Today Dell Technologies announced several security advancements across several areas including supply chain, services, devices, and infrastructure. Aside from the supply chain (which is in and of itself a big deal), the company is offering protection through the boot process and dynamic system lockdown. Dell doesn’t stop at its own products but extends the data security-focused services to third-party products as well.
Today Dell Technologies announced several security advancements across several areas including supply chain, services, devices, and infrastructure. Aside from the supply chain (which is in and of itself a big deal), the company is offering protection through the boot process and dynamic system lockdown. Dell doesn’t stop at its own products but extends the data security-focused services to third-party products as well.
Security is one of the top concerns and attacks aren’t going down any (we all get the call about our vehicle’s extended warranty). The digital landscape has rapidly changed over the last few years but there can be lots of resistance to embracing these changes, and reaping the benefits, if security is one’s main concern. Research from Futurum has shown that recently as high as 56% of companies had cyberattacks that were attributed to a vulnerability in hardware or silicon-level security.
Dell Technologies is not new to security issues or making their devices and services more secure. They claim to have embedded hundreds of professional security engineers across the company to design and build security into its supply chain, services, infrastructure and devices. Their security measures ran the entire gamut of the company from root of trust in their PowerEdge servers to end-to-end encryption in its PowerMax to cyber recovery solutions in PowerProtect to security below the operating system in the company’s PCs.
Supply Chain Security
A big issue is securing the supply chain. A vendor can do everything right but have a nefarious actor somewhere in the supply chain compromise security. Compromise can be adding malware or counterfeit parts, or tampering with the firmware. There have been a few high-profile examples of this in the last few years. Dell Technologies is looking to assuage fears with its new supply chain security offerings and data security-focused services for Dell Technologies infrastructure and commercial PCs. This offering strengthens secure supply chain practices.
For commercial PCs, Dell is beefing up its supply chain security and while in transit. According to the company, Dell Technologies SafeSupply Chain solutions are offered on top of the Dell Secure Development Lifecycle and standard supply chain security measures. New solutions include:
- SafeSupply Chain Tamper Evident Services help protect against tampering during transport. Tamper-evident seals are added to the device and its box at the factory before shipping. Customers can choose optional pallet seals for extra security.
- SafeSupply Chain Data Sanitization Services prevent spyware or illicit agents from getting injected into a device’s hard drive. With a NIST-compliant hard drive wipe, Dell Technologies helps businesses ensure their device has a clean slate before they add their company image.
For Dell EMC PowerEdge servers, the new more secure supply chain measures include a server validation for integrity upon arrival. This Secured Component Verification is an embedded certificate that lets companies verify their servers arrive as they were ordered and built. This makes Dell Technologies one of the first major server vendors to offer cryptographically verified hardware integrity. The above new security measures build upon the existing cyber-resilient architecture, including a well-established silicon Root of Trust. The new Secured Component Verification:
- Verifies changes are not made to system components (e.g. memory or hard drive swap, I/O changes, etc.) after the server is sealed and shipped from the factory
- Protects against cybersecurity risks by meeting supply chain security standards across highly regulated industries such as financial and healthcare
- Allows customers to validate and deploy multiple servers efficiently
The above new features are great for those that are buying new gear, but as well all know servers get moved around and repurposed quite a bit, another layer where security can be compromised. Dell Technologies isn’t stopping at securing new infrastructure, they are going back through their existing portfolio as well with these two new features:
- Dell EMC Data Sanitization for Enterprise and Data Destruction for Enterprise services now support the entire Dell Technologies infrastructure portfolio and third-party products. Dell can provide the services at the customer’s facility to help redeploy or retire assets according to the latest industry and compliance standards.
- Dell EMC Keep Your Hard Drive for Enterprise and Keep Your Component for Enterprise services are available for the entire infrastructure portfolio. Sensitive data never leaves customer control while parts are replaced, so businesses can abide by strict data privacy regulations.
Server Security
The above is great for securing the devices that are being created or transported. While this is an area of concern, roughly half of the attacks come are at the hardware-level or are BIOS attacks. That means security needs to be strong at the hardware and firmware level. Dell is looking to secure its PowerEdge servers through a combination of security customization, automation and intelligence.
As servers boot up, if there is an issue and the boot is compromised bad actors can get into any part of the system. Dell Technologies is releasing customizable boot security for the PowerEdge servers. This custom approach, PowerEdge UEFI Secure Boot Customization, allows IT to setup the boot process, lowering the chance of a successful attack. The feature is said to provide advanced mitigation for industry-wide bootloader vulnerabilities.
The final security feature announced today is the ability to lockdown servers. The latest version of iDRAC enables customers the ability to enable or disable a system lockdown without rebooting. Through this feature, admins can prevent malicious or unintentional changes to the server’s firmware. The new release also includes:
- Stronger security controls with multi-factor authentication
- Enables Dell EMC OpenManage Ansible Modules to automate important PowerEdge security workflows such as user privilege configuration and data storage encryption
- Allows customers to manage iDRAC certificates via Redfish APIs for easy access scripting and to automate secure erase scripting across servers
Availability
- Dell SafeSupply Chain is currently available in the U.S. for commercial PCs.
- Dell Technologies Secured Component Verification on PowerEdge Servers will be
- available by the end of the calendar year 2020.
- Dell EMC Data Sanitization for Enterprise and Data Destruction for Enterprise Services
- are currently available.
- Dell EMC Keep Your Hard Drive for Enterprise and Keep Your Component for Enterprise
- Services are currently available.
- Dell Technologies PowerEdge UEFI Secure Boot Customization is currently available.
- iDRAC security updates will be available by the end of the calendar year 2020.
- Dell EMC OpenManage Ansible Modules will be available January 31, 2021.
Engage with StorageReview
Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | Facebook | RSS Feed