SAN FRANCISCO—Hewlett Packard Enterprise is using the RSA Conference here to launch its latest security initiatives in a bid to position itself as a strategic security platform partner for organizations. Among the initiatives is a broad, overarching Cyber Reference Architecture (CRA) that encompasses more than 350 distinct security capabilities.
"The HPE Cyber Reference Architecture consolidates and codifies HPE's cumulative field experience in advisory, architecture and transformation of some of the world's largest security environments," John Maynard, vice president of Strategy and Operations at HPE, told eWEEK.
The CRA addresses the people, process and technology elements of security and is not only used daily in the field with HPE customers, but is regularly updated by HPE's lead security consultants and security architects, according to Maynard. The size and scope of the CRA is vast, with 12 different top-level areas, 63 subdomains and more than 350 security controls. While there can be some complexity with that much content, Maynard said the CRA is in fact a simplifying process that makes it much easier for a chief information security officer (CISO) or security team to distill and understand interplay between domains and capabilities across a complex security environment.
"By using the CRA as a reference, CISOs and their teams can build security architectures and solutions with consistency and with clarity right down to the individual technologies and work packages required to execute," he said.
To help organizations make the best use of the CRA, HPE is also planning to launch an online tool that gives cyber professionals the ability to navigate the whole security hardening process. In addition, HPE has a set of assessment, benchmarking and consulting services that align an organization's challenges with the CRA and the key cyber blueprints, Maynard said.
HPE Tackles Mobile Data Security
HPE is also taking on the challenge of mobile data security with its new SecureData Mobile technology, which is being announced today. The basic idea is to help organizations build mobile applications that secure data from end to end. The goal is to secure sensitive data, such as payment information, sensitive personal data, location data or other sensitive fields that should be secured with strong encryption from the moment of capture throughout the data lifecycle.
Mark Bower, global director of product management at HPE Security, said the promise of SecureData Mobile is to help reduce the exposure and risks associated with handling sensitive data in mobile apps, reduce inadvertent leakage risks and simplify compliance to privacy regulations.
Data in motion across the Internet is often protected with Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption, but in Bower's view that's not enough for modern mobile applications.
"Without using end-to-end data protection, sensitive data captured in mobile applications flows from the apps into cloud tiers, temporary storage, though Web tiers, load balancing tiers and so on," he said. "While protocols like TLS help secure data in transit, the TLS tunnels terminate and restart across the full data flow, resulting in exposure and points where it may be compromised, inadvertently stored and thus where data is at risk from attack and compromise."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.