Cloud-native enterprises face a series of challenges: from hybrid cloud architectures and infrastructure virtualization to multi-level attacks and lack of visibility. These complex issues limit enterprises' ability to implement effective security strategies.
In his keynote address at last year's GPU Technology Conference, NVIDIA founder and CEO Jensen Huang introduced how the NVIDIA BlueField-2 Data Processing Unit (DPU) protects and accelerates enterprise computing on a single chip. Huang also presented the BlueField-2X, which combines all the capabilities of the BlueField-2 with NVIDIA Ampere GPU technology. This powerful DPU platform enhances additional data center security features, enabling enterprises to leverage the power of AI for real-time security analytics, malicious activity out-of-band detection, and more.
NVIDIA also announced a collaboration with Check Point Software Technologies to protect the evolving IoT environment by embedding Check Point's Infinity NEXT on the BlueField-2 DPU.
Zero-Trust Security Emerges to Safeguard Enterprises
Data center security solutions can take many forms. The emerging zero-trust model aims to mitigate enterprise security challenges by guiding organizations to never trust anyone or anything surrounding their application data. This requires identity verification and authorization for every connection attempt, and it has been widely adopted in the market to secure enterprise cloud environments.
Traditionally, network firewalls have played a critical role in establishing perimeter-level security, and they remain essential for protecting software-defined data centers today. More recently, the zero-trust security model has spawned a new generation of software-defined perimeter solutions, which take a software-centric approach to establishing zero-trust network access to applications and data.
Challenges and Limitations of Software-Only Zero-Trust Solutions in Data Centers
In the era of hybrid cloud, AI, and edge computing, the implementation of software-defined networking and security policies presents dual challenges: delivering security at extreme speed and efficiency, and gaining visibility into the state of each host and enforcing security policies on it via security agent deployment.
The first requirement drives demand for accelerated security processing (offloaded from the host CPU). The second is particularly challenging, as a software-defined security agent running on the host means that potential attackers, protected data, and security control agents now all share the same trust domain—the host CPU.
If a host is compromised, attackers can exploit vulnerabilities in security control mechanisms to move laterally across the data center network. This renders software-only zero-trust solutions powerless to defend against the next wave of cyberattacks.
From Zero Trust to Extreme Reliability
NVIDIA DPUs deliver exceptional zero-trust protection for enterprises.
The built-in isolation capabilities of the BlueField-2 DPU create a separate trust domain (for deploying security agents) from the host system. If a host is compromised, the isolation layer between the security control agent and the infiltrated host prevents attacks from spreading across the entire data center.
The BlueField-2 DPU also addresses enterprises’ reluctance to deploy security agents directly on compute platforms. Low-latency, performance-sensitive workloads, regulatory compliance requirements, and DevOps workflows typically prohibit agent deployment.
Lack of visibility into application workloads creates infrastructure silos for enterprises, preventing the application of consistent security policies. However, by deploying security agents on NVIDIA DPUs, which are fully isolated from the application domain, enterprises gain both visibility and the ability to enforce uniform security policies across their infrastructure.
The BlueField-2 offers a suite of security acceleration capabilities—from stateful packet filtering, load balancing, and firewalls to line-rate encryption/decryption and key management. These enable enterprises to accelerate security processing at the edge of every server while unlocking the performance of traditional serial and parallel applications.