Extending security to mobile devices and increasing the resilience of the enterprise against hackers are the two big moves Hewlett-Packard Enterprise will be announcing today at the RSA Conference in San Francisco.
[Learn more about HPE's cloud efforts. Read HPE Promos Synergy Platform for Hybrid Cloud.]
The announcements mark a change of thinking at HPE, as the company wants to do a better job of weaving security into its service offerings and of responding to security issues "at machine speed," according to Chandra Rangan, vice president of marketing for HPE Security Products.
The company redefined the issues of today's threat landscape in its HPE Mobile Application Security Report. Looking at mobility threats, HPE used its Fortify on Demand threat assessment tool to scan more than 36,000 iOS and Android apps for needless data collection. Nearly half the apps logged geo-location, even though they didn't need to. Nearly half of all game and weather apps collected appointment data, even though that information is not needed, either. Analytics frameworks used in 60% of all mobile apps can store information that can be vulnerable to hacking. Logging methods can also expose data to hacking.
The security implications are even more troubling when one considers how many companies allow BYOD (bring your own device) mobile solutions, Rangan pointed out. "The whole culture of building in security is important," he added. "The 'hope and pray' approach is not OK. These things come back to haunt us."
To plug this hole, the company announced the release of HPE SecureData Mobile, an end-to-end encryption solution covering data in motion, at rest, and in use. SecureData Mobile secures data at the mobile device OS level, through the enterprise data life cycle, and at the payment data stream. Mobile devices are increasingly used as a payment method, Rangan noted, and each transaction is a point of data entry that needs to be secured.
Mobile is just the front door. To secure the entire enterprise, HPE also announced the release of its Comprehensive Cyber Reference Architecture. The CRA is coupled with HPE's Threat Defense Services portfolio to present users and developers with an array of building blocks to construct an enterprise security solution.
The goal is to create a cyber-resilient enterprise, said Andrzej Kawalec, CTO for HPE Security Services. "The assumption of compromise is really important," he said. A business needs to detect and respond to a data intrusion fast. "The organization needs to recover, really quickly."
Building resiliency requires the enterprise to adopt a more holistic approach to achieve a state of "constant resiliency." Simply adding on modules will not do. "That game has not been a winning proposition," said Kawalec.
HPE Security CRA offers 12 key function domains, 63 sub-domains and 350 distinct security capabilities, wrapped up with a common methodology. These building blocks can be arranged to craft solutions for cloud, mobility, machine-to-machine (M2M) and Internet of Things (IoT). Customers can create security systems that can provide alerts, investigation and response, threat intelligence, and analytics.
"It's a deliberate enterprise view of security rather than a product set or portfolio of conversations," Kawalec said.
[Editor's note: This article has been updated to clarify a reference to the HPE Mobile Application Security Report.]
Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.William Terdoslavich is an experienced writer with a working understanding of business, information technology, airlines, politics, government, and history, having worked at Mobile Computing & Communications, Computer Reseller News, Tour and Travel News, and Computer Systems ... View Full Bio