Search

HPE’s Project Aurora Launches, a New Zero-Trust Offering to Help Address Security Concerns

The News: This week at HPE Discover, HPE’s flagship annual event, the company made a number of key announcements concerning foundational technologies we can expect in the coming months. HPE’s Project Aurora, a new zero trust offering, will debut later in 2021 as part of the GreenLake hybrid cloud platform. Project Aurora’s capabilities are intended to help enterprises rebuild their security posture and help to address how to secure IT platforms from edge-to-cloud. Gary Campbell, Fellow, HPE Vice President and Chief Technology Officer for Security, announced Project Aurora in a blog post this week

HPE’s Project Aurora Launches, a New Zero-Trust Offering to Help Address Security Concerns

Analyst Take: HPE’s Project Aurora will initially roll-out within HPE GreenLake Lighthouse to automatically and continuously verify the integrity of the hardware, firmware, operating systems, platforms, and workloads, and will also include workloads from security vendors. This continuous attestation will enable HPE to quickly detect advanced threats in seconds compared to a reported average of 24 days, helping to minimize loss and unauthorized encryption (and corruption) of valuable data and intellectual property.

HPE’s Project Aurora builds upon the company’s Silicon Root of Trust technology that is recognized by insurers in the Cyber Catalyst program created by Marsh. Cyber Catalyst is a cybersecurity evaluation program that enables customers that adopt designated technologies to be considered for enhanced terms and conditions on cyber insurance policies from participating insurers. Together, these capabilities hold immutable measurements that originate from the factory floor. Project Aurora uses these measurements to initiate the continuous chain of trust.

In the months ahead, HPE plans to embed open-source technologies like SPIFFE and SPIRE into Project Aurora to enable DevSecOps engineers to deliver workload identities rooted in continuously verified HPE hardware. HPE also outlined plans to roll out capability across all HPE GreenLake cloud services and HPE Ezmeral software platforms.

Three-pronged Hardware Engineering Approach

HPE’s Project Aurora is fundamentally based on three levels of added value security engineering, which include the following:

Increase data value through attestation and verification. Rooted at the silicon layer, HPE’s Project Aurora helps ensure the fidelity of data by continuously attesting supply chain, infrastructure, operating systems, platforms, and workloads to identify malicious code in the operating environment.

Accelerate innovation by laying a zero trust foundation. HPE’s Project Aurora delivers a zero-trust model rooted in hardware, which increases engineering velocity by standardizing and automating authentication flows from silicon to the cloud.

Identify attacks and protect investments. HPE’s Project Aurora continuously identifies zero-day attacks and advanced persistent threats to thwart loss and corruption of mission-critical business intelligence.

Why HPE’s Project Aurora Launch Matters

Why does this launch matter? With the increased threat landscape, polarization of global trade and the reality that nation states are using cyberattacks to drive national agendas, merely deploying software-based approaches and then focusing on compliance standards such as ISO27001 is not be enough. Regardless of where a device is located, either in the public cloud or operated on-premises, it is susceptible to cyberattacks. The stakes for organization are high, and the threat vectors and attack surfaces are numerous. With the increased deployment of edge computing, the threat surface and lack of pervasive control only increases.

What HPE is doing at the silicon and firmware level will have to become more pervasive. As I mentioned earlier, HPE’s Project Aurora builds upon HPE’s Silicon Root of Trust approach, which is HPE’s hardware-validated boot process built to ensure a system can only be started using code from an immutable source. This approach involves an anchor for the boot process rooted in hardware that cannot be updated or modified.

We recently covered the rise of Confidential Computing in a report which covered how the large vendors are looking to go beyond compliance driven approaches and software based solutions deeper toward the silicon (The Rise of Confidential Computing. Trust: The New Battlefield in the Age of Digital Transformation). The move from Operational Trust to Technical Trust is a huge shift in approach and if the current trajectory continues, will form the basis for securing compute platforms going forward.

With HPE’s Project Aurora, we see this foundation combined with a cryptographically secured signature, therefore ensuring there are no accessible gaps for hackers to exploit. If a hacker inserts a virus or compromised code into the server firmware, the configuration of the firmware is changed, creating a mismatch to the digital fingerprint embedded in the silicon. We will see this approach increase where code is digitally signed ideally closer to the silicon and firmware. I also envision this approach playing a more prevalent role in how code is attested in a CI/CD pipeline model.

