 Okay, we're back at the summit navigating the road to cyber resiliency made possible by Dell Technologies Brent Ellis and Elizabeth Preston are here Brent is a senior analyst at Forrester and Elizabeth is a senior consultant at Forrester We're gonna have a chat with Brent on trends in cyber security And then Elizabeth is gonna come back and we're gonna dig into a recent TEI study TEI is total economic impact Forrester did one on Dell's power protect a cyber recovery solution folks. Welcome. Thanks for coming on the program Okay, let's start things off with Brent as you and our audience know in recent years We've seen a significant evolution in cyber threats, especially with ransomware We want to understand how that threat landscape is evolving over the next five years Everybody talks about how it's changing, you know kind of yesterday Brent Let's talk about what emerging trends people should be paying attention to that maybe they're not as aware of yeah I mean, I think the the gen AI moment is obviously everyone's afraid that people are gonna Use gen AI to automate existing attacks, right? And so people are trying to figure out how to deal with that automation of existing attacks is a big problem And it's actually one of the reasons why a lot of like data protection companies are really focusing on Cyber threat right now, you know when you when you look at you know the market that I cover Which is specifically that backup and data protection environment That has been getting closer and closer to data security and cyber security for a number of reasons I mean like cloud specifically just opens you up to a greater threat landscape So there's a lot more ways to get in but ultimately There were always ways to get in and as you start to apply things like zero trust mindset to your data You realize that there are always, you know attacks from the inside as well So there's the idea of a perimeter that you could defend when away at some point and and you're in this world where You have to defend your data at the level of data So how do you see the investment trends shifting Brent? You've kind of got as you said I got a recover So I got to spend money on that and then I got to stop the breach. Yep So how do you see those investment trends? Shifting and where does data protection fit? Yeah, I mean, so there is a lot of focus right now on tools for prevention So you have idea six DR systems EDR systems to kind of detect intrusion before it causes a problem But you know, one of the things that's really important about the NIST framework is the realization that Defenses fail, you know, like your your defenders have to defend your entire landscape and attackers just has to get one through one hole In order to compromise your environment and so ultimately you need a recovery strategy You need a way to put everything back in place once you've been compromised But not just put it back in place We're not talking about like your old school backup system where you just pull stuff from tape and put it back in there because you have things like where a malicious attackers just been sitting in the environment for months and You can't go and restore that There's been plenty of examples where companies have gone and restored information from backup and they basically restore the threat to their production environment And they're just attacked again So that's That brings cybersecurity to your data protection environment And there's two responsibilities that those vendors have to take into account One is actually checking the backup both as it goes into the archive and as it comes back for recovery For threat, you know indicators indicators of compromise But also the actual backup system itself you have to make sure you're using things like MFA and you're using encryption and You're looking at the ability to compromise the actual backup system because there's also been examples of people basically owning your backup system And then they can turn off your backup jobs then they initiate an attack Kind of changes the notion of RPO doesn't it so as opposed to RPO being time-based It's now When can you actually verify that the last backup you took that you're gonna recover from is actually legitimate, right? So so it it it really is a much more complicated situation, isn't it? it's a much more complicated situation and it means that Enterprise-class backup vendors are bringing more and more sophisticated products to market, you know They're bringing tools that help you identify Through multiple different backups what a clean restore set looks like because you might have situations where like one file was compromised in one backup but not another and You know, these tools will stitch together basically a clean restore environment for you A lot of times you you get things like resiliency scores or security scores They'll look at data coming in to your archive and they can tell you what was encrypted. What was not encrypted? They can tell you information about your PII data. What was at risk? What wasn't at risk and kind of give you an a-b plus sort of scoring for for your environment So you can kind of incrementally improve your your production environment as well as your backup I want to I want a 4.0 every time on that right live with a with an 85. Let's talk about let's come back to AI I almost think there's like, you know pre-chat GPT AI and post and everybody just wants to talk about gen AI and for good reason Right, but ML has been used in these environments in these scenarios for quite some time How do you see especially related to that last conversation? How do you see AI ML? You know broadly, but then specifically gen AI participating in this whole sphere Yeah, I mean so the AI ML world has been a huge boon for actually improving the capabilities of backup systems to find You know quote-unquote indicators of compromise. So essentially finding a malware signature finding a ransomware signature Looking at behavior analysis, you know some of the tools out there will analyze You know permissions changes on volumes, you know one particular account suddenly went from being like a standard user to an admin For for a particular storage volume that that sort of is flagged You have more integration with you know security event management tools like sims and sores that raise those Those flags up so that the proper people can kind of look at the production environment While at the same time you have your backup people kind of ready to recover when you need to So AI ML generally has just kind of made this Task possible because otherwise it was just a gargantuan task that you probably would not have any success on I think what gen AI Does in this environment and this is still like a fast evolving place, right? I mean I saw like my first example of Gen AI integrated to a backup system, you know earlier this year and at