HPE Security is looking to improve the security of mobile devices and the enterprise overall with two new security offerings announced in conjunction with the RSA Conference. HPE also released its Cyber Risk Report 2016.

William Terdoslavich, Freelance Writer

March 1, 2016

3 Min Read
<p align="left">(Image: Thinglass/iStockphoto)</p>

10 IoT Development Best Practices For Success

10 IoT Development Best Practices For Success


10 IoT Development Best Practices For Success (Click image for larger view and slideshow.)

Extending security to mobile devices and increasing the resilience of the enterprise against hackers are the two big moves Hewlett-Packard Enterprise will be announcing today at the RSA Conference in San Francisco.

[Learn more about HPE's cloud efforts. Read HPE Promos Synergy Platform for Hybrid Cloud.]

The announcements mark a change of thinking at HPE, as the company wants to do a better job of weaving security into its service offerings and of responding to security issues "at machine speed," according to Chandra Rangan, vice president of marketing for HPE Security Products.

The company redefined the issues of today's threat landscape in its HPE Mobile Application Security Report. Looking at mobility threats, HPE used its Fortify on Demand threat assessment tool to scan more than 36,000 iOS and Android apps for needless data collection. Nearly half the apps logged geo-location, even though they didn't need to. Nearly half of all game and weather apps collected appointment data, even though that information is not needed, either. Analytics frameworks used in 60% of all mobile apps can store information that can be vulnerable to hacking. Logging methods can also expose data to hacking.

The security implications are even more troubling when one considers how many companies allow BYOD (bring your own device) mobile solutions, Rangan pointed out. "The whole culture of building in security is important," he added. "The 'hope and pray' approach is not OK. These things come back to haunt us."

To plug this hole, the company announced the release of HPE SecureData Mobile, an end-to-end encryption solution covering data in motion, at rest, and in use. SecureData Mobile secures data at the mobile device OS level, through the enterprise data life cycle, and at the payment data stream. Mobile devices are increasingly used as a payment method, Rangan noted, and each transaction is a point of data entry that needs to be secured.

Mobile is just the front door. To secure the entire enterprise, HPE also announced the release of its Comprehensive Cyber Reference Architecture. The CRA is coupled with HPE's Threat Defense Services portfolio to present users and developers with an array of building blocks to construct an enterprise security solution.

The goal is to create a cyber-resilient enterprise, said Andrzej Kawalec, CTO for HPE Security Services. "The assumption of compromise is really important," he said. A business needs to detect and respond to a data intrusion fast. "The organization needs to recover, really quickly."

Building resiliency requires the enterprise to adopt a more holistic approach to achieve a state of "constant resiliency." Simply adding on modules will not do. "That game has not been a winning proposition," said Kawalec.

HPE Security CRA offers 12 key function domains, 63 sub-domains and 350 distinct security capabilities, wrapped up with a common methodology. These building blocks can be arranged to craft solutions for cloud, mobility, machine-to-machine (M2M) and Internet of Things (IoT). Customers can create security systems that can provide alerts, investigation and response, threat intelligence, and analytics.

"It's a deliberate enterprise view of security rather than a product set or portfolio of conversations," Kawalec said.

[Editor's note: This article has been updated to clarify a reference to the HPE Mobile Application Security Report.]

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.

About the Author(s)

William Terdoslavich

Freelance Writer

William Terdoslavich is an experienced writer with a working understanding of business, information technology, airlines, politics, government, and history, having worked at Mobile Computing & Communications, Computer Reseller News, Tour and Travel News, and Computer Systems News. He is returning to computer journalism after a long stint as a book author, book contributor, and stay-at-home father. 

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights