HPC and AI clusters often serve many groups with different data sensitivity levels. This service covers operating system hardening, network segmentation, identity management and logging with a focus on practicality in research environments.

We review current configurations against relevant baselines such as CIS recommendations, paying attention to side effects that might break existing workflows. Encryption at rest and in flight, credential handling and privileged access paths are analysed in detail.

Where necessary, we help design incident response runbooks and simple tabletop exercises so that operators know what to do if something goes wrong.

Case study – Hardening without blocking research

A university cluster had to satisfy new security requirements without turning into a locked-down system that nobody could use. Initial attempts at hardening caused multiple job failures and user frustration.

We worked through the requirements together, prioritised the controls that delivered the most risk reduction and adjusted others to fit the HPC context. The final configuration met the auditor's expectations while keeping interactive workflows and batch jobs functional.

Discuss this service