Servers & Systems: The Right Compute

Give your server security a leg up with HPE ProLiant DL385 Gen10


The HPE ProLiant DL385 Gen10 and AMD EPYC processor enable easy data access and security isolation—everything your enterprise needs for server security.

Blog_DL385.jpgSuccess today is defined by how quickly a business can turn ideas into value and that has significant implications for all parts of a business. But what generally tends to get missed is that IT is no longer on the sidelines of the business – it is at the very heart of it. And to enable that velocity, the business demands that IT transform from a cost center into a value creator. The good news is that there has probably never been a more exciting time if you are looking to use IT to drive a competitive advantage for your business. Businesses now, more than ever, have the ability to take advantage of the opportunities that fast evolving technologies provide to make them more agile, innovative, and responsive to customer needs.

New types of applications such as cloud-optimized, ubiquitous access and seamless communication for both employees and customers—not to mention new demands and uses for insights—are all driving businesses on the IT transformation journey.

The bad news is, these advances now come with a new set of challenges that also have far greater ramifications than ever before. No other challenge has been as critical or as pervasive as the need to ensure infrastructure security. This elevates security to now being a strategic imperative for the business as we talk of infrastructure.

Servers are the lifeblood of the data center, keeping mission-critical data safe and serving as a gatekeeper for secure access to data across the network. As the traditional perimeters of the data center disappear, servers are becoming more vulnerable to cyber threats, and while security at the application layer has often been the focus of these threats historically, attacks at the hardware layer are now becoming more widespread. HPE addressed this problem by delivering the portfolio of the world’s most secure industry standard servers: the HPE ProLiant DL385 Gen10 being the newest member of that family.

Don't underestimate hardware security

As the perimeters of the data center continue to disappear, the problem of server security is clearly growing. According to an ISACA study, more than 50 percent of enterprises that place a priority on security within hardware lifecycle management report at least one incident of malware-infected firmware. Despite this growing problem, relatively few businesses are concentrating on server security. One of the most vulnerable parts of the server is the firmware—hard-coded software stored in read-only memory (ROM) that hackers can exploit. The ISACA study found that only 13 percent of security professionals' enterprises have fully implemented controls for firmware. In one recent example, a motherboard manufacturer unknowingly sent a compromised motherboard to a cloud service provider with embedded code directing it to report data to an unknown source.

While you fully understand and mitigate security issues on applications, data, and networks, you often assume that hardware is secure. Unfortunately, hardware security vulnerabilities are very real, and ignoring them can cause devastating security issues. To ensure comprehensive server security, verify that:

  • The hardware has built-in security protection, including component-level encryption and silicon-level security to protect the firmware. Security at the firmware level is critical, because if hackers get to that level of the hardware, they can control everything on the device.
  • Servers comply with NIST's Cybersecurity Framework, FIPS 140-2 validation of cryptographic modules, and NIST 800-53 controls.
  • Your chosen vendor holds strict control over its firmware code and works only with trusted supply chain partners with strict security controls.

Bring server security to the forefront

HPE's ProLiant DL385 Gen10 server is an example that meets all these criteria. The tenth-generation platform is based on HPE Silicon Root of Trust, which ensures that the firmware is validated against the custom iLO5 HPE silicon down on the motherboard—creating an immutable bond. This hardens the hardware against compromise, because servers can't boot up unless the firmware successfully matches the unique silicon fingerprint. HPE Gen10 servers can also automatically scan their essential firmware daily, and if a compromise is detected, the server can immediately enter recovery mode with the new iLO Advanced Premium Security Edition license.

The HPE Silicon Root of Trust is connected to the AMD Secure Processor within the AMD EPYC system on a chip (SoC). The AMD Secure Processor also validates the HPE BIOS before the server can boot. Adding even more security capabilities, the AMD Secure Processor enables secure memory encryption (SME), which protects against physical memory attacks, and secure encrypted virtualization (SEV), which isolates virtual machines from one another and the hypervisor itself.

With today's changing threat landscape and breakthroughs in server security, there's no excuse for falling victim to a server-based attack. See what the HPE ProLiant DL385 Gen10 and AMD EPYC combination can do for your enterprise and take your server virtualization processes and security to the next level.

Featured articles:


About the Author


Naren brings to bear 15+ years of Business and Product Management leadership experience spanning country, Regional and WW organizations to the singular objective of delivering THE “best-in-breed” server platforms to enhance the leadership position of HPE in the industry standard x86 market. And he does that with cradle to grave ownership of the HPE ProLiant server portfolio.