Servers & Systems: The Right Compute

Fortify your server storage with controller-based encryption

Cybercriminals are adapting quickly, crafting more sophisticated, long-term attacks.  To meet these challenges, HPE has developed a striking solution to data security: Controller-Based Encryption.


I don’t mess around with home security. If I could have six English Mastiffs and a guard tower on my property, I would. Unfortunately, I don’t think my wife wants six more snarling, drooling mouths to feed. Plus, I’ve been told by the experts that these are…medieval techniques for preventing home intruders. In fact, ever-evolving technologies have made guard dogs obsolete. (Tell that to the kids from “The Sandlot”.)

Now you can rig up your home with as many motion capture and video streaming devices as your heart desires. You can see live in HD who’s ringing your doorbell from two states away.  Some services even detect floods or freezing temperatures, feature remote monitoring systems, and automatically recognize authorized home visitors.—Notably, I haven’t granted my daughter’s new boyfriend access yet.

HPE has made equal strides in securing our clients’ server storage environments. New tech requires new security measures. And the adoption of hybrid IT, the Internet of Things, and mobile networks has opened businesses up to whole new categories of threats. Cybercriminals are adapting at a rapid clip, crafting more sophisticated, long-term attacks, and penetrating server firmware at the code level. That’s not to mention new government regulations and mounting pressure to improve Service Level Agreements. — And the best SLAs require security at the hardware level. To meet these challenges, HPE has developed a striking solution to enterprises’ data security woes: Controller Based Encryption (CBE).

The new standard for secure data storage

The latest (10th) generation of Smart Array Controllers secures data before it’s ever even stored on a drive. It’s called HPE Secure Encryption, and it’s quite the breakthrough in an industry that has, for too long, depended on self-encrypting drives (SEDs) for data security.

SEDs are a great product if you only have one drive, but the costs add up when you add this technology to every drive in an enterprise’s data center. They also have some notable security flaws. For instance, SEDs only encrypt data once it reaches the drive.

Controller based encryption, on the other hand, encrypts all data as soon as it hits the controller, protecting your data from the PCIe bus all the way to the drive, including cables and the flash-backed write cache. Think of it as an extra level of protection for your most sensitive data.

And believe it or not, CBE is friendly to your wallet. HPE Secure Encryption is the lowest overall operational overhead solution because of its ease of deployment and management. You don’t need special training for common storage operational tasks like drive replacements and logical device configurations, and CBE requires fewer individuals to control, lowering the technical overhead and reducing the circle of trust.

Controller based encryption is compatible with every drive in the HPE portfolio, and we’re the only company that has it. It’s compliant with FIPS at various levels, as well as HIPAA, Sarbanes-Oxley, and even the EU’s GDPR.

If you want to dive deeper into the technical features that keep your server storage interface secure, download our quick spec with information on Enterprise Secure Key Management, dynamic encryption, Flash-Backed Write Cache, and more.

Beyond the controller

HPE is leading the industry in server storage security. We make strides to protect your data from the server factory to your first boot and setup, and beyond.

Integrated Lights Out (iLO): Controllers work with this server tool to provide you with the ability to configure, monitor, and update your servers seamlessly, from anywhere in the world. iLO even uses machine learning to identify malicious behavior, which is crucial in detecting those long-term cyberattacks that lie dormant in firmware indefinitely.

Silicon Root of Trust: By binding essential firmware into HPE-manufactured silicon, we’ve prevented our servers from being booted without recognizing a unique fingerprint in the silicon itself. During the boot process, the firmware scans itself to identify any malicious code that may have been written into it.

Supply Chain Fortification: Achieve peace of mind knowing HPE servers haven’t been tampered with on their way to your data center. We only source from Trade Agreements Act designated countries, and highly vet our component vendors against anti-counterfeiting laws. By securing our supply chain, we secure the firmware code built into our servers.

Security Certifications and Compliance: You name it, we’ve got it. Commercial National Security Algorithms (CNSA) certification—check; US FIPS validation at multiple levels—check; Common Criteria for Information Technology Security Evaluation—check. HIPAA—check. Sarbanes-Oxley—check. And even the EU’s GDPR.

Fortify your server storage

Meeting today’s most complex threats doesn’t require an army of guard dogs or a big stone fortress. It requires the ingenuity found in HPE Secure Encryption—the only controller-based encryption method on the market.

Cole Humphreys
Hewlett Packard Enterprise

About the Author


Cole leads Global Cyber Security Product Management at HPE with responsibility for the security features and technologies embedded within HPE’s compute portfolio.