Zero trust is more than just vendors and products – it requires process

IT orgs need to adapt their procedures to make it all work, says Dell

Dell Technologies World Zero-trust architectures have become a focus for enterprises trying to figure out how to secure an IT environment where data and applications are increasingly distributed outside of the traditional perimeter defenses of central datacenters.

With the attack surface expanding and cyberthreats growing in number and complexity, many organizations are sorting through a cybersecurity space that has myriad vendors and products to choose from, according to Chad Dunn, vice president for product management for Dell's Apex as-a-service business.

Zero trust – which essentially dictates that any person or device trying to access the network should not be trusted and needs to go through a strict authentication and verification process – will be foundational for companies moving forward, but it has to be more than simply buying and deploying products, Dunn told The Register in an interview here in Las Vegas at the Dell Technologies World show.

Customers have "heard of it, some of them more than others," he said. "But I don't think the awareness is where it needs to be yet.

He added: "It's one thing to have technology that is capable in a zero-trust environment. It's another to have the right processes and procedure to behave in a zero-trust model. That's the next iteration of learning. It's sort of a new discipline and it does cause you to re-examine everything from physical access to identify management to things like secure device onboarding."

Zero-trust frameworks are gaining momentum in the market. Analysts with KVB Research said the global market will hit $54.6 billion by 2026, growing an average of 18.8 percent a year until then.

The COVID-19 pandemic accelerated demand with the rapid shift to remote work, which increased risk.

In March, the Cloud Security Alliance created the Zero Trust Advancement Center led by the likes of Zscaler, CrowdStrike, and Okta to help make sense of the growing numbers of zero-trust products and approaches coming to market by establishing standards, certifications, and best practices.

Such steps could help organizations narrow their focus as they think about zero trust.

"If you ask a customer what they're doing in zero trust, they may be looking at what does this product do, what does that product do," Dunn said. "But it really involves, do you operate under the zero-trust assumption? Putting that mindset and processes in place is a much bigger thing to do. Sometimes it's easy to buy a product but harder to get an organization's processes around operating it."

Dell is putting a focus on security at the show this week, offering its Cyber Recovery Services as a full managed service in its Apex portfolio to help organizations more easily recover from ransomware and other attacks.

In addition, Dell is making data protection products available via both Amazon Web Services and Microsoft Azure, and enabling many of these to run in colocation facilities operated by the likes of Equinix, Digital Realty, and Switch.

Dell has been selling the Cyber Recovery technology to enterprises as a custom product and over the past few years has deployed more than 2,000 Cyber Recovery Vaults, which hold and protect data that can be used in case of a ransomware attack. Now it is offering it as a service.

"With security moving so quickly, the threats changing so quickly and the attack surface changing so quickly, consuming something like this as a service can be very convenient for them," Dunn said.

The company also sells its CyberSense technology for detecting incidents as well as a host of security products via its Secureworks business. Dell isn't looking to be a full cybersecurity technology provider, though it is helping organizations plan for and adopt a zero-trust model, he said.

Other vendors are also rolling out services for securing data. Hewlett Packard Enterprise in September 2021 entered the data protection-as-a-service market with disaster recovery and backup services in its GreenLake portfolio.

Many enterprises embracing zero trust are putting an emphasis on infrastructure services providers like the colocation companies, Dunn said. They give enterprises full datacenter operations, from compute and storage to connectivity, that customers don't have to manage but that are considered private, enabling them to address data privacy and sovereignty requirements.

There are also operational and managements headaches – not to mention rising costs – that come with corporate datacenters. One customer told Dunn that it would take 25 years to amortize the cost of a datacenter.

"We saw [the shift to colocation facilities] accelerate during COVID," he said. "As companies moved to a remote model, they found that they were spending a lot in real estate to house people... If you think it's expensive to house a person in an office, a rack of servers is pretty darn expensive to house.

"The way that technology is moving in terms of the power consumption and the heat dissipation because of processors – more and more usage of GPUs – it's going to get very expensive to have a datacenter. To get any reasonable density, you're going to have to start looking at things like water cooling and more and more power to each tile. Some datacenters just can't support it."

Dunn said the cybersecurity services are the first full-stack offerings in Apex and that Dell is eyeing other fields to expand such complete services into including HPC, MLOps, and virtual desktop infrastructure (VDI).

The company is also looking to expand its Apex cybersecurity services in other areas, including client systems, which will be important as hybrid working becomes the norm, which means employees working on home networks. Dunn said it's a goal he has for the second half of the year. ®

Broader topics

Narrower topics

Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading
  • FTC signals crackdown on ed-tech harvesting kid's data
    Trade watchdog, and President, reminds that COPPA can ban ya

    The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

    In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

    The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

    Continue reading
  • Mysterious firm seeks to buy majority stake in Arm China
    Chinese joint venture's ousted CEO tries to hang on - who will get control?

    The saga surrounding Arm's joint venture in China just took another intriguing turn: a mysterious firm named Lotcap Group claims it has signed a letter of intent to buy a 51 percent stake in Arm China from existing investors in the country.

    In a Chinese-language press release posted Wednesday, Lotcap said it has formed a subsidiary, Lotcap Fund, to buy a majority stake in the joint venture. However, reporting by one newspaper suggested that the investment firm still needs the approval of one significant investor to gain 51 percent control of Arm China.

    The development comes a couple of weeks after Arm China said that its former CEO, Allen Wu, was refusing once again to step down from his position, despite the company's board voting in late April to replace Wu with two co-chief executives. SoftBank Group, which owns 49 percent of the Chinese venture, has been trying to unentangle Arm China from Wu as the Japanese tech investment giant plans for an initial public offering of the British parent company.

    Continue reading
  • SmartNICs power the cloud, are enterprise datacenters next?
    High pricing, lack of software make smartNICs a tough sell, despite offload potential

    SmartNICs have the potential to accelerate enterprise workloads, but don't expect to see them bring hyperscale-class efficiency to most datacenters anytime soon, ZK Research's Zeus Kerravala told The Register.

    SmartNICs are widely deployed in cloud and hyperscale datacenters as a means to offload input/output (I/O) intensive network, security, and storage operations from the CPU, freeing it up to run revenue generating tenant workloads. Some more advanced chips even offload the hypervisor to further separate the infrastructure management layer from the rest of the server.

    Despite relative success in the cloud and a flurry of innovation from the still-limited vendor SmartNIC ecosystem, including Mellanox (Nvidia), Intel, Marvell, and Xilinx (AMD), Kerravala argues that the use cases for enterprise datacenters are unlikely to resemble those of the major hyperscalers, at least in the near term.

    Continue reading

Biting the hand that feeds IT © 1998–2022