 Hey everyone, welcome to this event, HPE Compute Security. I'm your host, Lisa Martin. Kevin DePue joins me next. Senior Director, Future Surfer Architecture at HPE. Kevin, it's great to have you back on the program. Thanks Lisa, I'm glad to be here. One of the topics that we're gonna unpack in this segment is all about cybersecurity. And if we think of how dramatically the landscape has changed in the last couple of years, I was looking at some numbers that HPE had provided. Cyber crime will reach $10.5 trillion by 2025. It's a couple of years away. The average total cost of a data breach is now over $4 million. 15% year-over-year crime growth predicted over the next five years. It's no longer, if we get hit, it's when. It's how often what's the severity. Talk to me about the current situation with the cybersecurity landscape that you're seeing. Yeah, I mean, the numbers you're talking about are just staggering. And then that's exactly what we're seeing and that's exactly what we're hearing from our customers. It is just absolutely key. Customers have too much to lose. The dollar cost is just, like I said, staggering. And here at HPE, we know we have a huge part to play, but we also know that we need partnerships across the industry to solve these problems. So we have partnered with our various partners to deliver these Gen 11 products, whether we're talking about partners like AMD or partners like our NIC vendors, storage, card vendors. We know we can't solve the problem alone and we know the issue is huge and like you said, the numbers are staggering. So we're really partnering with all the right players to ensure we have a secure solution. So we can stay ahead of the bad guys to try to limit the attacks on our customers. Right, limit the damage. What are some of the things that you've seen particularly change in the last 18 months or so? Anything that you can share with us that's more eye-opening than some of the stats we already shared? Well, there's been a massive number of attacks just in the last 12 months, but I wouldn't really say it's so much change because the amount of attacks has been increasing dramatically over the years for many, many, many years. It's just a very lucrative area for the bad guys, whether it's ransomware or stealing personal data, whatever it is, there's unfortunately a lot of money to be made into it, made from it and a lot of money to be lost by the good guys, the good guys being our customers. So it's not so much that it's changed, it's just that it's even accelerating faster. So the real change is it's accelerating even faster because it's becoming even more lucrative. So we have to stay ahead of these bad guys. One of the statistics of Microsoft operating environments, the number of tax in the last year up 50% year over year, that's a huge acceleration and we've got to stay ahead of that. We have to make sure our customers don't get impacted to the level that these staggering number of attacks are. The bad guys are out there, we've got to protect our customers from the bad guys. Absolutely, the acceleration that you talked about is kind of frightening, it's very eye-opening. We do know that security, we've talked about it for so long as a C-suite priority, a board level priority. We know that some of the data that HPE also sent over, organizations are listing cyber risks as a top five concern in their organization. IT budget spend is going up where security is concerned. And so security is on everyone's mind. In fact, theCUBE did, I guess in the middle part of last decade, did a series on this really focusing on cybersecurity as a board issue and they went into how companies are structuring security teams, changing their assumptions about the right security model, offense versus defense, but security's gone beyond the board. It's top of mind and it's on, it's an integral part of every conversation. So my question for you is when you're talking to customers, what are some of the key challenges that they're saying, Kevin, these are some of the things, the landscape is accelerating, we know it's a matter of time, what are some of those challenges and then their key pain points that they're coming to you to help solve? Yeah, at the highest level, it's simply that security is incredibly important to them. We talked about the numbers, there's so much money to be lost that what they come to us and say is security is important for us, what can you do to protect us? What can you do to bring us from being one of those statistics? So at a high level, that's kind of what we're seeing with a little more detail, we know that there's customers doing digital transformations, we know that there's customers going hybrid cloud, they've got a lot of initiatives on their own, they've got to spend a lot of time and a lot of bandwidth, tackling things that are important to their business, they just don't have the bandwidth to worry about yet another thing, which is security. So we are doing everything we can and partnering with everyone we can to help solve those problems for customers, because we're hearing, hey, this is huge, this is too big of a risk, how do you protect us? And by the way, we only have limited bandwidth, so what can we do? What we can do is make them assured that that platform is secure, that we're creating a foundation for a very secure platform and that we've worked with our partners to secure all the pieces. So yes, they still have to worry about security, but there's pieces that we've taken care of that they don't have to worry about and there's capabilities that we've provided that they can use and we've made that easy so they can build secure solutions on top of it. What are some of the things when you're in customer