Is Your Data Center Embracing ARM? We Have your Zero Trust Strategy Covered

Author

Venky Raju

Read Time

3 Minutes

Last Updated

Jun 12, 2024

table of contents

Since the early 2010s, I’ve worked on several smartphone and tablet projects based on Arm and Linux.  The choice of Arm over Intel’s ubiquitous x86 line was based primarily on lower power consumption and optimized software libraries.  These attributes were not particularly interesting for folks designing data centers. The graph below, taken from Edge AI Evangelist’s Thoughts Vol.21: ARM vs RISC-V by Haruyuki Tago, shows that most Arm processor shipments were in Mobile and Embedded segments. 

However, with the rising density of servers in data centers, the increasing costs of electricity and cooling, coupled with the widespread availability of Arm-compatible software, are fueling the rise of Arm-based servers.  If you have read “The Innovator’s Dilemma” by Clayton Christensen, you can draw the parallel between Arm’s disruption of Intel and AMD with various examples presented in the book. 

In its presentation of FYE24 Q4 results, Arm has an interesting slide that demonstrates the rise of its cloud and networking business. 

We also want to look at real-world performance comparisons of Arm vs x86-based workloads.  Dr. Michael Yuan’s analysis showed that the Arm-based Graviton2 delivered better cost/performance vs Intel x86 CPUs while also performing better than Intel when running native binaries.  A recent study by Cascadeo and AWS titled “Comparing AWS Lambda Arm vs. x86 Performance, Cost, and Analysis” also demonstrated Graviton’s superiority in cost and performance. 

We’ve established that Arm is proving to be a strong contender in the server and cloud market, but what does this have to do with cybersecurity?  Protecting these shiny new Arm-based workloads from various threats is a must.  Traditional detection-and-response solutions like EDRs and XDRs alone are not sufficient.  Lateral movement is the adversary’s technique of choice to move within the data center or cloud environment to seek valuable data. 

If your organization wants to adopt a modern cybersecurity strategy like Zero Trust, you have undoubtedly learned about microsegmentation.  While microsegmentation can be implemented in many ways, host-based microsegmentation offers unique benefits: 

  1. Granular Control: Host-based microsegmentation provides more precise control at the individual workload or application level. Policies can be tailored specifically to each host’s needs and behavior. 
  2. Dynamic Environments: Host-based microsegmentation is better suited for dynamic and cloud-native environments where workloads constantly change. Policies can move with the workload, maintaining security regardless of the underlying network changes. 
  3. Scalability: Host-based microsegmentation scales more easily with the growth of virtual machines, containers, and microservices since security policies are attached directly to the hosts. 
  4. Visibility: Host-based microsegmentation offers better visibility into east-west traffic (internal traffic within the data center or cloud environment), allowing for more effective monitoring and threat detection. 
  5. Policy Consistency: Host-based microsegmentation ensures consistent security policies across different environments (on-premises, cloud, hybrid) since policies are tied to the hosts rather than the network infrastructure. 
  6. Isolation: Host-based microsegmentation provides more robust isolation at the host level, reducing the attack surface and limiting the spread of malware or lateral movement within the network. 
  7. Cost and Complexity: By leveraging software-defined policies, host-based microsegmentation can reduce the need for expensive hardware appliances and complex network configurations. 

This means you need a host-based microsegmentation solution that supports your shiny new Graviton-based workloads on AWS, Tau T2 on Google Cloud, etc. We recently updated our Xshield platform with support for ARM agents, ensuring that we are fully prepared to support your transition to Arm-based servers. You can count on us!

Want to learn more?  Please get in touch with us!