Category Archives for "Managed Services News"

Oct 02

The Journey to CPaaS Amid COVID-19: AI, Automation and Omnichannel

By | Managed Services News

COVID-19 put many organizations reliant upon on-premises contact centers in a squeeze. At the same time they were experiencing a surge in customer service and customer service calls, social distancing and work-from-home requirements were limiting their ability to respond. Fortunately, communications platform-as-a-service (CPaaS) can provide them with the communications flexibility they need now — and in the future. Better yet, partners can help customers get technologies they need.

This report will look at:

  • Use cases for CPaaS
  • How CPaaS can help build a lasting client/partner relationship
  • The benefits of automation, AI and omnichannel

About the Author

Edward Gately is a news editor for Channel Futures & Channel Partners, covering new channel programs and program changes, security, collaboration/UCaaS and other channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona

Brought to you by: 

Oct 02

Ransomware Negotiators Stay Busy as Attacks Escalate

By | Managed Services News

After getting a ransomware payment from a company, the cybercriminal may return for more.

It’s a busy time for ransomware negotiators with cybercriminals targeting more businesses and demanding bigger payments.

Ransomware attacks and ransom payments are on the rise, with ransoms now more likely to exceed $1 million, according to recent research by Barracuda. There’s been a significant increase in ransom payments in the past year. And many ransomware victims have not prepared enough, so they end up paying the ransom.

On Thursday, the U.S. Treasury Department published guidelines for special circumstances where a ransomware payment may break U.S. sanctions. The guidelines apply when an individual or company has had its data encrypted by a ransomware gang that is either sanctioned or has affiliations with a cybercrime group sanctioned by the Treasury Department in years past.

So, how do ransomware negotiators work? Should organizations always try to negotiate?

Cytelligence's Ed Dubrovsky

Cytelligence’s Ed Dubrovsky

To find out more, we spoke with Ed Dubrovsky, COO and managing partner of Cytelligence. The company handled ransomware negotiations until Aon acquired it earlier this year. It now works with third parties and helps them handle negotiations.

Channel Futures: When do ransomware negotiators step in?

Ed Dubrovsky: Threat actors come in and they impact as many systems as they can to cause a very big impact on an organization. With a small organization they will … encrypt all systems. And with a large organization, they will deploy an automatic means to encrypt all the data. And then you basically have to go and talk to them because your ability to do anything else is diminished. Even larger organizations with backups may still be compelled to negotiate with these threat actors because the amount of time to recover and the cost to the business to be down for that duration could actually be higher than making a payment to the threat actors, and then both recovering from your backups … and decrypting files.

CF: Are many cybercriminals willing to work with ransomware negotiators? Will they accept a lesser amount?

ED: It’s very difficult to negotiate with certain threat actors because of perhaps language or they’re set in their ways in terms of, “We believe you’re making that much money and hence we want that much money, and we’re not going to negotiate.” But it’s not just about the initial demand and the final demand, and whether you need a negotiator to decrease that number.

You could potentially negotiate with them and say, “You give me the data and I’ll pay you for it.” Or you could basically say, “We’re not paying you; go ahead and publish.” That costs zero to the client and then the bad guys go and publish. Yes, it’s in the public domain. But the client didn’t really care because the data did not contain any personally identifiable information about individuals. So it was not secret information. But what was more important was getting back to business. So every case is a little different.

The majority is always about how can we minimize the final demand. But it’s also about how fast we can get to that final demand. It’s costing money, and potentially loss of business and reputation and so on. So it’s definitely a time-sensitive process.

CF: What happens once cybercriminals and ransomware negotiators agree on an amount?

ED: The threat actors will …

Oct 02

Cloud News Roundup: An Early Look at SAP-Emarsys Deal’s Channel Impact

By | Managed Services News

Plus, get the scoop on another ERP business move and an addition to AWS Outposts.

There’s a lot happening in the cloud that impacts partners, including and outside of the big-name vendors. For one thing, the enterprise resource planning sector has two hot deals for partners to examine. One – SAP buying Emarsys – has global impact, while another focuses on the U.K. For another, the channel will want to evaluate what a new AWS Outposts program may mean for individual partner types. In addition, get up to speed on all the cloud news you may have missed over the past week or two, here.

