HP Security 2014 predictions wrap-up
Wrapping up our conversation with HP Security’s Andrzej Kawalec, the topic again is cybersecurity in 2014. Andrzej is the CTO of HP Security.
SiliconANGLE: Let’s talk about HP’s enterprise-level security approach. How are things different at HP when it comes to security?
Kawalec: We can point to few things here. There’s this massive global scale we have deep experience with. There’s also this massive growth as well that gives us this level of insight from our biggest clients and partnerships. We have this this powerful extended security research team, with hundreds of researchers from HP Labs, 3000 researchers externally. That gives us an incredible base of available intelligence and insight. I was at a Tokyo hacking conference some weeks ago and the interesting thing is this demand that we see around the world for information, it’s global. With this information intelligence we can put the power of enterprise security into the hands of small organizations, because otherwise they would have to rely on putting so many things together. While they certainly have the capability to tackle specific challenges, putting best practices and the latest intelligence together is a very big challenge. Throughout, we’re one of the very few enterprise partners that is out there at this level of security, we have customers come to us asking about macro issues and how to deal with them – from the military organizations to financial like banks and everything else you could imagine. They’re gauging longevity and reliability.
SA: A lot of companies ‘get it’ when it comes to security. However we know that there’s still many that have a way to go, battles that have to be won in the board room, at the C-level. Where are we in the industry as far as making a compelling business case in these situations?
Kawalec: Security really needs to be driven through leadership. We need to change the responsibility first, starting at that board level and it’s something that has to be driven by very clear objectives. That conversation starts with the definition about who is responsible for risks and security. Clarity is vital. From there you are able to building an organization-wide response. Take for example, in today’s culture speed to market is a defining factor in business success, but security needs to be a big part of that. The business discussion around these initiatives should be a million miles from simply buying a firewall and laying it all on that product. Security needs to step out of the shadows. It’s a discussion that has so much tremendous value because if it feels that your organization is mature in its security and taking the right steps, that’s not only a great achievement, but it’s one you can be proud of. If your organization is hampered by attacks and not knowing what is going on or how to deal with it, well you have an opportunity there to start to be transparent about things, that’s when a turnaround can start.
Recent research shows 43% felt that information risk was something that making them less agile. It should be obvious that organizations that succeed are more agile and security goes with that. As far as technology investment, we would like to that move some levels up the stack away from network world, computers, servers, and actually move to a client focus. That’s another way to create change. Even creating greater security strength to security operations leaders. We also like the direction of things shifting to threat detection strategies, analyzing anomalies as it relates to cloud environments as well.
Leaders in 2014 and beyond will emerge as they take up security responsibility and execute from the right business levels. As far as change that comes from the board room, if they are able to stand up make the security case while maintaining scalability, control and enablement, that’s a winning proposition all the way around. This means that budget constraints and building from a compliance standpoint will be less of a detriment.
SA: Any other giant threats you see out there?
Kawalec: It’s interesting, our Fortify team has been doing a bunch of incredible research and work on smartphone and mobile apps. I was quite shocked to see the latest findings that recognized as many as nine out of ten applications have significant security vulnerabilities – and this was a very large sample. Additionally, it turned out that the problems were in some very basic elements like how information and data was transported, architecture, languages that were used, and other software flaws. Enterprises will be facing a growing responsibility to deal with that. It’s something that Fortify is leading the charge in striking a balance to deal with it. This will be a big topic.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU