NVIDIA backs the future of hardware-based zero trust security
NVIDIA is throwing its weight behind the future of zero trust enterprise security this year, which is a key theme of the GTC 2020 event.
NVIDIA founder and CEO Jensen Huang spoke at length about the company's new BlueField-2 DPUs to boost data center performance and security.
The company also announced a partnership with security firm Check Point, which will see Check Point's Infinity NEXT technologies built into the BlueField-2 DPUs.
NVIDIA's business ethernet NIC and DPU vice president Yaël Asseraf Shenhav states that the zero trust model to data center security means that enterprises should trust neither humans nor machines when they request access to company data, and that all authentication and authorisation attempts should be scrutinised.
Security teams must also efficiently deliver security whilst maintaining visibility. However, software-defined zero trust security can prevent problems, particularly because security agents and the protected data all share the same trust domain.
If a host CPU is compromised, attackers could move laterally across networks, effectively rendering software-based zero-trust solutions useless for protection against attacks.
Asseraf Shenhav says that effective zero-trust architecture requires accelerated security processing that does not weigh down a host CPU.
By implementing security into hardware such as the BlueField-2 DPUs, a trust domain is separate from the host system. This means there is an isolation layer between the security controls on a DPU and the host, limiting the spread of an attack.
“The deployment of security agents onto NVIDIA DPUs, which are fully isolated from the application domain, enables enterprises to gain visibility and enforce a consistent security policy across their infrastructures,” states Asseraf Shenhav.
Additionally, the BlueField-2 DPUs will also include packet filtering, load balancing and firewalls, encryption and key management.
Check Point's Infinity NEXT architecture will support NVIDIA DPUs by providing zero trust security.
“Infinity NEXT is the only consolidated security platform that supports many types of assets across network, endpoint, mobile, cloud, workloads and IoT, providing the highest level of security,” says Check Point's technology and innovation vice president, Oded Gonda.
“Deploying a cloud-centric, lightweight, nano-agent technology onto the NVIDIA DPU, Check Point Infinity NEXT provides in-depth security within assets and workloads to ensure that the latest security is delivered anywhere without requiring any upgrades.
The Infinity NEXT platform is fully compliant with CI/CD processes and offers a full API for automation of deployment processes and configuration management.
Read more about NVIDIA's BlueField-2 DPUs over on DataCenterNews.