Toggle navigation

Whether operating an internal IT infrastructure or offering a cloud service provision, most IT managers won’t know if their cloud infrastructure is secure, because most manufacturers providing the compute, network and storage equipment they rely on don’t know either. The global supply chain is now so opaque and complex that it has glaring security gaps. The threat was declared a National Emergency in 2019.

The solution is Secure Provenance.

Covert hardware and firmware implants are the gold standards for antagonists, as these techniques create a back door that can go undetected for years. Unfortunately, even today, the biggest IT appliance brands or cloud providers will not offer any form of appliance security guarantee. Instead, they talk about risk mitigation, but common sense says risk removal is better than risk reduction, that’s why we offer Secure Provenance.

Why you are a target

It’s true that some data facilities are more valuable to antagonists than others. But even if you’re not being actively targeted, you are at risk from compromised hardware – and there is a steady stream of them.

Consider that just one appliance from any major IT brand can have numerous sub-manufacturers, each using components from a multitude of international suppliers. Then consider that every stage; from design through component supply, manufacturing, coding and assembly, presents opportunities for tampering.

If security matters to you, Secure Provenance is something you should have on your specification contracts.

 

Protection through provenance

The hardware and firmware risk is bigger than is generally acknowledged, as announcing breaches has wide ranging implications for those affected, and so many events are managed discreetly. Those that work in defence, intelligence or insurance, will already know how deep the problem is.
Secure Provenance ensures that the appliance is true, that it is precisely as designed and specified, nothing more, nothing less. It verifies there are no additional or duplicitous components, nor any hidden code, and you can see this for yourself with SoftIron.

 

100% ownership of Design & Manufacturing

Secure Provenance verifies appliance and software integrity, and achieving this requires a 360 transparent audit into the entire design, supply chain, manufacture and delivery path.

All design and engineering are done by SoftIron. There are no third party ODMs (Original Design Manufacturers) involved in any way with SoftIron.

All manufacturing, including surface-mount assembly, is done in-house. There are no white label components inside a SoftIron box. Our name is our reputation and we take that very seriously.

Learn more about our our “designed, not assembled” ethos

 

Full stack control

SoftIron is in the unique position of being a full stack manufacturer, so we have authorship, ownership and total responsibility for all code that goes on our appliances. Any code we don’t write we read line by line – we know every single instruction and why it needs to be there. SoftIron will never install a binary file without taking it back to the source code for a forensic check.

Only strictly specified components (including manufacturer and batch) are used in SoftIron appliances and only from fully vetted supply partners. All components are checked and tested before installation.

Learn more about our HyperCloud Intelligent Cloud FabricTM

 

A SoftIron Secure Provenance audit

A 360° transparent audit to demonstrate Secure Provenance will reveal:

  • All design done in-house
  • All circuit schematics
  • No SKU has multiple bids
  • Fully vetted supply partners
  • Component verification (x-rays, parameter testing, etc.)
  • Firmware and OS code in source form, line-by-line
  • Secure manufacture and assembly in-house
  • Individual appliance test and seal
  • End-to-end forensic chain of custody
  • Tamper-evident packaging before leaving our secure facility
  • Any external component precisely specified (manufacturer and batch)

The audit process validates the product is exactly as designed and specified. It will demonstrate there are no additional or duplicitous components, nor any hidden coding.