Open Compute Project's S.A.F.E. program addresses data center security issues

Oct. 23, 2023
The foundation’s community-led security program ensures data center hardware and firmware security.
The Open Compute Project Foundation (OCP), the nonprofit organization bringing hyperscale innovations to all, recently unveiled its OCP Security Appraisal Framework and Enablement (S.A.F.E.) designed to improve the trustworthiness of devices across all data center IT infrastructure.

According to OCP, the S.A.F.E. program is expected to reduce cost overhead and redundancy of device security audits with an OCP Community developed per device security checklist and advance the security posture of device hardware and firmware components across the supply chain.

The S.A.F.E. program adds a new dimension to the services offered by the OCP Foundation. It starts with the OCP Community developing a standardized device-specific audit checklist and criteria for selecting third-party device security review auditors. The device audit checklist and auditor selection criteria will be open-sourced and available. Device auditors will do a self-assessment, and those who qualify will be designated OCP Security Review Providers (SRP). Device vendors will commission an OCP-recognized SRP to conduct a device-specific security review based on the appropriate OCP community-provided checklist.

“The OCP S.A.F.E. program is an OCP Community-led effort to bring standardizations to device firmware security validation to help data center operators maintain a consistent security posture with reduced costs through removing duplication of efforts which other market segments can replicate. Security is the underlying foundation that makes OCP core tenets of efficiency, openness, scale, impact and sustainability possible," said Steve Helvie, VP of Emerging Markets at the Open Compute Project Foundation.

There are several challenges with independent third-party audits. These results are often available only to specific customers, limiting their market impact. Also, these reviews are frequently commissioned by device consumers at purchase, with device reviews only performed once and subsequent security issues introduced by firmware upgrades and patches go undetected. The OCP, driving a standardized approach across all data center operators, will effectively and efficiently address these issues.

OCP’s S.A.F.E. Program is designed to reduce cost overhead and redundancy of device security audits by addressing three key issues: security conformance to device consumers, increased reviews of devices whose firmware and associated updates are reviewed continuously and advancing the security posture of device hardware and firmware components through iterative refinement of review areas, testing scopes and reporting requirements.

The program has received strong support from third-party auditors and device and silicon vendors. Atredis Partners, IO Active, and NCC Group are currently enrolled as OCP Security Review Providers, with participating device vendors AMD and SK Hynix and silicon vendor Intel.

"The OCP S.A.F.E. program, with the increased level of security assurance it can provide, should bring a new level of confidence to the market for data center IT device consumers and ultimately end users of cloud provider provided services. The efficiencies it drives at the same time as improving security are refreshing for the industry. This is just one example of how open collaboration within a community such as the OCP can benefit everyone," said Ashish Nadkarni, group VP and GM, Worldwide Infrastructure at IDC.

For related articles, visit the Data Center Topic Center.

For more information on high-speed transmission systems and suppliers, visit the Lightwave Buyer’s Guide.

To stay abreast of fiber network deployments, subscribe to Lightwave’s Service Providers and Datacom/Data Center newsletters.

About the Author

Sean Buckley

Sean is responsible for establishing and executing the editorial strategies of Lightwave and Broadband Technology Report across their websites, email newsletters, events, and other information products.

Sponsored Recommendations

The Pluggable Transceiver Revolution

May 30, 2024
Discover the revolution of pluggable transceivers in our upcoming webinar, where we delve into the advancements propelling 400G and 800G coherent optics. Learn how these innovations...

Coherent Routing and Optical Transport – Getting Under the Covers

April 11, 2024
Join us as we delve into the symbiotic relationship between IPoDWDM and cutting-edge optical transport innovations, revolutionizing the landscape of data transmission.

Supporting 5G with Fiber

April 12, 2023
Network operators continue their 5G coverage expansion – which means they also continue to roll out fiber to support such initiatives. The articles in this Lightwave On ...

Data Center Interconnection

June 18, 2024
Join us for an interactive discussion on the growing data center interconnection market. Learn about the role of coherent pluggable optics, new connectivity technologies, and ...