HPE Security is looking to improve the security of mobile devices and the enterprise overall with two new security offerings announced in conjunction with the RSA Conference. HPE also released its Cyber Risk Report 2016.
10 IoT Development Best Practices For Success
(Click image for larger view and slideshow.)
Extending security to mobile devices and increasing the resilience of the enterprise against hackers are the two big moves Hewlett-Packard Enterprise will be announcing today at the RSA Conference in San Francisco.
The announcements mark a change of thinking at HPE, as the company wants to do a better job of weaving security into its service offerings and of responding to security issues "at machine speed," according to Chandra Rangan, vice president of marketing for HPE Security Products.
The company redefined the issues of today's threat landscape in its HPE Mobile Application Security Report. Looking at mobility threats, HPE used its Fortify on Demand threat assessment tool to scan more than 36,000 iOS and Android apps for needless data collection. Nearly half the apps logged geo-location, even though they didn't need to. Nearly half of all game and weather apps collected appointment data, even though that information is not needed, either. Analytics frameworks used in 60% of all mobile apps can store information that can be vulnerable to hacking. Logging methods can also expose data to hacking.
The security implications are even more troubling when one considers how many companies allow BYOD (bring your own device) mobile solutions, Rangan pointed out. "The whole culture of building in security is important," he added. "The 'hope and pray' approach is not OK. These things come back to haunt us."
To plug this hole, the company announced the release of HPE SecureData Mobile, an end-to-end encryption solution covering data in motion, at rest, and in use. SecureData Mobile secures data at the mobile device OS level, through the enterprise data life cycle, and at the payment data stream. Mobile devices are increasingly used as a payment method, Rangan noted, and each transaction is a point of data entry that needs to be secured.
The goal is to create a cyber-resilient enterprise, said Andrzej Kawalec, CTO for HPE Security Services. "The assumption of compromise is really important," he said. A business needs to detect and respond to a data intrusion fast. "The organization needs to recover, really quickly."
Building resiliency requires the enterprise to adopt a more holistic approach to achieve a state of "constant resiliency." Simply adding on modules will not do. "That game has not been a winning proposition," said Kawalec.
HPE Security CRA offers 12 key function domains, 63 sub-domains and 350 distinct security capabilities, wrapped up with a common methodology. These building blocks can be arranged to craft solutions for cloud, mobility, machine-to-machine (M2M) and Internet of Things (IoT). Customers can create security systems that can provide alerts, investigation and response, threat intelligence, and analytics.
"It's a deliberate enterprise view of security rather than a product set or portfolio of conversations," Kawalec said.
[Editor's note: This article has been updated to clarify a reference to the HPE Mobile Application Security Report.]
Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.
William Terdoslavich is an experienced writer with a working understanding of business, information technology, airlines, politics, government, and history, having worked at Mobile Computing & Communications, Computer Reseller News, Tour and Travel News, and Computer Systems ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.