HPE Security is looking to improve the security of mobile devices and the enterprise overall with two new security offerings announced in conjunction with the RSA Conference. HPE also released its Cyber Risk Report 2016.
10 IoT Development Best Practices For Success
(Click image for larger view and slideshow.)
Extending security to mobile devices and increasing the resilience of the enterprise against hackers are the two big moves Hewlett-Packard Enterprise will be announcing today at the RSA Conference in San Francisco.
The announcements mark a change of thinking at HPE, as the company wants to do a better job of weaving security into its service offerings and of responding to security issues "at machine speed," according to Chandra Rangan, vice president of marketing for HPE Security Products.
The company redefined the issues of today's threat landscape in its HPE Mobile Application Security Report. Looking at mobility threats, HPE used its Fortify on Demand threat assessment tool to scan more than 36,000 iOS and Android apps for needless data collection. Nearly half the apps logged geo-location, even though they didn't need to. Nearly half of all game and weather apps collected appointment data, even though that information is not needed, either. Analytics frameworks used in 60% of all mobile apps can store information that can be vulnerable to hacking. Logging methods can also expose data to hacking.
The security implications are even more troubling when one considers how many companies allow BYOD (bring your own device) mobile solutions, Rangan pointed out. "The whole culture of building in security is important," he added. "The 'hope and pray' approach is not OK. These things come back to haunt us."
To plug this hole, the company announced the release of HPE SecureData Mobile, an end-to-end encryption solution covering data in motion, at rest, and in use. SecureData Mobile secures data at the mobile device OS level, through the enterprise data life cycle, and at the payment data stream. Mobile devices are increasingly used as a payment method, Rangan noted, and each transaction is a point of data entry that needs to be secured.
The goal is to create a cyber-resilient enterprise, said Andrzej Kawalec, CTO for HPE Security Services. "The assumption of compromise is really important," he said. A business needs to detect and respond to a data intrusion fast. "The organization needs to recover, really quickly."
Building resiliency requires the enterprise to adopt a more holistic approach to achieve a state of "constant resiliency." Simply adding on modules will not do. "That game has not been a winning proposition," said Kawalec.
HPE Security CRA offers 12 key function domains, 63 sub-domains and 350 distinct security capabilities, wrapped up with a common methodology. These building blocks can be arranged to craft solutions for cloud, mobility, machine-to-machine (M2M) and Internet of Things (IoT). Customers can create security systems that can provide alerts, investigation and response, threat intelligence, and analytics.
"It's a deliberate enterprise view of security rather than a product set or portfolio of conversations," Kawalec said.
[Editor's note: This article has been updated to clarify a reference to the HPE Mobile Application Security Report.]
Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.
William Terdoslavich is an experienced writer with a working understanding of business, information technology, airlines, politics, government, and history, having worked at Mobile Computing & Communications, Computer Reseller News, Tour and Travel News, and Computer Systems ... View Full Bio
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of October 9, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."