The meaning of resilience in IT systems is being redefined.
Dell Technologies Inc. has embarked on a strategy to deliver “Trusted Infrastructure” to its clients, as enterprises have come to accept the fact that not every potential threat can be stopped. The harsh reality of today’s cyberworld is that attackers will still penetrate the compute environment. It’s what enterprises do to build in cyber resilience that will make the difference between disruption or dismissal of the threat.
Data is what the modern cybercriminal covets. Most companies have become ultra-aware of the need for data protection and Dell’s approach has focused on protection, detection, response and, ultimately, data recovery for businesses who must guard customer information.
“If you look at anything that is interesting in the world today, at the center of it is data,” said company co-founder, Chairman and Chief Executive Officer Michael Dell, in an interview with SiliconANGLE in May. “You need to be able to protect it, secure it, and that’s what we do.”
Dell’s concept of a Trusted Infrastructure had been in development over several years. Many of the elements behind the approach were outlined as far back as 2015 that highlighted core themes of orchestration, recovery and root of trust.
The company has been active on several fronts to implement its Trusted Infrastructure approach. A key element in this strategy has been Dell APEX, which delivers cloud services for a range of data and workload requirements.
Dell introduced its Cyber Recovery solution in 2018 and incorporated APEX into the service earlier this year. The cyber-recovery offering loads sensitive data into off-premises vaults and protects it in the event of a ransomware event. According to one Dell executive, the company’s cyber-recovery service has grown from $50 million in revenue three years ago to over $400 million today.
The APEX solution uses air-gapped vaults to store data outside of a client’s system, and protection mechanisms are provided through Dell’s data domain backend.
“In the event of a security-related event and ransomware attack, you could lose all of your data,” said Sid Nag, vice president of cloud, edge services and technologies at Gartner Research, in an interview with SiliconANGLE for this story. “Dell’s approach is to say: ‘If you can keep all of that data elsewhere, we’ll make sure you have an insurance policy.’”
Dell has also extended cyber resilience through the most recent releases of PowerStore and PowerMax. The all-flash PowerStore storage solution was enhanced with a hardware root of trust capability to secure systems at a foundational level.
Dell’s PowerMaxOS 10 enterprise data storage array release contained over 200 new features, including secure boot and digitally signed firmware updates. Cybersecurity capabilities were also extended though multifactor authentication and continuous ransomware/malware anomaly detection as part of Dell’s zero-trust architecture approach.
One of Dell’s strategic initiatives has been to invest in and expand its cloud Managed Services platform. Remote infrastructure monitoring and support for servers and storage are part of the package when it comes to optimizing IT operations for clients.
A key element in Dell’s Managed Services is the firm’s cybersecurity-as-a-service offering. Dell’s Managed Detection and Response solution combines the company’s security experts with the Secureworks Taegis XDR security analytics platform to stop attacks across endpoint, network and cloud.
“We’re bringing the best of the industry and Dell Services together to give them a one-stop-shop managed service,” said Patrick Mooney, senior vice president of services product portfolio management at Dell, in a recent interview with SiliconANGLE. “Let us watch for you so that you can run your business. And when we detect something, we’ll advise you and help you respond.”
In addition to maximizing its APEX solution and updating security features for storage and managed services offerings, Dell has been systematically adding cybersecurity protection across its portfolio of products over the past year. Last fall, the company announced new software and services to accelerate virtual machine backup data availability. Dell EMC PowerProtect Data Manager added a new feature, “Transparent Snapshots,” which can protect VMware virtual machines at scale.
With Kubernetes becoming an integral part of IT infrastructure, Dell has also taken steps to build in security at the Elastic Cloud Storage API level. The company released file and object storage with integrated cyber protection for containerized applications nearly a year ago as part of the release of Dell EMC Container Storage Modules. Through an expansion of its unstructured data portfolio specifically tailored of the Kubernetes space, Dell is offering cyber defense at data’s read/write level.
“We’re able to go and actually infer … that something bad is happening and where we think it’s happening and lock it down even more securely than, for example, just saying, ‘Hey, we provide object lock capabilities,’” said David Noy, vice president of product management at Dell, in an interview with SiliconANGLE.
Partnerships with major hyperscalers have emerged as a central element in Dell’s Trusted Infrastructure approach. In December, Dell announced plans to bring its anti-ransomware solutions to the Amazon Web Services Inc. cloud platform through PowerProtect Cyber Recovery. The agreement provided AWS users with a path to an air-gapped cyber vault for isolating critical data.
Dell followed that up with the launch of CyberSense for PowerProtect Cyber Recovery for AWS in May. The service offered an ability for customers to scan metadata through the use of adaptive analytics. In July, Dell expanded its PowerProtect Cyber Recovery footprint to include users of Microsoft Azure. The software to automate and orchestrate the data vaulting process runs within an Azure virtual network where it is isolated from normal access.
Dell has also announced a collaboration with Kyndryl, the IBM spin-off of its managed infrastructure business, to jointly develop cybersecurity resilience services. Kyndryl recently launched its own cybersecurity resilience assessment service, offering workshops, expert consultation and infrastructure recovery capabilities.
Dell’s comprehensive Trusted Security initiative addresses a fundamental issue for organizations in a highly distributed computing environment. The mission to protect data where it resides has become infinitely more complicated in a multicloud, multiplatform world.
In Dell’s 2021 “Global Data Protection Index”, a survey of over 1,000 IT professionals found that 60% of organizations had suffered from data loss due to an exploited vulnerability and 65% did not express confidence that data/systems could be fully recovered in the event of a breach. Numbers such as these underscore Dell’s interest in providing Trusted Infrastructure to avoid the loss of an asset that has become central to business operations.
“The security angle makes sense, but the heart of the matter is to keep data in a safe, reliable storage platform so you can recover it in case you are attacked,” said Gartner’s Nag. “They are playing on an interesting narrative around security. Everyone is afraid of losing data.”