'Security must be baked in': Dell's John Scimone on cybersecurity and product strategy

At Dell Technologies World in Las Vegas, John Scimone, President and Chief Security Officer of Dell Technologies, unveiled the company's forward-looking cybersecurity strategy tailored for the artificial intelligence era. In a candid discussion with Business Today, Scimone explained the three critical 'security imperatives for AI': the responsible use of AI, protection against AI-enabled threats, and leveraging AI to bolster security operations. "Dell is fully committed to harnessing AI to transform our operations. However, with that transformation comes inherent risks that must be managed," Scimone stated. He pointed out that organizations now face a dual challenge: safeguarding their own AI systems while also preparing defenses against adversarial AI that malicious actors may deploy. Among these imperatives, Scimone expressed particular enthusiasm for utilizing AI to enhance security capabilities. "Our focus as a security organization is on how we can leverage AI to improve our efficiency. This aspect is indeed the most thrilling of the three," he remarked. He believes AI could shift the long-standing disadvantage faced by cybersecurity defenders, stating, "Historically, we’ve been losing the battle against cyber threats. This presents a chance to change that narrative." Scimone highlighted AI's potential to introduce necessary unpredictability into the cybersecurity landscape, disrupting conventional patterns and empowering defenders. Addressing workforce shortages and the complexities of modern technology, Scimone outlined two significant issues that AI can help mitigate: a critical lack of skilled cybersecurity professionals and the increasing intricacy of tech environments. "The labor market is imbalanced, with millions of positions unfilled due to a shortage of qualified candidates," he explained. AI's role in enhancing human productivity could be vital in bridging this gap. Furthermore, its ability to streamline and manage complex systems could be crucial in securing expansive and dynamic infrastructures. When questioned about whether simpler environments could become more susceptible to attacks, Scimone firmly disagreed. "Simplicity does not equate to insecurity. The more standardized and predictable our environments are, the easier they are to secure," he asserted. On the subject of data integrity and the ethical use of AI, Scimone emphasized the critical nature of data quality. "If we input poor data, we can only expect poor outcomes," he cautioned, underscoring the importance of maintaining curated internal datasets. He also touched upon the concept of sovereign AI, pointing out the growing desire among nations to retain control over their AI infrastructures and data flows. While viewing AI as a strategic asset, Scimone remarked that this perspective often clashes with the inherent tendency of data to remain fluid. "Data wants to be free," he asserted, advocating for thoughtful data management policies. As for consumer technology, Scimone noted a marked increase in customer awareness regarding cyber risks, with a growing expectation for security features to be an integral part of products. "Our primary strategy is to embed security and resilience into every product we offer," he explained. Innovations such as Dell's 'cyber vault' for air-gapped ransomware protection and 'self-healing' tools for quick recovery post-attack were highlighted as examples of this commitment, driven by Dell's keen attentiveness to customer feedback. Scimone also discussed the governance of generative AI, a rapidly developing area with significant implications for privacy and intellectual property. Dell has established an AI governance board to ensure responsible internal AI integration. "We encourage organizations to avoid a blanket ‘no first’ approach. Those willing to engage with AI responsibly will find themselves ahead of the competition," he advised. Regarding data residency, especially pertinent to regions like India, Scimone acknowledged rising concerns over the international flow of data. "There’s a notable shift towards on-premise solutions for sensitive applications," he said, highlighting Dell’s longstanding reputation for secure supply chain practices. Lastly, he addressed the risks associated with deepfakes, describing it as a "brave new world" where distinguishing reality from forgery is becoming increasingly challenging. "We must educate our workforce, our children, about what constitutes reality," he warned, advocating for stronger business process controls and broader educational initiatives, even as detection technologies continue to advance.