Dell Software is my longest time sponsor and has made
possible many hours of my real training for free ™ webinars. We
don’t usually give them much time to talk about their products on my webinars
and they are really nice about that. So I thought I’d set down for a few
minutes at the UltimateWindowsSecurity.com booth here at RSA 2015 with Todd
Peterson. You never hear from Todd on the webinars but he is one of the
main folks behind making them possible and he has a good perspective on Dell
Software’s sizable portfolio of security products. Our conversation
centered around the Dell Software security portfolio as a whole and what makes
it compelling compared to point solutions.
(Transcript below video)
Randy: Alright, so back at the Ultimate Windows
Security Booth at RSA. This time I’ve
got Todd Peterson from Dell. And folks,
you’ve probably have, I don’t know if you’ve heard Todd before, but you’ve
heard a lot of other Dell people because Dell and before that Quest have been
pretty much our best and biggest sponsor of real
training for free™, so thanks a lot for that through the years Todd. But, here’s what I want to talk to you about
and I’m picking this topic for you because how many security products does Dell
Todd: I mean, Dell kind of has the strategy of
baking security into everything they do, so you know, if you want to be really
technical, every laptop, every tablet, every server, every router, every switch
has security baked into it. If you want
to be a little more literal on the classic security products, firewalls, data
encryption, it’s probably 40 or 50 separate offerings across the whole
line. Most of them under the Dell
software group umbrella.
Randy: So, if we want to buy “a security”, we can go
Todd: Yeah, yeah I’m happy to sell you an app for
Okay, but the thing of it is, is then and you’re the perfect person to
expound on this, is do we go after security piecemeal, like here’s my risk, I
want to solve this problem or do we build a security stack and think
strategically, how are we going to make all these pieces fit together and then
the risk is time to value and functionality but we never get anything out the
Todd: I think in a perfect world, you do the
latter. You plan it out, you build
security from the ground up, everything fits together and works great, but we
know that that never actually happens.
So you end up with a piecemeal approach with whatever the fire of the
day is or you know BYOB all of a sudden comes up and you didn’t even think
about that, you know 12 years ago when buying a server was your big deal and so
piecemeal is the way it has to go, but if you approach piecemeal with the right
strategy, there is going to be something next and you may not even know what it
is. So just make sure that you’re future
looking with everything you do. I think
piecemeal can work and kind of give you that plan from the ground up, you know,
result without actually having done it.
Randy: Yeah, because what I fear is management
coming and they’ve read about a breach and they’ve read what Gardner or whoever
is saying at the time, we need to get control of mobile devices. We don’t have a mobile device management. Go get MDM and so you go and you buy a MDM
point solution, you get that in place.
Iterate that a few more times and what you’ve ended up with is a whole
bunch of solutions, maybe a lot of them really cool, but they were from start
ups, a lot of them. They’ve gotten
bought by someone else over the years, who knows what has happened and do they
all talk to each other. Because that’s
the other thing, Todd, is getting your security products to talk to each other
is opening up a whole new world of synergy, so given that you’re a company with
40-50 different security products, you probably have feelings on these issues.
Todd: Yeah, I mean obviously you want them to talk
to each other, but, you know the reality is people are often, you know you have
pressure, you have to solve the problem today, so you’re going to go out and
you know, whoever you’re hearing the most about to solve that problem is at the
top of the list. Maybe you’ll implement
them, maybe you won’t, but you know, then down in the future, the next thing
comes up and that solution’s great, but the next thing can’t be solved by that
solution, so you do it again. So, what
you end up with is you’re defining security and the controls that provide
security, so, an identity of a person, a person’s authorizations, the way you
authenticate, what it means to be somebody, you’ve defined that in each and
everyone of those silos, and you’ll probably define it differently. So then standards emerge, that if you’re able
to wait for the standard to take over, that makes it a little easier. You know, only use SAML authentication, that
solves a lot of the problems. Use other
standards is the baseline. That’s good,
but a lot of times the problem can’t be solved at that time. So you just need to look for things that are
on the cutting edge of standards, but also for a strategy of not reinventing
the wheel every time a security issue comes up.
You don’t want 12 Randy’s across 12 different security silos. You want 1 Randy that’s applied 12 times to
across 12 silos, if that makes sense.
Randy: Well, that’s ironic since Dell is, would you
say your core security product is your one identity solution?
Todd: I would definitely say that.
Well let’s come back to that and talk about what is the core of a
company’s security stack, but I think what you’re getting at is that to build a
house, you have to put the foundation in first, you cannot say, you know, the
biggest thing I need right now is a roof, and then I’ll come back and do the
foundation. There’s a sequence that you
have to build things in. Alright, with
an IT environment, that’s not really the case.
You do have the option to say these are my biggest pain points. I don’t have a roof over my head, I know I
don’t have a great foundation for identity or whatever, but I need to get that
roof over my head in terms of two factor authentication or mock change auditing,
whatever. I could go put that roof in
and I can say I also need this door over here with a lock on it, but so that’s
piecemeal, but what you’re saying is that what we want to do is be looking
towards the future and saying at the end of the day we want a house that’s all
connected to each other and doesn’t look like we bought a trailer and then
added on a family room.
Todd: Or worse case, you end up with 12 trailers.
Randy: Well that’s ulgy.
