As more aspects of our lives move online, the potential rewards for cyber criminals get larger, their methods become more sophisticated, and it’s up to the good guys to find new ways to stop them. As the saying goes, there’s no point locking the stable door after the horse has bolted!
OEM security is different
Most articles I’ve seen focus on security failures where in-house IT has been compromised but in the case of OEMs, the situation is somewhat different. As an OEM, your appliances will most likely be installed at your end customers’ data center. You cannot afford for your device to be the weak point, the unlocked door through which hackers gain entry. It’s a bit like minding your own kids versus taking care of your neighbor’s family. Securing your own data assets is one thing but being accountable for your customer’s data is a horse of a different color.
Freedom to innovate and flexibility to customize
Of course, Dell OEM appliances offer standard security features you will find with many other suppliers like chassis intrusion detection, signed firmware updates and trusted platform module (TPM) but in my experience, OEM customers need more.
They require a hardware platform that gives them the freedom to innovate while providing the flexibility to customize that hardware and make it part of a secure solution. Sounds great but how does this actually work in practice? Rather than talk theoretically, let me share a real-life example.
Protecting appliances in the open internet
One of our biggest OEM customers provides their appliances to ISPs. These are exposed to the open internet — they don’t sit safe behind firewalls — and so they’re more exposed than pretty much any device you’ll come across. Understandably, this customer has a healthy level of paranoia about the level of inherent security of its devices, which is one reason it chooses Dell OEM PowerEdge servers, powered by Intel Xeon processors.
The customer uses our OEM Identity Module to configure a raft of security settings that lock its devices down from top to bottom. To explain, the Dell OEM Identity Module sits outside the server’s operating system and stores personalized settings like custom splash screens, but also lets you exclude bootable device categories, prevent malicious code injections, and disable server management features that you either don’t want to use, or which could represent a security risk. This means nobody can walk up to your appliance, insert a USB stick, and run a rootkit virus, for example.
Configuration options
In short, rather than a house with all the doors and windows open, we’re talking about a house with all the doors and windows locked, and an easy way for you to configure which ones you open and who you let in.
With Dell OEM Identity Module, you can also configure it so that if, for whatever reason, someone decides to reset the BIOS on your device using the jumper plug, it will reset to your factory settings, not Dell’s. Our OEM Identity Module payload is signed, meaning you can trust that there won’t be malicious code injections in your customizations.
Security should never be a barrier to innovation
This all sounds great from a security perspective, but doesn’t adding layers of security also add complexity, effort, and cost to developing an appliance? The answer is an empathic no. My mantra is that while security is all-important, it should never be a barrier to invention.
Time-saving and secure
Using Dell OEM Identity Module actually saves customers time, because it offers a canned interface to apply settings. With other vendors, you’d typically need to write a custom BIOS. This means that whenever the BIOS gets updated, your custom code would need to be posted to the new version.
The nice thing about our approach is that the Dell OEM Identity Module sits outside the BIOS and goes on working as firmware updates are applied, meaning quicker time to market, more availability once deployed, and more secure end customers. Music to your ears, right?
All these features come courtesy of our dedicated security teams who are an integral part of the product development process. The bottom line is that security can no longer be thought of as an add-on, but rather as integral to the development and design process.
We take your security very seriously. I’d love to hear your comments and answer your questions. Please join our LinkedIn OEM Showcase page to connect, and be sure to join us at Dell World, May 8-11 2017 in Las Vegas.
