Building in infrastructure trust for better security

Thursday, August 19 2021 05:48

Organizations need to build infrastructure that will support them today and well into the future—with levels of security that keep up with the rapidly advancing threat landscape.

Building in infrastructure trust for better security - Blog Cover

Is trust equivalent to the bricks or the mortar in building more secure infrastructure? There's a case to be made for both answers, but what's undeniable is that trust has be built in if the result is going to be effective or efficient. Slapping more mortar on an existing building won't do much for it, nor will stacking up a pile of bricks in front of the door. But that's the situation organizations can find themselves in when trying to retrofit security capabilities.

For many enterprises, the building of their infrastructure has been a progression over time. Their management and security practices have grown along with that progression, but often not with the same pace or in the same direction. This can mean they're still working to catch up to new technologies or still working with tools that don't provide full coverage for everything they're trying to secure. It can leave an organization struggling to manage operational security tasks that are fundamental to their security posture. While this may be a common situation, it shouldn't be. There are tactics to directly address security issues of this nature by building trust into the foundation of the infrastructure.

Granular trust integration is key

In the same way that the quality of the bricks and mortar affect the foundation of a building, infrastructure security depends on the supply chain that feeds it. The headlines have been full of examples of the damage that insecure supply chains can cause. Today's threats require much more granular trust integration to provide capable security protections. Hardware has to provide an anchored root of trust on which firmware and software can be laid in ways that integrate and operationalize security. Only then can trust be established in the layers above—in the OS, the platform, and the workloads that run on them.

The quality of infrastructure also has a significant impact on the operational efficiency of security teams. A collection of piece parts whose updating and patching have to be managed independently takes much more work to maintain, and creates potential gaps that attackers could exploit. That may be one of the reasons that a recent 451 Research Voice of the Enterprise: Information Security study found that vulnerability management and remediation is now the second-highest priority project for enterprises.

It's an indication that organizations continue to struggle with a fundamental and critical security task. These are functions that have to operate with automated processes that can be trusted to deliver robust computing capacity wherever and in whatever form it's required.

Infrastructure security depends on securing the full operational lifecycle, making software supply chain security an essential part of security operations. It's something that happens when operational security is built in as an essential part of an infrastructure platform that can earn the trust of the organizations it serves at the most foundational level. Whether that's the job of the bricks or the mortar the infrastructure is built with, it is critical that the construction be done effectively to deliver infrastructure that's not only secure, but that can be managed efficiently and effectively.

Ready for more? Read the report  "Building in Infrastructure Trust"  from 451 Research.

Eric Hanselman
Compute Experts
Hewlett Packard Enterprise