Todd: So yeah, I mean totally. And what I would say to that foundation is as
you’re putting the roof on, let’s say you’re just doing your roof, you know,
you do have the opportunity at that time to form up the foundation and set it
up so that when you put in the walls, when you put in this door, when you add
on to the house, that those things can happen easier without re-pouring a new
foundation. So, you know, getting that
foundation solid and then right along with that first big fire that you’re
putting out, is probably the best approach and I would say that foundation is
what I mentioned earlier…identity, role, authorizations, authentication, you
know, getting those things set because if people can’t get to the stuff they
need to do their job, there’s no point, that’s why it’s there. Security is often viewed as a barrier to
people doing their jobs because it’s another person saying no instead of another
person saying yes. But, if that foundation
is right, there’s going to be opportunities to say yes, go way up and the
opportunities for the temptation to say no unnecessarily has just
Randy: Yeah, well that’s, I always go back to we’re
in business to do business, not to be secure.
Secure doesn’t make money. So I
think what I’m hearing is you’re thinking about what we’re hearing from a lot
of folks is the whole whether you want to call it dynamic or adaptive security,
right, being able to dynamically say I need more assurance that this really is
Todd: Yeah and if you think about the way security
is normally implemented as a silo approach, you know, you’re on-prem you’re
using a company controlled device. There
is a set of rules, you follow those rules and you’re allowed to get to
something. So you go off-prem they’ve
established another set of rules for that and you follow those rules, you’re
allowed, you’re using their mobile device, a different set of rules, data
encryption is involved, different set of rules.
You’re coming from an IP that’s unknown to the organization of a
different set of rules. So, each of
those can return a yes or no decision.
If any one of those 5 things, returns a no, the answer is no, even
though I may legitimately be doing things that’s going to be absolutely secure,
but one says no. But, what if you take
into account the context of the who, what, when, where, why, how and past
history to make a dynamic decision in real time that says hey I know who you
are, I know where you are, I don’t know you’re device, but I know that you’re
history means that you’ve come in from a device like this one and so I’m going
to allow you in. So you can kind of take
into account the varying strengths of the yes and no decisions to return an
accurate decision that changes in real time depending on the situation. You know, that’s I think the nirvana of
Randy: So, going back to the building at your
security stack and piecemeal and looking toward the future and so on, you know,
what do we get if we make a commitment to Dell in terms of… you know, I have to
have a lot of worry. My supply
management people have worry every time I bring in another vendor or another
partner on board. All right, how healthy
are they, are they going to be in business, what’s their limits of support and
so on. So I mean, what’s codified in
terms of if we come to Dell and saying if possible we’re going to try to get
our different pieces of security from Dell?
Todd: Well, obviously we would like that, but the
advantage is Dell is a very mature, very stable company that’s not going
anywhere and has a long legacy of very happy customers including customer
service excellent support and each of the acquisitions that they’ve made have
been of companies with an equal to a lesser degree, but an equal reputation, so
they acquired Quest, which is where I came from. You know, Quest has some of the industry
leading customer satisfaction numbers on a software site. The security software, being Identity Access
Management stuff, is the leading satisfaction among the questions. So all of
these things come into play that you know, you’re going to eventually have to
buy a firewall if you don’t already have one or you may have to upgrade your
firewall. You’re going to have to buy
something for identity and access management, something for privilege
management, something for authentication.
You’ll probably eventually need a data encryption type of solution. You’re going to need security baked into your
servers and your laptops and your tablets and your desktop computers. If that ultimately is in the same place and
you know it’s not going anywhere, then you already trust and you know you can
continue to trust, that really alleviates a lot of the danger, a lot of the
risk and a lot of the worry of am I really going to be secure next year with
the decision I make today? With Dell, we
feel and I think that history proves that yeah you’re set for years and years
and years and years, at least from a peace of mind state.
Randy: Well, it is, I’m always amazed. I can never keep track of all the different
security solutions that you have and you’re starting to make them talk to each
other more too.
Todd: Yeah, absolutely.
Randy: I think that’s important and that’s something
maybe that I had wished for more in former days and I’m seeing more now, so…
Todd: Yeah, for example a lot of our
authentications solutions, our multifactor authentication our federations’
solution are beginning to be reused by other Dell technologies. So the Quest KACE MDM solution uses our single
sign on federation. The Dell SonicWall
firewalls use our multifactor authentication.
You know, all they’re offerings, the Dell offering for medical
organizations uses our signal sign on solutions. So you know there’s a lot of places where
this 1+1=3 can come to pass because it’s, you know, all offered by the same
Randy: And that’s what I would want and expect if
I’m going to make a commitment and say all right, I’m not just going to
automatically go out there and get the cheapest, newest and best of breed solution
for each piece of the puzzle. I want
that synergistic benefit of going with a vendor. If I’m going to go with one vendor, then I’m
hoping for that synergy along with products.
The more of their products I use, the more of that 1+1=3.
Todd: Yeah, and the
treads continue, you know where I mentioned earlier that adaptive context way
of security. Right now that involves few
of our identity and access management solutions and our firewalls and the
SecureWorks Counter Threat platform. In
the future that can expand to where the firewall is actually enforcing, not
just helping make a decision, where an encryption solution from Dell is
enforcing in addition to helping to make a decision and it can go anywhere and
then when we build an API into it, then it can actually go beyond Dell and you
can build your own contributive piece to that context where it thinks. So you know we are excited about that, but
you know it all comes down to it’s one big stable strong company that can
provide it to you.
Randy: That’s cool. Folks normally you’re used to seeing me or at
least listening to me more, but this is an opportunity I get to talk to the
people like Todd that make all the real
training for free™ webinars possible and I said let’s just talk about their
products a little bit. So thank you,
thanks for all the great webinars that you’ve sponsored over the years. We get lots of people that come up and say I
go to every single one of your webinars and when we need answers especially on
windows security log, they come here, but you guys are the ones that make that
possible, so thanks.
Todd: Thanks for allowing us to do
it. We find a lot of value in it as
Randy: Well, take
Todd: Thanks Randy.