LAS VEGAS – Hoping to better secure corporate data from increasingly sophisticated hackers, HP's new capabilities allow IT pros to encrypt data at the point of its creation, whether it resides in the cloud or on-premises.
HP Atalla Cloud Encryption protects a range of unstructured data, such as payment information, electronic health records and financial institutions' mission-critical systems, throughout its lifecycle.
Protecting such information has become doubly difficult recently because hackers now work in teams, each with their own expertise, to penetrate security and extract critical corporate assets.
"There has been an important evolution among the bad guys; they aren't individuals working out of their basement now," said Art Gilliland, senior vice president and general manager of HP Enterprise Security, during the company's annual HP Discover conference here this week. "They are now working together to buy and sell services among themselves and have motivation to specialize in one area."
Hacker teams also have added incentive from IT's emphasis on cloud and mobile devices that potentially expose critical corporate data, Gilliland said. This has applied new pressure for most corporate data center professionals who now have additional holes in the dike to plug.
Large organizations typically face 120 successful attacks per week, according to HP. Under this sort of pressure, most corporate security teams aren't concerned about whether their organization will be breached, but assume they have. This has driven IT professionals increasingly to encryption to become more proactive, according to HP.
One IT pro here was heartened by HP's redoubled efforts to bolster data security but won't jump to adopt it.
"I would like to see something like this work and be bundled with some of [HP's] servers, but it is very new," said the CFO of a large Arizona-based accounting firm. "We have already spent a lot of money on security products, many of which come up short, forcing us to spend even more money on enhancements for it or to buy something completely different."
HP believes its cloud encryption will appeal to corporate users because it reduces the complexity of key management in public, private and hybrid environments through split-key encryption, a method for combining and splitting keys during initial encryption. Users can integrate with HP's Enterprise Secure Key Manager to automatically manage and protect master keys on-premises, HP said.
"What makes this different is these keys can generate some of the encryption, so HP is not generating all the encryption, and users are the only ones who have the master key," Gilliland said.
Split-key encryption for the cloud
While HP has patented its split-key, or homomorphic, encryption, it is not the first to come up with such an idea. Porticor, a much smaller company, provides a similar service for VMware and AWS, also patented.
Porticor's technology enables its virtual appliance to give an application access to the data store without exposing the master keys in an unencrypted state. The technology also ensures that if a master key is stolen, it can never be used to access the victim's data store.
With Porticor's technology, each data object can be stored in a Porticor virtual appliance and uses split-key encryption. Each key has two different parts: the master key is retained by the application owner and not stored in a cloud or the Porticor key management server; the project key is stored on the key management server.
Analysts believe the split-key approach to encryption should make more IT shops feel more comfortable to buy into HP and other competitive offerings down the line. It should also make them more confident in deploying hybrid cloud environments.
"For enterprises to freely choose from among their hybrid cloud options, security like this has to be consistent and nimble," said Dana Gardner, principal analyst with Interarbor Solutions Inc. in Gilford, New Hampshire. "Using split-key encryption like this I think can potentially tackle both issues by allowing enterprises to manage encryption keys across both public and hybrid environments."
The company also rolled out Atalla Information Protection and Control (IPC), which intends to protect sensitive data through its lifecycle, whether the data resides in the cloud or on-premises.
HP Secure Encryption with centralized key management is available immediately, although users must order it with the HP ProLiant Gen 8 server, HP Smart Storage options and enterprise key management and client licenses from HP Atalla.
HP Atalla Cloud Encryption and HP IPC are available immediately.
Ed Scannell is senior executive editor for TechTarget's Data Center and Virtualization media group. He can be reached at firstname.lastname@example.org.