Turning Data Security from Cost Center to Competitive Advantage

HPE Nonstop systems were built for high availability, massive scalability and data integrity. That makes them a popular choice among financial services, retail and other demanding environments. It also means they are home to some of the world’s most sensitive data. Yet protecting that data has become increasingly challenging over the years—driving up costs, manual toil and the risk of serious breaches.

This risks reversing years of progress in cybersecurity, by reinforcing stereotypes of the function as a cost center rather than a business enabler. The best way back is via a unified approach to key management designed to centralize and simplify operations in a more robust and reliable manner.

Security teams under pressure

Cybercrime is a multitrillion-dollar business today. That puts HPE Nonstop customers firmly in the crosshairs of determined threat actors. Cybercriminals can find all the tools and know-how they need on the digital underground—many offered as a simple, pre-packaged service.

Infostealers are having a particularly nefarious impact, by driving up the volume of compromised credentials on the dark web. One report claims that nearly two-thirds (64%) of organizations suffered at least one known infostealer infection since 2019. Once in hand, these credentials can unlock the front door to corporate systems and data stores, allowing adversaries to walk straight in without setting off any alarms.

At the other end of the spectrum, AI is helping to democratize critical tasks like victim reconnaissance, social engineering and vulnerability exploitation. All of which makes data protection critically important. Unfortunately, existing tools and approaches are struggling to keep pace with both the threat landscape and an increasingly complex regulatory environment.

Nonstop challenges

Many of today’s Nonstop environments use multiple but siloed key-management mechanisms for use cases like tokenization, file encryption, TLS/SSL, SSH, and multifactor authentication (MFA). In many cases, they even rely on static passphrases or ad-hoc scripts.

In practice this leads to several challenges:

• Fragmentation, which makes it almost impossible to get a unified view of who holds which keys—increasing security and compliance risks
• No centralized policy enforcement
• Extra audit cost and complexity
• Ad-hoc scripts that break when trying to scale
• Static passphrases, plaintext key files and scattered scripts that expose organizations to theft or accidental leakage

Business pressures turn up the heat

At the same time, security does not operate in a vacuum. It’s ultimately a business support function, and so the use of outdated and/or siloed key management mechanisms can create other challenges. Gaps in key management may force teams to find ad hoc workarounds, which can undermine enterprise integration efforts.

More generally, if managing security becomes fragmented, costly and inconsistent, enterprise confidence can suffer and modernization projects might be shelved for security, budget or compliance reasons.

What’s at stake?

So, what might this mean for the typical Nonstop customer? The business risks could include:

• Breaches of sensitive data, with the attendant reputational and financial costs
• Heightened non-compliance risks. For example, fragmented approaches to key management can often miss out MFA deployment, which contravenes PCI DSS 4.0’s mandate for MFA on every administrative and card data access
• Visibility challenges that also create security and compliance risks
• Stalled modernization, which eats into business growth and erodes competitive advantage
• Executive liability for serious security breaches, according to some regulations (e.g. NIS2, DORA)
• Increased operating costs due to siloed key management, manual TLS/SSH rotations and audit issues

There’s therefore a clear business and technology requirement for a centralized, unified key management solution. Nonstop organizations need to minimize risk, streamline operations and drive competitive advantage. In short, they need security as a business enabler, not a block on growth.