HPE Community
Servers & Systems: The Right Compute
1825720 Members
2970 Online
109686 Solutions
New Article
 
Subscribe to RSS Feed
|
ComputeExperts

Building in infrastructure trust for better security

‎07-26-2021 01:42 PM

Organizations need to build infrastructure that will support them today and well into the future—with levels of security that keep up with the rapidly advancing threat landscape.

By guest blogger Eric Hanselman, Principal Research Analyst, 451 Research, part of S&P Global Market Intelligence

Building-Trust-Infrastructure.pngIs trust equivalent to the bricks or the mortar in building more secure infrastructure? There's a case to be made for both answers, but what's undeniable is that trust has be built in if the result is going to be effective or efficient. Slapping more mortar on an existing building won't do much for it, nor will stacking up a pile of bricks in front of the door. But that's the situation organizations can find themselves in when trying to retrofit security capabilities.

For many enterprises, the building of their infrastructure has been a progression over time. Their management and security practices have grown along with that progression, but often not with the same pace or in the same direction. This can mean they're still working to catch up to new technologies or still working with tools that don't provide full coverage for everything they're trying to secure. It can leave an organization struggling to manage operational security tasks that are fundamental to their security posture. While this may be a common situation, it shouldn't be. There are tactics to directly address security issues of this nature by building trust into the foundation of the infrastructure.

Granular trust integration is key

In the same way that the quality of the bricks and mortar affect the foundation of a building, infrastructure security depends on the supply chain that feeds it. The headlines have been full of examples of the damage that insecure supply chains can cause. Today's threats require much more granular trust integration to provide capable security protections. Hardware has to provide an anchored root of trust on which firmware and software can be laid in ways that integrate and operationalize security. Only then can trust be established in the layers above—in the OS, the platform, and the workloads that run on them.

The quality of infrastructure also has a significant impact on the operational efficiency of security teams. A collection of piece parts whose updating and patching have to be managed independently takes much more work to maintain, and creates potential gaps that attackers could exploit. That may be one of the reasons that a recent 451 Research Voice of the Enterprise: Information Security study found that vulnerability management and remediation is now the second-highest priority project for enterprises.

It's an indication that organizations continue to struggle with a fundamental and critical security task. These are functions that have to operate with automated processes that can be trusted to deliver robust computing capacity wherever and in whatever form it's required.

Infrastructure security depends on securing the full operational lifecycle, making software supply chain security an essential part of security operations. It's something that happens when operational security is built in as an essential part of an infrastructure platform that can earn the trust of the organizations it serves at the most foundational level. Whether that's the job of the bricks or the mortar the infrastructure is built with, it is critical that the construction be done effectively to deliver infrastructure that's not only secure, but that can be managed efficiently and effectively.

Ready for more? Read the report  "Building in Infrastructure Trust" from 451 Research.

Meet our Compute Experts guest blogger Eric Hanselman, Principal Research Analyst, 451 Research

Eric-Hanselman.pngEric coordinates industry analysis across 451’s broad portfolio of research disciplines, with an extensive, hands-on understanding of a range of subject areas, including information security, networks, and semiconductors and their intersection in areas such as SDN/NFV, 5G, and edge computing. He’s a member of the IEEE, a Certified Information Systems Security Professional (CISSP) and a VMware Certified Professional (VCP), and a frequent speaker at leading industry conferences. 

 

 


Compute Experts
Hewlett Packard Enterprise

twitter.com/hpe_compute
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers

Labels:
About the Author

ComputeExperts

Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.

Top Kudoed Authors Last 30 Days
Author
Kudos
ComputeExperts Avatar
ComputeExperts
1
View all
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.