SAP-Emarsys Deal: ‘Confident’ Partners Will ‘Quickly Benefit’

ERP software provider SAP is buying Emarsys, which makes a cloud-based marketing platform.

SAP told Channel Futures it can’t yet discuss the impact on partners.

“The transaction needs to close before we can discuss aligning and integrating our channel processes between SAP and Emarsys,” a spokesperson said.

In a press release, however, Ohad Hecht, CEO of Emarsys, alluded to ongoing efforts on that front.

Emarsys' Ohad Hecht

Emarsys’ Ohad Hecht

“We’re confident that, once we have regulatory approval, our customers and partners will quickly benefit from synergies between the Emarsys platform and the SAP Customer Experience portfolio,” he said.

SAP will integrate Emarsys into its Qualtrics division. (Incidentally, SAP said in July it plans to take Qualtrics public.) Emarsys’ capabilities will let SAP “deliver a portfolio for a ‘commerce anywhere’ strategy allowing for hyperpersonalized digital commerce experiences across all channels at any time,” SAP CEO Christian Klein said.

What that means is Emarsys enables companies to communicate with customers through all manner of channels, from email and SMS to social media, web chat and more.

Bob Stutz, president of SAP Customer Experience, put it this way: “With Emarsys technology, SAP Customer Experience solutions can link commerce signals with the back office and activate the preferred channel of the customer with a relevant and consistently personalized message, allowing customers the freedom to choose their own engagement.”

Klein agreed.

SAP's Christian Klein

SAP’s Christian Klein

“The success of brands worldwide depends today on their ability to offer a compelling customer journey and to cater to the individual expectations of customers,” he said. “To meet these expectations, front-office data must be integrated with back-office capabilities and with individual customer feedback.”

Emarsys is based in Vienna, Austria. It serves 1,500 customers worldwide and employs more than 800 people. SAP did not disclose the terms of the transaction, which should close in the fourth quarter.

AWS Outposts Ready Program to ‘Create New Routes to Market’ for Some Partners

The recently unveiled AWS Outposts Ready Program brings new opportunities to the channel specializing in hybrid cloud. That’s according to an AWS spokesperson in response to Channel Futures’ inquiry about what the new program offers partners.

“We believe this announcement will create new routes to market for some ISVs, and accelerate existing routes to market for others,” the spokesperson said. “This program will contribute to offer valuable, meaningful relationships with our mutual customers for partners.”

Overall, though, “Our partners should think about Outposts Service Ready solution offerings not as standalone products, but rather a new deployment model for AWS Outposts,” the spokesperson added. “Over time, there will be opportunities for AWS Consulting Partners to resell Outposts Service Ready Partner offerings, just as they do today for other AWS solutions.”

The AWS Outposts Ready Program is part of the company’s Service Ready Program. Service Ready lets users …

Oct 01

HPE Trusted Supply Chain Initiative Hardens Security

By | Managed Services News

HPE ships a ProLiant server that’s compliant with the initiative.

HPE says its Trusted Supply Chain initiative, launched Thursday, will deliver the highest level of security in its products. These offers target U.S. federal, public sector, banking, financial services and health care customers who demand it. The U.S.-sourced products will offer verifiable cyber assurance.

The first HPE server produced in compliance with the Trusted Supply Chain process is the HPE ProLiant DL380T. It’s shipping in the U.S. Expect to see other products in the portfolio in 2021.

HPE's Bob Moore

HPE’s Bob Moore

“As with our other servers, products produced through the HPE Trusted Supply Chain will be available through the channel,” Bob Moore, director of product security at HPE, told Channel Futures. By having an additional facility to manufacture products, we are increasing resiliency for supply chains building and shipping our products. Overall, this improves distribution, including for our channel partners.”

HPE Responds

HPE’s Trusted Supply Chain is a response to customer needs.

  • It provides a U.S. supply base with additional security measures for U.S. customers that prefer U.S.-sourced products.
  • There’s compliance with the National Defense Authorization Act. This includes the latest addition which prohibits components and IT products sourced from Chinese companies.
  • It provides supply chain resiliency to address the impact that the COVID-19 pandemic has had on global supply chains.
  • It strengthens security capabilities to ensure customers are getting the configuration they ordered, and that it is not tampered with or has unauthorized modifications to it.

