Security

How HPE Helps Agencies Build Secure Server Solutions

Compliance doesn’t cut it; agencies need a strategy.

Adam Stone writes on technology trends from Annapolis, Md., with a focus on government IT, military and first-responder technologies.

Agencies can ensure that their servers are secure from the start by working with a proactive industry partner to implement a comprehensive strategy.

The risk of adversaries compromising the IT infrastructure supply chain is ever present, putting agency data and potentially even lives at risk, as evidenced by the Hezbollah pager blasts in September.

Agencies must comply with a series of mandates — including last year’s Securing the Information and Communications Technology and Services Supply Chain executive order — directing them to acquire IT through a secure supply chain. Technology leaders must go beyond mere compliance, but that’s only part of the equation.

With servers, in particular, “government needs to know from the very beginning of a product’s lifecycle that nobody is going to defeat its security strategy by, for example, injecting compromised firmware,” says Cole Humphreys, global server security product management expert at Hewlett Packard Enterprise.

LEARN MORE: Do you know the two types of hypervisors available to agencies?

Hardening the Server Supply Chain

HPE launched the first-of-its-kind Trusted Supply Chain initiative in 2020. It aims to strengthen security to ensure that government receives verifiably authentic and uncompromised products and solutions.

“We use our Chippewa Falls, Wis., facility, a very secure lockdown facility, where U.S. citizen, background-checked and polygraph-checked employees assemble our HPE servers and enable certain security capabilities and functionalities,” says Allen Whipple, compute server management and server security expert at HPE. “That allows us to have a very secure server from the moment we ship it.”

HPE recently extended that initiative globally for its ProLiant server portfolio, making those secure servers available in the European and Asia-Pacific markets.

“That means the Defense Department and others can ensure our allies have access to that same level of secure equipment,” Humphreys says.

At the same time, modern tools and capabilities come to bear in support of even more robust server security. A server is built of components from multiple sources, a complex supply chain that requires careful management. To that end, HPE created Trusted Supply Chain for ProLiant.

For specific compute options — things like memory, hard drives, smart array controllers — we’re now validating the firmware code of those devices.”

Allen Whipple Compute Server Management and Server Security Expert, HPE

“Physical security, digital security, location security: We have a service that puts all of that together on behalf of our customer in a single, trusted solution,” Humphreys says.

In addition, Gen11 ProLiant servers align with the Security Protocol and Data Model as defined by the Distributed Management Task Force.

“For specific compute options — things like memory, hard drives, smart array controllers — we’re now validating the firmware code of those devices,” Whipple says. “We’re trying to eliminate every access point a cyberattacker might have to the hardware of the server.”

As a further safeguard, HPE Server Security Optimized Service for ProLiant includes platform certificates that provide users with cryptographic verification. This enables agencies to know for sure that their servers haven’t been tampered with or compromised from the time they leave HPE’s manufacturing facility to the time they are received.

Click the banner below to see how identity and access management can improve the user experience.

Why Server Security Is a Shared Responsibility

Security concerns don’t end once a server is in place.

“Security is a never-ending game, from the moment you get those servers and turn them on until you end-of-life them,” Whipple says. “You always want to make sure you’re avoiding the latest malware and ransomware attacks, and it’s a full-time job.”

The right partner can help ease that burden, as HPE GreenLake for Compute Ops Management shows.

“This is a server management tool that allows you to log in to a single pane of glass, a single dashboard and see your entire distributed environment,” Whipple says. “This is not just a monitoring tool; it’s a fully cloud-based management tool.”

Whether implemented by the agency’s IT team or delivered as a service, GreenLake offers “the ability to see your entire global distributed environment, to manage it, to push firmware updates, to apply security settings,” he says.

DISCOVER: Solutions delivered as a service helped a Treasury Department bureau get to the cloud.

Solutions such as this highlight the importance of robust relationships between IT suppliers and their government customers.

Security requires a “shared responsibility approach,” Humphreys says, with strong communication between government and industry helping bring the most urgent needs to the fore. HPE’s new Texas campus has a dedicated customer innovation center, where end users can meet in person with industry experts to define problems and surface new approaches.

When government forges strong industry alliances, “they get to express exactly their concerns about the future of technology,” Whipple says.

In turn, industry can build a roadmap based on customer feedback and specific agency needs.

“Half of these features and capabilities that we have we wouldn’t have without the incredible feedback we get from the federal government and federal customers,” Whipple says. “We’re only as good as those partnerships, and we cherish and validate them.”

UP NEXT: Government and industry’s cyber challenges are more similar than they may seem.

Photo courtesy of Hewlett Packard Enterprise