Dell + EMC = Less Security?

Dell has announced it will spin off its SecureWorks product portfolio. SecureWorks is very late to the cloud and virtualization security market, and it may never get there. EMC RSA ignored the cloud and virtualization security market and now is struggling to find a footing in the larger IoT market. VCE has no security reference architecture other than a growing list of products. When everyone is hailing Dell plus EMC as one of the largest mergers (which it is), how is security going to play as a part of the combined portfolio?

The security market is growing by leaps and bounds in response to all the breaches. Yet the only companies in the EMC Federation talking about security is VMware and Virtustream. Dell, on the other hand, is making an IPO of its SecureWorks as a separate entity. Does that means Dell thinks security is important, or that this is a chance to recoup some of its debt and perhaps have a place to put some of its debt?

Why do I ask these questions? Because security can never be a bolt-on, it cannot be a product list: it needs to be integrated into everything Dell plus EMC does. If Dell and EMC consolidate around an IoT play, security is the major headache in this arena. How is this being addressed? If they consolidate around just big data instead, privacy and security are major headaches. Once more, how will this be addressed? If they consolidate around the cloud story, again, security, privacy, and data sovereignty are major headaches—once more, what is their story?

EMC does not have much of a story except to say that it is covered by RSA, which is an identity company. While identity is crucial to security, it is only a part of security and in some organizations it is a small part. EMC bought CloudLink (formerly AFORE) to add encryption to its portfolio, but encryption is also not the only answer. Cloud, IoT, and big data need to place security at the intersection of the user, application, and data. For that to happen, we need building blocks that can be formed into some reference architecture. The closest reference architecture from EMC is really a VCE document that lists a bunch of products and no real architecture.

So how is Dell playing in this arena? It really does not. SecureWorks and SonicWALL provide next-generation firewalls that sit on the edge of an environment. They do not sit within or close to the data. With IoT, cloud, and big data, your security must be as close to the data as possible. The edge no longer cuts it. This is one reason why VMware‘s microsegmentation, Fortinet‘s segmentation firewall, and CloudPassage‘s and Illumio‘s stories are so compelling. They are not looking at the edge but rather at the interaction between data and application.

With an ever-increasing number of stories about breaches, large fines, and even larger lawsuits, it is time for security to become the mainstay of every organization that sells to IT—but where it matters, not on some edge somewhere. So, my questions for EMC and Dell are governed by these thoughts:

  • Where is security going to be placed within the combined organization? Will it be a top-line player, or will it be given the subsidiary bolt-on approach that we have seen so far except from VMware?
  • How is Dell with EMC going to transition security and privacy into the enterprise in a compelling way that makes it the first thing organizations think about, not the last?
  • How is Dell plus EMC going to educate its employees to talk about security, instead of saying “blah blah blah security” or ignoring security completely?
  • How is Dell with EMC going to educate the market (including consumers) that security needs to be taken seriously and is part of the bottom line?
  • Given that the security parts of Dell plus EMC have missed the market, how is the security portfolio going to change to become a first-class citizen of the combined organization?
  • Can Virtustream’s focus on security make up the difference?

And that is the crux of the matter. How is security going to become a first-class citizen within any organization? The bottom line is impacted heavily by breaches, yet I see more draconian measures being implemented than truly innovative measures.

Is this trend going to change with Dell plus EMC? While Dell and EMC talk about taking security seriously, they have products that do not fit the modern hybrid cloud and only cover one small part of the environment. Where is the full software-defined data center/hybrid cloud security story within either company? Where will we hear of it in the new, larger Dell?

One solution is to pull Virtustream’s security focus completely to the top of the food chain, making it a first-class citizen with all other product lines, but also giving it the ability to drive security into each product line to meet the needs of its users and those of the greater set of Dell customers.

Posted in SDDC & Hybrid Cloud, SecurityTagged , , , , , ,