that point I'm like What what what is that? But that that is rapidly maturing as you start to think about being able to ask very common questions like our own my system is backed up and and Being able to do that at the board level exposing that information to people that are not responsible for the backups that don't know How to use that tooling but need information about it because this is no longer just like an I know like technician Conversation this is a board level conversation They need to be able to show that they're mitigating their risk of the data that they're stewards of in the environment So kind of if I can call it that traditional ML deep learning, maybe it's under the covers There's a new interface of a natural language interface is which of my backups failed because backup still fail And then you can surface that what about it leads me to Compliance, which is kind of an I mean you think about the you know the shared responsibility model in cloud Is there an analog in? compliance around data protection and backup and recovery What's the vendors responsibility and what's the customers responsibility? How can organizations sort of figure out the compliance mosaic? So this is actually something that I think Has best been illustrated with things like ransomware guarantees Not every vendor has one, but the thing is it basically puts a certain amount of responsibility on the vendor for saying like we will be able to recover your environment but it also means that the vendor can place restrictions on the client for Actually implementing a secure environment It means that you also have this sort of motion where vendors tend to implement like customer success type function to validate That deployment of their systems actually meets their requirements in order to do the guarantee So I think actually that's the most useful aspect of things like ransomware guarantees It kind of has this shared responsibility on the part of the vendor and the client to make sure that that guarantee is valid It means that people implement better systems You don't have people implementing a backup system and then just throwing all their data on an unencrypted NFS share so Because then the vendors like dude you put on a unencrypted NFS share. We're not gonna pay that But it also understandable, you know, you also have like the requirement around things like you know ransomware insurance or cyber threat insurance those Guarantors also want to be able to know that the environment that they're gonna be potentially paying a claim on was you know at least in a standard level of security and Kind of due diligence. So speaking of ransomware I'm interested in sort of your research and any perspectives you have on best practice around ransomware Obviously we talk about air gaps, but I go back to like I remember, you know, go back to Stuxnet Yeah, and the Natants uranium enrichment facility was air gapped, right, but they got through. Oh, yeah, okay They put a stick in there and there you go So there's there's more than just air gaps. What's best practice around ransomware recovery? I mean, so we have at this point sort of long in the tooth But there's a piece of research that one of my colleagues Naveen Shabba wrote a few years ago called called for Technologies to help defend against ransomware and he talked about multi-factor authentication Talked about, you know, there's a there's a limited role for prayer gaps in in that world as well You also need to have, you know mutable storage and Right once read many storage so that you don't have this situation where the actual backup gets changed over time You want to make sure that it's multi-factor so that if one person's account is Compromised at least you go to a two-factor authentication system possible a multi-person authentication system for doing things like deleting backup jobs or Compromising the backup system generally I say that there's a limited role for air gap for just the example that you mentioned like There's always ways to get around an air gap Not to mention that the backup system itself gets around an air gap. Otherwise, how would it put the data into the vault? So there's there's a time. Yeah, right, right There's the connected time and it doesn't necessarily mean that an attacker has to wait for that time and then like use that to get in It could just be that they're embedding Trojan horse that's gonna activate when the back of his wrist playing and wait, right, right? so one of our guests at this summit is Mark Sorenson and He wrote I don't know if you can see this book behind me a restaurant in Jaffa Yeah, and it basically about you know critical infrastructure and how fragile it is so this becomes increasingly important I Want to talk about and and for our audience we've been talking should a year now about the adjacency and longer between a Data protection and cyber security is it a is it a fundamental component of a cyber security tragedy and for years back up in recovery It was somewhat isolated from each other at least that's My feeling and you may or may not agree with this But there have been kind of two distinct groups within an organization one that you know Manages the backups and one that manages the overall cyber security processes, right? Is that changing and if so, how? well, so You know my basic view is that adopting a zero-trust philosophy where you're protecting data at the level of data Fundamentally makes things like data protection part of your cyber security policy like suddenly you have to protect the data in that vaults as Well as your data in production You and when you look at like the NIST framework like recovery is an integral part of that framework Because you have to deal with the situations where your defenses fail So I think it's clearly coming together now what you're talking about is two separate camps That still exists in most businesses and it's typically like Backups and data protection live in infrastructure and operations and Cyber security defense lives in the security world the security world deals with defenses and forensics Not necessarily recovery I know deals with kind of getting production back up and running sometimes that means that they kind of butt heads, right? So so I've run into this a lot. I talked to a lot of people that straddle this line between I know and security and You know one of the things that I talk about a lot is when you are implementing a backup system You need something that crosses that line But respects both groups, right? That I know group they want production to be running They want a stable reliable environment and so their goal is around RPO and RTO The security group is looking at indicators of compromise Blast radius. How did they get in? How do I keep people from getting in in the future? You know, what is my exposure and those are two different workflows So you