Excitement around Mobile Data Security at RSA
Mobile Applications are explosively growing and based on Forrester statistics Mcommerce sales will reach $252 billion1 in 2020. The inclusion of mobile is not just an onmichannel solution it’s pervasive in all industries, whether payments, healthcare, travel, finance, etc. However all these applications are collecting data and the fact that sensitive data is out there everywhere is a very scary scenario. Consumers are slowly realizing the dangers of data breaches and the cascading affects they cause to private information; leading consumers to demand enterprises keep their data safe.
Mobile Application Security Report 2016
Recently, HPE unveiled results from the Mobile Application Security Report 2016 which found more than half of mobile applications are collecting alarming amount of data from consumers. This study also revealed that enterprises were not taking necessary steps to protect customer sensitive information.
The study leveraged HPE Security Fortify on Demand to scan more than 36,000 iOS and Android mobile apps, and revealed the impact of this sensitive data collection. Over 96% of applications were flagged in at least one of the 10 core privacy checks. Such research studies give great insight to enterprises that their focus on security needs to be better than what they currently are doing. However with a plethora of different technologies available for mobile applications and the fact that each industry segment has a different need, it seems challenging for enterprises to implement the right kind of security and technology that serves their purpose.
We at HPE Security – Data Security understand that one common theme for various different mobile applications is data and this is the key liability for enterprises. Hence we focus on data-centric security solutions supported agnostic of platforms and infrastructure hence enabling enterprises to meet their different security needs.
RSA Conference Insights
Recently HPE Security – Data Security released a product called HPE SecureData Mobile at the RSA Conference 2016. It was a very interesting experience. We had two category groups supporting the HPE booths – Gurus (product experts) and Ambassadors. The Ambassador’s job was to offer insight into HPE Security – Data Security and the different products to potential customers. Based on their interests they would be directed to the Gurus. I played a Guru role and provided quite a few demos to prospects and customers on HPE SecureData Mobile.
There was definitely a heightened interest in protecting data on mobile devices in the show this year due to the launch. The conference provided me an opportunity to explain the importance of data-centric security for data on mobile applications. I met with couple of our current customers who really liked the product to the point that they started to inquire why their account manager had not provided any information about this product wherein fact we had to clarify to them that the product was just launched.
We also had quite a few analyst meetings. My key takeaways from these meetings were that this product is definitely one-of-kind product solution. They had not seen many other competitors that provided a similar solution. And they also saw the value proposition for this product since even with layered security approach with different layers such as device, transport, application, database securities – data security is a critical layer which protects the data itself agnostic to any platform/device/application etc.
Several times it was brought to my attention that their organization uses SSL/TLS to securely transport data between their mobile application and back end tiers, and they wouldn’t need an additional layer of security. When SSL/TLS are brought up, we help them understand that SSL/TLS tunnels are often used but data is secure only when data is transiting in this tunnel from the mobile application to the server, once this tunnels ends then the data is in the clear and immediately at risk. Downstream applications that consume this data are also at risk for security hacks.
By securing the data when captured from the application and keeping it secure through the lifecycle of the data is much stronger security that enterprises could provide to their applications and down to their consumers. HPE SecureData Mobile leverages HPE Format-Preserving Encryption (FPE), an encryption recognized by NIST that encrypts data by preserving the data format in such a way that format and length is same as the original data. This way retrofitting to legacy applications is very simple and easy rather than conventional encryption that would change the data format, making the integration complex.
I am pretty excited about this product and the potential of opportunities in the future. My whole experience from the product development to the product launch has been a great experience and learning opportunity for me and I welcome your thoughts.
 US Mobile Phone And Tablet Commerce Forecast, 2015 To 2020, Forrester Research, Inc., October 1, 2015
Learn more about HPE SecureData Mobile.