How confident are you that your enterprise hardware is free from spyware?

There’s been lots of talk about “The Big Hack” with numerous denials from nearly all parties involved and plenty of doubt on the validity of claims made in the original news story. What if it did happen? Where are your storage servers made, and is your data at risk? How would you know? There’s even been a follow-up report “The Long Hack” and then this week a double body blow.

First, it’s been revealed in NRC that “Chimera”, a Chinese hacking group, infiltrated and spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker. NXP has been quick to claim “no material damage”.

Then, the Municipal Water Authority of Aliquippa in Pennsylvania confirmed that hackers took control of a booster station. An Iran-linked hacktivist group calling itself Cyber Av3ngers has taken credit for the attack. While we’re told that there was no risk to the water supply, the ever-increasing number of attacks on operational technology or OT is concerning. What’s more concerning is the latent risk sitting in your infrastructure.

Here’s a question to ask your Chief Security Officer: What’s in our racks, precisely?

Let’s face it, you don’t want to store your data just anywhere. That’s exactly why you’ve opted for an on-premises approach. You can’t afford third-party data breaches or unscheduled downtime, and if you care about performance, you need to know that building on a foundation of one-size-fits-all generic hardware just won’t cut it.

Whether operating an internal IT infrastructure or offering a cloud service provision, most IT managers won’t know if their cloud infrastructure is secure, because most manufacturers providing the compute, network, and storage equipment they rely on don’t know either. The global supply chain is now so opaque and complex that it has glaring security gaps. The threat was declared a National Emergency in 2019.

Covert hardware and firmware implants are the gold standards for antagonists, as these techniques create a back door that can go undetected for years. Unfortunately, even today, the biggest IT appliance brands or cloud providers will not offer any form of appliance security guarantee.

Enterprise security tends to focus on data as the asset to be protected, but in national security, subverting and/or bringing down the infrastructure itself can have immediate and much more serious implications to life and liberty that compromise information. In these scenarios mitigating the risk of compromised hardware in the infrastructure becomes paramount.

Consider that just one appliance from any major IT brand can have numerous sub-manufacturers, each using components from a multitude of international suppliers. Then consider that every stage; from design through component supply, manufacturing, coding, and assembly, presents opportunities for tampering.

The hardware and firmware risk is bigger than is generally acknowledged, as announcing breaches has wide-ranging implications for those affected, and so many events are managed discreetly. Those that work in defence, intelligence, or insurance, will already know how deep the problem is.

At SoftIron, we design and build properly, from scratch. We do not optimize generic units or configure the cheapest components.

We started with a sharp, clear focus on what HyperCloud needed to do – and what it didn’t need to do. We’ve written – or reviewed – every single line of code which is compiled from the source. That may sound dull, but the gains we’ve made are thrilling.

An easy-to-use, ultra-efficient solution, delivers significant power draw and cooling savings. In some cases, it requires as little as 20% of the power draw of more generic alternatives. Not only does this reduce TCO, but it also offers a pathway towards net zero emissions for our customers.

It turns out that you can have your cake and eat it too.

Our approach is simple – but that doesn’t mean it’s easy.

An obsession with quality and transparency means we do everything we can, in-house. Our manufacturing facilities operate with the ‘digital twin’ approach – we can make our product anywhere, identically, every time. Not only does this deliver improved resilience to disruptions to the global supply chain – it also enables us to offer customers secure provenance capabilities to mitigate global supply chain risks overall.

Our radically different approach extends beyond how we design HyperCloud to how we manufacture it. We’re one of the only manufacturers - perhaps the only one - who completes 100% of assembly in a dedicated facility in California. That’s right — California.

This is more than a story of doing things differently; it’s about doing them better. It’s more than a story of the patriotic importance of flying the ‘Built in America’ flag (though it’s a flag we’re proud to fly); it’s a story of a brilliantly creative transatlantic alliance, uniting our group HQ in London with our design and manufacturing powerhouse in Silicon Valley, enabling us to deliver the highest levels of quality, of control and of security that you’d hope to find in an on-prem solution.

If you want to rest easy in the knowledge that your data will be safe on the highest quality, most secure and performant hardware, running the best-of-breed true cloud solution on the market, but can’t believe we actually design and build it all here in California, then why not come and visit us? (Please do give us a call first!). We’re sure you’ll be pleasantly surprised by what you find.

Why risk being sorry when you can be safe?

Related articles