Securing Your Data: Future-Proofing Server Security in the Quantum Computing Era

Is your server security ready for the quantum era?

‍

Join host Matthew Kimball as he talks with HPE Compute experts, Scott Shaffer, VP & Chief Technologist, and Luis Luciani, Distinguished Technologist to uncover the risks and strategies around securing servers as quantum computing technology takes hold.

‍

They share examples specifically relating to the latest ProLiant Gen12 servers.

‍

‍Key takeaways include:

‍

🔹Quantum Resilience: Discover how HPE is proactively addressing the quantum threat with quantum-resistant algorithms built directly into their Gen12 systems, alongside tackling AI-powered attacks.

‍

🔹Hardware-Level Security: Learn how HPE’s unique approach, from Silicon Root of Trust to the Secure Enclave, creates a robust and impenetrable layer of protection for your most sensitive data.

‍

🔹From Supply Chain to Cloud: Understand HPE’s commitment to securing your infrastructure at every stage, from manufacturing to deployment and ongoing operations.

‍

🔹Future-Proofing Your Infrastructure: Get practical advice on how to strengthen your security posture and stay ahead of emerging threats with HPE ProLiant Gen12.

‍

Learn more at HPE.com/ProLiant.

‍

Watch the full video above, and be sure to subscribe to our YouTube channel, so you never miss an episode.

Matt Kimball:
Hello and welcome to the Six Five On The Road. I am Matt Kimball, Vice President and Principal Analyst at Moor Insights and Strategy, and today we’re diving into the critical topic of data security and future ready solutions with HPE Proliant Compute. We’re going to Explore the latest Gen12 Proliant server platform from HPE and how these systems are designed to enhance security, maximize performance and tackle today’s evolving threat landscape. I’m lucky to be joined by Scott Shaffer, VP and Chief Technologist at HPE and Luis Luciani, Distinguished Technologist at HPE as well. Scott, Luis. Thanks for joining me and welcome to the Six Five.

Scott Shaffer:
Hey, thanks Matt.

Luis Luciani:
It’s a pleasure.

Matt Kimball:
So it’s going to be a fun conversation, guys. You know, we talk to CIOs, we talk to IT leaders, we talk to IT practitioners on a day to day basis and you know, the conversation. While AI dominates every conversation, what is not forgotten is the challenges that exist with cyber security. Especially when you think about AI and the hands of the wrong people, right? And what can happen and, and so, so HPE has, has had this reputation in the market with a well, well earned reputation of being a pioneer in terms of platform level security. However, you know, with that said, new advances are coming or are being introduced into the market every day, like AI. You know, we’ve gone from, from simple kind of viruses to, to malware and ransomware to AI being used to this new thing in science fiction called quantum computing that is on the horizon that has a lot of, a lot of IT folks nervous and scared. Are y’all seeing this out in the marketplace as well?

Scott Shaffer:
Yeah, you know, I would, I would say we, we really are. You know, when I think about the customers that I talk to broadly, you know, we, we talk to everyone from small medium business to decent sized enterprises, to federal government customers around the world, to big service providers, right. When we kind of talk to all of them, we hear in all of these concerns and you know, when I break that customer set down you know, there’s, there’s an incredibly large percentage of the market that what they want is, they want security that they don’t have to manage.I think we’ve done a really good job of, of booting up a lot of these security capabilities so that they are secure by default right out of the box. And with, you know, our long history with Silicon Router Trust, I think is a great example of that where the, the ASIC itself has the secure keys burned into it during the, during the actual manufacturing of the asic. And so with that we can ensure, right, that nothing nefarious, no wrong firmware, no nothing can run on the platform except for the ones that we sign. And therefore again, that, that’s sort of like built in, right, right from by default so that it just boots up secure and you don’t have to do anything.

Luis Luciani:
It’s really when you’re talking about silicon root of trust, think of it as a tree. You know, it has to start somewhere, you know, and then build from there. So it, in our case this, it truly is the silicon that starts at signs, you know, this little bit of code we trust and that little bit of code moves on to, to spreading that trust further and further outside of our silicon router trust to other chips, to other modules within the platform that you’re talking about and then onto the OS and things like that. So it’s really, it’s foundational for us.

