Three people at a meeting

Security has become ever more complicated as cyberthreats continue to escalate and IT environments expand across clouds, on-premises data centers, and out to the edge.

It’s clearly a challenge to keep up with this new reality. In a recent survey conducted by the Ponemon Institute, only 42% of organizations said they’re confident that attacks inside the IT infrastructure can be quickly detected before they break out and cause a cybersecurity breach.

Ponemon analysts determined there is an IT security gap, in which organizations are struggling to gain visibility and control of every user and device that is connected to their IT infrastructure. In addition, they’re dealing with skills shortages and a blurred IT perimeter that includes mobile devices, clouds, and edge solutions like internet of things infrastructure.

The report also suggests a series of best practices to close this gap, such as placing importance on backup and recovery capabilities and the implementation of zero trust principles across IT infrastructure.

In other words, closing the security gap requires a modern approach. An organization’s strategy should not only protect data with continuous disaster recovery and backup, but also provide streamlined management capabilities that mitigate the impact on lean security teams and fill skills gaps.

Functionality that improves security posture

Enterprises need security capabilities that help them anticipate, withstand, recover from, and adapt to an evolving cybersecurity landscape. Some of the core capabilities that holistically close the security gap include:

  • A trusted supply chain of IT infrastructure, including security embedded right into the silicon. A root of trust that is integrated directly into hardware can provide advanced protection, including a defense against firmware attacks.
  • A zero trust-enabled architecture that automatically and continuously verifies the integrity of the hardware, operating systems, platforms, and workloads to attest that they are secure. This includes a focus on identity and privilege principles.

Once these foundational capabilities are addressed, organizations must improve security management for greater visibility and control. That requires bringing together and optimizing resources across the hybrid IT estate. It might seem like a tall order, but there is a way to simplify it, and it starts with an underpinning platform.

A hospital’s approach to closing security gaps

A security breach that takes critical systems offline for even one hour can cause considerable damage — from loss of revenue to the inability to provide patient care.

Enloe Medical Center, a Northern California hospital system, was especially focused on the latter when it decided to develop its own secure private cloud. The healthcare provider deployed HPE GreenLake Services to protect patient data and ensure robust disaster recovery and backups.

The platform has not only enabled Enloe to boost system availability and performance of workloads, it also saved the day when the hospital suffered a security incident.

“When we got hit with ransomware, we had access to our electronic medical records restored within 48 to 72 hours,” said Chris Webb, director, technology (technical infrastructure), Enloe Medical Center.

Webb credits HPE and a strategic partner, who helped implement medical archiving and backups onto a private cloud platform. Those capabilities, plus their expertise and support, “really saved our bacon,” Webb said.

HPE GreenLake provides a secure cloud experience, with zero trust as the guiding framework. It is an as-a-service platform that enables organizations to use and pay for only the infrastructure and cloud services they need today, but with the flexibility to easily scale tomorrow.

For example, Enloe uses HPE services to track the security status of all of its devices and systems, and perform updates on a timely basis.

“Instead of trying to figure out what firmware updates we need, we can be more innovative for the business,” Webb said. “We have the time now to think proactively instead of constantly reacting.”

The beauty of HPE GreenLake is that organizations can choose the services that best suit their business and keep it secure. And, they can opt to manage the user-friendly platform themselves, or have HPE manage it for them.

Discover how HPE GreenLake can help close any security gaps in your organization.