HP Refocuses Its Security Efforts in Light of Sony Hack, Company Split
The reality of the modern world is that there is reason to worry about security exploitation. However, there are things that can be done to reduce the risk, Gilliland said. It's not about trying to stop breaches, he added, but rather about how quickly an organization can identify a breach so that the amount of damage can be limited and contained. Best Practices A good approach, according to Gilliland, is to have capabilities that can potentially disrupt processes used by attackers. He noted that much of the security spending today goes into technologies to block attacks. "If an organization just focuses on the silver bullet to block attacks, it's inevitable that an attacker will get in," Gilliland said. "The attackers will find the crack in the armor to get in."Sony as a Security Business Driver One other impact that the Sony Pictures security incident has had is that it has once again put focus on the need for robust security, which is ultimately a good thing for HP and others in the security business. "Whenever there is any significant coverage of any breach, the interest in what we do is much higher," Gilliland said. "There are lots of conversations that we have where the Sony, Target or Home Depot breaches are the topic of the discussion, and a lot of what comes out of the discussions is the question about what organizations need to do or change." Another driver for security funding in 2015 will likely be the need for compliance with the PCI DSS (Payment Card Industry Data Security Standard) 3.0 specification that went into effect on Jan. 1, 2015. Companies are getting funding to meet the compliance requirements, but he said funding to just meet compliance can be a double-edged sword. The positive side is that organizations get funding for security; the downside is that some organizations may think that by achieving security compliance, their security is good enough. The reality is that it's not enough and, in the increasingly complex threat landscape, security challenges are always growing. HP Enterprise In addition to the online threats that are impacting HP's customers, there is another big change on the horizon for HP—the pending split of HP into two separate companies, one known as HP Inc. and the other as HP Enterprise. Gilliland and HP's security division will become part of the new HP Enterprise company. "From a security perspective, it will give us more flexibility and the ability to invest differently in the things we do," Gilliland said. "I think the focus it will give us on the enterprise customer base will be great for our customers and great for our shareholders." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
He added that the ability to detect a breach and to know what to do once the breach has been detected are key skills that need to be in place as part of a mature security practice in 2015.