I was watching an early episode of Downton Abbey once when I heard a memorable line from the character played by Maggie Smith, the Dowager Countess Violet Crawley – “What is a weekend?” It was rather comical to me, but also poignant – in four simple words the aristocratic character made a powerful statement – that in the course of her life there is no concept whatsoever of the difference between a work-day and a non-work day because simply put – they are all non-work days. The countess cannot wrap her head around a concept that is, simply put, completely alien to her entire upbringing.
Similarly in IT we have recently had a series of events that have, for many of us, rocked our trust in our infrastructure foundation. To me at least it was difficult at first to wrap my head around the concept that I could not actually trust a vanilla install of an operating system – the underlying hardware may have been modified in transit by a state agent, or the hypervisor I am installing onto could have a rootkit installed, or the patch update or BIOS I am installing was not legitimate nor properly signed or an employee could just insert a USB key and reboot a server.
To me at least – this was completely alien to my upbringing. Until enough people started telling me enough stories of what has actually happened to their systems I couldn’t comprehend that some of these things actually had happened — Like the countess, times changed around me and I was unaware of the current state of the world I was living in. IT leadership today might reasonably pose the question, “What is a secure system?” Having been shown that insecure systems are, as with the countesses’ weekends, ubiquitous, the lack of a concept of a completely secure computing platform is understandable. Skyport Systems is here to change that.
We need to have some set of our infrastructure that is known to be good and is very difficult to compromise and if it is under attack has enough safeguards, measurements, and capabilities in place that you can quickly know that something has happened and take appropriate action — As one astute CISO I was chatting with the other week said:
“We have one very simple question we need to constantly validate: how can we prove that the software running on our servers is only the software we want running on our servers? — We have learned through 25 years of viruses that software alone cannot be used to protect and validate software.”
Some of the questions we face daily are —
- How do we create a set of infrastructure that can withstand persistent threats, patient attackers, and increased professionalism?
- How can IT deliver systems that have security ‘on’ by default, rather than by belated integration?
- How do we verify that systems were not artificially transformed by outside agents and that the software on my system is what I intended?
- How do we detect if a system has been modified and be able to take immediate corrective action?
- How do we prevent a single user credential if lost, stolen, or compromised to be able to destroy our enterprise?
- How do we secure systems when they are in physical environments that are out of our control?
- How do I ensure my log and accounting of actions on each system are not modified and are stored in a tamper-proof method?
When Skyport was founded the team looked at the challenges we were seeing with the current infrastructure, of integrating multiple disparate systems into a real-world operating environment and of swiftly reacting to a detected breach or credential theft, and realized that we need a new approach.
We saw that the investments CIOs were making in automating IT through cloud, virtualization, single sign-on, SDN, and Big Data were resulting in a small number of critical infrastructure control points that, if compromised, could bring down an entire enterprise. There are, within most networks, a set of systems that demand an increased security posture – these keystone systems provide critical services to all of the applications, users, and infrastructure.
We studied a bit of history and realized that if you look at the four main ‘pillars of IT infrastructure’ — Compute, Storage, Network, and Security — every time a company could successfully integrate two of them it created a market category:
- Compute + Network = Converged Infrastructure
- Network + Storage = Network Attached Storage
- Compute + Storage = Hyper-Converged Infrastructure
- Network + Security = Network Security (FW, VPN, IDS/IPS, etc)
However, while many companies have focused on linking security with operating systems, software agents, applications, mobile devices, etc. – no one has actually focused on making a secure computing system, at least one designed for enterprise consumption and not just military applications. So when we realized this we started working this linkage between security and computing: Hyper-Secured Infrastructure.
Over the past twenty-five years the world has advanced, the threat landscape has changed, the required response is not going to be more of what has failed us in the past — Like Violet Crawley learned over the course of several seasons, the world we are living in is not the same as the one we grew up learning in.