Matt Kimball:
Yeah, yeah. It’s interesting, you know, because y’all did this back in 2017. That was when I think it was with ILO 5 integrated lights out, your, your ASIC, your, your BMC and I think it was ILO 5 with Gen 10. You know, you and HPE made a splash. 1 And you’ve grown the capabilities over time. And so then all of a sudden in 2020, we’re in 2025, right? 2025, you launched this new platform called ProLiant Gen 12 with ILO 7 and it’s got some new capabilities and I want to hit on those. But before we get into that, kind of start setting the problem statement so we can show kind of why ilo7 and what you’ve done is so significant. You know, I talked about Quantum, right? What does that, what’s that mean? I mean it, it seems kind of like still science fiction. It’s so nascent as far as the technology goes. You know, lots of error rates, high error rates. But what’s it mean for enterprise? It is this just a fear monger thing or is it, is it legit?

Luis Luciani:
So, so there are people out there, there are people, very knowledgeable people that do say it’s science fiction, you know, but there are people that say, you know, in other words, when I say science fiction, they say, well, before it gets to the point to where what we’re worried about are things like can it, can it crack an RSA key or something like that. In other words, can it, can it, can I get signed firmware and be able to extract the, what I need from that firmware in order to sign some malware and then get that onto your system? And when they say it’s science, when we say science fiction, it’s like, well, a couple of miracles have to happen between now and that actually happening. But you, you, if you read the news and stuff, it’s like they’re making progress. And then the people that are, that are really worried about this stuff are the people who probably know more about this stuff than we do. Like, like, you know, intelligence agencies and stuff like that. Yeah, we as a supplier to them, we are getting demands as you know, the whole industry is that we have to be pqc meet their, their, their requirements by certain dates. In other words, they, they want signed firmware to be PQC by 2030. And, and when we say 2030, it’s not we need to be delivering by 2030 is that their fleets need to be switched over by 2030.

Matt Kimball:
Yes.

Scott Shaffer:
You know, I, I, I will let me just click back one step. You know, the way, the way I people is that you know, should they be worried or not? Right. It’s kind of the fundamental question, and I kind of answer that is by saying, well, you know, the current cryptographic solutions that we have are based on this idea of really large prime numbers and multiplying them and then determining what their factors are. Yeah, it’s, it’s really what that is. Right? That’s the whole system a very large prime numbers, right. You know, super large. And we said, well, these are great because you can’t factor this really large number because it would take, you know, if you brute force attacked it, which is the only one we know how, you know, with RSA keys, it would take, you know, more clock cycles than there are stars in the universe. That was always the thing, you know, we said, okay, well, if we got to that scale, we’re probably good. But that’s where you know, this with quantum some. There’s been an algorithm developed to do this factoring in a very, very short period of time, way less than, than, you know, than the, than the traditional and so near instantaneous. And I think that’s what has everyone saying, wow, the current model of, of relying on this, on inability to do that factoring is, is about to end with quantum being able to solve it quickly. ButAnd so the good news is, you know, the last year they finalized those algorithms with, with nist. And so that was something we could adopt into our solution. Because they finalized them, we could then rush to get those deployed and into our server so that starting in Gen 12, the systems are quantum resistant right out of the box. the information that we’re talking about being protected are the things like your passwords and your keys and your configuration settings for your platform.

Matt Kimball:
tying it back to relevance today, it’s that harvest now and decrypt later. Right. Kind of method that you’re right that nation states are taking on to grab those secrets. That is why it should be of concern to enterprise IT folks today. And it’s a legit concern. And for viewers out there, if you’re kind of interested in what the government has to say, the standards that Scott and Luis are talking to specifically around FIPS 143, I think it’s level, level three certification within FIPS 140. Is that correct?

Luis Luciani:
So we’ve gone, it’s 140, 143.

Matt Kimball:
Yeah.

Luis Luciani:
And then it’s level, level. They have different levels. So level three is for our new product, our gen 12 level three is for. We haven’t talked about this, but we have a secure enclave inside of that and that’s for that. And then the level one is the traditional ilo. That’s inside of there.