“Overall, there is need from customers to reduce supply chain risk. By having a U.S. supply base with HPE employees personally involved in managing the process, we are monitoring for – and reacting to – any potential risk,” said Moore.

HPE products with the advanced security features use embedded silicon-based security in industry-standard devices. Vetted HPE employees build these products in highly secure U.S.-based facilities.

Unique Security Designation

In September 2019, HPE-exclusive silicon root of trust and Aruba Policy Enforcement Firewall were among the first group of cybersecurity solutions to receive a Cyber Catalyst designation from Marsh. Marsh is an insurance broker and risk adviser. The designation is part of a unique evaluation program to help businesses with their buying decisions.

Seventeen solutions were recognized with the designation. In addition to HPE and Aruba are BigID Data Privacy Protection and Automated Compliance, CrowdStrike Adversary Emulation Penetration Testing, Crowdstrike Falcon Complete, Digital Guardian Data Protection Platform, FireEye Email Security, FireEye Endpoint Security, Forescout Device Visibility and Control Platform, HackerOne Bounty, KnowBe4 Security Awareness Training and Simulated Phishing Platform, Mimecast Secure Email Gateway with Targeted Threat Protection, Perspecta Labs SecureSmart critical infrastructure monitoring solution, RSA SecurID Suite, Trustwave DbProtect, Virsec Security Platform, and Zingbox IoT Guardian.

Why do it?

There are beneifts for organizations that adopt the Cyber Catalyst designated solution. They may be considered for enhanced terms and conditions on individually negotiated cyber insurance policies with participating insurers.

HPE’s Mission

HPE is dedicated to providing customers with the highest level of cyber assurance. The new HPE servers that are part of the Trusted Supply Chain will offer comprehensive end-to-end data protection. There is a pre-installed layer of hardened security before the server ships to customers.

On top of that, hardened security features offer additional benefits.

  • Prevents booting of any compromised operating system. It does this by using new hardening to connect the server firmware security to the operating system by activating the UEFI secure boot.
  • Reduces attack surface by placing servers in high security mode to verify user authenticity.
  • Prevents tampering of server firmware and hardware using server configuration loc. This verifies unauthorized addition of options (NICS, drives) or malicious activity by capturing the inventory or a “picture” of the server, its hardware and firmware at the factory to provide protection throughout the supply chain process.
  • Alerts customers with embedded alarm and physical lock. As a result, users are notified if the server has been opened during the supply chain process when an intrusion detection latch, inserted on the server chassis, registers unauthorized opening even if the power is off.

In 2021, HPE plans to expand production through the HPE Trusted Supply Chain to include its other servers and systems. HPE will make additional made-in-Europe choices available for European customers in 2021.

All new HPE servers produced through the HPE Trusted Supply Chain will be offered as a service through HPE GreenLake for a highly secure cloud experience.

Oct 01

Onepath Rebrands as 1Path, Pledges 1% of All Future Hardware Earnings to Charity

By | Managed Services News

The SMB-focused provider has a new look and feel designed to clearly communicate its unique approach and core values.

Onepath just announced the end of a yearlong company rebranding effort. Effective immediately, the organization the channel knows as Onepath will go by the name “1path.”

The SMB provider cites its decision to rebrand as both a strategic and practical move. It is rooted in the organization’s desire to more clearly communicate its approach, scope of services and corporate values. 

At a high level, nothing about 1Path will change. The organization will continue to act as a full-service concierge to its clients.

1path's Luca Jacobellis

1path’s Luca Jacobellis

“We wanted our brand refresh to reflect our modern approach to managed services. I [say] ‘managed services,’ but we’re really more of a business partner,” said Luca Jacobellis, 1Path’s president and COO. “While the technology used by our clients is 1Path’s specialty, we want to share in every client’s long-term vision. We want to grow together. We want to adapt together,” he told Channel Futures.

Jacobellis also emphasized the aspects of the refresh, saying the company’s logo also reflects its forward-thinking, proactive approach to IT. 

“We wanted our logo and name change to be more than just an aesthetic update,” Jacobellis continued. “The new brand is meant to truly mean something and align with our core values.” 

Tactically, 1Path will be deeper than ever before in terms of its product and service offerings. The provider will continue to focus on collaboration, unified communications, cybersecurity and data management. Now it will also offer new solutions around artificial intelligence and machine learning, low code/no code and workflow automation. 

