(upbeat music) >> Welcome back, everyone, to our Cube special programming on "Securing Compute, Engineered for the Hybrid World." We got Cole Humphreys who's with HPE, global server security product manager, and Mike Ferron-Jones with Intel. He's the product manager for data security technology. Gentlemen, thank you for coming on this special presentation. >> All right, thanks for having us. >> So, securing compute, I mean, compute, everyone wants more compute. You can't have enough compute as far as we're concerned. You know, more bits are flying around the internet. Hardware's mattering more than ever. Performance markets hot right now for next-gen solutions. When you're talking about security, it's at the center of every single conversation. And Gen11 for the HPE has been big-time focus here. So let's get into the story. What's the market for Gen11, Cole, on the security piece? What's going on? How do you see this impacting the marketplace? >> Hey, you know, thanks. I think this is, again, just a moment in time where we're all working towards solving a problem that doesn't stop. You know, because we are looking at data protection. You know, in compute, you're looking out there, there's international impacts, there's federal impacts, there's state-level impacts, and even regulation to protect the data. So, you know, how do we do this stuff in an environment that keeps changing? >> And on the Intel side, you guys are a Tier 1 combination partner, Better Together. HPE has a deep bench on security, Intel, We know what your history is. You guys have a real root of trust with your code, down to the silicon level, continuing to be, and you're on the 4th Gen Xeon here. Mike, take us through the Intel's relationship with HPE. Super important. You guys have been working together for many, many years. Data security, chips, HPE, Gen11. Take us through the relationship. What's the update? >> Yeah, thanks and I mean, HPE and Intel have been partners in delivering technology and delivering security for decades. And when a customer invests in an HPE server, like at one of the new Gen11s, they're getting the benefit of the combined investment that these two great companies are putting into product security. On the Intel side, for example, we invest heavily in the way that we develop our products for security from the ground up, and also continue to support them once they're in the market. You know, launching a product isn't the end of our security investment. You know, our Intel Red Teams continue to hammer on Intel products looking for any kind of security vulnerability for a platform that's in the field. As well as we invest heavily in the external research community through our bug bounty programs to harness the entire creativity of the security community to find those vulnerabilities, because that allows us to patch them and make sure our customers are staying safe throughout that platform's deployed lifecycle. You know, in 2021, between Intel's internal red teams and our investments in external research, we found 93% of our own vulnerabilities. Only a small percentage were found by unaffiliated external entities. >> Cole, HPE has a great track record and long history serving customers around security, actually, with the solutions you guys had. With Gen11, it's more important than ever. Can you share your thoughts on the talent gap out there? People want to move faster, breaches are happening at a higher velocity. They need more protection now than ever before. Can you share your thoughts on why these breaches are happening, and what you guys are doing, and how you guys see this happening from a customer standpoint? What you guys fill in with Gen11 with solution? >> You bet, you know, because when you hear about the relentless pursuit of innovation from our partners, and we in our engineering organizations in India, and Taiwan, and the Americas all collaborating together years in advance, are about delivering solutions that help protect our customer's environments. But what you hear Mike talking about is it's also about keeping 'em safe. Because you look to the market, right? What you see in, at least from our data from 2021, we have that breaches are still happening, and lot of it has to do with the fact that there is just a lack of adequate security staff with the necessary skills to protect the customer's application and ultimately the workloads. And then that's how these breaches are happening. Because ultimately you need to see some sort of control and visibility of what's going on out there. And what we were talking about earlier is you see time. Time to seeing some incident happen, the blast radius can be tremendous in today's technical, advanced world. And so you have to identify it and then correct it quickly, and that's why this continued innovation and partnership is so important, to help work together to keep up. >> You guys have had a great track record with Intel-based platforms with HPE. Gen11's a really big part of the story. Where do you see that impacting customers? Can you explain the benefits of what's going on with Gen11? What's the key story? What's the most important thing we should be paying attention to here? >> I think there's probably three areas as we look into this generation. And again, this is a point in time, we will continue to evolve. But at this particular point it's about, you know, a fundamental approach to our security enablement, right? Partnering as a Tier 1 OEM with one of the best in the industry, right? We can deliver systems that help protect some of the most critical infrastructure on earth, right? I know of some things that are required to have a non-disclosure because it is some of the most important jobs that you would see out there. And working together with Intel to protect those specific compute workloads, that's a serious deal that protects not only state, and local, and federal interests, but, really, a global one. >> This is a really- >> And then there's another one- Oh sorry. >> No, go ahead. Finish your thought. >> And then there's another one that I would call our uncompromising focus. We work in the industry, we lead and partner with those in the, I would say, in the good side. And we want to focus on enablement through a specific capability set, let's call it our global operations, and that ability to protect our supply chain and deliver infrastructure that can be trusted and into an operating environment. You put all those together and you see very significant and meaningful solutions together. >> The operating benefits are significant. I just want to go back to something you just said before about the joint NDAs and kind of the relationship you kind of unpacked, that to me, you know, I heard you guys say from sand to server, I love that phrase, because, you know, silicone into the server. But this is a combination you guys have with HPE and Intel supply-chain security. I mean, it's not just like you're getting chips and sticking them into a machine. This is, like, there's an in-depth relationship on the supply chain that has a very intricate piece to it. Can you guys just double down on that and share that, how that works and why it's important? >> Sure, so why don't I go ahead and start on that one. So, you know, as you mentioned the, you know, the supply chain that ultimately results in an end user pulling, you know, a new Gen11 HPE server out of the box, you know, started, you