Protecting the Element, protecting others
OCTOBER 13, 2020 • BLOG POST • DREW SIMONIS, VICE PRESIDENT AND INTERIM CHIEF INFORMATION SECURITY OFFICER
IN THIS ARTICLE
- October is National Cyber Security Month in the United States, reminding us of the responsibility HPE has to protect ourselves and our customers
- HPE takes a three pronged approach to combating cyber threats: prioritize, plan, and practice
- We also innovate to ensure that our customers are working with the right tech solutions to protect their data, information, and assets
HPE’s approach to protecting ourselves and our customers from cyber threats
October is National Cyber Security Month in the United States, and a great reminder for organizations of all sizes of their responsibility as stewards of data belonging to our team members, customers, and partners. At HPE, that responsibility is reinforced around the year through a campaign we call “Protect the Element” – a reference to our rectangular logo -- reminding team members to take the necessary precautions to safeguard our systems and the data and information that is entrusted to us.
Cyber threats are everywhere – as widespread and ubiquitous as the air we breathe. While the public’s perception of a cyber-attack might be a hacker working alone in his or her basement as was often portrayed in the media early in the internet era, the reality we all face is that cyberattacks are now sophisticated criminal enterprises. As we have seen more and more, they can also be warfare and espionage campaigns directed by nation-states.
That is why, while counterintuitive, cybersecurity isn’t about preventing attacks from happening. Rather, it is about preventing them from being successful. The question we must answer is not “are we secure?” It is “are we prepared to withstand an attack, protect our assets, and move on?”
Preparation comes down to three key areas:
- Prioritize: Since we can’t control where an attacker will strike, the best we can do is make an informed calculation. We do this through the use of threat intelligence, learning about attacker’s aims and motives and analysis to determine which assets we have which are at the greatest risk. By focusing our resources on those assets whose harm would have the most impact to the business, we maximize our ability to protect our interests.
- Plan: Cyber response is an intricate production involving adversaries, defenders, businesses, individual stakeholders, and regulators. Just as first responders or the military have operating plans for disaster scenarios like fires, earthquakes, and hurricanes, cyber security teams cannot make it up as they go along. Every interaction when an attack occurs is carefully coordinated to ensure teams are speaking with each other and working together to mitigate the incident.
- Practice: A plan is only useful if people know how to use it. At HPE, our cyber response teams conduct drills regularly not only to run our playbooks, but to evaluate the playbooks themselves for areas for improvement. Developing robust cyber response capabilities is an iterative and evolutionary process.
And, of course, it’s important to work with the right equipment, service providers, and solutions. We’re fortunate that as part of HPE, we have access to all the latest technology that the company produces. For example, to assist our customers in protecting themselves as they make their digital transformations, HPE has launched the ProLiant DL380T – the first industry standard server to be manufactured in the United States - in highly secured facilities by dedicated team members with verified background and security checks. We also employ Aruba’s Zero-Trust architecture in our networks to logically segment different categories of users and devices and to enforce appropriate access rights, something that becomes even more critical as we witness an explosion of the Internet of Things.
Cyber threats are ever changing and evolving, not unlike the COVID-19 virus that has consumed so much of the public consciousness this year. By embedding security in everything we make and everything we do, HPE is committed to protecting all those who place their trust in us.