Corporate Values

1Path logo 20201Path has always been active in the communities in which it works. The company supports programs such as Toys for Tots, HeroBox, Habitat for Humanity, Helping Hands Atlanta and A Child’s Place through its charitable organization, Onepath Local. Now, the rebranded organization is taking this commitment and corporate values to another level. 1Path will donate 1% of hardware sales in the fourth quarter to nonprofits that support children and schools in underserved, underfunded communities. 

“If anything, we hope our brand refresh inspires other Channel Futures partners to build bridges within the communities their clients serve,” said Jacobellis. “2020 has been a difficult year for everyone, and so it’s up to everyone to demonstrate accountability, integrity, excellence, and teamwork wherever and however they can.”

“Over 14-plus years, 1Path has accomplished many things,” said 1Path CEO James Hwang. “With the support of our amazing people and partners, we’ve earned awards, completed mergers and acquisitions, served thousands of wonderful clients, and grown to become one of the leading small business-focused technology providers in the U.S. But at the end of the day, what matters most is how we treat each other, which is why this rebrand is really about reinforcing our core values: accountability, integrity, excellence and teamwork. These are challenging times, and many of our clients are adapting in some way, shape or form. We want to remind them that we are here to help, whether it’s with a business/technology issue or something else. When we remember that we’re all part of one big community, there’s no problem we can’t solve or a goal we can’t achieve.”  

Oct 01

CompTIA Research: Organizations’ Cybersecurity Improves During COVID-19

By | Managed Services News

Companies have a better understanding of what do about cybersecurity.

New CompTIA research shows organizations feel confident about their cybersecurity readiness, but know they need to maintain constant vigilance.

The CompTIA research is based on a survey of 425 U.S. businesses and identifies several trends that are shaping the state of cybersecurity. For example:

  • Eight in 10 organizations said their cybersecurity practices are improving.
  • The COVID-19 pandemic forced businesses to re-evaluate their cybersecurity positions and investments.
  • Cybersecurity has moved from an IT function to a top-level business concern. As a result, companies have taken on more advanced practices, including risk management and threat intelligence.
  • There is a major push for specialization in the field of cybersecurity. Those areas include threat management, proactive testing and regulatory compliance.
  • Cyber insurance policies are becoming par for the course, with 42% of companies currently holding a cyber insurance policy.

Growing Concerns About Cyberattacks

Growing concerns about the number, scale and variety of cyberattacks, privacy considerations, a greater reliance on data and regulatory compliance are among the issues that have the attention of business and IT leaders.

All of this is taking place amid the ongoing cybersecurity talent shortage.

Seth Robinson is senior director for technology analysis at CompTIA. He said having a well-defined focus is one way of addressing the cybersecurity skills shortage.

CompTIA's Seth Robinson

CompTIA’s Seth Robinson

“With skills in high demand and short supply, it is difficult to assemble all the personnel needed to handle a comprehensive security strategy,” he said. “Instead, security teams are growing, with 72% of companies that rely on external security firms saying that they use more than one firm for their security needs. Whether or not an MSSP is acting as the security operations center (SOC) for a client, they will need to be flexible in working with a number of other partners to build a holistic security posture.”

According to the CompTIA research, companies have a better understanding of what do about cybersecurity. Nine in 10 said their cybersecurity processes have become more formal and more critical. One example is risk management, where companies assess their data and their systems to determine the level of security that each requires. Another is monitoring and measurement, where security efforts are continually tracked and new metrics are established to tie security activity to business objectives.

The “cybersecurity chain” has expanded. It now includes upper management, boards of directors, business units and outside firms, in addition to IT personnel in conversations and decisions.

Within IT teams, foundational skills such as network and endpoint security have been paired with new skills. Those include identity management and application security, which have become more important as cloud and mobility have taken hold.

What’s On the Horizon

On the horizon, CompTIA expects to see skills related to security monitoring and other proactive tactics gain a bigger foothold. Examples include data analysis, threat knowledge and understanding the regulatory landscape.

“For MSSPs, one of the biggest challenges is determining which areas of cybersecurity the firm will specialize in,” Robinson said. “Just like internal security teams at other organizations, most MSSPs do not have the resources to become experts in every aspect of security, from advanced technology to risk analysis, to workforce education to regulatory concerns. Each MSSP should take a look at their existing portfolio and build a strategy on which security elements they will focus on in the short and long term.”