conversations, Kevin, that you talk about with customers in terms of what makes HPE's approach to security really unique? Well, I think a big thing is security is part of our DNA. It's part of everything we do, whether we're designing our own ASICs for our BMC, the ILO ASIC, ILO 6 used on Gen 11, or whether it's our firmware stack, the ILO firmware, our system UEFI firmware, all those pieces and everything we do, we're thinking about security. When we're building products in our factory, we're thinking about security. When we're designing our supply chain, we're thinking about security. When we make requirements on our suppliers, we're driving security to be a key part of those components. So security is in our DNA, security is top of mind, security is something we think about in everything we do. We have to think like the bad guys. What could the bad guy take advantage of? What could the bad guy exploit? So we try to think like them so that we can protect our customers. And so security is something that really is pervasive across all of our development organizations, our supply chain organizations, our factories and our partners. So that's what we think is unique about HPEs because security is so important. And there's a whole lot of pieces of our Proline servers that we do ourselves that many others don't do themselves. And since we do it ourselves, we can make sure that security is in the design from the start, that those pieces work together in a secure manner. So we think that gives us an advantage from a security standpoint. Security is very much intention-based at HPE. I was reading in some notes, and you just did a great job of talking about this, that fundamental security approach, security is fundamental to defend against threats that are increasingly complex through what you also call an uncompromising focus to state of the art security innovations built into your DNA and that organizations can protect their infrastructure, their workloads, their data from the bad guys. Talk to us briefly in our final few minutes here, Kevin, about fundamental uncompromising protected and the value in it for me as an HPE customer. Yeah, when we talk about fundamental, we're talking about those fundamental technologies that are part of our platform. Things like we've integrated TPMs and soldered them down in our platforms. We now have platform certificates as a standard part of the platform. We have IDEV IDEV, and probably most importantly, our platforms continue to support what we really believe was a groundbreaking technology, Silicon Root of Trust. And what that's able to do, we have millions of lines of firmware code in our platforms. And with Silicon Root of Trust, we can authenticate all of those lines of firmware, whether we're talking about the ILO 6 firmware, our UEFI firmware, our CPLD in the system, there's other pieces of firmware. We authenticate all those to make sure that not a single line of code, not a single bit has been changed by a bad guy, even if the bad guy has physical access to the platform. So that Silicon Root of Trust technology is making sure that when that system boots up and that hands off to the operating system and then eventually the customer's application stack, that it's starting with a solid foundation, that it's starting with a system that hasn't been compromised. And then we build other things into that Silicon Root of Trust, such as the ability to do the scans and the authentications at runtime, the ability to automatically recover. If we detect something that's been compromised, we can automatically update that compromised piece of firmware to a good piece before we've run it because we never want to run firmware that's been compromised. So that's all part of that Silicon Root of Trust solution and that's a fundamental piece of the platform. And then when we talk about uncompromising, what we're really talking about there is how we don't compromise security. And one of the ways we do that is through an extension of our Silicon Root of Trust with a capability called SPDM. And this is a technology that we saw the need for, we saw the need to authenticate our option cards and the firmware in those option cards, Silicon Root of Trust protects against many attacks, but one piece it didn't do is verify the actual option card firmware in the option cards. So we knew to solve that problem, we would have to partner with others in the industry, our NIC vendors, our storage controller vendors, our GPU vendors. So we worked with industry standards bodies and those other partners to design a capability that allows us to authenticate all of those devices. And we worked with those vendors to get the support both in their side and in our platform side, so that now Silicon Root of Trust has been extended to where we protect and we trust those option cards as well. So that's what we're talking about with uncompromising. And with Protect, what we're talking about there is our capabilities around protecting against, for example, supply chain attacks. We have our trusted supply chain solution, which allows us to guarantee that our server, when it leaves our factory, what the server is when it leaves our factory will be what it is when it arrives at the customer. And if the bad guy does anything in that transition, the transit from our factory to the customer, they'll be able to detect that. So we enable certain capabilities by default, capability called server configuration lock, which can ensure that nothing in the server has changed whether it's firmware, hardware configurations, swapping out processors, whatever it is, will detect if a bad guy did any of that and the customer will know it before they deploy the system. That gets enabled by default. We