Software // Information Management
12:05 PM

HPE Fortifies Security For Mobile And Enterprise

HPE Security is looking to improve the security of mobile devices and the enterprise overall with two new security offerings announced in conjunction with the RSA Conference. HPE also released its Cyber Risk Report 2016.

10 IoT Development Best Practices For Success
10 IoT Development Best Practices For Success
(Click image for larger view and slideshow.)

Extending security to mobile devices and increasing the resilience of the enterprise against hackers are the two big moves Hewlett-Packard Enterprise will be announcing today at the RSA Conference in San Francisco.

[Learn more about HPE's cloud efforts. Read HPE Promos Synergy Platform for Hybrid Cloud.]

The announcements mark a change of thinking at HPE, as the company wants to do a better job of weaving security into its service offerings and of responding to security issues "at machine speed," according to Chandra Rangan, vice president of marketing for HPE Security Products.

The company redefined the issues of today's threat landscape in its HPE Mobile Application Security Report. Looking at mobility threats, HPE used its Fortify on Demand threat assessment tool to scan more than 36,000 iOS and Android apps for needless data collection. Nearly half the apps logged geo-location, even though they didn't need to. Nearly half of all game and weather apps collected appointment data, even though that information is not needed, either. Analytics frameworks used in 60% of all mobile apps can store information that can be vulnerable to hacking. Logging methods can also expose data to hacking.

(Image: Thinglass/iStockphoto)

(Image: Thinglass/iStockphoto)

The security implications are even more troubling when one considers how many companies allow BYOD (bring your own device) mobile solutions, Rangan pointed out. "The whole culture of building in security is important," he added. "The 'hope and pray' approach is not OK. These things come back to haunt us."

To plug this hole, the company announced the release of HPE SecureData Mobile, an end-to-end encryption solution covering data in motion, at rest, and in use. SecureData Mobile secures data at the mobile device OS level, through the enterprise data life cycle, and at the payment data stream. Mobile devices are increasingly used as a payment method, Rangan noted, and each transaction is a point of data entry that needs to be secured.

Mobile is just the front door. To secure the entire enterprise, HPE also announced the release of its Comprehensive Cyber Reference Architecture. The CRA is coupled with HPE's Threat Defense Services portfolio to present users and developers with an array of building blocks to construct an enterprise security solution.

The goal is to create a cyber-resilient enterprise, said Andrzej Kawalec, CTO for HPE Security Services. "The assumption of compromise is really important," he said. A business needs to detect and respond to a data intrusion fast. "The organization needs to recover, really quickly."

Building resiliency requires the enterprise to adopt a more holistic approach to achieve a state of "constant resiliency." Simply adding on modules will not do. "That game has not been a winning proposition," said Kawalec.

HPE Security CRA offers 12 key function domains, 63 sub-domains and 350 distinct security capabilities, wrapped up with a common methodology. These building blocks can be arranged to craft solutions for cloud, mobility, machine-to-machine (M2M) and Internet of Things (IoT). Customers can create security systems that can provide alerts, investigation and response, threat intelligence, and analytics.

"It's a deliberate enterprise view of security rather than a product set or portfolio of conversations," Kawalec said.

[Editor's note: This article has been updated to clarify a reference to the HPE Mobile Application Security Report.]

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.

William Terdoslavich is an experienced writer with a working understanding of business, information technology, airlines, politics, government, and history, having worked at Mobile Computing & Communications, Computer Reseller News, Tour and Travel News, and Computer Systems ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll