>>Hi, everyone. Welcome to this program. Sponsored by HPE. I'm your host, Lisa Martin. We're here talking about being confident and trusting your server security with HPE. I have two guests here with me to talk about this important topic. Cole Humphreys joins us global server security product manager at HPE and Anne Potton trusted supply chain program lead at HPE guys. It's great to have you on the program. Welcome. >>Hi, thanks. Thank you. It's nice to be here, Anne. >>Let's talk about really what's going on there. Some of the trends, some of the threats there's so much change going on. What is HPE seeing? >>Yes. Good question. Thank you. Yeah. You know, cyber security threats are increasing everywhere and it's causing disruption to businesses and governments alike worldwide. You know, the global pandemic has caused limited employee availability. Originally this has led to material shortages and these things opens the door perhaps even wider for more counterfeit parts and products to enter the market. And these are challenges for consumers everywhere. In addition to this, we're seeing the geopolitical environment has changed. We're seeing, you know, rogue nation states using cybersecurity warfare tactics to immobilize an entity's ability to operate and perhaps even use their tactics for revenue generation, the Russian invasion of Ukraine as one example, but businesses are also under attack. You know, for example, we saw solar winds, software supply chain was attacked two years ago, which unfortunately went a notice for several months and then this was followed by the colonial pipeline attack and numerous others. >>You know, it just seems like it's almost a daily occurrence that we hear of a cyber attack on the evening news. And in fact, it's estimated that the cyber crime cost will reach over 10 and a half trillion dollars by 2025 and will be even more profitable than the global transfer of all major illegal drugs combined. This is crazy, you know, the macro environment in which companies operate in has changed over the years. And you know, all of these things together and coming from multiple directions presents a cybersecurity challenge for an organization and in particular it's supply chain. And this is why HPE is taking proactive steps to mitigate supply chain risk so that we can provide our customers with the most secure products and services. >>So Cole, let's bring you into the conversation and did a great job of summarizing the major threats that are going on the tumultuous landscape. Talk to us Cole about the security gap. What is it? What is HPE seeing and why are organizations in this situation? >>Hi, thanks Lisa. You know, what we're seeing is as this threat landscape increases to, you know, disrupt or attempt to disrupt our customers and our partners and ourselves, I, it's a kind of a double edge if you will, because you're seeing the increase in attacks, but what you're not seeing is that equal to growth of the skills and the experiences required to address the scale. So it really puts the pressure on companies because you have a skill gap, a talent gap, if you will. There's, you know, for example, there are projected to be three and a half million cyber roles open in the next few years, right? So all this scale is growing and people are just trying to keep up, but the gap is growing just literally the people to stop the bad actors from attacking the data and, and to complicate matters. You're also seeing a dynamic change of the who and the, how the attacks are happening, right? >>The classic attacks that you've seen, you know, and the SDK and all the, you know, the history books, those are not the standard plays anymore. You'll have, you know, nation states going after commercial entities and, you know, criminal syndicates and alluded to that. There's more money in it than the international drug trade. So you can imagine the amount of criminal interest in getting this money. So you put all that together. And the increasing of attacks, it just is really pressing down is, is literally, I mean, the reports we're reading over half of everyone, obviously the most critical infrastructure cares, but even just mainstream computing requirements need to have their data protected, help me protect my workloads and they don't have the people in house, right? So that's where partnership is needed, right? And that's where we believe, you know, our approach with our partner ecosystem is it's not HPE delivering everything ourself, but all of us in this together is really what we believe. The only way we're gonna be able to get this done. >>So collets double click on that HPE and its partner ecosystem can provide expertise that companies and every industry are lacking. You're delivering HPE as a 360 degree approach to security. Talk about what that 360 degree approach encompasses. >>Thank you. It is, it is an approach, right? Because I feel that security is a, it is a, it is a thread that will go through the entire construct of a technical solution, right there. Isn't a, oh, if you just buy this one server with this one feature, you don't have to worry about anything else. It's really it's everywhere. And at least the way we believe it, it's everywhere. And it in a 360 degree approach, the way we like to frame it is it's, it's this beginning with our supply chain, right? We take a lot of pride in the designs, you know, the really smart engineering teams, the design, our technology, our awesome world class global operations team, working in concert to deliver some of these technologies into the market. That is a huge, you know, great capability, but also a huge risk to customers, cuz that is the most vulnerable place that if you inject some sort of malware or, or tampering at that point, you know, the rest of the story really becomes mute because you've already defeated, right? >>And then you move in to you physically deployed that through our global operations. Now you're in an operating environment. That's where automation becomes key, right? We have software innovations in, you know, our ILO product of management inside those single servers. And we have really cool new grain lake for compute operations management services out there that give customers more control back and more information to deal with this scaling problem. And then lastly, as you begin to wrap up, you know, the natural life cycle and you need to move to new platforms and new technologies, right? We think about the exit of that life cycle and how do we make sure we dispose of the data and, and move those products into a secondary life cycle so that we can move back into this kind of circular 360 degree approach. We don't wanna leave our customers hanging anywhere in this entire journey. >>That 360 degree approach is so critical, especially given as we've talked about already in this segment, the changes, the dynamics in the environment. And as Cole said, this is this 360 degree approach that HPE is delivering is beginning in the manufacturing supply chain seems like the first line of defense against cyber attackers talked to us about why that's important. And where did the impetus come from? Was that COVID was that customer demand? >>Yep. Yep. Yeah. The supply chain is critical. Thank you. So in 2018, we, we could see all of these cybersecurity issues starting to emerge and predicted that this would be a significant challenge for our industry. So we formed a strategic initiative called the trusted supply chain program designed to mitigate cybersecurity risk in the supply chain and really starting at the product with the product life cycle, starting at the product design phase and moving through sourcing and manufacturing, how we deliver products to our customers and ultimately a