www.averesystems.com.

Ontrack Data Recovery specialists successfully recover virtual machines from VMware's first policy-driven storage solution

EPSOM – Kroll Ontrack, the leading provider of data recovery and ediscovery, today announced data recovery capabilities for VMware® Virtual SAN™ (VSAN). Only on the market since March 2014, Kroll Ontrack has successfully recovered data from several hard disks that were managed by VSAN for a client in the Netherlands. In a combined team effort by Ontrack Data Recovery engineers from around the world, Kroll Ontrack was specifically able to recover all the data stored in the virtual machines from a total of 15 disks and three SSDs.

"Since VSAN is so new, we are very proud that we were able to completely recover virtual machines from VSAN hard disks for the first time," said Paul Le Messurier, Programme and Operations Manager at Kroll Ontrack. "With newly gained knowledge, we developed a toolset for these systems, and can now handle new VSAN recovery requests in an expedited fashion." 

In the initial Virtual SAN recovery case, one SSD failed which caused one of the three nodes to fail, and that took down the entire VSAN storage system. As a result, four large virtual machines comprised of valuable business data were lost.

In VSAN architecture, a node is a server host device, which can contain up to seven hard disks and one SSD flash drive. In this case, the VSAN storage system consisted of three nodes with five magnetic disks and one SSD each. Since VSAN manages and stores all data in a combined storage pool, Ontrack Data Recovery engineers had to recover the complete data from all of the 15 disks and virtually rebuild the storage pool to recover the missing data. To do so, Ontrack Data Recovery engineers had to develop a brand new solution to find, combine and rebuild all the needed description files and log files to rebuild the desired virtual machines.

For more information on recovering VSANhard disks and complete VSAN storage systems, visit www.krollontrack.co.uk/data-recovery/vmware-data-recovery

About Kroll Ontrack Inc.
Kroll Ontrack provides technology-driven services and software to help legal, corporate and government entities as well as consumers manage, recover, search, analyse and produce data efficiently and cost-effectively. In addition to its award-winning suite of software, Kroll Ontrack is an industry-leading provider of data recovery, secure data destruction, electronic discovery and document review services.

For more information about Kroll Ontrack and its data recovery services please visit:www.krollontrack.co.uk/data-recovery, follow @KrollOntrackUK on Twitter or subscribe to the Kroll Ontrack Data Blog.

BIRMINGHAM, UK — ENTERTECH SYSTEMS and G4S Technology have announced a technology partnership that combines ENTERTECH SYSTEMS identity management and Suprema biometrics with G4S security solutions, providing a robust offering to UK customers. ENTERTECH SYSTEMS is the official operating partner for Suprema Inc. in the United Kingdom, Ireland, United States, Canada and Puerto Rico.

G4S Technology is one of the foremost innovators and supplier within the security industry providing fully integrated Access Control, Video Management, Life Safety, Perimeter Protection and Alarm Management Systems. Providing an end to end solution, G4S Technology designs, develops, manufacturers, installs and maintains systems protecting small offices and colleagues through to complex government facilities and high security environments. Symmetry is the advanced Access Control and Video Management system from G4S Technology and is used by millions around the world on a daily basis.

“This new partner relationship fits perfectly with our own focus on excellence in technology and customer service,” says David Ella, VP of Technology and Marketing at G4S Technology. “With UK-based support from ENTERTECH SYSTEMS, our installers and customers can easily tap into the benefits of sophisticated Suprema biometrics.”

The integration of Suprema biometric devices and the ENTERTECH SYSTEMS BioConnect application with Symmetry provides more efficient, user-friendly access control for G4S customers. Instead of having to manage badge records in two different systems (one for the access control panel and another for the biometric templates), BioConnect seamlessly syncs users between the two systems. Using a simple enrollment window, they can search for a user/badge and add biometric templates.

Designed for organisations of any size and suitable for all applications, Symmetry delivers the latest technology in a proven, scalable, fully integrated system which can be managed from one easy to use software application. Unlike some other security systems, Symmetry features a wide range of advanced applications as standard including Visitor Management, Badge Production, interactive Graphical Maps as well as the most comprehensive Access Control solution with Anti-Passback and all the other features that would be expected by large organizations.

