Today Hewlett Packard Enterprise (HPE) announced a new supply chain security for U.S. federal and public sector customers that prefer U.S. sourced products. This new end-to-end security for the supply chain is done through manufacturing made-in-USA industry-standard servers. This lowers risks of some sort of security compromise along the chain of the server being built. The servers will be built in highly secure U.S. facilities as part of the HPE Trusted Supply Chain initiative launched today.
Today Hewlett Packard Enterprise (HPE) announced a new supply chain security for U.S. federal and public sector customers that prefer U.S. sourced products. This new end-to-end security for the supply chain is done through manufacturing made-in-USA industry-standard servers. This lowers risks of some sort of security compromise along the chain of the server being built. The servers will be built in highly secure U.S. facilities as part of the HPE Trusted Supply Chain initiative launched today.
A few years back, HPE introduced its silicon “root of trust” security. This feature put security directly on the iLO chip and creates an immutable fingerprint in the silicon. If the firmware doesn’t match the fingerprint, the server won’t boot up. Not just limiting itself to servers, HPE has what it claims is the most advanced, embedded network security with Aruba’s high-performing, highly reliable and secure wired and wireless network infrastructure solutions. Today they are further retooling the security process by looking at the supply chain.
There are two big issues with supply chain that were pushed to the forefront recently. One was the Covid-19 pandemic and a massive interruption across industries as various businesses were shut down in different parts of the world delaying products everywhere. The other was the alleged hacking by a third-party bad actor adding microchips to devices to get a backdoor into the data that was on them. Both of these problems can be solved with one change, making the complete product in the country where it is being sold.
Here in the USA, there has been an increased demand in more secure and locally made products, particularly for U.S. customers across federal, public sector, banking and financial services, and healthcare organizations. Since the whole process of manufacturing is controlled there is very little chance of a security compromise along the way. The first product to go through this process is the HPE ProLiant DL380T server. HPE will also be implementing verified background and security checks for its employees to remove the human risk factor.
HPE is going beyond the manufacturing and use process with security and extending security through the entire lifecycle of the product. This goes back to the silicon root of trust security and offers the following benefits:
- Prevent booting of any compromised operating system (OS) by using new hardening to connect the server firmware security to the operating system by activating the UEFI secure boot
- Reduce attack surface by placing servers in high security mode to verify user authenticity, ensuring that more than four million lines of firmware code is valid and uncompromised
- Prevent tampering of server firmware and hardware using server configuration lock to verify unauthorized addition of options (NICS, drives) or malicious activity by capturing the inventory or a “picture” of the server, its hardware and firmware at the factory to provide protection throughout the supply chain process
- Alert customers with embedded alarm and physical lock if the server has been opened during the supply chain process when an intrusion detection latch, inserted on the server chassis, registers unauthorized opening even if the power is off
Availability
The HPE Trusted Supply Chain will be expanded to include other products next year and they will introduce a Make-in-Europe for EU customers.
Engage with StorageReview
Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | Facebook | RSS Feed