(WEB HOST INDUSTRY REVIEW) — Hewlett-Packard (www.hp.com) unveiled a comprehensive new security services portfolio at the end of January designed to help organizations better manage risk, protect critical infrastructure, safeguard the continuity of operations and maintain regulatory compliance.
Integrating a wide variety of security services from across the company, the unified HP Security, Compliance and Continuity Services portfolio was created as part of HP’s Secure Advantage suite of security products and services to address the information security needs of businesses and governments. To provide clients flexible choices for their security needs, HP offers a range of consulting, training and managed security services options.
With this new portfolio, HP works with clients to design, implement and maintain their own security environment, manage certain security functions for them, or outsource their entire security environment, depending on the organization’s objectives. The suite addresses applications, business continuity, content, data integrity, data center, end points, networks, identity and access management, risk management and security operations.
With various compliance requirements weighing down IT departments, and individual security applications multiplying out of control, HP Secure Advantage chief security strategist Chris Whitener says the HP Security, Compliance and Continuity Services portfolio will ease the burden of all aspects of traditional IT security and security in traditional environment, and even the cloud.
“We’re going to take the complexity out of this kind of stuff,” he says.
After working recently with various large banks and telecoms, Whitener found that they had as many as 200 security products installed just to handle current compliance requirements.
“This is really out of control,” he says. “It’s kind of like having a ’57 Chevy that doesn’t have an airbag, a seatbelt, ABS or any of that kind of stuff, and we expect the customer to bolt all of that on.
“With Secure Advantage, what we’re trying to do is say, ‘we’ll do the integration.’ We’ll take common business problems, whether they’re things like hosting or web applications, or almost anything you can think of and break that down, and say, ‘okay, here’s the stuff we’re going to integrate, here’s how we’re going to test it, and you can call HP for all of it.’”
The portfolio consists of consulting, training and managed security services, leveraging a common reference model to reduce complexity and cost for clients, and creating a service delivery model tailored to their individual needs. The portfolio uses the HP Information Security Service Management reference model, and an IT Infrastructure Library based architecture, which reduces complexity and manages costs across various business areas, enabling HP to align the technology environment to each business’s objectives.
New to HP’s Secure Advantage is Cloud Computing Security Assessment, which enables HP to help mitigate security risk as clients adopt cloud computing. This assessment, along with HP’s Cloud Discovery Workshop and HP Cloud Assure helps companies decide what should be moved to the cloud, and also assess and address security concerns for private and public clouds. They also provide the means to continue managing cloud security on an ongoing basis.
HP also launched the new Application Security Center of Excellence Services to prevent security attacks on web applications. This service includes a workshop and assessment services that help organizations define their strategy and develop a roadmap for implementing an application security program across the application life cycle.
Additionally HP Software as a Service Project Services for Application Security Center also helps customers rapidly and cost-effectively implement their application security initiatives with a complete solution maintained and managed by HP.
Bottom line, with its recent additions, Secure Advantage takes a lot of the complexity out of end-to-end IT security, helping organizations develop a strategy to protect sensitive data from attacks using the best technologies available. It also lets managers keep existing software such as McAfee’s APO for management or Symantec for DLP.
“There are a lot of issues, especially at an enterprise level about integration of security both into products and between security products,” Whitener says. “I don’t think any IT manager, especially in the enterprise, is being paid to do integration of security products so we want to take that complexity and that cost and that risk out of this part of the equation and then also be flexible in the way that you get it, and also give you a choice as to whether you may want to do it all with HP stuff or otherwise.”
