“Trust no one” is becoming the enterprise security mantra for 2023.

Zero trust, a cybersecurity architecture designed to allow only known good activity across systems and data pipelines, is gaining more interest among corporate leaders. A 2022 survey published by the Cloud Security Alliance found that 80% of executives viewed zero trust as a top priority and 77% of them were increasing budgets to implement it.

One enterprise technology provider that is a major believer in zero trust is Dell Technologies Inc. The company has been focused on building an ecosystem around zero trust and facilitating broader customer adoption by integrating it throughout its portfolio of products and services. (* Disclosure below.)

“We recognize that the best security strategy for the modern world is a zero-trust approach,” said Deepak Rangaraj, PowerEdge security product manager at Dell, in a recent interview with theCUBE, SiliconANGLE Media’s livestreaming studio. “We are building our infrastructure and tools and offerings for customers to make them cyber resilient. What we mean by that is they are capable of anticipating threats, withstanding attacks and adapting to the adverse conditions in which they’re deployed. We have completely adapted our security approach to make it easier for customers to work with us, no matter where they are in their journey towards a zero-trusted option.”

Persistent attacks: The market responds

There is a note of urgency around building an ecosystem that will leverage zero-trust models. Gartner Inc. recently reported that only 1% of large enterprises have a mature and measurable zero-trust program in place. This paltry number stood in sharp contrast to the threat landscape at the start of 2023, which has been marked by several notable cyberattacks.

In the month of January alone, a ransomware attack on ION Group disrupted financial transactions in the U.S. and Europe, hackers reportedly breached the accounts of over 6,000 customers of Gen Digital Inc., and Britain’s Royal Mail service had to briefly close its international shipping operation after a Russian gang exfiltrated sensitive data.

“The reality is that security is a multi-layer discipline,” said Rob Emsley, head of data protection and cybersecurity marketing at Dell, in an interview with theCUBE. “The days of thinking that it’s one or another technology that you can use or a process you can use to make your organization secure are long gone.”

Dell’s focus on zero-trust principles has been highlighted by a series of recent announcements it has made in the cybersecurity space. In October, the company unveiled new services designed to let organizations assess zero-trust maturity, support endpoint security solutions and implement ransomware protection for object storage data. Dell’s zero-trust initiative encompasses additional support for multifactor authentication, dual authorization and role-based access control. The company has enabled multifactor authentication through access tools such as Integrated Dell Remote Access Controller.

IDRAC provides local and remote server administration across Dell’s PowerEdge products, offering more than 180 discrete measurements. Dual authorization requires that changes made by one administrator must be approved by a second, and Dell has incorporated this feature into its PowerProtect Data Manager for which the company recently announced a series of software advancements.

Role-based access control is a hierarchy of roles, with each role having specifically defined privileges within enterprise IT. A device manager, for example, could perform control and configuration operations on various machines, but would require administrator rights to create or delete devices.

“Across our infrastructure, security has to be built in,” Emsley said. “We have capabilities that allow us to identify whether or not configurations have changed. It’s intrinsic security within our servers, within our storage devices, within elements of our backup, with multifactor authentication elements that make the overall infrastructure secure.”

Advisory support

In October, Dell announced it would launch Cybersecurity Advisory and Vulnerability Management Services. These new offerings were designed to help businesses address security gaps and build-in greater cyber resiliency. Dell Cybersecurity Advisory Services offers company consultants equipped to work with clients to implement vulnerability management and achieve zero-trust goals. A tangle of cybersecurity tools often leaves companies with uncertainty over what to prioritize and when. Dell’s advisory services builds on top of vulnerability scanning with recommendations and actionable steps toward aligning organizational objectives with zero trust.

Dell’s Vulnerability Management Service provides experts who scan customer environments and provide customers with a full picture of exposure, along with assistance in closing security holes.

“How do you identify the threats that exist in the customer’s network?” asked Mihir Maniar, vice president at Dell, in an interview with theCUBE. “For that, we provide advisory services and assessment of the customer’s vulnerability in order to detect those vulnerabilities. And then we can build the prevention mechanisms.”

Dell has also furthered the zero-trust cause by establishing a new dedicated facility for cybersecurity experimentation and advancement. The Zero Trust Center of Excellence will open this spring at DreamPort, a cyber innovation facility in Columbia, Maryland, that was created by United States Cyber Command.

In collaboration with the Maryland Innovation and Security Institute and CyberPoint International Inc., Dell plans to offer organizations a secure data center to validate zero-trust use cases. Enterprises will be able to test implementation for zero trust as a foundational tool and build a zero-trust strategy to support a multicloud environment.

Object storage security

Along with establishing a center of excellence and integrating zero-trust tools into enterprise solutions, Dell has also taken steps to strengthen security in the object storage space. This focus is important to the enterprise because object storage, a flexible architecture for managing data as objects within a storage pool, helps deliver rich media and internet of things solutions. In 2021, Dell began providing ObjectScale, its enterprise object storage offering, with a software-defined, containerized, high-performance architecture in a Kubernetes-centric solution.

“Historically, object storage was considered this cheap and deep place; customers would use this for their backup data and archive data,” said Anahad Dhillon, director of product strategy and planning at Dell EMC, in an interview with theCUBE. “The object space is now maturing, and we’re seeing customers using object for their primary data, for their business-critical data.”

Using object storage for critical data has increased the need for greater protection. Dell’s approach to security takes a different path from other solutions in the object storage market, according to David Noy, vice president of product management at Dell.

“If you look at what a lot of object storage players are doing, as it relates to cybersecurity, they’ve implemented object locked and basically using that to lock down data,” said Noy, in an interview with theCUBE. “I’m glad they’re doing that. We have the ability to look at user behavior and determine that something bad is happening, so this is about being able to do predictive analytics.”

In recent months, Dell has indicated that it will back up its cyber protection solutions with financial support. The company announced a Cyber Recovery Guarantee that will provide up to $10 million for data recovery stemming from a ransomware attack or other qualifying cyber event in situations where the data cannot be restored. The guarantee is an extension of the company’s Future Proof Program that provides a set of assurances across Dell’s storage, data protection, hyperconverged infrastructure, networking and server solutions.

“In this brave, new world of persistent cyberthreats, organizations need the confidence they have the resiliency to withstand attacks on their data so they can maintain business operations regardless of whatever comes down the pike,” said Noy, in a post on the company’s website at the time of the guarantee’s unveiling.

(* Disclosure: This article is part of theCUBE’s ongoing coverage of enterprise cybersecurity trends, including sponsored event coverage made possible by Dell Technologies Inc. Neither Dell nor any other sponsors have editorial influence over theCUBE or SiliconANGLE content.)

Image: Dell Technologies