Zero Trust: Why trusting nothing is a pillar of Dell’s new ESG goals

Trust, but verify. That’s a popular Russian proverb President Ronald Reagan introduced to the Western world during the latter years of the Cold War, and one he used with aplomb when signing arms treaties with the U.S.’s rival nuclear power.

The wry aphorism also summarizes the basis for the Zero Trust architecture Dell is developing as part of its ESG goals, which mandates that no tech component in a computer system should be assumed safe: only verified sources can be trusted.

“Zero trust is a long standing principle in the security profession that essentially says technology systems should be designed where only components that are known and trusted are allowed to operate within it and, by default, everything else is not going to be permitted,” explains Dell chief security officer John Scimone.

The premise is simple enough but is, Scimone notes, rarely implemented. Most tech systems presume nodes operating within a set sphere—say, a corporation’s cloud intranet—to be secure, although they often aren’t. That oversight is usually due to, well, a lack of oversight. As companies scale and digitize, they acquire troves of tech, and many larger firms will be unaware of exactly what components are incorporated in their architecture. 

By 2024, Dell expects to offer its U.S. customers the first Zero Trust architecture accredited by the Department of Defense, which Scimone says will combine “hardware and software not just from Dell, but from our many partners,” and users “can be assured to actually deliver Zero Trust outcomes.” The project is a cornerstone of Dell’s ambition to become its client’s “most trusted” technology partner by 2030—a target the company has determined as part of its ESG goals.

Privacy and ethics were already a component of Dell’s ESG ambitions, nestling under the Governance side of that equation. But, Scimone says, after the company decided to include security in that framework too, Dell reimagined the metric as “Trust.”

“We thought it’s important to encompass security so that we ensure we’re engineering security into our products, services, and supply chain as a whole, increasing the trustworthiness of products amongst our customer base,” Scimone says, differentiating between providing “secure technology” and “security technology.” Dell wants to be very much in the business of the former.

To that end, another of Dell’s core trust goals is to make it so all Dell products produced after 2030 offer users a password-less means of verification, such as incorporating a biometric identifier into the hardware. That might provide an extra level of security, but as password-less methods will also require Dell to handle more sensitive user information, the switch can only be achieved if Dell secures its customer’s trust.

“That’s why we think having choice is important and is core to our privacy programs as a whole [as well as] transparency in everything we’re doing,” Scimone says. “Just being transparent is a core component of making sure we’re operating in a trustworthy manner as we all forge forward into this brave new world.”

Eamon Barrett