OREANDA-NEWS. Hewlett Packard Enterprise (HPE) today announced the company has contributed technology and core specifications for the new National Institute of Standards and Technology’s (NIST) AES FFX Format-Preserving Encryption (FPE) mode standard. Format-preserving encryption is critical in protecting sensitive data at rest, in motion and in use while preserving the data formats, and the technology is being used by customers such as Heartland Payments Systems.

The NIST standard provides an approved and proven data-centric encryption method for government agencies, and HPE has been involved as a developer through open cooperation with NIST from initial proposals of Format-Preserving Encryption technologies with formal security proofs to independent peer review of the NIST AES modes.

“As organizations and government agencies demand new data-centric security approaches that mitigate risks without stifling business strategies, vendors have rushed to market with a range of proprietary methods that are unproven and not peer-reviewed,” said Mark Bower, global director of product management for HPE Security – Data Security at Hewlett Packard Enterprise “The NIST standard is critical in setting the bar to ensure organizations are maintaining regulatory and audit compliance, as well as using proven methods to protect against a data breach.”

This new mode enables organizations to encrypt sensitive personal data without completely revamping existing IT infrastructure, increasing security and lowering the cost of strong data protection. Private sector entities and standards referencing NIST publications will also benefit from this new, recognized standard, especially in compliance frameworks where proven standards acceptance is critical.

“As one of the earliest victims of massive cybercrime affecting millions of cards, Heartland Payment Systems implemented cutting-edge technology to remediate the situation,” said Robert Carr, Chairman and CEO of Heartland Payments Systems, and newly appointed member of President Obama's National Infrastructure Advisory Council. “We’re proud to have been a proving ground for the HPE SecureData solution, formerly of Voltage, as it provides a secure and compelling solution to protect sensitive data, and is now officially a NIST standard mode of AES encryption. I hope the federal government incorporates this type of technology for protecting vast amounts of sensitive data in disparate systems.”

HPE has leveraged and will continue to implement FPE widely throughout its HPE SecureData Enterprise product line for specific use cases, including:

  • In the Enterprise : Enables end-to-end protection of live data in databases, mission critical mainframes and applications while the information is in use, in motion, and at rest. Unlike traditional encryption that only protects data at rest, FPE delivers continuous data protection to reduce threats from insiders, malware, and external advanced attacks to systems.
  • In the Cloud: Enables cloud workloads to be secured with total control by the enterprise. Organizations can use low cost, agile cloud services including HPE Helion, AWS and Azure to process sensitive and regulated workloads without exposing the live data to the cloud or hypervisor, and avoid data residency challenges by central control over keys.
  • In Payments: Delivers full end-to-end data security that reduces POS malware threats and protects PCI payment data from data capture devices to trusted processing hosts. HPE SecureData Payments is used today to protect billions of transactions in the world’s leading retailers, payment processors and their merchants across the U.S.
  • In Big Data : Allows de-identification of large data sets in analytic platforms, Big Data, Business intelligence, and data lakes. This enables organizations to adopt low cost Hadoop platforms processing sensitive data workloads where data privacy issues are critical given the scale, velocity, and density of information captured.
  • In Mobile and Internet of Things (IoT): Provides end-to-end data protection from capture on mobile devices to avoid inadvertent data leakage in mobile application use and data-centric protection for IoT device data, enabling manufacturers to securely manage, collect and analyze real-time data from connected devices without potentially exposing sensitive information.

When implemented with stateless key management techniques, FFX Mode allows encryption to be achieved at scale on any platform, including modern cloud systems or retrofitted to existing applications,” said Terence Spies, HPE Distinguished Technologist, HPE Security – Data Security at Hewlett Packard Enterprise. “This neutralizing approach to data-centric security provides protection to complex distributed environments common in governments, payment processing, cloud, and today’s big data, Internet of Things, and enterprise data warehouse platforms.”

HPE SecureData has already seen adoption in the private sector, protecting billions of transactions in web and payments processing, healthcare processes, airline processing systems, mobile applications, and big data (including Hadoop).The technology has also enabled organizations to migrate sensitive data to the cloud while maintaining absolute control.

About HPE Security
HPE Security helps organizations protect their business-critical digital assets by building security into the fabric of the enterprise, detecting and responding to advanced threats, and safeguarding continuity and compliance to effectively mitigate risk. With an integrated suite of market-leading products, services,threat intelligence and security research, HPE Security empowers organizations to balance protection with innovation to keep pace with today’s idea economy.

About HP Inc.

HP Inc. creates technology that makes life better for everyone, everywhere. Through our portfolio of printers, PCs, mobile devices, solutions, and services, we engineer experiences that amaze.