know, way, way back in it. And we've been, you know, Intel, from our part are, you know, invest heavily in making sure that all of our entire supply chain to deliver all of the Intel components that are inside that HPE platform have been protected and monitored ever since, you know, their inception at one of any of our 14,000, you know, Intel vendors that we monitor as part of our supply-chain assurance program. I mean we, you know, Intel, you know, invests heavily in compliance with guidelines from places like NIST and ISO, as well as, you know, doing best practices under things like the Transported Asset Protection Alliance, TAPA. You know, we have been intensely invested in making sure that when a customer gets an Intel processor, or any other Intel silicone product, that it has not been tampered with or altered during its trip through the supply chain. HPE then is able to pick up that, those components that we deliver, and add onto that their own supply-chain assurance when it comes down to delivering, you know, the final product to the customer. >> Cole, do you want to- >> That's exactly right. Yeah, I feel like that integration point is a really good segue into why we're talking today, right? Because that then comes into a global operations network that is pulling together these servers and able to deploy 'em all over the world. And as part of the Gen11 launch, we have security services that allow 'em to be hardened from our factories to that next stage into that trusted partner ecosystem for system integration, or directly to customers, right? So that ability to have that chain of trust. And it's not only about attestation and knowing what, you know, came from whom, because, obviously, you want to trust and make sure you're get getting the parts from Intel to build your technical solutions. But it's also about some of the provisioning we're doing in our global operations where we're putting cryptographic identities and manifests of the server and its components and moving it through that supply chain. So you talked about this common challenge we have of assuring no tampering of that device through the supply chain, and that's why this partnering is so important. We deliver secure solutions, we move them, you're able to see and control that information to verify they've not been tampered with, and you move on to your next stage of this very complicated and necessary chain of trust to build, you know, what some people are calling zero-trust type ecosystems. >> Yeah, it's interesting. You know, a lot goes on under the covers. That's good though, right? You want to have greater security and platform integrity, if you can abstract the way the complexity, that's key. Now one of the things I like about this conversation is that you mentioned this idea of a hardware-root-of-trust set of technologies. Can you guys just quickly touch on that, because that's one of the major benefits we see from this combination of the partnership, is that it's not just one, each party doing something, it's the combination. But this notion of hardware-root-of-trust technologies, what is that? >> Yeah, well let me, why don't I go ahead and start on that, and then, you know, Cole can take it from there. Because we provide some of the foundational technologies that underlie a root of trust. Now the idea behind a root of trust, of course, is that you want your platform to, you know, from the moment that first electron hits it from the power supply, that it has a chain of trust that all of the software, firmware, BIOS is loading, to bring that platform up into an operational state is trusted. If you have a breach in one of those lower-level code bases, like in the BIOS or in the system firmware, that can be a huge problem. It can undermine every other software-based security protection that you may have implemented up the stack. So, you know, Intel and HPE work together to coordinate our trusted boot and root-of-trust technologies to make sure that when a customer, you know, boots that platform up, it boots up into a known good state so that it is ready for the customer's workload. So on the Intel side, we've got technologies like our trusted execution technology, or Intel Boot Guard, that then feed into the HPE iLO system to help, you know, create that chain of trust that's rooted in silicon to be able to deliver that known good state to the customer so it's ready for workloads. >> All right, Cole, I got to ask you, with Gen11 HPE platforms that has 4th Gen Intel Xeon, what are the customers really getting? >> So, you know, what a great setup. I'm smiling because it's, like, it has a good answer, because one, this, you know, to be clear, this isn't the first time we've worked on this root-of-trust problem. You know, we have a construct that we call the HPE Silicon Root of Trust. You know, there are, it's an industry standard construct, it's not a proprietary solution to HPE, but it does follow some differentiated steps that we like to say make a little difference in how it's best implemented. And where you see that is that tight, you know, Intel Trusted Execution exchange. The Intel Trusted Execution exchange is a very important step to assuring that route of trust in that HPE Silicon Root of Trust construct, right? So they're not different things, right? We just have an umbrella that we pull under our ProLiant, because there's ILO, our BIOS team, CPLDs, firmware, but I'll tell you this, Gen11, you know, while all that, keeping that moving forward would be good enough, we are not holding to that. We are moving forward. Our uncompromising focus, we want to drive more visibility into that Gen11 server, specifically into the PCIE lanes. And now you're going to be able to see, and measure, and make policies to have control and visibility of the PCI devices, like storage controllers, NICs, direct connect, NVME drives, et cetera. You know, if you follow the trends of where the industry would like to go, all the components in a server would be able to be seen and attested for full infrastructure integrity, right? So, but this is a meaningful step forward between not only the greatness we do together, but, I would say, a little uncompromising focus on this problem and doing a little bit more to make Gen11 Intel's server just a little better for the challenges of the future. >> Yeah, the Tier 1 partnership is really kind of highlighted there. Great, great point. I got to ask you, Mike, on the 4th Gen Xeon Scalable capabilities, what does it do for the customer with Gen11 now that they have these breaches? Does it eliminate stuff? What's in it for the customer? What are some of the new things coming out with the Xeon? You're at Gen4, Gen11 for HP, but you guys have new stuff. What does it do for the customer? Does it help eliminate breaches? Are there things that are inherent in the product that HP is jointly working with you on or you were contributing in to the relationship that we should know about? What's new? >> Yeah, well there's so much great new stuff in our new 4th Gen Xeon Scalable processor. This is the one that was codenamed Sapphire Rapids. I mean, you know, more cores, more performance, AI acceleration, crypto acceleration, it's all in there. But one of my favorite security features, and it is one that's called Intel Control-Flow Enforcement Technology, or Intel CET. And why I like CET is because I find the attack that it is designed