Silicon Root of Trust: A Hard-wired Mousetrap
Cybersecurity remains a high-stakes game of cat-and-mouse, but steadily rising rates of cybercrime seem to indicate that the mice are winning. However, Hewlett Packard Enterprise’s Silicon Root of Trust (SRT) technology gives security teams a powerful mousetrap.
The technology integrates security features directly into server processors. Read-only encryption keys and cryptographic signatures effectively give each integrated circuit an immutable digital fingerprint. What does this mean? These signatures can’t be forged or replicated.
The SRT acts as a gatekeeper. It only allows trusted software and firmware to load and execute on the system. The SRT performs a series of checks on server software during the server’s boot process to ensure that it hasn’t been tampered with or modified in any way. If unauthorized changes are detected, a server configuration lock prevents the device from starting up. The SRT also performs integrity checks while the software is running to ensure that it hasn’t been modified during runtime.
Hardware-Based Security Advantages
Hardware-based security solutions have some distinct advantages over software-based solutions. First, they are typically faster and more efficient because they have a dedicated processor. HPE says root of trust features in its servers can detect advanced threats in seconds compared to the industry average of 28 days. These capabilities help organizations potentially minimize data loss, unauthorized encryption, and valuable data and intellectual property corruption.
Additionally, hardware-based security solutions are more secure than software solutions. They are physically isolated from the server’s main processor, applications, and operating system. They also provide better long-term security because they aren’t dependent on software updates or patches.
The root of trust can also perform cryptographic operations such as encryption and decryption, which can protect sensitive data and communications from eavesdropping and tampering. In addition, the SRT creates a secure environment for storing and managing cryptographic keys. These are then used to authenticate users or devices. This can prevent unauthorized access to a system and ensure that only trusted entities can access sensitive data or resources.
Trusted Environments
HPE customers can also use the SRT to create trusted execution environments (TEEs) in Gen11 and Gen10 ProLiant servers. A TEE is a secure area of a processor separated from the main operating system and applications using hardware-based isolation mechanisms. It creates a secure environment for executing security-sensitive tasks such as biometric authentication, secure transactions and digital rights management.
More organizations are embracing the use of hardware-assisted security capabilities to boost their security capabilities. In a survey conducted by the Ponemon Institute, 36 percent of respondents said they have already adopted hardware-assisted security solutions. An additional 47 percent indicated they will do so within the next year.
Looking to upgrade to a more secure server environment? Contact us to learn more about the latest generation of HPE ProLiant servers featuring the SRT. These hardware-based security capabilities just might prove to be the powerful mousetrap you need to exterminate your cyber pests.
