Dave Husak, Fellow & GM of Cloudless Initiative at HPE and Dave Larson, VP & CTO of Cloudless Initiative at HPE sit down with Stu Miniman for a Digital CUBE Conversation as part of the HPE Discover 2020 Digital Event Experience.
Visit thecube.net for our full catalog of interviews.
#HPEDiscover #theCUBE #HPE @Hewlett Packard Enterprise @SiliconANGLE theCUBE
https://siliconangle.com/2020/06/24/qa-trust-nothing-forget-perimeters-intrinsic-security-hpediscover/
Q&A: Trust nothing and forget perimeters: It’s all about intrinsic security
Most chief information security officers are well aware that building extrinsic security is key to protecting high-value assets, services, and workloads, enclosed within a perimeter. But building perimeters and attempting to control external situations is an outdated security strategy, according to Dave Husak (pictured, left), fellow and general manager of the Cloudless initiative at Hewlett Packard Enterprise Co.
In the modern software world, it is not possible to protect ephemeral endpoints, containers, or even serverless code that die quickly. A better approach is to design security from the inside — intrinsically, Husak added. Intrinsic security strategies do not automatically trust anything outside perimeters or even communication from the inside. In other words: zero-trust security.
“Cryptographic identity is fundamental to zero-trust security because we’re no longer relying on intermediary devices, firewalls, or other kinds of functions to authorize those communications,” Husak said. “So the idea of building cryptographic identity into all workload endpoints, devices and data is sort of a cornerstone of any zero-trust security strategy.”
Husak and Dave Larson (pictured, right), vice president and chief technology officer of the cloudless initiative at HPE, spoke with Stu Miniman, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the HPE Discover Virtual Experience event. They discussed HPE’s Cloudless Computing and zero-trust principles. (* Disclosure below.)
[Editor’s note: The following has been condensed for clarity.]
Where does security fit into HPE overall … and [tell us about] interest around cloudless.
Husak: The most important aspect [of the initiative] was the Cloudless Trust Fabric, which was built on the idea of intrinsic security for all workload endpoints. The way I like to say it is that we have entered an era of security-first in IT infrastructure. It’s no longer going to be practical to build IT infrastructure and then have products that secure it. You know, build perimeters, do micro-segment, or anything like that. Workload endpoints need to be intrinsically secure.
And, so, a lot of the principles applied in the Cloudless Trust Fabric are those zero-trust principles, are based on cryptographic workload identity, and leverage unique aspects of HPE’s products and infrastructure that we’ve already been delivering.
Applications are at the core of what we’ve looked at in cloud-native — it’s new architecture, it’s new design principles. So, what are HPE’s thoughts as to how security fits into that?
Larson: The way we see it is that the transition is moving to a modality where all services, all workloads, all endpoints can be mutually attested, cryptographically identified in a way that allows a zero-trust model to emerge.
So from an HPE perspective, the area where we build is from the bottom up, we have a silicon root of trust in our server platform. It’s part of our ILO five, integrated lights out baseboard management controller. We can actually deliver a discreet and measurable identity for the hardware and projected it up into the workload, into the software realm.
I heard you mention identity; it makes me think of the Cytel acquisition that HPE made early this year. And SPIFFE, of course, is the project that had gotten quite a bit of attention. Can you give us a little bit as to how that acquisition fits into this overall discussion we were just having?
Husak: We acquired Cytel into the initiative. We were delighted to bring the team on board. Not only from the standpoint that they are the world’s experts, original contributors, and moderators and committers in the stewardship of SPIFFE and SPIRE — the two projects in the CNCF, but … the impact they’re going to have on the HPE’s product development, hardware and software are going to be outsized.
...