to mitigate is just evil genius. This type of attack, which is called a return, a jump, or a call-oriented programming attack, is designed to not bring a whole bunch of new identifiable malware into the system, you know, which could be picked up by security software. What it is designed to do is to look for little bits of existing, little bits of existing code already on the server. So if you're running, say, a web server, it's looking for little bits of that web-server code that it can then execute in a particular order to achieve a malicious outcome, something like open a command prompt, or escalate its privileges. Now in order to get those little code bits to execute in an order, it has a control mechanism. And there are different, each of the different types of attacks uses a different control mechanism. But what CET does is it gets in there and it disrupts those control mechanisms, uses hardware to prevent those particular techniques from being able to dig in and take effect. So CET can, you know, disrupt it and make sure that software behaves safely and as the programmer intended, rather than picking off these little arbitrary bits in one of these return, or jump, or call-oriented programming attacks. Now it is a technology that is included in every single one of the new 4th Gen Xeon Scalable processors. And so it's going to be an inherent characteristic the customers can benefit from when they buy a new Gen11 HPE server. >> Cole, more goodness from Intel there impacting Gen11 on the HPE side. What's your reaction to that? >> I mean, I feel like this is exactly why you do business with the big Tier 1 partners, because you can put, you know, trust in from where it comes from, through the global operations, literally, having it hardened from the factory it's finished in, moving into your operating environment, and then now protecting against attacks in your web hosting services, right? I mean, this is great. I mean, you'll always have an attack on data, you know, as you're seeing in the data. But the more contained, the more information, and the more control and trust we can give to our customers, it's going to make their job a little easier in protecting whatever job they're trying to do. >> Yeah, and enterprise customers, as you know, they're always trying to keep up to date on the skills and battle the threats. Having that built in under the covers is a real good way to kind of help them free up their time, and also protect them is really killer. This is a big, big part of the Gen11 story here. Securing the data, securing compute, that's the topic here for this special cube conversation, engineering for a hybrid world. Cole, I'll give you the final word. What should people pay attention to, Gen11 from HPE, bottom line, what's the story? >> You know, it's, you know, it's not the first time, it's not the last time, but it's our fundamental security approach to just helping customers through their digital transformation defend in an uncompromising focus to help protect our infrastructure in these technical solutions. >> Cole Humphreys is the global server security product manager at HPE. He's got his finger on the pulse and keeping everyone secure in the platform integrity there. Mike Ferron-Jones is the Intel product manager for data security technology. Gentlemen, thank you for this great conversation, getting into the weeds a little bit with Gen11, which is great. Love the hardware route-of-trust technologies, Better Together. Congratulations on Gen11 and your 4th Gen Xeon Scalable. Thanks for coming on. >> All right, thanks, John. >> Thank you very much, guys, appreciate it. Okay, you're watching "theCube's" special presentation, "Securing Compute, Engineered for the Hybrid World." I'm John Furrier, your host. Thanks for watching. (upbeat music)

>>Hi, everyone. Welcome to this program. Sponsored by HPE. I'm your host, Lisa Martin. We're here talking about being confident and trusting your server security with HPE. I have two guests here with me to talk about this important topic. Cole Humphreys joins us global server security product manager at HPE and Anne Potton trusted supply chain program lead at HPE guys. It's great to have you on the program. Welcome. >>Hi, thanks. Thank you. It's nice to be here, Anne. >>Let's talk about really what's going on there. Some of the trends, some of the threats there's so much change going on. What is HPE seeing? >>Yes. Good question. Thank you. Yeah. You know, cyber security threats are increasing everywhere and it's causing disruption to businesses and governments alike worldwide. You know, the global pandemic has caused limited employee availability. Originally this has led to material shortages and these things opens the door perhaps even wider for more counterfeit parts and products to enter the market. And these are challenges for consumers everywhere. In addition to this, we're seeing the geopolitical environment has changed. We're seeing, you know, rogue nation states using cybersecurity warfare tactics to immobilize an entity's ability to operate and perhaps even use their tactics for revenue generation, the Russian invasion of Ukraine as one example, but businesses are also under attack. You know, for example, we saw solar winds, software supply chain was attacked two years ago, which unfortunately went a notice for several months and then this was followed by the colonial pipeline attack and numerous others. >>You know, it just seems like it's almost a daily occurrence that we hear of a cyber attack on the evening news. And in fact, it's estimated that the cyber crime cost will reach over 10 and a half trillion dollars by 2025 and will be even more profitable than the global transfer of all major illegal drugs combined. This is crazy, you know, the macro environment in which companies operate in has changed over the years. And you know, all of these things together and coming from multiple directions presents a cybersecurity challenge for an organization and in particular it's supply chain. And this is why HPE is taking proactive steps to mitigate supply chain risk so that we can provide our customers with the most secure products and services. >>So Cole, let's bring you into the conversation and did a great job of summarizing the major threats that are going on the tumultuous landscape. Talk to us Cole about the security gap. What is it? What is HPE seeing and why are organizations in this situation? >>Hi, thanks Lisa. You know, what we're seeing is as this threat landscape increases to, you know, disrupt or attempt to disrupt our customers and our partners and ourselves, I, it's a kind of a double edge if you will, because you're seeing the increase in attacks, but what you're not seeing is that equal to growth of the skills and the experiences required to address the scale. So it really puts the pressure on companies because you have a skill gap, a talent gap, if you will. There's, you know, for example, there are projected to be three and a half million cyber roles open in the next few years, right? So all this scale is growing and people are just trying to keep up, but the gap is growing just literally the people to stop the bad actors from attacking the data and, and to complicate matters. You're also seeing a dynamic change of the who and the, how the attacks are happening, right? >>The classic attacks that you've seen, you know, and the SDK and all the, you