HP Innovation Journal Special Edition: Security | Page 31
JIM MANN
D isting uish e d Te ch n olo gist ,
O f f ice of th e C hief Engin e e r, H P
The digital revolution and hyper-connectivity which has
taken shape over the last several decades has resulted in
tremendous benefits for those fortunate enough to be able
to participate. However, there are people who actively
seek to take advantage of vulnerabilities in the systems
built with this technology. They do this for reasons
including personal gain, promotion of ideology, espionage,
geopolitical influence, or sometimes just for fun. The
actions of these bad actors have consequences ranging
from minor inconvenience to devastating personal impacts
and even personal injury.
All of us have likely been impacted by a cybersecurity
event, so we understand the pain our customers feel when
they are impacted. During 2016, Symantec reported 1,209
confirmed breaches which exposed more than one billion
user identities. PWC reported 32% of companies disclosed
an incident of cybercrime. According to the Ponemon
Institute the average cost of a breach is roughly $9.5M.
These are alarming numbers, yet they still underestimate
the total impact because it is hard to put numbers
to cybersecurity incidents for individual consumers.
Importantly for HP and our customers, it is estimated that
71% of breaches start from an endpoint device, such as
a PC or printer, putting our products at the forefront of
protecting customers’ data.
For many years, HP has been at the forefront of
endpoint device security, as demonstrated both through
active participation and leadership in industry consortia
and standards bodies, and our market-leading innovations
such as HP SureStart. This has resulted in new marketing
statements such as “World’s Most Secure Printers”, and
“World’s Most Secure and Manageable PCs”, as well as
The Wolf and The Fixer video series.
Because security is such a key element of our promise to
customers, and the impacts can be so severe, we continually
strive to push the envelope in delivering the best security
technology (the what), with a process methodology that
ensures HP products and services are developed securely
(the how). This tandem of what and how was succinctly
captured by HP’s Chief Information Security Officer, Jack
Clark, as “secure products, built securely” and serves as a
guiding principle for HP’s product security strategy.
To solidify HP’s position into the future, we must have
a culture of security throughout the company. Security
is a team sport which benefits by everyone—not just
security professionals—being knowledgeable and invested
in the security of the products and services we deliver to
our customers.
But security is an expansive topic, uses terminology
which can be daunting to those new to the subject, and
makes use of a broad array of often complex technologies.
To make this more accessible to the non-security
professional, our team champions various efforts across
HP to engage and enrich not only professionals in the
security community, but also others with interest in the
topic or who just need education in the basics of security.
This includes co-leading the Security and Privacy Affinity
Group, sponsoring security summits and topical webinars,
hosting business-challenge workshops, curating, sourcing
and developing training materials, creating development
learning paths, and working with HR on security
talent management.
At HP we know the security landscape continues
to evolve rapidly, threats increase each year, and
attackers only get better and more creative. Continuous
learning is critical in ensuring HP can continue to put
the most secure products in the market to help our
customers maintain their businesses and missions.
To learn more about this video series or suggest ideas for
specific topics to be covered, please contact Jim Mann at
[email protected].
30