HP Protect 2015 Recap
The beginning of September saw approximately 1700 security experts converge in Washington D.C. for the 11th annual HP Protect event. HP Protect is HP’s annual security user conference, delivering technical and business content, product roadmaps, demos, instruction, and services to customers. Attendees learned what steps businesses can take to protect themselves from attackers and, if breached, what they can do to recover quickly.
During the show, HP Unveiled Data-Centric Security Protection Enhancements, featuring new enterprise data security offerings from HP Atalla and HP Security Voltage to address secure collaboration, PCI compliance and scope reduction.
HP Protect Keynote
An early HP Protect highlight was hearing from Sue Barsamian, the newly appointed SVP and GM of HP Enterprise Security Products. She delivered the HP Protect 2015 keynote and discussed her new role, the upcoming HP split, and how “Strength in Numbers” is more important now than ever. Sue described the great future and critical role for the security group at HP after it splits into two companies. According to Sue, perimeter security, which accounted for 77% of all security spending last year, isn’t working. The attack surface has increased dramatically, she said, and a new approach is required. Sue explained how the HP portfolio of data security products helps to secure interactions between users, applications and data regardless of location or device.
See the keynote here:
Privacy vs. Security
Another highly anticipated event at HP Protect was the privacy vs. security debate between General Keith B. Alexander, USA (Ret.), former director of the NSA, and journalist Glenn Greenwald, widely known for writing a series of reports detailing U.S. surveillance programs based on classified documents disclosed by Edward Snowden. The two debated what is the right balance between protecting the data of your enterprise and protecting the privacy of your people.
The two started with dramatically different positions on this tradeoff: Alexander suggested that security was more important while Greenwood took the opposing view, in favor of privacy. After some animated discussion, it seemed both Alexander and Greenwood actually accepted elements of each other’s arguments and had moved (almost) towards a common ground. Luther Martin’s take on the debate is that if two people with points of view as different as those held by Alexander and Greenwood can actually come to agreement on key aspects of the security versus privacy debate, there may actually be some hope of eventually reaching a consensus as a society for a reasonable balance for this difficult issue.
Don’t miss the debate!
HP Protect Customer Awards
A highlight of HP Protect that had special meaning for us at HP Security Voltage was the 2015 “Best in Class” awards. These awards are given every year to customers whose use of the technology and services delivers the greatest ROI and benefits for their businesses. One of the five awards was presented to HP Security Voltage customer Allegiant Air. Allegiant Air is an ultra-low-cost airline owned by Allegiant Travel Company and operating scheduled and charter flights across the U.S. With well over $1B in yearly revenues, over 90% of its revenue is generated from online channels such as its ecommerce site and mobile applications for travel services.
Allegiant Air needed to ensure they were PCI compliant with security standards, strengthen their protection of customer credit card data and online transactions, and reduce their data breach exposure. Leveraging HP SecureData with format-preserving encryption and tokenization technologies, they passed their PCI DSS audits at Level 1 as both a merchant and Service Provider, and reduced the risk of data theft by vastly reducing the ‘attack surface’ of any systems or applications containing live credit card data. By using our solutions so effectively, Allegiant Air was able to reallocate development resources to revenue-generating projects. For example, it created a new carry-on luggage application, resulting in more than $23 million in additional revenues during the first year. Later in the conference, Chris Gullett of Allegiant Travel Company, delivered two breakout sessions, in which he presented their case study to other attendees, detailing how the airline secures customer data through HP’s data-centric tokenization and encryption.
The Bad Guy Lair
One of the high points for many attendees of HP Protect 2015 was the Bad Guy Lair, a dark, smoke-filled room where the HP white-hat hackers demonstrated attacks that hackers wearing darker hats could carry out against their targets. At this unique demonstration, many attendees were surprised by how easy it is for hackers to find and exploit vulnerabilities in many computer systems: databases holding millions of credit card, social security or national ID numbers are just as vulnerable as are the point-of-sale systems that merchants use to process payments.
A common theme mentioned by several presenters at this event was that it is not a question of whether you will be targeted by hackers, but simply a question of when they will target you. And in the face of these inevitable attacks, different architectures are needed to protect sensitive data. It became clear at HP Protect that the traditional approaches to data security are woefully inadequate for today’s threats and to defend against these threats enterprises need to be flexible enough to quickly adapt and neutralize any innovations that attackers come up with.
Data-centric security, where businesses focus on protecting sensitive data at the data level–wherever it is, at rest, in motion and in use–is an innovative and highly effective solution to this problem that businesses of all types can take advantage of, right now.
Mark the Date! HP Protect 2016 is set for September 12-15, 2016.