I believe the market is looking for this type of deep engineering. The majority of current security approaches require overhead from a manpower and investment perspective. With security engineering finding its way close to silicon and firmware, the burden of security will move from the organization to the vendor to provide the solution. This approach will be less prone to human error and be less costly to implement.

I look forward to seeing more of these zero-trust offerings as they make it to the market later in 2021 and will then be able to fully digest how HPE plans to deliver on the promises made this week at HPE Discover. That said, this approach of driving security focus further toward the silicon is, I believe, where the industry needs to be heading.

The other misnomer with HPE is that some incorrectly view the organization as an OEM hardware vendor and not a Security vendor. As Confidential Computing accelerates and security gets closer to the silicon and firmware layers, I believe we’ll begin go see vendors such as HPE capturing more of the narratives as it relates to solutions on handling the increasing volume and scale of cyber security threats. My team and I at Futurum Research firmly believe that organizations need to adopt a holistic approach to their security posture to position themselves appropriately. That also means tracking the hardware OEM vendors as part of the solution providers and not just the traditional software vendors in this space.

Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Other insights from Futurum Research:

Introducing HPE GreenLake Lighthouse – Futurum Tech Webcast Interview Series 

Salomon’s Selection Of HPE GreenLake Designed To Aid In Meeting Its Ambitious Sustainability Goal

HPE Decides Time Has Come For HPE Storage To Go Full Cloud-Native In Delivering Cloud Data Services

Image Credit: HPE

Author Information

Regarded as a luminary at the intersection of technology and business transformation, Steven Dickens is the Vice President and Practice Leader for Hybrid Cloud, Infrastructure, and Operations at The Futurum Group. With a distinguished track record as a Forbes contributor and a ranking among the Top 10 Analysts by ARInsights, Steven's unique vantage point enables him to chart the nexus between emergent technologies and disruptive innovation, offering unparalleled insights for global enterprises.

Steven's expertise spans a broad spectrum of technologies that drive modern enterprises. Notable among these are open source, hybrid cloud, mission-critical infrastructure, cryptocurrencies, blockchain, and FinTech innovation. His work is foundational in aligning the strategic imperatives of C-suite executives with the practical needs of end users and technology practitioners, serving as a catalyst for optimizing the return on technology investments.

Over the years, Steven has been an integral part of industry behemoths including Broadcom, Hewlett Packard Enterprise (HPE), and IBM. His exceptional ability to pioneer multi-hundred-million-dollar products and to lead global sales teams with revenues in the same echelon has consistently demonstrated his capability for high-impact leadership.

Steven serves as a thought leader in various technology consortiums. He was a founding board member and former Chairperson of the Open Mainframe Project, under the aegis of the Linux Foundation. His role as a Board Advisor continues to shape the advocacy for open source implementations of mainframe technologies.

SHARE:

Latest Insights:

Lisa Martin shares her insights on modern MarTech with Thomas Been, CMO of Domino Data Lab. They unveil the essence of modern marketing, discuss understanding audience motivations (the art) and how to swiftly address customer needs (the science).
In this episode Keith Kirkpatrick discusses the news coming out of the Zendesk and Avaya Analyst Days, focusing on new product enhancements around AI, corporate strategy, and automation.
New GenAI Model Provides Greater Accuracy and Detail and Faster Generation
Keith Kirkpatrick, Research Director with The Futurum Group, covers Adobe’s beta release of Firefly Image 3 Foundation Model and a new beta version of Photoshop, which includes new features and capabilities.
An Assessment of The Key 5G Ecosystem Developments Including Azure Private MEC Inroads, New VMware Telco Cloud 4.0 Moves, and Vonage Singtel API Alliance
The Futurum Group’s Ron Westfall and Tom Hollingsworth review recent high impact telco cloud, MEC, and APIs moves including the progress of Azure Private MEC in supporting manufacturer private 5G network implementations, VMware Telco Cloud Platform Release 4.0 ready to ease VNF and CNF use, VMware Telco Cloud Platform RAN benefits, and how the Vonage Singtel partnership is uplifting overall API prospects.