Servers & Systems: The Right Compute
ComputeExperts

Built-in HPE security gives SMBs peace of mind

Because security is key to keeping business working, HPE focuses on building security into its hardware, its supply chain, and all of its technology platforms and solutions.

By guest blogger Ed Tittel, technology writer/consultant

HPE-Built-in-Security.pngLook at the recent headlines and you’ll see plenty of coverage on IT security breaches, attacks, and failures. Headlines aside, security is an important concern for how IT is chosen, purchased, used, and maintained around an organization. There’s a human element to security, as well, in that users must clearly understand the implications of their own choices and actions, from how they handle passwords to what they do with their email.

Creating and maintaining security works best when businesses select a vendor who understands that security must be designed and built into systems and software from their first beginnings all the way through the entire lifecycle. SMBs can take comfort from understanding that HPE provides complete security coverage for them from end to end, for all users and the networks, systems, and services they consume.

The 2021 security landscape

The best way to understand cybersecurity is as an organized collection of tools, technologies, processes, and practices focused on protecting digital systems and assets. That means cybersecurity seeks to protect networks, devices, software, and data from loss, harm, damage, attack, and unauthorized access. Security runs from end to end, and encompasses all the systems, devices, links, communications, data, and programs that belong to or participate in the business IT environment.

Risk management is a key ingredient of cybersecurity. Because reducing or eliminating risk is a given, management comes into play by using intelligence and understanding to prioritize or rank the risks an organization faces. Simply put, it makes most sense to devote time, money, and resources to mitigating risks that will most likely cause damage or harm. In fact, because the threat landscape keeps changing and shifting, today’s high-priority “hair-on-fire” risks may be tomorrow’s secondary “we’ll get to it later” risks. HPE can help SMBs deal with all their security concerns, and ensure their risk management strategies align with their business objectives.

Various HPE technologies help SMBs address specific security risks, especially for HPE servers and technology solutions. These include silicon root of trust, HPE Pointnext security services, the Trusted Platform Module (TPM), and HPE’s Trusted Supply Chain.

Silicon root of trust

A silicon root of trust seeks to protect systems against targeted low-level firmware and BIOS attacks. HPE builds a root of trust into the silicon on its HPE ProLiant servers, and also establishes a secure link between that silicon and the company’s Integrated Lights-Out (iLO) firmware. A silicon root of trust prevents compromised or suspect code from running by imposing integrity checks on firmware before it executes, using special read-only checksums and comparison tools. These checks aren’t accessible to the operating system or programs that it runs, so they’re difficult to attack or defeat.

If hardware checks detect evidence of tampering or change, HPE iLO firmware wipes suspect firmware. It then uses a valid and demonstrably correct firmware image from a trusted source to replace the old code with a known, good working version. In fact, HPE builds encryption into its breach detection tools so that only safe firmware ever gets executed. If a server is unable to obtain or run safe firmware, it shuts down rather than use suspect code. This is how HPE protects ProLiant servers from rootkits and other pre-boot attacks.

HPE Pointnext Services 

HPE Pointnext Services is the company’s support, consulting, professional, and educational services organization. Pointnext experts work with HPE customers to address security and risk management challenges as help and input are needed. HPE gladly works with SMBs to help them prepare their workers and re-skill employees with security training and certification. HPE Digital Learner subscriptions bring HPE technical training to SMB teams, and combine access to its complete library of training offerings at reduced cost.

Trusted Platform Module 

A TPM takes the form of a computer chip (microcontroller). It’s purpose-built to securely store information used to authenticate runtime platforms and activities, including client and server PCs. Since January 2021, Microsoft requires all new Windows Server platforms to support TPM version 2.0, with Secure Boot enabled by default, and with BitLocker encryption recommended to protect system/boot drives. HPE has supported and implemented TPM since 2009, when it became ISO/IEC Standard 11990. All modern HPE ProLiant servers meet or exceed these requirements, and HPE offers a solid, protected silicon root of trust to all ProLiant users.

HPE Trusted Supply Chain

Because some customers are subject to high security requirements, by law or by choice, HPE operates a special Trusted Supply Chain. Typical customers for the products it builds include U.S. government and public sector entities who must buy only U.S.-sourced products with verifiable cyber assurance. Customers around the globe can purchase from this supply chain (except for China, Taiwan, and India).

HPE builds security into the Trust Supply Chain in two ways. First, all products in the supply chain feature built-in security hardening from the silicon level into firmware and tools. Those hardening techniques include a silicon root of trust, TPM, UEFI secure boot, a reduced attack surface, tamper-proofing at the silicon level, embedded tamper alarms, and physical locks. Second, HPE employees supervise the entire supply chain from end to end during manufacturing. That is, HPE employees vet all parts, observe assembly, and ensure packaged devices are tamper-free until customers accept delivery.

Visit the HPE Security Solutions page to learn more about HPE’s baked-in, end-to-end security through its silicon root of trust, TPM, Trusted Supply Chain capabilities, and more.


Meet our Compute Experts guest blogger Ed Tittel, technology writer/consultant

Ed Tittel.pngFor over 30 years, Ed Tittel has worked in and around IT as a developer, trainer, technical evangelist and manager. The author of over 100 books, he’s written on topics that include networking, security, markup languages and cloud computing. For more info, please visit edtittel.com.

 

 

Compute Experts
Hewlett Packard Enterprise

twitter.com/HPE_SMB
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers

About the Author

ComputeExperts

Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.