HPE Ezmeral: Uncut

Re: Bringing Trusted Computing to the Cloud

HPE-CNCF-OpenSource-Projects-Incubation.jpgEarlier today, the CNCF announced they promoted the SPIFFE and SPIRE open source projects to the Incubation phase. The next phase is where projects like Kubernetes reside. As one of SPIFFE and SPIRE's earliest backers, I'm excited that the cloud native world sees the work our community has done over four years as vital to securing the cloud native enterprise of the future! 

As a relative HPE newcomer, I'm mindful of recognizing that not all of you may know these projects. Let's level-set: 

Also known as the Secure Production Identity Framework for Everyone (SPIFFE) and the SPIFFE Runtime Environment (SPIRE), these projects enable organizations to mutually authenticate workloads running upon heterogeneous IT environments using attested cryptographic identities. They reduce the operational complexity of workload authentication facing enterprise software, operations, and security engineers. 

SPIFFE is a set of standards for securely authenticating software workloads in dynamic and heterogeneous IT environments using platform-agnostic, cryptographic identities. It's inspired by workload authentication infrastructure at Facebook, Google, Netflix, and more. SPIRE implements SPIFFE in various environments. 

You might be asking why this matters to HPE, a company that traces its lineage to the founding of Silicon Valley 81 years ago. It matters because part of our mission is to continue shaping the future of trusted computing in the enterprise. Let me explain. 

Today, the Internet is accessible by approximately 50% of the world's population; 15 years ago, it was about 17%. Increasingly, we realize this little experiment all those years ago is bringing the world closer like few other modern era inventions have. We appreciate the Internet now more than ever as the global pandemic forces physical distancing upon all of us. 

As the Internet further penetrates our personal and professional lives, computation will continue to evolve, becoming leaner, dynamic, autonomous, and distributed. Computation examples like containers, serverless, and whatever comes next will allow us to answer questions we can't fathom today. Our Internet will be increasingly comprised of diverse computation edges that themselves are composed of interconnected workloads that know no boundaries. These workloads will come and go, interacting with each other over physical and logical limitations…much like humans do today. 

On our journey towards a fluid, interconnected, computation landscape, enterprises must fundamentally re-think how to establish trust amongst these workloads that power their business, starting with their own. Strategies of yesterday to develop trust amongst workloads--like secrets management--might suffice in the near-term but won't in the long-term because they're just band-aids to the real problem: most workloads today do not have an intrinsic attested identity. 

At HPE, we're doubling down on our commitment to the CNCF community and to helping organizations adopt SPIFFE/SPIRE. We're also exploring how to combine SPIFFE and SPIRE with trusted computing concepts like TPMs to automate attestation, delivery, and use of immutable cryptographic identity on any workload, on any platform, anywhere in the world. I expect enterprises will build upon these identities to enable more granular data trust models than ever previously conceived. These models will help liberate more data, which in turn, will allow for all of us to gain the benefits of interconnectedness like never before. 

Novel concepts like this must be built in the open, but building in the open is challenging. It's easy to copycat pre-existing ideas. Bringing to light new ideas requires perseverance. SPIFFE and SPIRE are such new ideas. The CNCF has been a wonderful home for these projects; they understand that cloud-native is about driving fundamental change, not just promoting band-aids. I am enormously proud to have initially led our community to the CNCF in 2018. I am even more satisfied to see it flourish since then.  

There's much to accomplish. Let's get started. 

Sunil James

Hewlett Packard Enterprise

Sunil James (Headshot) (002).jpgSunil James is a Senior Director at Hewlett Packard Enterprise (HPE). Previously, he was founder and CEO of Scytale, which HPE acquired in February 2020. Sunil is passionate about helping enterprises evolve towards cloud-native operational models, using open-source technologies like SPIFFE, SPIRE, and more.


About the Author



Good read, thanks and congratulations.  How long to projects stay in this phase before they move to the next? What are some of the criteria?