“Like us, G4S Technology understands the growing need to maximise efficiencies and reduce costs for customers through leading innovation and truly responsive customer service,” says Rob Douglas, CEO of ENTERTECH SYSTEMS. “We look forward to working with them to deliver next-generation biometric access control to the UK market.”

The Suprema line of biometric devices, which includes fingerprint detection, card and PIN readers and ENTERTECH SYSTEMS’ BioConnect application, is now available through G4S Technology. Applicable Suprema biometric readers include BioStation T2, BioStation, BioEntry Plus, BioEntry W, BioLite Net and BioMini.

OTTAWA, Canada – Diablo Technologies, a proven innovator in high-performance memory system interface products, today announced plans to further expand operations in North America. The company will open its first US-based office in Silicon Valley, Calif., on August 1, 2014 to support its current growth trajectory and tap into the area’s technical and business talent pool. 

The new office, to be led by Kevin M. Wagner, Diablo’s Vice President of Marketing, will recruit engineering, sales and marketing specialists to support its growing network of strategic partners and customers. Moreover, Diablo continues to expand its presence and global appeal with the addition of key roles across North America and Europe.  

“It’s important that we establish a strong physical presence in locations that bring the greatest opportunities for growth. Silicon Valley is at the forefront of disruptive innovation, strategic partnerships and key talent that will push Diablo to the next level,” said Riccardo Badalone, CEO and Co-founder of Diablo Technologies. “We are uniquely positioned to capitalize on the abundance of opportunities within the region and view our new office as the first phase of our international expansion plans.” 

Since last year’s announcement of Memory Channel Storage™ (MCS™), the company has more than tripled in size. Diablo’s new U.S. headquarters, located at 2099 Gateway Place, San Jose, Calif., reaffirms its growing investment in the North American and global enterprise solid-state drive (SSD) markets. 
For information on career opportunities at Diablo Technologies, visit: http://www.diablo-technologies.com/jobpostings.html.

About Diablo Technologies Founded in 2003, Diablo is at the forefront of developing breakthrough technologies to set the standard for next-generation enterprise computing. Diablo’s Memory Channel Storage platform combines innovative software and hardware architectures with Non-Volatile Memory to introduce a new and disruptive generation of Solid State Storage for data-intensive applications. The Diablo executive leadership team has decades of experience in system architecture, chip-set design and software development at companies including Nortel Networks, Intel, Cisco, AMD, SEGA, ATI, Cadence Design Systems, Matrox Graphics, Goal Semiconductor, BroadTel Communications and ENQ Semiconductor. http://www.diablo-technologies.com/

Creative Use of Storage Nets GSG Twice the Performance and Faster, Easier Restores, Plus Ease of Upgradeability for Future-Proofed Storage Investments


LONGMONT, Colo.  – Dot Hill Systems Corp. (Nasdaq:HILL), a trusted supplier of innovative enterprise-class storage systems, today announced that Graphics Systems Group (GSG), one of New York City's premier creative production agencies, has selected Dot Hill AssuredSAN® storage arrays to support its day-to-day computing, secure its creative assets, support offsite replication, and ensure critical network uptime.

GSG develops and executes creative marketing materials for some of today's biggest brands. Focus areas include: advertising, retouching and computer generated imagery, retail and outdoor media campaigns, digital media, and consumer packaging.

When GSG learned its existing storage provider was eliminating support for its storage system, forcing a painful and expensive upgrade after only two years, the firm decided it was time to look at other options. Working with NAPC, a reseller that fully understands the complexities and workflow of creative environments, GSG evaluated storage solutions from EMC, NetApp, and others before selecting Dot Hill AssuredSAN storage arrays—specifically the Dot Hill AssuredSAN 4004® and 3000 models.

"It was amazing how quickly our data was migrated from our servers to the new SAN in only a two-week deployment timeframe," said Gregory Floro, director of Information Technology for GSG. "Unlike our previous storage system, we didn't experience a negative production impact. Also the ability to quickly add new storage and easily upgrade controllers to leverage new storage interfaces as needed is a huge win for us and greatly increases the lifespan of the hardware. The service and support from Dot Hill and NAPC has been excellent."

