- Community Home
- >
- Software
- >
- HPE Ezmeral: Uncut
- >
- Bringing Trusted Computing to the Cloud
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Receive email notifications
- Printer Friendly Page
- Report Inappropriate Content
Bringing Trusted Computing to the Cloud
Earlier today, the CNCF announced they promoted the SPIFFE and SPIRE open source projects to the Incubation phase. The next phase is where projects like Kubernetes reside. As one of SPIFFE and SPIRE's earliest backers, I'm excited that the cloud native world sees the work our community has done over four years as vital to securing the cloud native enterprise of the future!
As a relative HPE newcomer, I'm mindful of recognizing that not all of you may know these projects. Let's level-set:
Also known as the Secure Production Identity Framework for Everyone (SPIFFE) and the SPIFFE Runtime Environment (SPIRE), these projects enable organizations to mutually authenticate workloads running upon heterogeneous IT environments using attested cryptographic identities. They reduce the operational complexity of workload authentication facing enterprise software, operations, and security engineers.
SPIFFE is a set of standards for securely authenticating software workloads in dynamic and heterogeneous IT environments using platform-agnostic, cryptographic identities. It's inspired by workload authentication infrastructure at Facebook, Google, Netflix, and more. SPIRE implements SPIFFE in various environments.
You might be asking why this matters to HPE, a company that traces its lineage to the founding of Silicon Valley 81 years ago. It matters because part of our mission is to continue shaping the future of trusted computing in the enterprise. Let me explain.
Today, the Internet is accessible by approximately 50% of the world's population; 15 years ago, it was about 17%. Increasingly, we realize this little experiment all those years ago is bringing the world closer like few other modern era inventions have. We appreciate the Internet now more than ever as the global pandemic forces physical distancing upon all of us.
As the Internet further penetrates our personal and professional lives, computation will continue to evolve, becoming leaner, dynamic, autonomous, and distributed. Computation examples like containers, serverless, and whatever comes next will allow us to answer questions we can't fathom today. Our Internet will be increasingly comprised of diverse computation edges that themselves are composed of interconnected workloads that know no boundaries. These workloads will come and go, interacting with each other over physical and logical limitations…much like humans do today.
On our journey towards a fluid, interconnected, computation landscape, enterprises must fundamentally re-think how to establish trust amongst these workloads that power their business, starting with their own. Strategies of yesterday to develop trust amongst workloads--like secrets management--might suffice in the near-term but won't in the long-term because they're just band-aids to the real problem: most workloads today do not have an intrinsic attested identity.
At HPE, we're doubling down on our commitment to the CNCF community and to helping organizations adopt SPIFFE/SPIRE. We're also exploring how to combine SPIFFE and SPIRE with trusted computing concepts like TPMs to automate attestation, delivery, and use of immutable cryptographic identity on any workload, on any platform, anywhere in the world. I expect enterprises will build upon these identities to enable more granular data trust models than ever previously conceived. These models will help liberate more data, which in turn, will allow for all of us to gain the benefits of interconnectedness like never before.
Novel concepts like this must be built in the open, but building in the open is challenging. It's easy to copycat pre-existing ideas. Bringing to light new ideas requires perseverance. SPIFFE and SPIRE are such new ideas. The CNCF has been a wonderful home for these projects; they understand that cloud-native is about driving fundamental change, not just promoting band-aids. I am enormously proud to have initially led our community to the CNCF in 2018. I am even more satisfied to see it flourish since then.
There's much to accomplish. Let's get started.
Sunil James
Hewlett Packard Enterprise
Sunil James is a Senior Director at Hewlett Packard Enterprise (HPE). Previously, he was founder and CEO of Scytale, which HPE acquired in February 2020. Sunil is passionate about helping enterprises evolve towards cloud-native operational models, using open-source technologies like SPIFFE, SPIRE, and more.
- Back to Blog
- Newer Article
- Older Article
- Back to Blog
- Newer Article
- Older Article
- SFERRY on: What is machine learning?
- MTiempos on: HPE Ezmeral Container Platform is now HPE Ezmeral ...
- Arda Acar on: Analytic model deployment too slow? Accelerate dat...
- Jeroen_Kleen on: Introducing HPE Ezmeral Container Platform 5.1
- LWhitehouse on: Catch the next wave of HPE Discover Virtual Experi...
- jnewtonhp on: Bringing Trusted Computing to the Cloud
- Marty Poniatowski on: Leverage containers to maintain business continuit...
- Data Science training in hyderabad on: How to accelerate model training and improve data ...
- vanphongpham1 on: More enterprises are using containers; here’s why.
- data science course on: Machine Learning Operationalization in the Enterpr...