HP is enhancing security features on the HP-UX operating system for its Integrity line of servers amid growing customer concern about recent network security breaches.
It has released a free upgrade to HP-UX 11i v2 that automatically encrypts data as it is stored. HP has offered this capability before, but this upgrade puts the encryption capability right into the OS.
"If it's in the operating system, it's easily implemented without needing to do anything, and you're not going to break anything," says Charles Kolodgy, a research director at IDC focused on secure content and threat management products.
IDC is about to release results of a survey of IT managers on their network security spending priorities for 2007, Kolodgy say. The survey will show that "file and folder encryption" has rocketed to the number one spot, from fifth in the 2006 survey, surpassing common concerns such as firewalls, network intrusion, viruses and spyware.
Sun Microsystems has added encryption capabilities to its Solaris OS that it originally offered only on its Trusted Solaris system for sensitive governmental use, Kolodgy says. And Microsoft is including an encryption feature called BitLocker in its new Vista OS.
"They are all attempting to bring these solutions to the end user," he says, but he added that the HP upgrade is improved over prior HP offerings.
HP is also offering an optional embedded chip on its Integrity servers that holds the digital keys to decrypt protected data. It claims this approach is more secure than software-based keys. Also, a new feature called HP Protected Systems allows a network security administrator to isolate certain data in unique compartments and configure different security settings for that data as needed.
Adding encryption capabilities directly to storage hardware can require an expensive upgrade, which enterprises can avoid with an OS upgrade, says Ron Luman, the security architect for HP-UX.
"What we have been asked to do [by customers] is provide something that is transparent to the applications and also transparent to the storage hardware, and so that means doing something to the operating system itself," Luman says.