At an event organized by the American Enterprise Institute in 2012, U.S. Army General Keith Alexander, director of the National Security Agency at the time, called cybercrime “the greatest transfer of wealth in history.”
That was 10 years ago, and the cost of doing business has risen considerably since then. One FBI report pegged the cost of cybercrime in the U.S. alone at $6.9 billion in 2021, and Cybersecurity Ventures predicted that global loss will reach $10.5 trillion annually in just three years.
Against this backdrop of economic damage, enterprises are taking a closer look at the entire landscape of IT operations, where compute runs, where data is created, and who has permission to access it. This is about infrastructure and how to meet the challenge of securing the physical and the virtual, everything from multicloud and edge to software-defined systems and as-a-service delivery.
“The reality is that security is a multi-layer discipline,” said Rob Emsley, head of data protection and cybersecurity marketing at Dell Technologies Inc. “The days of thinking that it’s one or another technology that you can use or process to make your organization secure are long gone. Security has to be built in; it’s not a bolt-on. It has to be part of the overall infrastructure.”
Emsley spoke with Dave Vellante, industry analyst for theCUBE, SiliconANGLE Media’s livestreaming studio, during the broadcast of “A Blueprint for Trusted Infrastructure.” Vellante also spoke with Dell’s Pete Gerr, senior consultant of cybersecurity and resiliency marketing; Steve Kenniston, senior cybersecurity consultant; and Parasar Kodati, senior consultant of ISG product marketing. They discussed technologies and philosophies behind Dell’s trusted infrastructure initiative. (* Disclosure below.)
Here’s the complete video interview with Rob Emsley:
Dell’s approach to a trusted infrastructure focuses on protecting data systems, creating cyber resiliency, and modernizing security operations in a way that overcomes complexity. It is a major undertaking for Dell because it requires the firm to build suitable protections across its entire suite of products.
“Dell is embedding security features consistently across our portfolio of storage, severs and networking,” Gerr said. “Dell Trusted Infrastructure is a way for us to describe the work we do in the design, development and delivery of our IT systems. It includes our storage, our servers, our networking, our data protection, our hyperconverged, everything that infrastructure always has been.”
To accomplish this, Dell relies on several key pieces of technology to enhance enterprise security. CloudIQ is a cloud-based application that leverages predictive analytics to monitor Dell storage systems. The company brought CloudIQ support to its PowerFlex software-defined storage layer last year and followed that with integration across the Dell EMC portfolio.
“We’ve developed a lot of signals to see what could be indicators of compromise,” Kodati said. “Signals are being gathered at the CloudIQ level and other applications. Intelligence has to be at every layer where it makes sense, where we have the information to make a decision.”
Another area of Dell’s focus in building trusted infrastructure involves the use of its PowerProtect technology and data isolation. In 2019, Dell enhanced its PowerProtect Cyber Recovery solution to include automated restoration from a secure, isolated vault. The company has also integrated this approach in its trusted infrastructure initiative, according to Kodati.
“It paved the way for data isolation to be a core element of data management and data infrastructure,” Kodati said. “Since then, we have implemented these technologies within different storage platforms as well.”
Here’s the complete video interview with Parasar Kodati:
Fostering cyber resilience
The concept of cyber recovery in the event of a breach has become an important element in how most organizations approach infrastructure security. This is largely because breaches have become inevitable.
The reality of certain compromise was captured in a paper published by Gartner Research in July 2021 titled: “You Will Be Hacked, So Embrace the Breach.” The report focused on a set of strategies to transform cybersecurity into cyber resilience, a theme that has infused Dell’s strategic approach to infrastructure security.
“Cyber resilience is based on the premise you will be hacked,” Emsley noted. “You have to embrace that fact and be ready and prepared to bring yourself back into business. A great recovery plan is the basis of any good solid data protection and recovery philosophy.”
Along with cyber resilience is the need for zero trust. The concept of zero trust is based on the assumption that any user on a given network is up to no good until proven otherwise. Zero trust has been a major cornerstone of the U.S. government’s cybersecurity strategy. It is central to the security philosophy at the Department of Defense and a foundation for orders issued by the White House for federal agencies over the past two years.
“Ever since the federal government came out with their implementation or desire to drive zero trust, a lot more people are taking it a lot more seriously,” Kenniston said. “The question is can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive?”
Here’s the complete video interview with Steve Kenniston and Pete Gerr :
Kenniston’s question goes to dilemma of enterprise cybersecurity. Companies want to be a secure as possible, but there is still a business to run. Finding the right balance between both has been a major challenge. Dell’s solution to this problem has focused on creation of maximum flexibility by providing air-gapped solutions that help eliminate worry and AI or machine learning tools to automate security response.
“There is a lot of flexibility that has been built into this by design,” Kodati said. “These are areas where a lot of innovation is happening.”
Dell trusted infrastructure is grounded in what the company calls the three “I’s”: isolation, immutability and intelligence. The use of a Cyber Recovery Vault to isolate and protect critical data allows users to control their own security, an important consideration when an IT network is under attack. Immutability is technology employed by Dell to ensure that the data inside a vault is unchangeable. This is often supported by intelligence — the use of additional tools to provide anomaly detection in the event that information may have been altered by malicious actors.
“The intelligence piece is delivered by a solution called CyberSense,” Emsley said. “It’s doing full content analytics. Has the data changed in any way? It’s looking for different characteristics that are an indicator something is going on.”
Dell’s infrastructure vision takes a realistic view of the cyber threat environment. The notion of perimeter security has been replaced with an understanding that intruders are going to get in, and enterprises must find ways to isolate critical data and implement sophisticated monitoring to guard against significant damage.
It may not yet be an even playing field, but advances in technology are allowing enterprises to make it a fairer fight.
“Organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago,” Gerr said. “Along with that, cybercrime has become a very profitable enterprise. We’re finally seeing security catch up with all the technology adoption, all the build out.”
Watch the complete “A Blueprint for Trusted Infrastructure” event video below:
(* Disclosure: TheCUBE is a paid media partner for the “A Blueprint for Trusted Infrastructure” event. Neither Dell Technologies Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)