product's end of life that Cole mentioned. So in doing this, we're able to provide our customers with the most secure products and services, whether they're buying their servers from, for their data center or using our own GreenLake services. So just to give you some examples, something that is foundational to our trusted supply chain program, we've built a very robust cybersecurity supply chain risk management program that includes assessing our risk at our all factories and our suppliers. >>Okay. We're also looking at strengthening our software supply chain by developing mechanisms to identify software vulnerabilities and hardening our own software build environments to protect against counterfeit parts that I mentioned in the beginning from entering our supply chain, we've recently started a blockchain program so that we can identify component provenance and trace part parts back to their original manufacturers. So our security efforts, you know, continue even after product manufacturing, we offer three different levels of secure delivery services for our customers, including, you know, a dedicated truck and driver or perhaps even an exclusive use vehicle. We can tailor our delivery services to whatever the customer needs. And then when a product is at its end of life, products are either recycled or disposed using our approved vendors. So our servers are also equipped with the one button secure erase that erases every bite of data, including firmware data and talking about products, we've taken additional steps to provide additional security features for our products. >>Number one, we can provide platform certificates that allow the user to cryptographically verify that their server hasn't been tampered with from the time it left the manufacturing facility to the time that it arrives at the customer's factory facility. In addition to that, we've launched a dedicated line of trusted supply chain servers with additional security features, including secure configuration lock chassis intrusion detection. And these are assembled at our us factory by us vetted employees. So lots of exciting things happening within the supply chain, not just to shore up our own supply chain risk, but also to provide our customer the most. So that announcement. >>All right, thank you. You know, they've got great setup though, because I think you gotta really appreciate the whole effort that we're putting into, you know, bringing these online. But one of the just transparently the gaps we had as we proved this out was as you heard, this initial proof was delivered with assembly in the us factory employees, you know, fantastic program really successful in all our target industries and, and even expanding to places we didn't really expect it to, but it's kind of going to the point of security. Isn't just for one industry or one set of customers, right? We're seeing it in our partners. We're seeing it in different industries than we have in the past. And, but the challenge was we couldn't get this global right out the gate, right? This has been a really heavy transparently, a us federal activated focus, right? >>If, if you've been tracked in what's going on since may of last year, there's been a call to action to improve a nation cybersecurity. So we've been all in on that and we have an opinion and we're working hard on that, but we're a global company, right? How can we get this out to the rest of the world? Well guess what, this month we figured it out and well, let's take a lot more than those month. We did a lot of work that we figured it out and we have launched a comparable service globally called server security optimization service, right? HPE server security optimization service for proli. I like to call it, you know, S S O S sauce, right? Do you wanna be clever HPE sauce that we can now deploy globally? We get that product hardened in the supply chain, right? Because if you take the best of your supply chain and you take your technical innovations, that you've innovated into the server, you can deliver a better experience for your customers, right? >>So the supply chain equals server technology and our awesome, you know, services teams deliver supply chain security at that last mile. And we can deliver it in the European markets. And now in the Asia Pacific markets right now, we could always just, we could ship it from the us to other markets. So we could always fulfill this promise, but I think it's just having that local access into your partner ecosystem and stuff just makes more sense, but it is big deal for us because now we have activated a meaningful supply chain security benefit for our entire global network of partners and customers, and we're excited about it. And we hope our customers are too. >>That's huge Cole. And, and in terms of this significance of the impact that HPE is delivering through its partner ecosystem globally as the supply chain continues to be one of the terms on everyone's lips here, I'm curious Cole, we just couple months ago, we're at discover. Can you talk about what HPE is doing here from a, a security perspective, this global approach that it's taking as it relates to what HPE was talking about at discover, in terms of we wanna secure the enterprise to deliver these experiences from edge to cloud. >>You know, I feel like for, for me, and, and I think you look at the shared responsibility models and you know, other frameworks out there, the way we're the way I believe it to be is this is it's, it's a solution, right? There's not one thing, you know, if you use HPE supply chain, the end, or if you buy an HPE pro line the end, right. It is an integrated connectedness with our, as a service platform, our service and support commitments, you know, our extensive partner ecosystem, our alliances, all of that comes together to ultimately offer that assurance to a customer. And I think these are specific, meaningful proof points in that chain of custody, right? That chain of trust, if you will, because as the world becomes more, zero trust, we are gonna have to prove ourselves more, right. And these are those kind of technical I credentials and identities and, you know, capabilities that a modern approach to security need. >>Excellent, great work there. And let's go ahead and, and take us home, take the audience through what you think ultimately, what HPE is doing, really infusing security at that 360 degree approach level that we talked about. What are some of the key takeaways that you want the audience that's watching here today to walk away with? >>Right. Right. Thank you. Yeah. You know, with the increase in cyber security threats, everywhere affecting all businesses globally, it's gonna require everyone in our industry to continue to evolve in our supply chain security in our product security in order to protect our customers in our business, continuity protecting our supply chain is something that HPE is very committed to and takes very seriously. So, you know, I think regardless of whether our customers are looking for an on-prem solution or a GreenLake service, you know, HPE is proactively looking for in mitigating any security risk in this supply chain so that we can provide our customers with the most secure products and services. >>Awesome. Ann and Cole. Thank you so much for joining me today, talking about what HPE is doing here and why it's important as our program is called to be confident and trust your server security with HPE and how HPE is doing that. Appreciate your insights on your time. >>Thank you so much for having thank >>You, Lisa, >>For Cole Humphreys and Anne Potton I'm Lisa Martin. We wanna thank you for watching this segment in our series. Be confident and trust your server security with HPE. We'll see you soon.