Cybersecurity insurance is another emerging area. Some 45% of large companies, 41% of midsize firms and 37% of small businesses have a cyber insurance policy. Common coverage areas include:

  • The cost of restoring data (56% of policy holders).
  • The cost of finding the root cause of a breach (47%).
  • Coverage for third-party incidents (43%).
  • Response to ransomware (42%).
Oct 01

WatchGuardOne Program Gets Update Post-Panda Security Acquisition

By | Managed Services News

A new endpoint security specialization has been added to the program.

WatchGuard Technologies has expanded its WatchGuardOne partner program in the aftermath of its Panda Security acquisition this summer.

Existing and newly added partners now have access to the full suite of products and services from both companies. They’re available via WatchGuard’s worldwide network of authorized distributors.

Panda products are now available individually and through Passport, WatchGuard’s bundle of security services. Partners can provide complete security, from network to endpoint, for their customers.

Easier for All Partners

Michelle Welch is WatchGuard‘s senior vice president of marketing.

WatchGuard's Michelle Welch

WatchGuard’s Michelle Welch

“By expanding the WatchGuardOne program, we’re enabling our combined partner community to save time, simplify operations and enjoy the financial benefits of their program status across all WatchGuard products they sell,” she said.

Partners can view their program status, sales and accrued marketing funds from a single location via the WatchGuard partner portal.

In addition, WatchGuardOne has added an endpoint security specialization. It allows existing partners to get the expertise they need to sell the newly acquired endpoint offerings from WatchGuard. Likewise, Panda partners can achieve an endpoint security specialization. They can also earn specializations in network security, multifactor authentication (MFA) and secure Wi-Fi.

Partners that get a specialization in just one of these four product families can achieve full WatchGuardOne status. That offers financial incentives and sales, marketing and technical support without revenue thresholds or product portfolio adoption requirements.

“To put it simply, the more partners know, the more they can make,” Welch said.

WatchGuardOne members must complete a set of training requirements for each product category; then, they earn a specialization and progress through the levels of the program.

“Partners that earn one specialization achieve the silver level, while those with two specializations reach gold status. Partners that earn three specializations receive additional rebate points,” added Welch.

Earning More Benefits

The new endpoint security specialization offers yet another avenue through which WatchGuard partners can progress within the program to earn more financial benefits, she said.

“This new specialization option represents a major opportunity for existing Panda partners as well,” Welch said. “It gives them a fast path to certification for products they already sell, and all the added financial benefits that come with it.”

WatchGuard has added 6,500 new partners from Panda this year, growing its channel community to more than 18,000 active partners globally.

“Today’s solution providers must prioritize working with vendors who understand their needs, reduce their costs and generate new business opportunities,” Welch said. “Our acquisition of Panda Security, and subsequent evolution of our partner program, helps partners in these areas by helping them differentiate, consolidate security vendors, simplify technology administration and enjoy flexible business processes.”

“We’ve been eager to expand our endpoint security portfolio for quite some time,” said Kevin Willette, CEO of Verus. “However, we were not interested in adding another vendor to our stack. The addition of endpoint detection and response (EDR) and endpoint protection platform (EPP) to WatchGuard’s portfolio of advanced security services enables us to invest in our endpoint strategy with a strategic vendor we already know and trust.”

Oct 01

Cisco to Acquire PortShift, Target Cloud App Security, Kubernetes

By | Managed Services News

The Portshift acquisition will help Cisco customers increase agility and time to market.

Cisco has signed an agreement to acquire PortShift, a privately held company based in Israel. Portshift’s platform addresses Kubernetes security challenges.

When the deal closes, Portshift brings cloud-native application security capabilities and expertise for containers and services for Kubernetes environments to Cisco. It will help Cisco deliver security for all phases of the application development life cycle.

Cisco didn’t reveal the purchase price of the acquisition, which it expects will close by late January, the end of its fiscal second quarter.

Cisco's Liz Centoni

Cisco’s Liz Centoni

“In order to help and empower our customers and partners, Cisco aims to deliver security solutions for these cloud-native development environments and to add application security constructs much earlier in the development life cycle – a paradigm being referred to as Shift Left,” Liz Centoni, senior vice president, emerging technologies and incubation, at Cisco, wrote in a blog. “We want to empower enterprise application developers by increasing agility and time to market, while significantly mitigating the risk of developing across multiple API environments.”