know, the history books, those are not the standard plays anymore. You'll have, you know, nation states going after commercial entities and, you know, criminal syndicates and alluded to that. There's more money in it than the international drug trade. So you can imagine the amount of criminal interest in getting this money. So you put all that together. And the increasing of attacks, it just is really pressing down is, is literally, I mean, the reports we're reading over half of everyone, obviously the most critical infrastructure cares, but even just mainstream computing requirements need to have their data protected, help me protect my workloads and they don't have the people in house, right? So that's where partnership is needed, right? And that's where we believe, you know, our approach with our partner ecosystem is it's not HPE delivering everything ourself, but all of us in this together is really what we believe. The only way we're gonna be able to get this done. >>So collets double click on that HPE and its partner ecosystem can provide expertise that companies and every industry are lacking. You're delivering HPE as a 360 degree approach to security. Talk about what that 360 degree approach encompasses. >>Thank you. It is, it is an approach, right? Because I feel that security is a, it is a, it is a thread that will go through the entire construct of a technical solution, right there. Isn't a, oh, if you just buy this one server with this one feature, you don't have to worry about anything else. It's really it's everywhere. And at least the way we believe it, it's everywhere. And it in a 360 degree approach, the way we like to frame it is it's, it's this beginning with our supply chain, right? We take a lot of pride in the designs, you know, the really smart engineering teams, the design, our technology, our awesome world class global operations team, working in concert to deliver some of these technologies into the market. That is a huge, you know, great capability, but also a huge risk to customers, cuz that is the most vulnerable place that if you inject some sort of malware or, or tampering at that point, you know, the rest of the story really becomes mute because you've already defeated, right? >>And then you move in to you physically deployed that through our global operations. Now you're in an operating environment. That's where automation becomes key, right? We have software innovations in, you know, our ILO product of management inside those single servers. And we have really cool new grain lake for compute operations management services out there that give customers more control back and more information to deal with this scaling problem. And then lastly, as you begin to wrap up, you know, the natural life cycle and you need to move to new platforms and new technologies, right? We think about the exit of that life cycle and how do we make sure we dispose of the data and, and move those products into a secondary life cycle so that we can move back into this kind of circular 360 degree approach. We don't wanna leave our customers hanging anywhere in this entire journey. >>That 360 degree approach is so critical, especially given as we've talked about already in this segment, the changes, the dynamics in the environment. And as Cole said, this is this 360 degree approach that HPE is delivering is beginning in the manufacturing supply chain seems like the first line of defense against cyber attackers talked to us about why that's important. And where did the impetus come from? Was that COVID was that customer demand? >>Yep. Yep. Yeah. The supply chain is critical. Thank you. So in 2018, we, we could see all of these cybersecurity issues starting to emerge and predicted that this would be a significant challenge for our industry. So we formed a strategic initiative called the trusted supply chain program designed to mitigate cybersecurity risk in the supply chain and really starting at the product with the product life cycle, starting at the product design phase and moving through sourcing and manufacturing, how we deliver products to our customers and ultimately a product's end of life that Cole mentioned. So in doing this, we're able to provide our customers with the most secure products and services, whether they're buying their servers from, for their data center or using our own GreenLake services. So just to give you some examples, something that is foundational to our trusted supply chain program, we've built a very robust cybersecurity supply chain risk management program that includes assessing our risk at our all factories and our suppliers. >>Okay. We're also looking at strengthening our software supply chain by developing mechanisms to identify software vulnerabilities and hardening our own software build environments to protect against counterfeit parts that I mentioned in the beginning from entering our supply chain, we've recently started a blockchain program so that we can identify component provenance and trace part parts back to their original manufacturers. So our security efforts, you know, continue even after product manufacturing, we offer three different levels of secure delivery services for our customers, including, you know, a dedicated truck and driver or perhaps even an exclusive use vehicle. We can tailor our delivery services to whatever the customer needs. And then when a product is at its end of life, products are either recycled or disposed using our approved vendors. So our servers are also equipped with the one button secure erase that erases every bite of data, including firmware data and talking about products, we've taken additional steps to provide additional security features for our products. >>Number one, we can provide platform certificates that allow the user to cryptographically verify that their server hasn't been tampered with from the time it left the manufacturing facility to the time that it arrives at the customer's factory facility. In addition to that, we've launched a dedicated line of trusted supply chain servers with additional security features, including secure configuration lock chassis intrusion detection. And these are assembled at our us factory by us vetted employees. So lots of exciting things happening within the supply chain, not just to shore up our own supply chain risk, but also to provide our customer the most. So that announcement. >>All right, thank you. You know, they've got great setup though, because I think you gotta really appreciate the whole effort that we're putting into, you know, bringing these online. But one of the just transparently the gaps we had as we proved this out was as you heard, this initial proof was delivered with assembly in the us factory employees, you know, fantastic program really successful in all our target industries and, and even expanding to places we didn't really expect it to, but it's kind of going to the point of security. Isn't just for one industry or one set of customers, right? We're seeing it in our partners. We're seeing it in different industries than we have in the past. And, but the challenge was we couldn't get this global right out the gate, right? This has been a really heavy transparently, a us federal activated focus, right? >>If, if you've been tracked in what's going on since may of last year, there's been a call to action to improve a nation cybersecurity. So we've been all in on