have an intrusion detection technology option. When you use by the trusted supply chain, that is included by default. That lets you know, did anybody open that system up? Even if the system's not plugged in, did somebody take the hood off and potentially do something malicious to it? We also enable a capability called UEFI secure boot, which can go authenticate some of the drivers that are located on the option card itself. Those kind of capability, also ILO high security mode gets enabled by default. So all these things are enabled in the platform to ensure that if it's attacked going from our factory to the customer, it will be detected and the customer won't deploy a system that's been maliciously attacked. So that's how we protect the customer through those capabilities. I understand. And you mentioned, partners, my last question for you, about a minute left, Kevin, is bring AMD into the conversation. Where do they fit in this? AMD is an absolutely crucial partner. No one company, even HP, can do it all themselves. There's a lot of partnerships. There's a lot of synergies working with AMD. We've been working with AMD for almost 20 years since we delivered our first AMD-based ProLiant back in 2004, the HP ProLiant DL585. So we've been working with them a long time. We work with them years ahead of when a processor is announced. We benefit each other. We look at their designs and help them make their designs better. They let us know about their technology so we can take advantage of it in our designs. So they have a lot of security capabilities like their memory encryption technologies, their AMD secure processor, their secure encrypted virtualization, which is an absolutely unique and breakthrough technology to protect virtual machines in hypervisor environments and protect them from malicious hypervisors. So they've had some really great capabilities that they've built into their processor. And we also take advantage of the capabilities they have and ensure those are used in our solutions and in securing the platform. So a really great- Such a great partnership, great synergies there. Kevin, thank you so much for joining me on the program talking about compute security. What HPE is doing to ensure that security is fundamental, that it is uncompromised and that your customers are protected end-to-end and we appreciate your insights. We appreciate your time. Thank you very much, Lisa. We've just had a great conversation with Kevin DePieu. Now I get to talk with David Chang, data center solutions and marketing lead at AMD. David, welcome to the program. Thank you and thank you for having me. So one of the hot topics of conversation that we can't avoid is security. Talk to me about some of the things that AMD is seeing from the customer's perspective, why security is so important for businesses across industries. Yeah, sure. Yeah, security is top of mind for almost every customer I'm talking to right now. There's several key market drivers and trends out there today that's really needing a better and innovative solution for security, right? So the high cost of data breaches, for example, will cost enterprises in downtime of the data center. And that time is time that you're not making money, right? And potentially even leading to the loss of customer confidence in your company's offerings. So there's real costs that our customers are facing every day, not being prepared and not having proper security measures set up in the data center. In fact, according to one report, over 400 high-tech threats are being introduced every minute. So every day, numerous new threats are popping up and they're just, the bad guys are just getting more and more sophisticated. So you have to take measures today and you have to protect yourself end-to-end with solutions like what AMD and HPE have to offer. You talked about some of the costs there, they're exorbitant. I've seen recent figures about the average cost of a data breach or ransomware is over $4 million. The cost of brand reputation you brought up, that's a great point because nobody wants to be the next headline and security, I'm sure in your experiences, it's a board level conversation. It's absolutely table stakes for every organization. Let's talk a little bit about some of the specific things now that AMD and HPE are doing. I know that you have a really solid focus on building security features into the Epic processors. Talk to me a little bit about that focus and some of the great things that you're doing there. Yeah, so we've partnered with HPE for a long time now. I think it's almost 20 years that we've been in business together and we help, we work together design in security features even before the Silicon's even born. So we have a great relationship with all our partners including HPE and HPE has a really great end to end security story and AMD fits really well into that. If you kind of think about how security all started in the data center, you've had strategies around encryption of the data in flight, the network security, VPNs and security on the NICs and even on the hard drives, data that's at rest, encryption has, security has been sort of part of that strategy for a long time. And really for ages, nobody really thought about the actual data in use, which is the information that's being passed from the CPU to the memory and even in virtualized environments to the virtual machines that everybody uses now. So for a long time, nobody really thought about that third leg of encryption. And so AMD comes in and says, hey, this is things that as the bad guys are getting more sophisticated, you have to start worrying about that. And for example, people think about memory being sort of non-persistent and after