The PowerMax is built to prevent unauthorized access to system resources. Each model incorporates security features and access controls to protect company an organization’s data. These features include:
- The hardware root of Trust (HWRoT) represents the foundation on which all secure operations of PowerMax depend. HWRoT contains the keys used for cryptographic functions and enables a secure boot process, preventing system boot if firmware is tampered with. It uses cryptographic keys stored in One Time Programmable fused memory provisioned withing Dell manufacturing.
- The fused keys are used for authenticating the digital signature for the Dell signed firmware. It authenticates the signature of the firmware during update and boot protecting against unauthorized firmware. HWRoT functionality is deployed on the nodes, DME enclosures, and Control Station.
- Secure Boot prevents loading tampered firmware along the boot process, it establishes and extends a firmware trust chain expanding beyond the HWRoT boundary. It uses cryptographic authentication for subsequent Firmware loads/boot loaders based on Dell signatures. It also includes UEFI Secure. Secure Boot functionality is deployed on the nodes and DME enclosures.
- Secure access controls and tamper proof audit logs protect data from unauthorized access through secure logs of all events on PowerMax.
- Hardware-based Data Encryption through FIPS 140-2 level 2 certified self-encrypting drives (SEDs) ensures protection when a drive is removed from the system. The lifecycle of Encryption Key is entirely within the drive with no access from the outside.
- Secure firmware updates require a digital signature before updates can be applied and prevents loading unauthorized firmware that could compromise the system. Dell digitally signs all firmware packages and scans them using cryptographic keys. This functionality is within Nodes, DMEs, and Control Stations.
- Multi-Factor Authentication for Admin Access (MFA) provides two-factor authentication to management access using RSA SecureID. It provides time-sensitive token combined with user password to verify identity during the authentication process.
Granular protection at scale and accelerated recovery from Cyberattacks with support for 65 million secure snapshots with a minimum 10 mins interval.