that and we have an opinion and we're working hard on that, but we're a global company, right? How can we get this out to the rest of the world? Well guess what, this month we figured it out and well, let's take a lot more than those month. We did a lot of work that we figured it out and we have launched a comparable service globally called server security optimization service, right? HPE server security optimization service for proli. I like to call it, you know, S S O S sauce, right? Do you wanna be clever HPE sauce that we can now deploy globally? We get that product hardened in the supply chain, right? Because if you take the best of your supply chain and you take your technical innovations, that you've innovated into the server, you can deliver a better experience for your customers, right? >>So the supply chain equals server technology and our awesome, you know, services teams deliver supply chain security at that last mile. And we can deliver it in the European markets. And now in the Asia Pacific markets right now, we could always just, we could ship it from the us to other markets. So we could always fulfill this promise, but I think it's just having that local access into your partner ecosystem and stuff just makes more sense, but it is big deal for us because now we have activated a meaningful supply chain security benefit for our entire global network of partners and customers, and we're excited about it. And we hope our customers are too. >>That's huge Cole. And, and in terms of this significance of the impact that HPE is delivering through its partner ecosystem globally as the supply chain continues to be one of the terms on everyone's lips here, I'm curious Cole, we just couple months ago, we're at discover. Can you talk about what HPE is doing here from a, a security perspective, this global approach that it's taking as it relates to what HPE was talking about at discover, in terms of we wanna secure the enterprise to deliver these experiences from edge to cloud. >>You know, I feel like for, for me, and, and I think you look at the shared responsibility models and you know, other frameworks out there, the way we're the way I believe it to be is this is it's, it's a solution, right? There's not one thing, you know, if you use HPE supply chain, the end, or if you buy an HPE pro line the end, right. It is an integrated connectedness with our, as a service platform, our service and support commitments, you know, our extensive partner ecosystem, our alliances, all of that comes together to ultimately offer that assurance to a customer. And I think these are specific, meaningful proof points in that chain of custody, right? That chain of trust, if you will, because as the world becomes more, zero trust, we are gonna have to prove ourselves more, right. And these are those kind of technical I credentials and identities and, you know, capabilities that a modern approach to security need. >>Excellent, great work there. And let's go ahead and, and take us home, take the audience through what you think ultimately, what HPE is doing, really infusing security at that 360 degree approach level that we talked about. What are some of the key takeaways that you want the audience that's watching here today to walk away with? >>Right. Right. Thank you. Yeah. You know, with the increase in cyber security threats, everywhere affecting all businesses globally, it's gonna require everyone in our industry to continue to evolve in our supply chain security in our product security in order to protect our customers in our business, continuity protecting our supply chain is something that HPE is very committed to and takes very seriously. So, you know, I think regardless of whether our customers are looking for an on-prem solution or a GreenLake service, you know, HPE is proactively looking for in mitigating any security risk in this supply chain so that we can provide our customers with the most secure products and services. >>Awesome. Ann and Cole. Thank you so much for joining me today, talking about what HPE is doing here and why it's important as our program is called to be confident and trust your server security with HPE and how HPE is doing that. Appreciate your insights on your time. >>Thank you so much for having thank >>You, Lisa, >>For Cole Humphreys and Anne Potton I'm Lisa Martin. We wanna thank you for watching this segment in our series. Be confident and trust your server security with HPE. We'll see you soon.

(upbeat music) >> Hi, everyone, welcome to this program sponsored by HPE. I'm your host, Lisa Martin. We're here talking about being confident and trusting your server security with HPE. I have two guests here with me to talk about this important topic. Cole Humphreys joins us, global server security product manager at HPE, and Ann Potten, trusted supply chain program lead at HPE. Guys, it's great to have you on the program, welcome. >> Hi, thanks. >> Thank you. It's nice to be here. >> Ann let's talk about really what's going on there. Some of the trends, some of the threats, there's so much change going on. What is HPE seeing? >> Yes, good question, thank you. Yeah, you know, cybersecurity threats are increasing everywhere and it's causing disruption to businesses and governments alike worldwide. You know, the global pandemic has caused limited employee availability originally, this has led to material shortages, and these things opens the door perhaps even wider for more counterfeit parts and products to enter the market, and these are challenges for consumers everywhere. In addition to this, we're seeing the geopolitical environment has changed. We're seeing rogue nation states using cybersecurity warfare tactics to immobilize an entity's ability to operate, and perhaps even use their tactics for revenue generation. The Russian invasion of Ukraine is one example. But businesses are also under attack, you know, for example, we saw SolarWinds' software supply chain was attacked two years ago, which unfortunately went unnoticed for several months. And then, this was followed by the Colonial Pipeline attack and numerous others. You know, it just seems like it's almost a daily occurrence that we hear of a cyberattack on the evening news. And, in fact, it's estimated that the cyber crime cost will reach over $10.5 trillion by 2025, and will be even more profitable than the global transfer of all major illegal drugs combined. This is crazy. You know, the macro environment in which companies operate in has changed over the years. And, you know, all of these things together and coming from multiple directions presents a cybersecurity challenge for an organization and, in particular, its supply chain. And this is why HPE is taking proactive steps to mitigate supply chain risk, so that we can provide our customers with the most secure products and services. >> So, Cole, let's bring you into the conversation. Ann did a great job of summarizing the major threats that are going on, the tumultuous landscape. Talk to us, Cole, about the security gap. What is it, what is HPE seeing, and why are organizations in this situation? >> Hi, thanks, Lisa. You know, what we're seeing is as this threat landscape increases to, you know, disrupt or attempt to disrupt our customers, and our partners, and ourselves, it's a kind of a double edge, if you will, because you're seeing the increase in attacks, but what you're not seeing is an