As we all know, nothing is 100% secure — perhaps none more so than when legacy server infrastructure is involved.
$4m per data breach
According to figures from IBM’s Cost of a Data Breach report1, the average financial cost of a security breach in 2020 was $3.86 million. The cost to reputations (both corporate and personal) can be long-lasting and even more brutal. It’s clear to see why regulations such as the EU’s GDPR come with hefty penalties for data breaches.
As a CIO or senior IT worker, you’re increasingly being asked to do more with less. Budgets are squeezed while expectations rise, yet new security threats still need focused time and resources. It’s a tricky position to be in – you don’t have to be a magician to work in IT, but it helps.
So how can you square the circle of adding increasingly strong security measures to reduce the risk of data breaches while simultaneously keeping costs down and managing resources wisely?
Say hi to HCI
Hyperconverged Infrastructure, or HCI, provides a large part of the answer.
HCI blends the elements of a traditional data center (compute, storage, and networking) into a single system. Instead of a hardware-defined infrastructure, HCI creates a virtualized, software-defined environment that is often simpler to maintain and easier to scale up and out. This helps to reduce operational costs and improve performance.
Digital transformation is driving enterprise data centers towards hyperconverged infrastructure (HCI) and away from traditional RAID and compute-storage-network infrastructures. It’s not difficult to see why: HCI makes sense when agility, total cost of ownership and security are your priorities.
But HCI isn’t secure by default
To reduce the risk of security breaches, you need to choose secure components in your HCI solution. AMD EPYCä processors are designed with a sophisticated suite of security features that help minimize security risks.
How AMD EPYCä CPUs bring security capabilities to your HCI solution
- AMD’s focus on security. AMD Infinity Guard2 is a suite of security features built-in at the silicon level offering a modern multi-faceted approach to data center security. AMD Infinity Guard helps minimize potential attack surfaces at boot and as your critical data is processed.
- Virtual Machine (VM) isolation. AMD EPYC™ CPUs have a capability called Secure Encrypted Virtualization (SEV) to cryptographically isolate VMs. Each VM is encrypted with a unique key, which is owned and managed by the AMD Secure Processor. By encrypting the memory of each VM, they are cryptographically isolated from each other and from the hypervisor. Your virtual machines are protected by one of up to 509 unique encryption keys known only to the processor.
- Checking for unauthorized software and malware at boot. This feature provides authentication checks to help ensure your firmware has not been altered. Boot-level hardware security protections like AMD Secure Boot provides a secure root of trust and can prevent a server from booting if the firmware has been found to have been altered. This can also be extended to virtualized environments by capturing a digital fingerprint of the VM image. As VM’s are booted, if the image is found to have been altered, the VM is prevented from starting up.
You can find AMD EPYC Processor-powered solutions from our leading OEM and ISV partners. Learn more about HCI solutions powered by AMD EPYC here.
1. IBM Security, Cost of a Data Breach Report, Page 5. Report © Copyright IBM Corporation 2020
2. AMD Infinity Guard security features on EPYC™ processors must be enabled by server OEMs and/or Cloud Service Providers to operate. Check with your OEM or provider to confirm support of these features. Learn more about Infinity Guard at https://www.amd.com/en/technologies/infinity-guard. GD-177
AMD, the AMD arrow, EPYC, and combinations thereof, are trademarks of Advanced Micro Devices, Inc.
Copyright © 2021 IDG Communications, Inc.