Vendor Alignment

PortShift aligns to Cisco’s strategy of providing:

  • Secure connectivity between users, devices and apps, wherever they reside.
  • Visibility and actionable insights from the end user to the application.
  • A simplified consumption model that includes cloud-first secure access service edge (SASE) capabilities.
  • Commitment to an open source and open standards philosophy.
  • Breaking down the silos between developers, security teams, infrastructure teams, operations and SRE teams.

When the acquisition is complete, the PortShift employees will join Cisco’s emerging technologies and incubation group.

According to researchers at Omdia, Kubernetes has emerged as a de facto standard in cloud-native computing. It has done so because it is open source, vendor-neutral, and its timing was perfect in solving the need to manage containers.

Keep up with the latest channel-impacting mergers and acquisitions in our M&A roundup.

In an attempt to overcome management challenges associated with the adoption of agile development methodologies, organizations are using container-management platforms. As a result, it’s spurring the market to expand. Omdia predicts a compound annual growth rate (CAGR) of 30% from 2018-2023.

The adoption of cloud-native technologies using a microservices architecture is increasing the agility and flexibility of organizations. It does this by enabling the delivery of more frequent changes to meet the demands of businesses. This use of a microservices architecture for application development has prompted interest in technologies such as software containers and Kubernetes.

Oct 01

360Insights Grows Channel Incentives Business with CR Worldwide Acquisition

By | Managed Services News

Converging trends are challenging traditional channel incentives management products.

The acquisition of CR Worldwide by 360Insights, announced Thursday, helps the channel incentives management company expand globally.

Founded in 2008, Canada-based 360Insights sells its Channel Success platform. The 360Insights platform design optimizes channel incentives and manages them for both B2B and B2B2C companies. Channel Success serves multiple vertical industries — automotive, retail/buy group, eye care, technology, building materials, kitchen and bath, telecom, pharma, HVAC and tires. Founded in 2002, CR Worldwide‘s headquarters are in the U.K.

360Insights' Jason Atkins

360Insights’ Jason Atkins

“CR Worldwide has built a reputation of excellence, a team of experienced and savvy professionals and a suite of products and services that have helped some of the world’s largest brands achieve sales success,” said Jason Atkins, founder and CEO of 360insights. “Their mission and vision align well with 360insights’, which is why we’re thrilled to welcome their people and capabilities to our growing team.”

The acquisition of CR Worldwide will help 360Insights expand its global workforce, reach and customer base. At the same time, the company expects to increase key capabilities, including point-based loyalty solutions and multilanguage solutions.

Tools from CR Worldwide integrate with 360Insights’ Channel Success platform. It is a SaaS solution that automates CIM, and includes channel data Management (CDM), closed-loop reporting (CLR), through-channel marketing automation (TCMA) and partner relationship marketing (PRM).

In addition to its U.K. office, CR Group has offices in the U.S. and EMEA. 360Insights has offices in Canada, U.S. and U.K.

Global Expansion

Going forward, David Gould, former CEO of CR Worldwide, will be responsible for growing the European business.

“Our people and technology have established CR Worldwide as a successful incentive and engagement solution provider,” he said. “I look forward to being able to offer our clients more services as we join forces with 360Insights.”

Keep up with the latest channel-impacting mergers and acquisitions in our M&A roundup.

Atkins reports that more than half of CR Worldwide’s clients are in the technology sector.

360Insights has been active on the M&A front. In three years, the company has made five strategic acquisitions.

Forrester's Jay McBain

Forrester’s Jay McBain

According to Jay McBain, principal analyst, channel partnerships and alliances with Forrester Research, the channel incentives and program management (CIPM) software market will reach $935 million by 2024, a CAGR of 17%. In addition, $1.9 billion will be generated in services in this ecosystem.

However, McBain contends that it’s time for vendors to revisit their CIPM offers.

“Several converging trends have challenged traditional thinking in channel incentive programs, and the resulting complexity and vast permutations are causing channel pros to rethink how they motivate and drive loyalty with partners,” he wrote in blog.