equal to growth of the skills and the experiences required to address the scale. So it really puts the pressure on companies, because you have a skill gap, a talent gap, if you will, you know, for example, there are projected to be 3 1/2 million cyber roles open in the next few years, right? So all this scale is growing, and people are just trying to keep up, but the gap is growing, just literally the people to stop the bad actors from attacking the data. And to complicate matters, you're also seeing a dynamic change of the who and the how the attacks are happening, right? The classic attacks that you've seen, you know, in the espionage in all the, you know, the history books, those are not the standard plays anymore. You'll have, you know, nation states going after commercial entities and, you know, criminal syndicates, as Ann alluded to, that there's more money in it than the international drug trade, so you can imagine the amount of criminal interest in getting this money. So you put all that together and the increasing of attacks it just is really pressing down as literally, I mean, the reports we're reading over half of everyone. Obviously, the most critical infrastructure cares, but even just mainstream computing requirements need to have their data protected, "Help me protect my workloads," and they don't have the people in-house, right? So that's where partnership is needed, right? And that's where we believe, you know, our approach with our partner ecosystem this is not HPE delivering everything ourself, but all of us in this together is really what we believe the only way we're going to be able to get this done. >> So, Cole, let's double-click on that, HPE and its partner ecosystem can provide expertise that companies in every industry are lacking. You're delivering HPE as a 360-degree approach to security. Talk about what that 360-degree approach encompasses. >> Thank you, it is an approach, right? Because I feel that security it is a thread that will go through the entire construct of a technical solution, right? There isn't a, "Oh, if you just buy this one server with this one feature, you don't have to worry about anything else." It's really it's everywhere, at least the way we believe it, it's everywhere. And in a 360-degree approach, the way we like to frame it, is it's this beginning with our supply chain, right? We take a lot of pride in the designs, you know, the really smart engineering teams, the designer, technology, our awesome, world-class global operations team working in concert to deliver some of these technologies into the market, that is, you know, a great capability, but also a huge risk to customers. 'Cause that is the most vulnerable place that if you inject some sort of malware or tampering at that point, you know, the rest of the story really becomes mute, because you've already defeated, right? And then, you move in to you physically deployed that through our global operations, now you're in an operating environment. That's where automation becomes key, right? We have software innovations in, you know, our iLO product of management inside those single servers, and we have really cool new GreenLake for compute operations management services out there that give customers more control back and more information to deal with this scaling problem. And then, lastly, as you begin to wrap up, you know, the natural life cycle, and you need to move to new platforms and new technologies, we think about the exit of that life cycle, and how do we make sure we dispose of the data and move those products into a secondary life cycle, so that we can move back into this kind of circular 360-degree approach. We don't want to leave our customers hanging anywhere in this entire journey. >> That 360-degree approach is so critical, especially given, as we've talked about already in this segment, the changes, the dynamics in the environment. Ann, as Cole said, this 360-degree approach that HPE is delivering is beginning in the manufacturing supply chain, seems like the first line of defense against cyberattackers. Talk to us about why that's important and where did the impetus come from? Was that COVID, was that customer demand? >> Yep, yep. Yeah, the supply chain is critical, thank you. So in 2018, we could see all of these cybersecurity issues starting to emerge and predicted that this would be a significant challenge for our industry. So we formed a strategic initiative called the Trusted Supply Chain Program designed to mitigate cybersecurity risk in the supply chain, and really starting with the product life cycle, starting at the product design phase and moving through sourcing and manufacturing, how we deliver products to our customers and, ultimately, a product's end of life that Cole mentioned. So in doing this, we're able to provide our customers with the most secure products and services, whether they're buying their servers for their data center or using our own GreenLake services. So just to give you some examples, something that is foundational to our Trusted Supply Chain Program we've built a very robust cybersecurity supply chain risk management program that includes assessing our risk at all factories and our suppliers, okay? We're also looking at strengthening our software supply chain by developing mechanisms to identify software vulnerabilities and hardening our own software build environments. To protect against counterfeit parts, that I mentioned in the beginning, from entering our supply chain, we've recently started a blockchain program so that we can identify component provenance and trace parts back to their original manufacturers. So our security efforts, you know, continue even after product manufacturing. We offer three different levels of secured delivery services for our customers, including, you know, a dedicated truck and driver, or perhaps even an exclusive use vehicle. We can tailor our delivery services to whatever the customer needs. And then, when a product is at its end of life, products are either recycled or disposed using our approved vendors. So our servers are also equipped with the One-Button Secure Erase that erases every byte of data, including firmware data. And talking about products, we've taken additional steps to provide additional security features for our products. Number one, we can provide platform certificates that allow the user to cryptographically verify that their server hasn't been tampered with from the time it left the manufacturing facility to the time that it arrives at the customer's facility. In addition to that, we've launched a dedicated line of trusted supply chain servers with additional security features, including Secure Configuration Lock, Chassis Intrusion Detection, and these are assembled at our U.S. factory by U.S. vetted employees. So lots of exciting things happening within the supply chain not just to shore up our own supply chain risk, but also to provide our customers with the most secure product. And so with that, Cole, do you want to make our big announcement? >> All right, thank you. You know, what a great setup though, because I think you got to really appreciate the whole effort that we're putting into, you know, bringing these online. But one of the, just transparently, the gaps we had as we proved this out was, as you heard, this initial proof was delivered with assembly in the U.S. factory employees. You know, fantastic