On-Chip Solutions: A Way to Break the Cybersecurity Logjam

Around our shop, the mantra has long been “security is a process,” not a fixed point in time and space. It’s a process guided by policies and procedures and, above all, a mindset that treats system integrity as a first priority.

That, however, begs the question: Where does that process live, what does it entail, and how can organizations that depend on products from others feel, and be, secure?

The IT cupboard may be stocked with software-driven security tools and technologies, but security awareness has of late migrated to the chip level, opening the door to “layered defenses” — an approach that marries hardware and software to give businesses at risk a new and different arsenal to thwart bad actors.

Kudos to AMD for putting its chip development dollars where the most acute problems are:

AMD’s new Infinity Guard delivers an industry-leading set of modern security features that help decrease potential attack surfaces as software is booted, executed, and processes critical data. When deployed, Infinity Guard enables users to transform the data center through a complement of AMD processor-embedded end-to-end security features designed to mitigate risk. With its “ZEN” architecture, AMD processors are designed to be highly resistant to today’s sophisticated attacks, helping protect sensitive data, avoid downtime, and reduce resource drain.

But is hardware-embedded security truly more secure? Actually, yes. Implementing security routines in hardware has advantages that software alone does not. Encryption native on a chip is clearly faster than in software. And TPM-type security can be done only at the hardware level.

It’s not only that hardware-embedded security works, but that it’s particularly appropriate for the current moment. As COVID-19 drove the broad adoption of remote work strategies, it left the door open for new and insidious kinds of cyberattacks – notably threats aimed at firmware. To at least partially defang cyber attackers and their bag of malicious tricks, IT teams are now equipping customers with solutions that integrate hardware and software, thereby providing something approaching comprehensive security system-wide. Hardware-based security does make hypervisors more secure; enter AMD’s evolutionary move to host on hypervisors.

Hardware-based security isn’t entirely new, of course. TPM (Trusted Platform Module) is an established, chip-based technology that securely stores artifacts — passwords, certificates, or encryption keys — used to authenticate your PC or laptop. TPM can also store specifications that help ensure that the platform remains trustworthy, affirming that it is what it claims to be, and attesting that it hasn’t been breached.

Of course, it’s facile to suggest that any tech solution, in isolation or in combination, can guarantee security. What these hybrid approaches do deliver, however, are increasingly sophisticated tools that enable organizations to get back to first principles: treating security as a layered process requiring both high-tech and high-touch vigilance.

This article first appeared here (membership required).

About the Author: Adam Stern, founder and CEO of Los Angeles-based Infinitely Virtual, is an entrepreneur who saw the value of virtualization and cloud computing nearly a decade ago. Stern’s company helps businesses move from obsolete hardware investments to an IaaS [Infrastructure as a Service] cloud platform, providing them the flexibility and scalability to transition select data operations from in-house to the cloud. Stern established Infinitely Virtual in 2007 to provide virtual dedicated server solutions to growing enterprises, offering what was essentially a cloud computing platform before the term existed. Infinitely Virtual is a subsidiary of Santa Monica-based Altay Corporation, which Stern founded in 2003 to provide Windows, VMware, and other service solutions to small and medium-size businesses.