 We're back with Jerome West, Product Management Security Lead for HCI at Dell Technologies, Hyper-Converged Infrastructure. Jerome, welcome. Thank you, Dave. Hey, Jerome, in this series, a blueprint for trusted infrastructure. We've been digging into the different parts of the infrastructure stack, including storage, servers, and networking. And now we want to cover hyper-converged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? So what's unique about hyper-converged infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or a storage system or a virtualization of use of software. I mean, HCI is all of those things. So luckily, we have excellent partners, like VMware, Microsoft, and internal partners, like the Dell PowerEdge team, the Dell Storage team, the Dell Networking team, and on and on. These partnerships and these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code, that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated, hard to defeat problem, we need short-term solutions and we need long-term solutions as well. So for the short-term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio, we build our software on VMware. So we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VxRail's engineering team has co-engineered a release process with VMware that significantly shortens our development life cycle so that VMware will produce a patch and within 14 days, we will integrate our own code with the VMware release. We will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VxRail had over 40 releases of software updates last year. For a longer-term solution, we're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co-engineer with effective collaborations with our partners. Great, thank you for that description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, it to me, my takeaway was you got to have a short-term instant patch solution and then you got to do an integration in a very short time, two weeks, to then have that integration done and then longer-term, you have to have a software bill of materials so that you can ensure the provenance of all the components. Help us, is that a right way to think about cybersecurity resilience? Do you have additives to that definition? I do. I really think that cybersecurity and resilience for HCI, because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing. It's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me give you an example. So HCI, it's basically taking a software abstraction of hardware functionality and implementing it into something called a virtualized layer. It's basically the virtual, virtualizing hardware functionality like say a storage controller. You could implement it in hardware, but for HCI, for example, in our VxRail portfolio, we, our VxRail product, we integrated into a product called vSAN, which is provided by our partner VMware. So that portfolio strength is still through our partnerships. So what we do, we integrate these security functionality and features into our product. So our partnership grows to our ecosystem through products like VMware products like NSX, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware. And we also leverage VMware software partnerships on top of that. So for example, VxRail supports multi-factor authentication through vSphere's integration with something called Active Directory Federation Services or ADFS. So there's a lot of providers that support ADFS, including Microsoft Azure. So now we can support a wide array of identity providers such as Auth0 or like I mentioned, Azure or Active Directory through that partnership. So we can leverage all of our partners, partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through PowerEdge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. Great, I mean, that's super helpful. You've mentioned NSX, Horizon, Carbon Black, all the VMware component, Auth0, which the developers are going to love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm going to ask it anyway because you've got this software-defined environment and you're managing servers and networking and storage with this software-led approach. How do you ensure that the entire system is secure end-to-end? That's a really great question. So the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, the X-Rail is the market's only co-engineered solution with VMware. Other vendors sell VMware as a hyper-converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development lifecycle, which other products might talk about in their discussions with you, that we integrate into our engineering lifecycle. So because we follow the same framework, all of the code should interoperate from a security standpoint. And so when we do our final validation testing, when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. That's great. Let's close, pitch me. What would you say is the strong suit? Summarize the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio, specifically from a security perspective, Jerome. So I talked about how hyper-converged infrastructure simplifies security management. Because basically you're gonna take all of these features that are abstracted in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be say, for VxRail it would be vCenter, for example. So by abstracting all of this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the key to making it to HCI. Now what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co-engineered. It's not bolted on. So I gave the example of S-bomb. I gave the example of how we modify our software release process with VMware to make it very responsive. A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell, that's not done through a partnership. So we digitally sign our software updates so the user can be sure that the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage. It all comes in a package. So it can be all managed through vCenter, for example. And then the specific hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few panes of glass that the administrator or user ever has to worry about. It's all self-contained and manageable. That makes a lot of sense. So you got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason you're on this is so important is because SecOps teams, they got to deal with cloud security, they got to deal with multiple clouds. Now they have their shared responsibility model going across multiple, they got all this other stuff that they have to worry. They got to secure the containers and the runtime and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, the security is going to get worse. So my takeaway is you're removing that infrastructure piece and saying, okay guys, you now can focus on those other things that is not necessarily Dell's domain, but you can work with other partners and your own teams to really nail that. Is that a fair summary? I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define and develop a new security feature, the thing I keep foremost in mind is will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with? And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and other highly regulated environments and we're very successful there. Excellent, okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always advance in the tech industry and so we would appreciate that. I would look forward to it. Thank you very much, Dave. You're really welcome. In a moment, I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I want to thank our guests for their contributions and helping us understand how investments by a company like Dell can both reduce the need for DevSecOps teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality, provenance and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on-prem, or at the edge, you are responsible for your own security. But vendor R&D and vendor process must play an important role in easing the burden faced by security, devs, and operation teams. And on behalf of theCUBE, production, content, and social teams, as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember, at part one of this series, as well as all the videos associated with this program, and of course, today's program are available on demand at thecube.net with additional coverage at siliconangle.com. And you can go to dell.com slash security solutions, dell.com slash security solutions to learn more about Dell's approach to securing infrastructure. There's tons of additional resources that can help you on your journey. This is Dave Vellante for theCUBE, your leader in enterprise and emerging tech coverage. We'll see you next time.