program, really successful in all our target industries and even expanding to places we didn't really expect it to. But it's kind of going to the point of security isn't just for one industry or one set of customers, right? We're seeing it in our partners, we're seeing it in different industries than we have in the past. But the challenge was we couldn't get this global right out the gate, right? This has been a really heavy, transparently, a U.S. federal activated focus, right? If you've been tracking what's going on since May of last year, there's been a call to action to improve the nation's cybersecurity. So we've been all in on that, and we have an opinion and we're working hard on that, but we're a global company, right? How can we get this out to the rest of the world? Well, guess what? This month we figured it out and, well, it's take a lot more than this month, we did a lot of work, but we figured it out. And we have launched a comparable service globally called Server Security Optimization Service, right? HPE Server Security Optimization Service for ProLiant. I like to call it, you know, SSOS Sauce, right? Do you want to be clever? HPE Sauce that we can now deploy globally. We get that product hardened in the supply chain, right? Because if you take the best of your supply chain and you take your technical innovations that you've innovated into the server, you can deliver a better experience for your customers, right? So the supply chain equals server technology and our awesome, you know, services teams deliver supply chain security at that last mile, and we can deliver it in the European markets and now in the Asia Pacific markets, right? We could ship it from the U.S. to other markets, so we could always fulfill this promise, but I think it's just having that local access into your partner ecosystem and stuff just makes more sense. But it is a big deal for us because now we have activated a meaningful supply chain security benefit for our entire global network of partners and customers and we're excited about it, and we hope our customers are too. >> That's huge, Cole and Ann, in terms of the significance of the impact that HPE is delivering through its partner ecosystem globally as the supply chain continues to be one of the terms on everyone's lips here. I'm curious, Cole, we just couple months ago, we're at Discover, can you talk about what HPE is doing here from a security perspective, this global approach that it's taking as it relates to what HPE was talking about at Discover in terms of we want to secure the enterprise to deliver these experiences from edge to cloud. >> You know, I feel like for me, and I think you look at the shared-responsibility models and, you know, other frameworks out there, the way I believe it to be is it's a solution, right? There's not one thing, you know, if you use HPE supply chain, the end, or if you buy an HPE ProLiant, the end, right? It is an integrated connectedness with our as-a-service platform, our service and support commitments, you know, our extensive partner ecosystem, our alliances, all of that comes together to ultimately offer that assurance to a customer, and I think these are specific meaningful proof points in that chain of custody, right? That chain of trust, if you will. Because as the world becomes more zero trust, we are going to have to prove ourselves more, right? And these are those kind of technical credentials, and identities and, you know, capabilities that a modern approach to security need. >> Excellent, great work there. Ann, let's go ahead and take us home. Take the audience through what you think, ultimately, what HPE is doing really infusing security at that 360-degree approach level that we talked about. What are some of the key takeaways that you want the audience that's watching here today to walk away with? >> Right, right, thank you. Yeah, you know, with the increase in cybersecurity threats everywhere affecting all businesses globally, it's going to require everyone in our industry to continue to evolve in our supply chain security and our product security in order to protect our customers and our business continuity. Protecting our supply chain is something that HPE is very committed to and takes very seriously. So, you know, I think regardless of whether our customers are looking for an on-prem solution or a GreenLake service, you know, HPE is proactively looking for and mitigating any security risk in the supply chain so that we can provide our customers with the most secure products and services. >> Awesome, Anne and Cole, thank you so much for joining me today talking about what HPE is doing here and why it's important, as our program is called, to be confident and trust your server security with HPE, and how HPE is doing that. Appreciate your insights and your time. >> Thank you so much for having us. >> Thank you, Lisa. >> For Cole Humphreys and Anne Potten, I'm Lisa Martin, we want to thank you for watching this segment in our series, Be Confident and Trust Your Server Security with HPE. We'll see you soon. (gentle upbeat music)

(upbeat pop music) >> [Narrator] France! It's theCUBE, covering .NEXT Conference 2017 Europe. Brought to you by Nutanix. (upbeat pop music) >> Welcome back, I'm Stu Miniman, and this is theCube. Happy to welcome to the program, first time guest, gonna help me with some analysis of what's been happening here at the show, Keith Humphreys, who is the managing consultant at euroLAN Research. Thanks so much for joining us. >> My pleasure, Stu. >> Alright, so, Keith, you and I were the only analysts at the Vienna show last year, they've grown he analyst program a little bit as, you know, most of us in the community been watching Nutanix for many years. Tell us a little bit about kind of your background, and what specifically you focus on. >> Okay, so, euroLAN is an industry analyst company focused on helping vendors optimize routes to market in Europe. So, we're a channel analyst company founded in '93, in Paris, France, I was employee number five, and we're still about five consultants, and as I say, we're very vendor focused on channels. >> Yeah, well, it goes without saying, in our industry things are changing a lot, but boy, has the channel been changing massively, you know, everything from the impact of service providers to the public cloud. So, let's start kind of at the macro level a little bit. What are some of the big issues? The channels always, you know, we say they're coin operated. Where do they make money, where are they concerned about, what's exciting them these days? >> I think at a macro level what's really exciting, if you look at the book B four B, it describes the risk having gone from corporate back to the vendor. So, before the enterprise used to buy kit, buy stuff, buy products and have to integrate them themselves, take 18 months before they actually got a working product, but in the mean time the vendors had produced the invoice, maybe not even shipped the kit before they could recognize the revenue, now with as-a-service that's totally changed. The risk is gone from the customer, right they way back to the vendor, it's a fascinating point, and the channel's stuck in between here, trying to be the good guys, still trying to integrate that stuff, still trying to produce those solutions, but only getting paid at an annuity revenue model. It's very different. >> Yeah, you know, I was