Matt Kimball:
Yeah, but this is the, these are the adhering to these, these standards and these certification and achieving these certifications is what starts driving you down that path toward quantum kind of resistance or quantum, I hate to say quantum safe, but good example.

Luis Luciani:
The, the algorithms that we use have to be fips approved for them to be credible.

Scott Shaffer:
Right.

Luis Luciani:
For at least, you know, they’re, they’re compliant with the NIST specifications and so on. And that’s, that’s the proof we have that, that we’re doing due diligence.

Matt Kimball:
So, you know, HPE did a fabulous job with, with Silicon Rooted Trust initially. You know, kind of check those millions of lines of codes and all that firmware and your BIOS as, it’s, as, as a server is booting up. Fantastic. All of a sudden Gen 12 comes out, you say, wait a minute, ilo7 we’re going to do this thing called Secure Enclave. Talk to that a little bit and why that’s critical as part of the server boot process and how it ties to obviously greater levels of security.

Luis Luciani:
the threats have become obviously over, you know, in recent times, over the years have become a lot greater than they used to be. So we, in order to stay ahead of those threats, we have to raise the bar. And that’s what we’re doing. That’s look at Gen 12. Is that as we’ve raised the bar significantly, not, not that we think there’s anything wrong before we, we think Silicon Root of Trust is really, you know, industry leading. It’s so simple. You look at it and look at how it works. It’s like, well, it’s hard to beat that.

Matt Kimball:
Yeah.

Luis Luciani:
But you know, we sit there and think about, well, what are the things that we could have done better? And that’s what we did in Gen 12. An example is recovery. Like, well, if it does find something in the early startup code, well, that code is what’s needed to recover. So if it’s corrupt, then you end up, you don’t have malware, but this executing, but you end up with a server that’s a brick. Right. So what we did is, is in the silicon itself, it has the recovery. So code is not necessary in order to go get the backup image to get the whole thing started again. And then there are other little things like, okay, backup images on this media, the main images on that media and all that. So, so you can’t just attack one, you have to attack both in order to. The best you’re going to get is a denial of service. You’re not going to get malware executing on your system.

Scott Shaffer:
You know, I think that’s a really good, you know, Luis is bringing up is, is important to us because we do develop these asics ourselves. We actually design and develop them and we care about advancing the security to meet what we imagine the threats are going to be. So the secure enclave has its own memory and its own storage and its own processor that’s completely isolated. it’s completely isolated physically, but also electrically inside the part. So that there’s a very defined interface between the code running on the main ILO chip itself and the secure enclave to ensure that. The only interface is this very well defined Dropbox style approach where even if in the worst case scenario I can imagine the code is compromised, you still can’t get access to the secrets because they’re sitting off in this completely isolated part. And that’s what stores all the secrets. The keys and the passwords and the, all the crypto settings and all that stuff are all stored there to ensure that they stay safe.

Matt Kimball:
Right?

Scott Shaffer:
They stay in the vault kind of no matter what. All it can do is say, you can give it a value and say, hey, does this match what’s in the vault. Right. You can’t actually extract it. You can, you know, write credentials, you can overwrite or add to it, but you can’t extract anything. And that, that’s key from a security perspective.

Luis Luciani:
Yeah.

Matt Kimball:
Bear in mind that when you look at some of these, you know, these low level attacks can sit for literally hundreds of days. I think the average time to recover from a malware attack is somewhere around 300 days. That is a long time that data can be siphoned off. And it’s not like a bad actor injects some malware and all of a sudden opens it and starts siphoning data at large. They’re very smart. They siphon off a little bit at a time so it just looks like normal network traffic to an IT organization. And then over time, you realize nine months later how devastating that attack was. That is why these low levels of protection are so critical. Not just foundational, because it kind of enables up the stack, but it really protects at the most vulnerable space of that server’s operating system.

Matt Kimball:
You know, there is this tagline that HPE has about, you know, from, you know, supply chain to the cloud, you know, security. You talk about kind of the, you know, the one element of that, but you know, do any, you want to kind of hit on kind of the integrity you build into supply chain and, and manufacturing, secure manufacturing all the way out. Because I think it’s, it’s, it’s a, it’s an interesting but often overlooked kind of element to HP strength.