"This is another example of Dot Hill AssuredSAN storage solutions addressing the requirements of high bandwidth applications across the workflow spectrum—from content creation and editing to secure storage and replication—more effectively than the competition. Predictable high performance and assured business continuity translate directly into higher productivity and cost savings in creative agencies today," said Joe Swanson, vice president of marketing and business development, Dot Hill. "In addition, the AssuredSAN 4004's multiple connection speed options, modular components and swappable controllers will ensure continued productivity gains in the future at GSG. Upgrades will be easy and inexpensive as their storage capacity and performance needs grow."

The Dot Hill Professional Services team, in conjunction with NAPC implemented an efficient two-week deployment process, which incorporated a complete migration of all data to the new array. With the new 196TB solution up and running, GSG immediately began to reap myriad benefits, including a doubling of the performance of its previous system and improved responsiveness, as well as newfound simplicity and ease-of-use.

Dot Hill has extensive experience helping clients in the media & entertainment sector, and its storage solutions, particularly the AssuredSAN 4004 with its class-leading bandwidth of 6400 megabytes-per-second reads and 5300 megabyte-per-second writes, are ideal to meet the rigors of creative workflows where multiple servers are utilized by creative artists on a SAN to repeatedly access, edit and store potentially millions of assets. The AssuredSAN 4000 Series utilizes Dot Hill's proprietary, multi-stream processing algorithms to deliver optimized, random sequential I/O, resulting in predictable performance to and from numerous streams of access points for these demanding, media applications.

The easy-to-configure network interface capability of the AssuredSAN 4004 allows GSG to leverage both Fibre Channel and iSCSI protocols in a single system, and the superior bandwidth provides consistent performance support for GSG's Windows, Linux and Apple OSX computing environments, as well as its Xinet Digital Asset Management system.

The Dot Hill AssuredSAN 4004 also provides a complete, instantaneously available disaster recovery solution that proved much more efficient and reliable than GSG's tape-based, legacy solution. Dot Hill's disaster recovery solution, which includes AssuredSnap™, AssuredCopy™ and AssuredRemote™ data protection and replication software, provides GSG reliable and efficient business continuity, in concert with another Dot Hill AssuredSAN 3000 array for inbound replication at the company's Virginia site. Use of snapshotting in both locations reduced the need for GSG's previous tape library and the associated manual user intervention and risk of using tape as a recovery medium.


About Dot Hill

Leveraging its proprietary Assured family of storage solutions, Dot Hill solves many of today's most challenging storage problems - helping IT to improve performance, increase availability, simplify operations, and reduce costs. Dot Hill's solutions combine breakthrough software with the industry's most flexible and extensive hardware platform and automated management to deliver best-in-class solutions. Headquartered in Longmont, Colo., Dot Hill has offices and/or representatives in China, Germany, India, Japan, Singapore, the United Kingdom, and the United States.

For more information, visit us at www.dothill.com.

Statements contained in this press release regarding matters that are not historical facts are "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act. Because such statements are subject to risks and uncertainties, actual results may differ from those expressed or implied by the statements. For a discussion of risks and uncertainties that Dot Hill may face, please consult the Forms 10-K and 10-Q most recently filed with the Securities and Exchange Commission by Dot Hill. Forward-looking statements speak only as of the date they were made and Dot Hill undertakes no obligation to update such statements to reflect changes in circumstances. Dot Hill is not responsible for statements made by independent entities such as Graphic Systems Group.

Cloud Hosting Provider Continues Expansion with a Third State-of-the-Art Facility

ORLANDO, Fla. – Atlantic.Net, a high-powered SSD cloud VPS hosting solutions provider, announced today the opening of their first international data center, located in Toronto, Canada. To assist in the expansion, a second center also launched in Dallas, Texas. These state of the art data centers offer integrated colocation for telecommunication companies headquartered around the world, affording customers access to domestic, around the clock support from the United States, and now, Canada.

