I had a nice chat with HP’s Security Advisory Board at HP Reinvent and it got me thinking about why, on PC and printer security, the firm seems to understand the problem and address it better than most. Part of it is that HP, of all the vendors, was hit the hardest with a security problem some time ago when the then combined company’s board didn’t understand that pretexting was a synonym for identity theft and authorized an action against reporters that cost most of the board, and several HP employees, their jobs, not to mention a ton of avoidable bad press.
I still think back on this and think the cause was that a bunch of folks didn’t really want to look stupid by asking what “pretexting” was. This stands as a shining example that, if you don’t know what a word means, it is better to look stupid than to make this kind of mistake.
I think, partially because of this, HP really seems to grasp that security is important (since I’ve been personally hurt by leaks, preventing them has become somewhat of a passion), and not from an abstract layered tech perspective, but as a fundamental foundation to good governance. As a result, particularly when it comes to printers, HP is arguably the most secure vendor on the planet.
Let’s talk about security in the shadow of the Equifax breach.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
I’ve run security units on and off for many decades and was even in law enforcement for a time. I tend to take security seriously and I even had breach team that used to test that security for a time. Some of the biggest problems, then and now, didn’t have to do with state-level, high-tech attacks but with simple, easy to do, phishing attacks on line workers or executives. It is how I breached security, it is believed this is how both the DNC and RNC were breached last election, and it was what the old HP got caught doing when it attempted to get reporter phone records.
It really doesn’t matter how much security technology you buy; if you can’t keep employees and particularly executives, from doing stupid stuff, you are still screwed.
HP and the Basics
HP is the only company aggressively pushing privacy screens. I was sitting next to a guy on the plane this week; he was doing a spreadsheet on his public firm’s financials. This is protected information that, were I so inclined, I could have used to do trades (since I have no desire to stay for any time in a federal facility, I chose to watch a movie rather than read what he was doing). But people email about unannounced products, email about pending acquisitions, and do confidential reports on planes where folks next to them and even behind then can quietly read their screens. Yet privacy screens, for most companies and vendors, remain the exception rather than the rule. To me, this is no different from allowing common passwords like “Password” and “1234” to be used.
HP pushes privacy screens hard and its commercial offerings generally come with a privacy screen option attractively priced into the mix. But the thing that recently made HP stand out was when Intel was asked which of the OEMs was the most focused on security. It pointed to HP. I’ve covered Intel for decades and typically both that company and Microsoft play Switzerland and don’t name any of the OEMs as better; they love everyone even though I know, inside, both have OEMs they really like and those they really hate (sometimes they have some nasty nicknames for CEOs on the hate side).
Wrapping Up: The Importance of the Basics
As I mentioned to HP’s unique Security Advisory Board, it bothers me a great deal that while threats have increased, the same basic problems that I wrote up and reported in the 1980s remain prevalent. I was pleased that at least HP seems to get that the foundational elements of security, like protecting the networked peripherals (printers) and driving privacy screens, are important, but I remain concerned that this still largely remains the exception rather than the rule in the market even though each breach, like the one at Equifax, seems to set a new bad record.
With things getting worse, it was nice to know that HP, at least, seems to get security and give it the focus it must have if we are to remain safe.
Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm. With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+