The Best of Both Worlds
- By Laura Williams
- Dec 08, 2010
Dell has long been a player in the hardware side of the security industry, supplying trusted platform modules, authentication mechanisms, servers, networking services, and the laptops and desktops the Austin-based company is widely known for.
But with the late-November introduction of its Data Protection Encryption, Dell is crossing the divide into the solutions side of the security biz.
According to Dell’s Dave Konetski, business client, Office of the CTO, the company’s new goal is to become a “one-stop shop,” a place where businesses can get both the hardware and solutions to administer and secure their networks. And it hopes to do that by using its experience interfacing with other companies’ products to design more user-friendly solutions.
Indeed, this is the impetus behind its Data Protection Encryption service. “We experienced with our customers a lot of pain points that have become very consistent,” Konetski said, “and so we thought this would be a good time to engage in providing full solutions and addressing those customer pain points.”
Leaving Sector-Based Encryption BehindOne of those “pain points” was dealing with sector-based encryption, which Dell eschewed because of what Konetski described as the headaches involved in setup and maintenance – defragmenting the disk, making sure it has no physical anomalies that could botch the process.
Instead, Dell’s encryption service is file-based. An administrator can still encrypt every file on the hard drive, but he or she also has the flexibility to choose to leave OS files out, making patching across an entire network much easier. And because the system encrypts each file, it is able to employ a flexible-encryption scheme – so each file has its own encryption key, allowing, say, CEOs to keep their IT guys away from sensitive business data.
The file-based format has the added bonus of enabling the encryption of any endpoint – not just a hard drive – and that includes USB drives, CDs and any sort of optical storage device. In order to get this functionality with a sector-based system, administrators would have to layer a file-based system on top, which could easily lead to logistical headaches.
Automatic Central Management
The typical drawback to file-based encryption, however, is maintenance. Requiring encryption of every sensitive file leaves a fair amount of room for error – users could easily forget to encrypt the files or may not understand which files are sensitive and need to be encrypted.
Dell combats this problem with an automatic central management system, which allows administrators to create central policies about which files to encrypt. It then deploys them automatically, encrypting sensitive files that fit the profiles the administrator specifies. The service essentially culls the best of both worlds: the flexibility of encrypting only sensitive files and the security of knowing that all the files you need protected are in fact covered.
After that, users and administrators can further modify those policies on individual machines. Konetski says this simplifies implementation. “Since it’s a single system, you write one set of policies for a machine and then you can customize after that,” he said.
For small businesses, the encryption service comes with pre-set “templates” for HIPPA, PCI and FIPPA compliance. “For a lot of small- and medium-sized customers deploying security is difficult,” Konetski said. “Compliance templates allow them to … hit a button for these basic encryptions, and the system will write a set of policies that will govern the required encryption on their endpoint, and will generate the reports and audits so they can show compliance.” After that, administrators can further tweak the policy to tailor it precisely to their specific needs.
Konetski said he believes that the combination of a file-based system and the automatic deployment of encryption policies sets Dell’s encryption service apart. “All encryption systems use same standard algorithms,” he said. “The value to the customer is the ability to manage the system, write policy and then have the policy enforced locally … and that is what makes Dell’s system so great.”
It seems Dell will continue using its experience working with customers and experiencing their frustrations to create more-sophisticated products.
Konetski hinted that the company will continue expanding its offering of solutions. “Dell Data Protection Encryption marks the first step in a continuing strategy to enhance Dell’s security offerings,” he said. “Dell will continue investing in security and other solutions areas as they see a need and believe that they can bring differentiation and simplicity to their customers.”