certain time, the data in the memory kind of goes away, right? But that's not true anymore because even in memory data now, there's a lot of memory modules that still can retain data up to 90 minutes even after power loss. And with something as simple as compressed air or liquid nitrogen, you can actually freeze memory bims now long enough to extract the data from that memory module for up to two or three hours, right? So more than enough time to read valuable data and even encryption keys off of that memory module. So our world's getting more complex and the more data out there, the more insatiable need for compute and storage, data management is becoming all the more important to keep all of that going and creating security from those threats, it becomes more and more important. And again, especially in virtualized environments where like hyper-converged infrastructure or virtual desktop memories, it's really hard to keep up with all those different attacks, all those are different attack surfaces. And it sounds like what you were just talking about is what AMD has been able to do is identify yet another vulnerability, another attack surface in memory to be able to plug that hole for organizations that weren't able to do that before. Yeah, and we kind of started out with that belief that security needed to be scalable and able to adapt to changing environment. So we came up with the philosophy or the design philosophy that we're going to continue to build on those security features generation over generation and stay ahead of those evolving attacks. Great example is in the third gen Epic CPU family that we had, we actually created this feature called SEV-SNP which stands for Secure Nest Paging. And it's really all around this new attack where it's basically hypervisor based attacks where people are, the bad actors are writing in to the memory and writing in basically bad data to corrupt the data in the memory. So SEV-SNP was put in place to help secure that before that became a problem. And you heard in the news just recently that that's becoming a more of a bigger issue. And the great news is that we had that feature built in before that became a big problem. And now you're on the fourth gen of those Epic processes. Talk to me a little bit about some of the innovations that are now in fourth gen. Yeah, so in fourth gen, we actually added on top of that. So we've got the base of our what we call infinity guard is all around the secure boot, the secure route of trust that we work with HPE on that the strong memory encryption and the SEV which is the secure encrypted virtualization. And so remember those SEV-SNP capabilities that I talked about earlier, we've actually in the fourth gen added two X the number of SEV-SNP guests for even higher number of confidential VMs to support even more customers than before. We've also added more guest protection from simultaneous multi-threading or SMT side channel attacks. And while it's not officially part of infinity guard, we've actually added more APEC acceleration which greatly benefits the security of those confidential VMs with the larger number of VCPUs, which basically means that you can build larger VMs and still be secured. And then lastly, we actually added even stronger AES encryption. So we went from 128 bit to 256 bit, which is now military grade encryption on top of that. And that's really the de facto cryptography algorithm that is used for most of the applications for customers like the US federal government and it is really an essential element for memory security and the HBC applications. And I always say if it's good enough for the US government, it's good enough for you. Exactly, well, it's got to be. Talk a little bit about how AMD is doing this together with HPE, a little bit about the partnership as we round out our conversation. Sure, absolutely. So security is only as strong as the layer below it, right? So that's why modern security must be built in rather than bolted on or added after the fact, right? So HPE and AMD actually develop this layered approach for protecting critical data together, right? So through our leadership in security features and innovations, we really deliver a set of hardware-based features that help decrease potential attack surfaces with that holistic approach that safeguards the critical information across the entire system life cycle. And we provide the confidence of built-in silicon authentication on the world's most secure industry standard servers. And with a 360-degree approach that brings high availability to critical workloads while helping to defend against internal and external threats. So things like HPE, Silicon Root of Trust with the trusted supply chain, which obviously AMD's part of that supply chain combined with AMD's Infinity Guard technology really helps provide that end-to-end data protection in today's business. And that is so critical for businesses in every industry. As you mentioned, the attackers are getting more and more sophisticated. The vulnerabilities are increasing. The ability to have a partnership like HPE and AMD to deliver that end-to-end data protection is table stakes for businesses. David, thank you so much for joining me on the program. Really walking us through what AMD is doing, the fourth-gen Epic processors and how you're working together with HPE to really enable security to be successfully accomplished by businesses across industries. We appreciate your insights. Well, thank you again for having me and we appreciate your partnership with HPE. We want to thank you for watching our special program HPE Compute Security. I do have a call to action for you. Go ahead and visit hpe.com slash security slash compute. Thanks for watching.