As the number and severity of security incidents have risen over the past few years, so has the importance of security management. Add to that regulatory pressures that are forcing firms to demonstrate operational risk controls and report the effectiveness and weaknesses of their control frameworks, and financial firms are facing security challenges like never before. 

In an effort to better safeguard HP’s own infrastructure and data, as well as that of its financial services clients, HP has devoted considerable investment, time and resources toward developing a set of best practices for maintaining a safe and secure IT environment. Through this work, HP has developed a security regimen built on three effective principles of security – one must have a thorough understanding of the current state of their security practices, a comprehensive identity management program is required, and the widespread deployment of encryption technologies is essential.  

The first principle requires the careful analysis and documenting of security practices within an organization. This begins with a 360-degree security assessment that determines the overall state of the organization’s security posture. In its extensive work with FSI customers, HP has found that the mean score for most organizations is only 52 percent adherence to standard industry practices (ISO 17799). Areas generally scoring the lowest are access control/authorization and data protection, both of which are addressed by HP’s security principles regimen. HP assessment can also include a risk assessment, which evaluates the potential impact of security breaches and determines the appropriate responses for areas of high exposure. HP’s assessment process cross-maps the results to any regulatory requirements and industry security standards that a financial services firm must adhere to.

Identity management is the second critical principle in a sound security architecture. Identity management requires a full knowledge of business processes, organizational relationships and identity data, and the proper tools for managing the interactions of these components. HP OpenView Identity Management software automates control over users attempting to access a firm’s business systems, thus enabling a company to achieve sustainable corporate governance by auditing all actions and change approvals. And, this solution can be extended to non-IT touch points such as buildings and telephones.

HP OpenView Identity Management actually consists of several elements. HP OpenView Select Identity manages users’ access entitlements by automating the complete process of registration, approval, user provisioning, ongoing account maintenance, and termination.  HP OpenView Select Access provides centralized authorization across Web-enabled applications. HP OpenView Select Federation extends the single sign-on experience to allow the sharing and management of user identities among external organizations. HP OpenView Select Audit aggregates identity audit information to give an auditor’s perspective on identity controls and how they align with the business.

The third principal of a security foundation is encryption, both inside and outside the firewall. Many firms encrypt data that is leaving the company, but find it hard to cost-justify full encryption behind the firewall. Striking the right balance is the key. Along with helping companies construct the correct architecture for their unique environment, HP also has specific products to help in this area. One example is HP Atalla, which provides hardware-based cryptographic algorithms for sensitive data and financial transactions. This proven technology is used by a large percentage of FSI organizations worldwide as well as HP itself. 

As a leading high technology company, HP has long faced the need to secure proprietary data for itself; customers with special needs like the U.S. government, and customers for whom HP provides full IT outsourcing services. Using that experience, HP has created a complete set of security services designed to help FSI firms deal with today’s sophisticated security challenges.