Oct 01

HPE Trusted Supply Chain Initiative for Hardened Security

By | Managed Services News

HPE ships a ProLiant server that’s compliant with the initiative.

HPE says its Trusted Supply Chain initiative, launched Thursday, will deliver the highest level of security in its products. These offers target U.S. federal, public sector, banking, financial services and health care customers who demand it. The U.S.-sourced products will offer verifiable cyber assurance.

The first HPE server produced in compliance with the Trusted Supply Chain process is the HPE ProLiant DL380T. It’s shipping in the U.S. Expect to see other products in the portfolio in 2021.

HPE's Bob Moore

HPE’s Bob Moore

“As with our other servers, products produced through the HPE Trusted Supply Chain will be available through the channel,” Bob Moore, director of product security at HPE, told Channel Futures. By having an additional facility to manufacture products, we are increasing resiliency for supply chains building and shipping our products. Overall, this improves distribution, including for our channel partners.”

HPE Responds

HPE’s Trusted Supply Chain is a response to customer needs.

  • It provides a U.S. supply base with additional security measures for U.S. customers that prefer U.S.-sourced products.
  • There’s compliance with the National Defense Authorization Act. This includes the latest addition which prohibits components and IT products sourced from Chinese companies.
  • It provides supply chain resiliency to address the impact that the COVID-19 pandemic has had on global supply chains.
  • It strengthens security capabilities to ensure customers are getting the configuration they ordered, and that it is not tampered with or has unauthorized modifications to it.

“Overall, there is need from customers to reduce supply chain risk. By having a U.S. supply base with HPE employees personally involved in managing the process, we are monitoring for – and reacting to – any potential risk,” said Moore.

HPE products with the advanced security features use embedded silicon-based security in industry-standard devices. Vetted HPE employees build these products in highly secure U.S.-based facilities.

Unique Security Designation

In September 2019, HPE-exclusive silicon root of trust and Aruba Policy Enforcement Firewall were among the first group of cybersecurity solutions to receive a Cyber Catalyst designation from Marsh. Marsh is an insurance broker and risk adviser. The designation is part of a unique evaluation program to help businesses with their buying decisions.

Seventeen solutions were recognized with the designation. In addition to HPE and Aruba are BigID Data Privacy Protection and Automated Compliance, CrowdStrike Adversary Emulation Penetration Testing, Crowdstrike Falcon Complete, Digital Guardian Data Protection Platform, FireEye Email Security, FireEye Endpoint Security, Forescout Device Visibility and Control Platform, HackerOne Bounty, KnowBe4 Security Awareness Training and Simulated Phishing Platform, Mimecast Secure Email Gateway with Targeted Threat Protection, Perspecta Labs SecureSmart critical infrastructure monitoring solution, RSA SecurID Suite, Trustwave DbProtect, Virsec Security Platform, and Zingbox IoT Guardian.

Why do it?

There are beneifts for organizations that adopt the Cyber Catalyst designated solution. They may be considered for enhanced terms and conditions on individually negotiated cyber insurance policies with participating insurers.

HPE’s Mission

HPE is dedicated to providing customers with the highest level of cyber assurance. The new HPE servers that are part of the Trusted Supply Chain will offer comprehensive end-to-end data protection. There is a pre-installed layer of hardened security before the server ships to customers.

On top of that, hardened security features offer additional benefits.

  • Prevents booting of any compromised operating system. It does this by using new hardening to connect the server firmware security to the operating system by activating the UEFI secure boot.
  • Reduces attack surface by placing servers in high security mode to verify user authenticity.
  • Prevents tampering of server firmware and hardware using server configuration loc. This verifies unauthorized addition of options (NICS, drives) or malicious activity by capturing the inventory or a “picture” of the server, its hardware and firmware at the factory to provide protection throughout the supply chain process.
  • Alerts customers with embedded alarm and physical lock. As a result, users are notified if the server has been opened during the supply chain process when an intrusion detection latch, inserted on the server chassis, registers unauthorized opening even if the power is off.

In 2021, HPE plans to expand production through the HPE Trusted Supply Chain to include its other servers and systems. HPE will make additional made-in-Europe choices available for European customers in 2021.

All new HPE servers produced through the HPE Trusted Supply Chain will be offered as a service through HPE GreenLake for a highly secure cloud experience.

>