Dell has unveiled multiple security enhancements which the company is stressing continues improvements being embedded into their technology, with an emphasis here on validating security throughout the supply chain.
The state of IT technology security remains broken, and continues to fall behind attackers. That’s the discouraging opinion of John Roese, Dell Technologies’ global Chief Technology Officer. Roese said that part of what Dell is doing to try and keep up with the problem is to both make its security core to the products, and to extend it throughout the entire supply chain.
“The current state of technology security in the IT world is not sufficient,” Roese stated. “We are not keeping up. Most customers build their security model on the assumption that bad actors are already in their infrastructure and they hope to deal with the APT [Advanced Persistent Threat] when it becomes active.
“We need to do more,” Roese continued. “We need to start transforming the way we think about security and change to a model that at least lets us keep up with the threats as they emerge.”
So how do you actually do that? Roese said security needs to be better built into the whole system, which includes both Dell’s own infrastructure and devices, and third-party products.
“Intrinsic security means building security into the environment – making it core, not a bolted-on afterthought,” he stressed. “What’s critical is the supply chain, the ability to extend the experience in a secure way. How do you orchestrate it within the system? We realized software defined networks were a great opportunity to bring security into the chain, and these announcements are a continuation of that journey.”
Sylvia Seybel, VP, Security and Client Solutions Marketing, Dell Technologies, introduced the new announcements at a virtual press conference.
“Security is part of our DNA,” she said. “We are announcing additional features to help secure the supply chain and infrastructure products that make our products more secure. These announcements focus on the supply chain as well as how we secure our infrastructure.”
The enhancements begin with Dell SafeSupply Chain solution, which are offered on top of the Dell Secure Development Lifecycle and standard supply chain security measures to protect PCs during transit – and demonstrate that this is the case for customers.
“With Dell SafeSupply Chain for Client Systems, we want to make sure when our systems arrive at our customers, they are not tampered with, and that our customers have the assurance that no one has tampered with the system,” Seybel said.
With SafeSupply Chain Tamper Evident Services, tamper-evident seals are added to the device and its box at the factory before shipping. Customers can also choose optional pallet seals for extra security. In addition, SafeSupply Chain Data Sanitization Services offer a NIST-compliant hard drive wipe to prevent spyware or illicit agents from getting injected into a device’s hard drive.
At launch, SafeSupply Chain is only on commercial PCs – and only in the U.S. No word yet on what it will be extended to Canada, or anywhere else. Seybel said Dell is looking at timelines for global availability.
Server integrity is addressed by the Dell EMC PowerEdge server portfolio now coming with Secured Component Verification. This is an embedded certificate that lets companies verify their servers arrive as they were ordered and built, and that no changes have been made to system components like memory or hard drive after the server is sealed and shipped from the factory.
‘Dell is the only manufacturer who provides this cryptographically verified hardware integrity,” Seybel stated. It will be available by the end of the calendar year 2020.
Another new capability is the ability to customize boot security for servers, with PowerEdge UEFI Secure Boot Customization.
“This enables your IT organization to have your own custom certificate for your boot process,” Seybel said. “It’s relevant for customers specifically in highly secure industries, and it limits dependencies on third party certificates.” It’s available now.
Seybel also noted that iDRAC9 – the latest release of PowerEdge servers’ integrated Dell Remote Access Controller – also adds new security capabilities. iDRAC’s automated server management lets a customer enable or disable a system lockdown without having to reboot, to prevent changes to a server’s firmware and critical configuration data. That’s not new. What is new, however, is that iDRAC9 extends the lockdown capability to include network interface controllers, providing customers more control over the lockdown.
“iDRAC is also adding ability to provide two-factor authentication, and support for RSA SecureID support, to ensure the right user accesses the products,” Seybel indicated. It also adds the ability to manage iDRAC certificates through Redfish APIs for easy access scripting and to automate secure erase scripting across servers. These iDRAC security updates will be available by the end of 2020.
iDRAC now also lets Dell EMC OpenManage Ansible Modules automate important PowerEdge security workflows like user privilege configuration and data storage encryption
“We already use Ansible to control much of the infrastructure,” Roese noted. “But if you connect to the new ability to do dynamic system lockdowns, it means that the customer can unlock this new capability If you can lock your system down, you can avoid problems. But you have to unlock many devices, and if you have to do that with manual intervention, that’s very difficult. Now you have a security feature that doesn’t create an unnecessary burden to use. Ansible combined with the dynamic lockdown automates this instead of just increasing the security burden.”
Dell EMC OpenManage Ansible Modules will be available January 31, 2021
Dell is also extending several Dell EMC services to protect the entire infrastructure portfolio – Dell EMC Data Sanitization for Enterprise and Data Destruction for Enterprise services, and Dell EMC Keep Your Hard Drive for Enterprise and Keep Your Component for Enterprise services.
“With Data Sanitization and Data Destruction, we can make sure all the data gets destroyed if you want to retire a system,’ Seybel said. “We make sure that the data gets taken away.” The hard drive and component replacement services ensure that sensitive data never leaves customer control while parts are replaced, so businesses can abide by strict data privacy regulations. All these services are available now.