The Toronto center is fully equipped with high-speed fiber connections and upstream connections to Tier-1 bandwidth providers, making for an unadulterated first step into international territory. The center is carrier-neutral, allowing customers to receive prioritized delivery, as well as providing an exceptional network and superior upkeep to Atlantic.Net’s large roster of Canadian customers, and international users alike. The building is operated by Cogeco, a billion dollar data center operator, which allows Atlantic.Net to employ natural resources, making the international data center an energy efficient and green facility.

As these centers attest, Atlantic.Net is expanding their reach for customers who want a secure, reliable data center with a native backing. “We chose Toronto and Dallas because both locations ensure that our customers have a domestic location to provide the highest-quality support,” explained Marty Puranik, Founder, President and CEO of Atlantic.Net.

In conjunction with the international center, the Dallas center is positioned in the heart of Dallas for stateside support for the international center. It is located at the Univision Tower, 2323 Bryan Street and boasts 4500 (kW) utility power capacity with 1450 (kW) UPS power capacity and 3890 (kW) generator power capacity. There is also an N-N+1 UPS redundancy and, N+1 cooling redundancy - all operated by Digital Realty Trust, a multi-billion dollar data center operator.

Atlantic.Net will continue to focus on international expansion to better service their global consumers. Now, the company currently has three open facilities, with plans to continue expansion to hot spots of the cloud ecosystem in North America, Latin America, Europe, and Asia-Pacific countries.

About Atlantic.Net
Atlantic.Netis a web hosting provider specializing in offering cloud server hosting, HIPAA compliant and hybrid hosting, private virtualization, and VPS hosting in the cloud. With a range of certifications and a SSAE 16 (SOC 1) TYPE II (Formerly SAS 70) audited data center that the company owns and operates, the company is also known for its reliability, as dictated by its 100 percent uptime service-level agreement (SLA). For more information, please visit www.atlantic.net.

- Business continuity provider meets stringent criteria to provide enhanced security controls for client data protection for healthcare and banking organizations -


COLLEGE STATION, Texas – Rentsys Recovery Services, a provider of comprehensive and integrated business continuity and disaster recovery solutions for healthcare providers, banks and companies using enterprise-wide solutions, has completed its Service Organization Controls 2 (SOC 2) audit,which identifies and evaluates potential risks associated with Rentsys’ information systems.

            Rentsys’ completion of the comprehensive audit between January and June 2014 demonstrates its commitment to providing its customers with the most secure technology and services available in today’s market. The audit’s principles test for internal security controls, availability of service, process integrity, confidentiality and privacy.

            Garland Heart Management Group, an independent auditing firm, conducted the audit and formally evaluated and rigorously tested Rentsys’ processes, procedures and information systems to ensure the company meets regulatory standards.

            “Regulatory requirements regarding data security and privacy have increased significantly in the last few years,” said Brad Garland, CEO of Garland Heart Management.

“Companies in highly regulated industries, such as healthcare, need to do business with vendors who are SOC 2 compliant in order to ensure their data is safe and protected.”

“The SOC 2 certification is among the highest industry standards for security and privacy,” said Walt Thomasson, managing director of Rentsys Recovery Services. “It’s the best assurance we can give our clients that our company has the necessary controls in place to protect their data and privacy.”


About Rentsys Recovery Services

Founded in 1995, College Station, Texas-based Rentsys Recovery Services is a provider of comprehensive disaster recovery and business continuity solutions for businesses ranging from small bank branches to large enterprise organizations. The company offers business continuity management software and professional planning services along with fully customizable and testable solutions, which include restored communications systems, mobile and onsite business recovery centers, data backup and recovery using the cloud and quick shipment of office technology. These solutions can be combined to provide organizations with the ability to fully maintain regular business functions during a disaster. For more information, please visitwww.rentsys.com.

About Garland Heart Management

Founded in 1981, Garland Heart Management provides a range of proactive compliance and security services that enable organizations to satisfy regulatory requirements. For more information, please visit garlandheart.com.

BASINGSTOKE – Thales has been awarded a 10-year contract to support computerised control system services at all but two of EDF Energy’s nuclear power stations in the United Kingdom. The Long Term Support contract, worth over £30m, was awarded by EDF Energy as part of their continuing commitment to securing the UK’s future energy generation requirements.