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the HPE Discover Virtual Experience event. (* Disclosure: TheCUBE is a paid media partner for the HPE Discover Virtual Experience. Neither Hewlett Packard Enterprise Co., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
HPE Discover Virtual Experience. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For HPE Discover Virtual Experience
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for HPE Discover Virtual Experience.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
HPE Discover Virtual Experience. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to HPE Discover Virtual Experience
Please sign in with LinkedIn to continue to HPE Discover Virtual Experience. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Dave Husak & Dave Larson, HPE | HPE Discover 2020
Dave Husak, Fellow & GM of Cloudless Initiative at HPE and Dave Larson, VP & CTO of Cloudless Initiative at HPE sit down with Stu Miniman for a Digital CUBE Conversation as part of the HPE Discover 2020 Digital Event Experience.
Visit thecube.net for our full catalog of interviews.
#HPEDiscover #theCUBE #HPE @Hewlett Packard Enterprise @SiliconANGLE theCUBE
https://siliconangle.com/2020/06/24/qa-trust-nothing-forget-perimeters-intrinsic-security-hpediscover/
Q&A: Trust nothing and forget perimeters: It’s all about intrinsic security
Most chief information security officers are well aware that building extrinsic security is key to protecting high-value assets, services, and workloads, enclosed within a perimeter. But building perimeters and attempting to control external situations is an outdated security strategy, according to Dave Husak (pictured, left), fellow and general manager of the Cloudless initiative at Hewlett Packard Enterprise Co.
In the modern software world, it is not possible to protect ephemeral endpoints, containers, or even serverless code that die quickly. A better approach is to design security from the inside — intrinsically, Husak added. Intrinsic security strategies do not automatically trust anything outside perimeters or even communication from the inside. In other words: zero-trust security.
“Cryptographic identity is fundamental to zero-trust security because we’re no longer relying on intermediary devices, firewalls, or other kinds of functions to authorize those communications,” Husak said. “So the idea of building cryptographic identity into all workload endpoints, devices and data is sort of a cornerstone of any zero-trust security strategy.”
Husak and Dave Larson (pictured, right), vice president and chief technology officer of the cloudless initiative at HPE, spoke with Stu Miniman, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the HPE Discover Virtual Experience event. They discussed HPE’s Cloudless Computing and zero-trust principles. (* Disclosure below.)
[Editor’s note: The following has been condensed for clarity.]
Where does security fit into HPE overall … and [tell us about] interest around cloudless.
Husak: The most important aspect [of the initiative] was the Cloudless Trust Fabric, which was built on the idea of intrinsic security for all workload endpoints. The way I like to say it is that we have entered an era of security-first in IT infrastructure. It’s no longer going to be practical to build IT infrastructure and then have products that secure it. You know, build perimeters, do micro-segment, or anything like that. Workload endpoints need to be intrinsically secure.
And, so, a lot of the principles applied in the Cloudless Trust Fabric are those zero-trust principles, are based on cryptographic workload identity, and leverage unique aspects of HPE’s products and infrastructure that we’ve already been delivering.
Applications are at the core of what we’ve looked at in cloud-native — it’s new architecture, it’s new design principles. So, what are HPE’s thoughts as to how security fits into that?
Larson: The way we see it is that the transition is moving to a modality where all services, all workloads, all endpoints can be mutually attested, cryptographically identified in a way that allows a zero-trust model to emerge.
So from an HPE perspective, the area where we build is from the bottom up, we have a silicon root of trust in our server platform. It’s part of our ILO five, integrated lights out baseboard management controller. We can actually deliver a discreet and measurable identity for the hardware and projected it up into the workload, into the software realm.
I heard you mention identity; it makes me think of the Cytel acquisition that HPE made early this year. And SPIFFE, of course, is the project that had gotten quite a bit of attention. Can you give us a little bit as to how that acquisition fits into this overall discussion we were just having?
Husak: We acquired Cytel into the initiative. We were delighted to bring the team on board. Not only from the standpoint that they are the world’s experts, original contributors, and moderators and committers in the stewardship of SPIFFE and SPIRE — the two projects in the CNCF, but … the impact they’re going to have on the HPE’s product development, hardware and software are going to be outsized.
...
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the HPE Discover Virtual Experience event. (* Disclosure: TheCUBE is a paid media partner for the HPE Discover Virtual Experience. Neither Hewlett Packard Enterprise Co., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
