On-Premises Infrastructure - Hardware Security

What’s really in your racks?

Whether operating an internal IT infrastructure or offering a cloud service provision, most IT managers won’t know if their cloud infrastructure is secure, because most manufacturers providing the compute, network and storage equipment they rely on don’t know either. The global supply chain is now so opaque and complex that it has glaring security gaps. The threat was declared a National Emergency in 2019.

The solution is secure provenance

Covert hardware and firmware implants are the gold standards for antagonists, as these techniques create a backdoor that can go undetected for years. Unfortunately, even today, the biggest IT appliance brands or cloud providers will not offer any form of appliance security guarantee. Instead, they talk about risk mitigation, but common sense says risk removal is better than risk reduction, that’s why we offer secure provenance.

Why you are a target

Enterprise security tends to focus on data as the asset to be protected, but in national security, subverting and/or bringing down the infrastructure itself can have immediate and much more serious implications to life and liberty than compromise of information. In these scenarios mitigating the risk of compromised hardware in the infrastructure becomes paramount.

Consider that just one appliance from any major IT brand can have numerous sub-manufacturers, each using components from a multitude of international suppliers. Then consider that every stage; from design through component supply, manufacturing, coding and assembly, presents opportunities for tampering.

The security of critical national infrastructure is fundamental. Secure provenance is something you should demand from your suppliers, and should be something you should have on your specification contracts.

Protection through provenance

The hardware and firmware risk is bigger than is generally acknowledged, as announcing breaches has wide ranging implications for those affected, and so many events are managed discreetly. Those that work in defense, intelligence or insurance will already know how deep the problem is.

Secure provenance ensures that the appliance is true, that it is precisely as designed and specified, nothing more, nothing less. It verifies there are no additional or duplicitous components, nor any hidden code, and you can see this for yourself with SoftIron.

100% ownership of design & manufacturing

Secure provenance verifies appliance and software integrity, and achieving this requires a 360-degree transparent audit of the entire design, supply chain, manufacturing, and delivery path.

All design and engineering is done by SoftIron. There are no third party ODMs (Original Design Manufacturers) involved in any way with SoftIron.

All manufacturing, including surface-mount assembly, is done in-house. There are no white-label components inside a SoftIron box. Our name is our reputation and we take that very seriously.

Full stack control

SoftIron is in the unique position of being a full stack manufacturer, so we have authorship, ownership and total responsibility for all code that goes into HyperCloud. Any code we don’t write we read line by line—we know every single instruction and why it needs to be there. SoftIron will never install a binary file without taking it back to the source code for a forensic check.

Only strictly specified components (including manufacturer and batch) are used in SoftIron appliances, and only from fully vetted supply partners. All components are checked and tested before installation.

References

Browse our growing library of qualified opinions and data-driven insights on security vulnerabilities and provenance in our industry.

A SoftIron secure provenance audit

A 360° transparent audit to demonstrate secure provenance will reveal:

  • All design done in-house
  • All circuit schematics
  • No SKU has multiple bids
  • Fully vetted supply partners
  • Component verification (x-rays, parameter testing, etc.)
  • Firmware and OS code in source form, line-by-line
  • Secure manufacture and assembly in-house
  • Individual appliance test and seal
  • End-to-end forensic chain of custody
  • Tamper-evident packaging before leaving our secure facility
  • Any external component precisely specified (manufacturer and batch)

The audit process validates the product is exactly as designed and specified. It will demonstrate there are no additional or duplicitous components, nor any hidden coding.

Discover HyperCloud security

Product principles

HyperCloud is an innovative private cloud solution meeting the stringent needs of defense, national security and government customers.

Sovereign manufacturing capability

Deploy cloud at your data centre or co-lo in half a day and (less than) half a rack, with only generalist IT skills.

Software security

HyperCloud’s software stack has been developed over a decade to deliver a vertically integrated architecture that abstracts away complexity deep in the system.

Standards

HyperCloud’s proven technology is already in use in highly sensitive environments across Australia, the United States and other NATO countries.
Top