HP Innovation Journal Special Edition: Security | Page 31

JIM MANN D isting uish e d Te ch n olo gist , O f f ice of th e C hief Engin e e r, H P The digital revolution and hyper-connectivity which has taken shape over the last several decades has resulted in tremendous benefits for those fortunate enough to be able to participate. However, there are people who actively seek to take advantage of vulnerabilities in the systems built with this technology. They do this for reasons including personal gain, promotion of ideology, espionage, geopolitical influence, or sometimes just for fun. The actions of these bad actors have consequences ranging from minor inconvenience to devastating personal impacts and even personal injury. All of us have likely been impacted by a cybersecurity event, so we understand the pain our customers feel when they are impacted. During 2016, Symantec reported 1,209 confirmed breaches which exposed more than one billion user identities. PWC reported 32% of companies disclosed an incident of cybercrime. According to the Ponemon Institute the average cost of a breach is roughly $9.5M. These are alarming numbers, yet they still underestimate the total impact because it is hard to put numbers to cybersecurity incidents for individual consumers. Importantly for HP and our customers, it is estimated that 71% of breaches start from an endpoint device, such as a PC or printer, putting our products at the forefront of protecting customers’ data. For many years, HP has been at the forefront of endpoint device security, as demonstrated both through active participation and leadership in industry consortia and standards bodies, and our market-leading innovations such as HP SureStart. This has resulted in new marketing statements such as “World’s Most Secure Printers”, and “World’s Most Secure and Manageable PCs”, as well as The Wolf and The Fixer video series. Because security is such a key element of our promise to customers, and the impacts can be so severe, we continually strive to push the envelope in delivering the best security technology (the what), with a process methodology that ensures HP products and services are developed securely (the how). This tandem of what and how was succinctly captured by HP’s Chief Information Security Officer, Jack Clark, as “secure products, built securely” and serves as a guiding principle for HP’s product security strategy. To solidify HP’s position into the future, we must have a culture of security throughout the company. Security is a team sport which benefits by everyone—not just security professionals—being knowledgeable and invested in the security of the products and services we deliver to our customers. But security is an expansive topic, uses terminology which can be daunting to those new to the subject, and makes use of a broad array of often complex technologies. To make this more accessible to the non-security professional, our team champions various efforts across HP to engage and enrich not only professionals in the security community, but also others with interest in the topic or who just need education in the basics of security. This includes co-leading the Security and Privacy Affinity Group, sponsoring security summits and topical webinars, hosting business-challenge workshops, curating, sourcing and developing training materials, creating development learning paths, and working with HR on security talent management. At HP we know the security landscape continues to evolve rapidly, threats increase each year, and attackers only get better and more creative. Continuous learning is critical in ensuring HP can continue to put the most secure products in the market to help our customers maintain their businesses and missions. To learn more about this video series or suggest ideas for specific topics to be covered, please contact Jim Mann at [email protected]. 30