The extended safe operation of the nuclear generation fleet is an essential part of securing the UK’s energy future until the next generation of nuclear power stations comes on line.

The power stations’ Data Processing and Control Systems are high capital value assets that are technologically complex and critical to operations. Thales was selected by EDF Energy in part because of its 30 years’ experience of developing, managing and delivering data process and control systems into the nuclear industry. Thales is well known in the nuclear industry for its integration of holistic security systems and for its industrial cyber-security expertise.

Nigel Houlton, Head of Lifetime Programmes at EDF Energy, said: “EDF Energy's strategy is to extend the life of our existing nuclear powers stations where it is safe and economically viable to do so. The existing nuclear stations supply nearly 9GW of safe, reliable and low carbon electricity to the national grid and therefore have a vital role to play in maintaining the security of our electricity supply.”

Phil Naybour, Vice President, Secure Communications and Information Systems, Thales UK, said: “This long-term support contract will help to secure the immediate future of the UK’s energy requirements, by allowing EDF Energy to deliver on its plans to extend the safe operation of its nuclear power stations. This positive development is a result of a strong long-term partnership between Thales and EDF Energy. Together with the recent award of a separate contract to deliver new Deployable Communications and Information Systems, this demonstrates the confidence that EDF Energy has in Thales as a leading provider of support, communications and security services to the UK’s nuclear industry.”

Change and configuration auditing is essential for organisations that need PCI DSS says Netwrix

With recent PCI DSS (Payment Card Industry Data Security Standard) compliance incidents costing companies millions of pounds in fines and losses and inflicting damage to valuable brand reputations, Netwrix is urging organisations processing payment cards to follow six best practices to safeguard against a security incident.

Netwrix points to the recent eBay breach that forced the company to advise 145 million active users to change their passwords to avoid financial information loss, while the breach at US retailer Target resulted in 40 million stolen credit card numbers and compromised the personal information of more than 70 million customers.

To help organisations avoid such data breaches and their consequences, Netwrix recommends six essential rules around change and configuration auditing:

1) Separate Environments - Minimise your risks by reducing PCI scope within your systems and enforce separation of environments by continuously auditing access and changes to the systems where cardholder data is stored.

2) Audit Access Control - Ensure that permissions are adequate and access to sensitive data is limited only to people who need it. Change and configuration auditing can help by giving you precise information about the state of access rights and all changes to it, alerting you to critical issues and helping with investigation in the event of unauthorised access.

3) Audit Provisioning and De-Provisioning of Users - Organisations should establish control over user creations and removals. A comprehensive change and configuration auditing solution will provide daily and on-demand reports as well as real-time alerts on these critical modifications.

4) Audit of Privileged Users' Activities - A particular emphasis should be placed on changes made by administrative accounts: changes to user access rights, elevation of privileges, mistakenly changed permissions and other security related events. Daily and on-demand reports and real-time alerts provided by change auditing solutions will help organisations to stay secure.

5) Document Everything - You never know what part of your system activities or during what period you will be required to demonstrate to the auditor, so keep it all. In addition to a complete audit trail, some of the more advanced change and configuration auditing solutions allow you to record video of user activities on critical systems, along with metadata, and provide search and replay capabilities. A regular review of audit trails may also assist in preventing breaches before they occur.

6) Monitor and Test - Change and configuration auditing solutions will provide a complete audit trail with detailed information on access and changes with ‘who, what, where, and when' details, including after and before values for each event. This will simplify root-cause analysis and allow proactive prevention of malicious activities.

"Recent examples show that it is not enough to align your processes and policies with PCI DSS guidance," said Alex Vovk, President of Netwrix. "You must also establish mechanisms to verify these processes actually work and be able to prove that to all stakeholders: IT management, executives, and auditors. Essentially, change auditing is what makes your compliance efforts provable."

About Netwrix Corporation
Netwrix Corporation, the #1 provider of change and configuration auditing solutions, delivers complete visibility into who did what, when and where across the entire IT infrastructure. This streamlines compliance, strengthens security and simplifies root cause analysis.  Founded in 2006, Netwrix is ranked in the Top 100 US software companies in the Inc. 5000 and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com.