involved in some of the early convergent infrastructure solutions, and you go to some companies and they're like, "We make tons of money racking and stacking and cabling." We're like, "Come on, that's not huge value add, let's help you add more value, get more involved, be more consultative solution-selling and the like." We've only seen that accelerate with the like of hyper converge infrastructure and solutions-as-a-service as you said where sometimes it's just frictionless, just acquire what I need when I need it. How's the channel doing? >> I think the channel's doing okay, but they're in denial, because of this issue. I think if you look at the way Nutanix started as a box provider and now moving to software, some of the channel is really railing against that, and saying, "We still want to do it this way." They're not learning the lesson that they must move to an annuity model basis, because it's a huge business transformation. We jointly run a workshop with IDC to help system integrators make that transition across, and we've only booked through a half a dozen companies for it. They should be knocking our door down to go through this, but they're finding it really hard. >> Alright, so, how's Nutanix doing in the channel? >> So, I think, interestingly, I think it was Chad Sakac of VMware said that they're having to bring out a proof of concept box for vSphere. So they can put that box into customers, so they can try it out. Interesting for a software vendor you're having to package something, so they've gone in that direction. Where as Nutanix are moving in the other direction, going to software only from the box. That's fascinating, but they're trying to drag that channel with them. Are CDW really happy that they're moving to a software-only model? Maybe not. >> Well, look, we've been discussing this week the software-only model, of course, there's still gotta be an appliance somewhere. So, from a channel standpoint, if tomorrow Nutanix says, "Hey, we're only gonna do software and you're gonna do..." does that have a significant impact on the channel, if they now get it if it's a distributor, or some other piece, how much will that impact the channel? >> I think it's going back to the old model of digital days where the channel partner's going back to integrating stuff. Which I think is great news for them, because they can add value, but have they still got the skills? A lot of them have lost those skills, they've been de-franchised or they've de-franchised themselves. >> Yeah, we'll see how that plays out, as to whether it comes in a similar form factor. I don't expect that they're gonna be getting Lego pieces and putting together, it's still mostly gonna be pieces. How 'bout Nutanix's been going a lot of new directions, trying to expand, software-only isn't just about saying, kinda the base stack and AHV, but Zai and calm. Some of these other pieces. Is the channel ready for these kind of things? Does Nutanix have to then do way more of it and the channel's just for filling it? How does that dynamic work? >> I think Nutanix has to go out and create the market. They've got to make end customers aware of this and then the enterprise customers will be asking their channel partners for it so they'll have to get up to speed. You know it's a push and pull model to channel. You can't just push through the channel. I heard someone from Nutanix describe the channel as an extension of their sales force. It's just not. You know computer center's go out and sell computer centers. They don't sell Nutanix. They sell their customer benefit and Nutanix is a small part of that solution. Every project is software based. It's around SAP. It's around Oracle and there's some infrastructure to run it on. It's a small part. >> It's interesting, I got to interview a service provider that has then become a reseller of Nutanix solutions. We sometimes say that service providers are the new channel. How is that dynamic playing out? >> Well, if I was to want infrastructure in our office I wouldn't phone British Telecom for it. (laughs) >> Fair enough. What about, we're talking about the multi cloud world. I've found that there's some systems integrators out there that are offering Azure services, some are engaging AWS has been really good at building out their channel. How's that in Europe these days? How much is the channel engaged in the public cloud? >> We're seeing Amazon with AWS starting to reach out to the channel at long last, with channel programs, channel recruitment. They're not gonna get rich reselling that but they'll get rich by putting the professional services on there. You know, what should I run on here? Is it good for computers? Is it good for scaling? Is it good for additional workloads? They've gotta add professional services but even as we run our workshops we see exactly the same thing. As they move to as-a-service, it might be profitable to a degree but it takes you four or five years to get there. So you've gotta be adding professional services on top of that revenue to maintain it. >> Well, I have to think there's good opportunity there because while there was this promise the future's gonna be simple. Right? Public cloud, it's nice and easy swipe a credit card and good. There's so many features out there. SaaS, anybody's that's used SaaS providers when they really wanna use it there's requirements there. So is the channel stepping up to fill some of that gap or will the Accentures, those kind of consulting come in and take that revenue? >> I think it depends on the company's size. We profiled in our newsletter a small UK company who get digital transformation. This quarter we profiled Accenture. They're both doing the same things, just addressing different parts of the market. I think the other interesting thing is, you mentioned the difficulty, obviously AWS uses its own terminology and it looks very complicated but what I do like is the Nutanix one click based around machine learning. That's really exciting. Sudheesh Nair was just talking about DeepMind's AlphaGo Zero and how it's learned the Chinese Go Program. It self learned that. No one taught that. It actually self learned that. There was an article on the FT which was trying to say this is frightening. It's not frightening if we're gonna move into an IoT age, if we're gonna move into an autonomous car age. We're gonna need software that's written to Sigma Nine not Sigma Six and I think only machines can do that. We're not very good at writing software. >> Keith, what more should Nutanix be doing? What advice do you give them on what they can do to engage even more with the channel? >> They've gotta ramp up the marketing. They've gotta provide the air cover for the channel. They've gotta go out and create the demand, create the awareness. The channel will follow through on that. >> One last question I have for you, what advice do you give to the channel today? For them to stay profitable, stay relevant, in this ever changing future? >> It's professional services and annuity revenue. Days of selling boxes are gone. They'll always be boxes you say but you know, it's pure commodity now. Maybe they should invest in super micro? >> Alright. Well Keith Humphries, pleasure to talk with you again and thank you much for joining us. >> Thanks Stu >> We'll be back with lots more coverage here from Nutanix .Next in Nice, France. You're watching theCube. (upbeat pop music)