Optimizing security often involves adding friction to the user experience. And no matter how powerful a security feature is, it is worthless if it gets turned off.
A 2022 survey found that 76% of information technology decision-makers will turn off security features to improve performance.
“Absolutely the worst thing you can do from a security perspective is to provide a feature that’s so unusable that the administrator disables it or other key security features,” said Jerome West (pictured), product management security lead for hyperconverged infrastructure at Dell Technologies Inc. “When I work with my partners to define and develop a new security feature, the thing I keep foremost in mind is ‘Will this be something our users want to use and our administrators want to administer?’”
West spoke with theCUBE industry analyst Dave Vellante at the “A Blueprint for Trusted Infrastructure: Episode 2” event during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the challenges of securing hyperconverged infrastructure. (* Disclosure below.)
Supply chain security is a complex challenge
West’s focus on customer experience is paying off. Dell’s HCI portfolio has taken the Customer’s Choice award in Gartner Inc.’s Peer Insights Voice of the Customer for Hyperconverged Infrastructure for the past three years.
HCI security presents a unique challenge because it virtualizes the complete data center, so it encompasses storage, compute, networking and management elements. This means that West and his security team can’t focus on one single type of information technology system but have to maintain security across the breadth of the HCI portfolio. Supply chain attacks provide a good example of this complexity, according to West.
“An attacker is going to attack your software supply chain upstream so that hopefully a piece of malicious code that wasn’t identified early in the software supply chain is distributed via a large player, like VMware or Microsoft or Dell,” he said.
Maintaining visibility and protecting that entire supply chain for every component and across all third-party vendors is a clear challenge. The answer lies in building close relationships and collaborating on solutions, West told theCUBE. Dell works with partners, including VMware and Microsoft, to create both short-term and long-term solutions for supply chain security.
“For the short-term solution, the obvious thing to do is to patch the vulnerability,” he stated.
Dell’s VxRail HCI platform is built on VMware software, which means that when a vulnerability is detected, Dell is the consumer of a patch provided by VMware. Thanks to the close relationship between the companies, VXRail’s engineering team has co-engineered a release process with VMware to shorten the development life cycle. Within 14 days of VMware releasing a patch, Dell will have tested and validated the update and integrated it into its own code, according to West.
“As a result of this rapid development process, VXRail had over 40 releases of software updates last year,” he stated.
The longer-term solution is the creation of a software bill of materials, known as an SBOM. Dell maintains a comprehensive and current list of the provenance of software components thanks to its ability to consume VMware’s software manifest, including upstream vendors and open-source providers, West explained. This means his team can detect where a software problem is and quickly address it and they aren’t caught off guard by unforeseen vulnerabilities.
“The strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer,” West added.
Collaboration provides security advantages
Dell’s close partnership with VMware enables it to integrate the security functions and features of VMware platforms, such as NSX network security virtualization, Horizon multicloud desktop and app virtualization, Carbon Black endpoint security, vSphere and vCenter. An example of this in action is how VxRail supports multifactor authentication through vSphere integration with Active Directory Federation Services.
“There are a lot of providers that support AD FS,” West said. “So, we can support a wide array of identity providers, such as Auth0 or [Microsoft] Active Directory through that partnership.”
That Dell and VMware would have closely integrated processes and support isn’t a surprise, considering how VMware was part of the Dell Technologies family until its very recent spin-off. But Dell also maintains close ties with Microsoft and offers a portfolio of solutions for Azure Stack. The company also collaborates internally with Dell product security teams.
“We consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers — from the hardware layer that’s provided by Dell through PowerEdge, to the hyperconverged software that we build ourselves, to the virtualization layer that we get through our partnerships with Microsoft and VMware,” West stated.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “A Blueprint for Trusted Infrastructure: Episode 2” event:
(* Disclosure: TheCUBE is a paid media partner for the “A Blueprint for Trusted Infrastructure: Episode 2” event. Neither Dell Technologies Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)