Luis Luciani:
I would say that zero trust comes into play a lot here and it’s not just the buzzwords. A good example is that we don’t trust the factory and we don’t trust any, any of the supply chain. It’s all, it’s inherent. Like an example is that we talked about silicon rooted trust. It’s spreading all over the place. There’s a lot more to it than just that. It’s authenticating all the different parts in there. We’re also doing through attestation, making sure that it’s not only valid firmware, it’s the version that you expect that’s on there. And we’re keeping an inventory of everything in what’s called a platform certificate, which is industry standard. But we build that, we sign it through our signing process so the factory is not trusted. This blob goes to our signing service, we sign it and send it back. The inventory is done by our silicon that’s, that’s on the server, not some factory process or anything like that. So I think that goes, I mean that sort of describes our thinking behind all of, all of this kind of stuff is when we do this, when you, when it arrived, we didn’t rely upon the shipping company or anything like that.

Matt Kimball:
. So in addition to all of the technology that HPE has developed and employed and processes you’ve employed or deployed for to assure this secure environment, I’m an enterprise IT person. I’m listening to this and I’m like, oh man, I should just quit right now and go to a beach and never think about technology again. What are the 3, 4. Even if. Just a couple things that, you know, if I’m an enterprise IT person, I should be thinking about to get kind of future proofed with my, you know, with my infrastructure. Yeah.

Scott Shaffer:
I guess my first thing is, look, we, we’ve endeavored to make these systems as automatically secure as we possibly can so that you don’t have to do something. What, what you, what you would do is deploy, for example, our brand new Gen 12 servers. They’re. They’re secure by default. Right. They come right out of the the, with the high security enabled and for a good reason. Right. So that you don’t have to, as a, as a customer, you don’t have to do anything. And you may want to take a hard look at some of your existing systems and see if they’re not up to the level that you would like them to be for the threats that we see today and refresh those systems with, replace them with, with a Gen 12 and know that it’s secure, like right out of the gate. And then, you know, I’d say that that’s your first thought. I can’t impress upon people enough the value in keeping current from a firmware perspective, making sure that you stay updated. The. I know it’s not, it’s not sexy or exciting to update the firmware, but to be fair, if you don’t, you know, you’re not, you’re not going to be protected from the emerging threats.

Scott Shaffer:
One other add on is that I, I’d mention is that all of the, you know, the ProLiant Gen 12 servers come with a license for HPE’s compute ops management solution. From a security perspective, you can see right there what is the security posture of all of your servers. If any of them are at risk, you can see that immediately. You can change the at risk policy so you can define that for what’s appropriate for you. The all the settings, you know, or be able to be configured right there. So if you want to change the setting and reconfigure it, you can and do do so at scale. I cannot impress enough among, you know, this is an at scale kind of a tool and we do see lots of compute at the edge. You know, for us I would mean, you know, out at retail stores, out at manufacturing sites and warehouses and all kinds of places. And so we don’t want you sending people out there, you know, to, to, to change the security setting. We can do that all remotely with computer office management. But more importantly, we want you to be able to check them. We want to be able to check their posture very easily from a central location again without having to visit them. That’s what the solution provides. And that gives you that full view from it was delivered to you safely, you deployed it securely, it’s operating correctly and I can check it and keep it up to date.

Matt Kimball:
I think it’s important for enterprise IT folks to understand that just as you know, the threat landscape is evergreen. It’s always evolving and it’s always looking slightly different and regrowing. So should your cybersecurity strategy, right? You don’t write something in the year 2020 and assume that that’s going to be relevant in the year 2024, 2025 or 2030. You’ve got to constantly look at what you’re doing from a technology, operations and organization perspective. And I think when folks do that, that’s when the need for ProLiant Gen 12 or Gen 12 ProLiant ILO 7 becomes apparent because you start to understand the evolving threat landscape.

Matt Kimball:
Scott, Luis, thank you so much for taking the time. Thanks for joining us for the Six Five On The Road as we explored securing data with the HPE Proliant compute platform. Be sure to subscribe, follow us on social media and check out all of our coverage at SixFiveMedia.com. See you next time!