Secure Provenance

Most data centers don’t know if their appliances are secure because most manufacturers don’t know either. The global supply chain is so complex it has massive security gaps. The threat is literally a National Emergency. The solution is Secure Provenance.

Covert hardware and firmware implants are the gold standard for antagonists, as these techniques create a back door that can go undetected for years. Unfortunately, even now in 2020, the biggest IT appliance brands will not offer any form of appliance security guarantee. Instead, they talk about risk mitigation, but common sense says risk removal is better than risk reduction, that’s why we offer Secure Provenance.

Why you are a target

It’s true that some data centers are more valuable to antagonists than others. But even if you’re not being actively targeted you are at risk from compromised appliances – and there is a steady stream of them. Learn about recent events here. If security matters to you, Secure Provenance is something you should have on your specification contracts.

 

Protection through provenance

Secure Provenance ensures that the appliance is true, that it is precisely as designed and specified, nothing more, nothing less. It verifies there are no additional or duplicitous components, nor any hidden code, and you can see this for yourself with SoftIron.

 

Transparency reveals the truth

Secure Provenance verifies appliance integrity but achieving this requires a 360° transparent audit into the entire design, supply chain, manufacture and delivery path. Every component in the box must be confirmed against the original schematics and specification documents, and every line of code reviewed. The entire end-to-end process must be known and verifiable under audit conditions with a forensic chain of custody.

 

The issue with trust

For most manufacturers this level of transparency presents organisational difficulties, so instead they expect the end-purchaser, often making multi-million-dollar mission critical decisions, to rely on trust. Trust is not secure – appliance validation is.

Ask SoftIron about Secure Provenance for your data center appliances.