Hewlett Packard Enterprise touts encryption tool for federal clients

Hewlett Packard Enterprise on Thursday announced that it has developed the first format-preserving encryption tool that meets federal government standards for use by agencies and government contractors. 

The company’s data security branch has been engaging with the National Institute of Standards and Technology (NIST) for several years to validate the encryption tool.

“Format-preserving encryption” maintains the format of the data’s original text — meaning that, for example, a 16-digit credit card number would be encrypted so that the output is another 16-digit number. 

The encryption tool fits into Hewlett Packard’s data security product, called “HPE SecureData,” which has already been used in the private sector to secure banking records and other types of sensitive information.   

{mosads}The product has now been validated with the Federal Information Processing Standard (FIPS), a set of federal standards developed by NIST for information technology that apply to government agencies and government contractors, the company said Thursday.  

Mark Bower, global director of product management at the company’s data security branch, told The Hill that the product could have “profound implications” for government agencies and contractors trying to secure sensitive data from criminal and nation-state hackers. 

“The technology itself allows an organization to essentially go back in and retrofit or build in security or data privacy not only into the new applications they might be moving into [like] the cloud, but also in those highly-prized mission-critical … [or] legacy systems that often are the backbone of government data processing,” Bower said.

“The ability to encrypt the data and keep the data useful when it’s encrypted means that you can essentially retrofit encryption into a lot of applications and processes and then do that without the heavy cost burden of traditional encryption,” Bower said. 

Information security in federal government systems has been a prime concern in the wake of the Office of Personnel Management breach, which compromised personal information of more than 20 million people and has been largely blamed on the agency’s legacy systems. The breach was traced back to Chinese hackers.

Bower said that the company has already seen interest in the technology by U.S. federal agencies as well as other public organizations in other countries.