Secure encryption, managed in the cloud, promised by HP’s Atalla, a division which secures credit card transactions
The company is also offering encryption bundled with ProLiant servers, supported by an Enterprise Key Management appliance, also launched at HP Discover in Las Vegas. In both cases, key management is provided by the Atalla technology, which is already widely used to secure credit card transactions. It also has the useful spin off of saving old disk drives from destruction and landfill.
Bad guys meet the average Joe
“Why are we spending more and more on security, but the risks are increasing?” asked Art Gilliland, vice president of security at HP. “Two facts are smashing together: there are super sophisticated bad guys, and the attack surface is expanding.” Much-loved features such a mobility make it easier for attackers to intercept traffic and gain control of systems.
Regulations and best practices only serve to get average users up to the “lower bar”, but they are up against professionals, he warned, who “only need to win once.”
The Atalla web encryption system uses split key homomorphic encryption, so part of the key is looked after by Atalla, and the rest is stored by the user. This doesn’t give HP any access to the user’s data, but it does ensure no one else gets the whole key, he said. It also won’t protect against requests for data from agencies like the NSA since the system is entirely administered by the user,who must respond to any such requests for themselves, Gilliland told TechWeekEurope.
Using this system means that any hard drive or storage system can be routinely encrypted with any strong algorithm, and the keys kept safe. When the user wants the data gone, this can be done permanently by destroying the keys in a “one button” erase function.
This is an important thing, said Gilliland, since otherwise, those hard drives would probably be destroyed in fear that there might be private data there. “Enterprises crush disks all the time out of fear,” he said.”That creates waste.”
Key management also avoids the approach sometimes taken, of using self-encrypting drives (SEDs), as these are more complex to support.
HP also promised that ProLiant servers would now come bundled with the Atalla system, so they can be encrypted “with no impact on processing”. Keys for these servers can be managed with a new enteprrise security key management appliance, which uses the open key management interoperability protocol (KMIP) so it can also manage kit from other vendors.
“It’s a dirty secret that key management solutions lock you in,” warned Gilliland. That’s not the way HP does things, he said.
The Atalla encryption division dates back to Tandem, a high reliability computer firm bought by Compaq, which eventually ended up at HP following acquisition by Digitial Equipment. It still has the same CTO, Steve Wierenga.
Nearly suckered by vanity
Illustrating the increasing dangers of social engineering and other attacks, Gilliland recounted how he spoke at a conference recently, then received a thank-you email from the organiser including an invitation to speak at the next event, and an attached photo of himself at the podium.
Only the photo was a PDF, which was unusual enough for Gilliland to pass the email to his colleagues for analysis. It turned out it wasn’t from the conference chair, but the PDF contained a genuine photo of him – packed alongside a unique virus crafted especially for him.
What do you know about Internet security? Find out with our quiz!