AI Insights
cancel
Showing results for 
Search instead for 
Did you mean: 

Securing the Supply Chain for Comprehensive Server Protection

Bob_Moore

Protecting servers at the software level is no longer enough. IT security needs to focus on protecting hardware assets. HPE ProLiant Gen10 solutions answer the call by driving security all the way to the firmware level. 

 

gen10_supply chain_blog.jpgEnterprise IT security is not just about keeping people out. The focus needs to be on protecting digital assets. A Ponemon Institute report on the cost of cybercrime estimated that the 720 million daily hack attempts led to $455B in costs for 2016 alone.

More startlingly, 60% of small businesses that suffer cyberattacks go out of business in six months. Furthermore, the $9.5M average annualized incident cost is on the rise, increasing an estimated 21% due mostly to denial-of-service attacks, malicious code, and website attacks.

These threats are also escalating. Quick “smash-and-grab” crimes of opportunity have changed to methodical, long-term attacks that compromise companies for weeks or even months. Larger, more sophisticated criminal elements are involved, and more rogue nation states are now turning to cybercrime.

Protecting servers at the software level is no longer enough

The threat landscape is also changing. Emerging technologies like the Internet of Things, mobility, and hybrid IT environments (that include cloud and on-premise data centers) now open new business opportunities but also introduce new risks.

What does this mean for your business? Protecting servers at the software level is no longer enough: Companies need to partner with server manufacturers that reach down into the physical system level and drive security all the way through their component supply chain.

A secure server supply chain is a critical element of cybersecurity. To protect against compromise at each hardware component juncture, manufacturers must reduce the risk of exposure to threats such as counterfeit materials, malicious embedded software, and other untrustworthy components. This requires vetting component vendors against anti-counterfeiting laws and sourcing only from Trade Agreements Act (TAA) designated countries.

This approach to IT security hardware must be delivered across multiple levels as manufacturers work with supply chain partners to enable an end-to-end IT security infrastructure. When buying third-party devices to integrate into servers, the manufacturer should still write its own software and drivers to establish secure control over the product and the process.

This means digitally signing all device drivers when updates occur. It also means working with OS vendor partners to guarantee each supply chain partner signs its software and drivers. To further ensure the security of the supply chain, the manufacture should also work only with third-party organizations that conduct verification testing throughout their own supply chain—including penetration testing.

Extending IT security management to the firmware level now required

Most importantly, server supply chain protection must extend all the way to the actual firmware code—where protection, detection, and recovery capabilities are paramount. This requires strict internal processes as to who can access the firmware, who must sign off on the firmware, and how it is handled. Manufacturers that develop a significant amount of its own server component designs are in a better position to limit supply chain exposure and boost server platform security.

This is exactly what we at HPE have achieved with our HPE ProLiant Gen10 Servers. The servers feature a Root of Trust burned into the silicon components on the motherboard, making it literally impossible to compromise—the system cannot boot without this circuitry. The firmware checks a specific piece of silicon to validate it when the system boots. If the system is not legit, the firmware rolls it back to its initial state. That’s a great way to ensure cybercriminals haven’t taken over control of the server!

The ProLiant servers also offer several other key capabilities to ensure firmware security:

  • Commercial National Security Algorithm (CNSA): Data protection security within the servers makes sure (in real time) that nothing malicious is going on.
  • Intel Trusted Execution Technology: Attests that the hardware matches up with the appropriate operating system.
  • Supply chain ownership: HPE produces a tremendous amount of its own technology, which gives customers more control over server infrastructure security.

HPE also manages the process for installing the security silicon and the firmware on the motherboard, and we develop our own BIOS. All these security measures add up to server firmware protection that businesses can trust.

To find out more about how HPE locks down server and IT infrastructure security to reduce the cost of cyberattacks and protect IT assets, check out the Moor Insights and Strategy white paper.

0 Kudos
About the Author

Bob_Moore

Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.

Labels