As I’ve mentioned in previous blogs, data is the new currency in the 21st century.
Privacy, trust and integrity have never been more crucial for today’s enterprises in any industry. For decades, data has been encrypted when at rest and in flight, but keeping sensitive data protected during active processing has been difficult. These protections alone are insufficient in today’s world. A solution that can help provide secure sharing of data across platforms, applications and environments – while simultaneously protecting from breaches and helping customers meet privacy laws and regulations – is needed to deal with today’s exponential explosion of data.
Confidential computing protects data and applications by running them in secure enclaves that isolate the data and code to prevent unauthorized access, even when the compute infrastructure is compromised. While confidential computing is revolutionizing how customers protect their sensitive data, organizations need to simplify the process of creating enclaves, managing security policies, and enabling applications to take advantage of confidential computing.
Enter confidential computing provided by global security leaders Hewlett Packard Enterprise and Intel®. HPE and Intel’s confidential computing solution leverages HPE servers with Intel Ice Lake SGX processors to deliver a single pane of glass for managing secure enclaves across the SGX-based confidential compute nodes within the data center.
HPE provides a complete confidential computing solution starting with the world’s most secure industry standard server portfolio, providing an enhanced holistic 360-degree view to security that begins in the manufacturing supply chain and concludes with a safeguarded, end-of-life decommissioning.
Secure from manufacturing supply chain through end-of-life decommissioning
Starting at the supply chain, HPE ensures security before your infrastructure arrives at your location – tracked and delivered with our uncompromised and trusted supply chain – acting as your first line of defense against cyber-attackers. For customers that prefer U.S.- sourced products with verifiable cyber assurance, HPE Trusted Supply Chain supports customers across federal, public sector, banking and financial services, as well as healthcare organizations that require highly secure products sourced in the U.S. HPE is the only major server manufacturer to produce USA-assembled industry-standard servers. These servers include advanced security features that are built by vetted HPE employees in highly secure U.S. facilities as part of the HPE Trusted Supply Chain.
Then when in production, HPE-exclusive immutable digital fingerprint, the silicon root of trust, in the HPE Integrated Lights-Out silicate, validates the firmware to BIOS and software to ensure the system is secure and in a known safe state before the server ever boots. HPE servers leverage automated security features to protect over 4 million lines of firmware from malware and ransomware with the digital fingerprint that is unique to your server— and defends your infrastructure from malicious code with early detection and automated recovery of a security-compromised server.
Next, we leverage Intel Software Guard Extension (SGX) to enable secure infrastructure enclaves to create a trusted environment for compute workloads. All of this lays the foundation to protect your data during processing—providing the most flexible confidential computing solution available, including reducing risk and protecting sensitive and confidential workloads from edge-to-cloud – and this makes privacy and security feasible everywhere!
With Fortanix CCM, you are able to monitor the lifecycle of secure enclaves that run your container applications, which provides unique features such as remote attestation, geo-location enforcement, Digital Right Management (DRM), secret injections, and more. Fortanix CCM simplifies and secures the process of sharing private data without exposing it to other parties – or violating privacy regulations.
Finally, HPE enables organizations to easily retire old infrastructure with simple, safeguarded removal of passwords, configuration settings, and data—with a NIST level crypto-erase that enables customers to erase all user data with confidence that none of their data can be recovered for nefarious purposes.
This complete solution provides protection for your data by orchestrating critical security policies such as identify verification, data access control, and code attestation for enclaves that are required for confidential computing. To recap what we’ve discussed in this article, HPE and Intel with Fortanix CCM, provide key features such as:
- Management of the entire enclave lifecycle including creation, deployment, monitoring and auditing.
- Management and enforcement of security policies including identity verification, data access control, and attestation to ensure the integrity and confidentiality of data code and applications.
- Enabling existing applications, enclave-native applications and prepackaged applications to run in a secure enclave in minutes.
- Verification of the identity of code and applications using digital certificates and public key infrastructure (PKI).
To learn more, please download the solution brief or visit hpe.com/security/compute to see how HPE can help protect your business with a holistic 360-degree view to security needed to address threats – today and tomorrow.
Ruben Ramirez
Hewlett Packard Enterprise
twitter.com/HPE_Servers
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers
Ruben_Ramirez
Ruben Ramirez is a WW Product Marketing Manager for Hewlett Packard Enterprise. As an experienced product marketing professional serving enterprise technology companies, Ruben excels at bringing new technologies to market, and helping to create compelling value propositions for customer business needs. Currently Ruben is responsible for bringing to market HPE composable infrastructure, and the world’s most secure industry standard server technologies.