have to figure out how to balance between those workflows, especially if your environment has been compromised So you need to have things like the ability to recover to a different environment So that the primary environment can be investigated on you have to have ways to kind of preserve That like corrupted environment because it's essentially a crime scene If you have the FBI coming in they want to be able to see it and you have to be able to produce it At the same time you still need to be in business So you you have to figure out how to balance all those concerns some, you know products really lend themselves to enabling both workflows But ultimately it's also a culture challenge Brent fantastic analysis as always. Thanks so much for coming on Thank you. Now we're gonna bring in Elizabeth Preston to dive into the TEI study Elizabeth. Welcome back So first question. What is a TEI study? TEI study. It's a total economic impact case study It's looks at business value for different technology investments So we look at the benefits both quantified and unquantified those more intangible things The costs to receive those benefits so both the financial as well as the time and effort invested The flexibilities that a technology might provide so some of those future forward-looking benefits that maybe aren't happening today And it's all filtered through a risk lens So the variation that companies might experience and what drives that variation, okay? So this is the total economic impact of Dell power protect cyber recovery I've got a copy of it. I'm you know there's plenty of places to get it We'll talk about that and this is a study commissioned by Dell correct. Yes, okay. Just wanted to you know make that clear We've got graphics here and I and I want to bring up the first one in the study Was there commonality across organizations in terms of the challenges that they faced that were specific to data protection? Can you talk to that? Yes So when we interviewed customers the types of challenges they shared with us were that well They may have had backup and recovery solutions in place. They were disjointed. They weren't covering everything and there was a lot of Effort and money involved in maintaining them. So those high overhead costs If they did experience a ransomware attack or another reason to recover data, it was a very slow and painful process Everyone was concerned about getting hit by an attack no matter how good their defenses are They figured at some point they were going to experience a ransomware breach and they were going to have to recover And they weren't sure they'd be able to do that with their existing systems Plus looking ahead Regulatory requirements and insurance requirements are changing and they expected to need to have new Resiliency and recovery solutions in place Okay, can you talk about the methodology? We have another slide. We want to bring up Around the TEI study. How did you generalize the results and how should people think about applying them to their specific situation? So a TEI case study can be thought of as a framework. We interview customers were introduced to the customers, but Dell was not present for the interviews. We keep the data Anonymized we aggregated into a composite organization. So that's a representative organization around which the study in the model are built For this study, it's a public sector organization with a $500 million operating budget and 1500 employees but this is just again the character in the story you can look at the way that the benefits and costs are modeled and Think about how it would apply to your own organization how those numbers might change So that's where the composite organization comes in We we sort of normalize aggregate blend and work with our our data and our analysts to make sure that The final composite organization makes sense So in that example the the budget essentially of that that Public organization is sort of an analog to a revenue metric of a of a public company or a Private company in the public or in the in the commercial sector, right? Exactly and employees are employees and those constituents could be thought of as customers Okay, we have another slide and we're going to talk about the metrics. Can you share any specific business impacts that you saw in the study? Yeah, so for the composite organization based on the interview data that we collected We showed for the composite an 80 reduction in hours spent on recovery Which translates to a benefit of labor savings in recovery, right? So it took a lot less time and effort to recover from a ransomware attack We also saw a 75 reduction in downtime for the composite organization Which means that your employees can can get back to work sooner So lost productivity is reduced as well as the financial business impact, you know, like a revenue loss situation Um because the business could get back up and running sooner. We saw less costs there And then not noted on this slide, but also important I mentioned those disjointed backup and recovery solutions that people said that they had So we modeled the ability to retire some of those legacy systems which meant Time and effort savings as well as some financial savings So those are the benefits You can see we have an 18 month payback period for the composite organization And the other part that goes into that is the costs So there's a financial cost to Dell and partners for implementation and the hardware and software And the subscription costs and then um internal costs for implementation and ongoing management Okay, so you have a project you have an existing environment Sometimes people call it as is and then you model out the the 2b And then do you do a cash flow model as well and a full NPV and cost of capital and all that other good stuff Yes, and that is all in the full case study, which um, you'll be able to find online with Dell Yeah, great. We'll we'll put that link in the uh in the show notes here Um, they're also in my experience Elizabeth in these types of studies There's there's a lot of times either softer benefits or harder to quantify benefits that are like telephone numbers I mean a lot of times that's the greatest benefit cfo She or he necessarily won't buy into that But there are clearly other benefits around productivity or or other cost savings or just you know customer retention There's another graphic we have on these sort of softer or harder to quantify benefits I wonder if we could bring that up and you could talk to that Sure, so Yes, we love to talk about unquantified benefits. These are often the most meaningful to the people we're speaking with They just can't put numbers to them. So in this case study the unquantified benefits are insurance savings, so um Sometimes if you don't have a solution like this in place, especially if you've experienced an attack previously It's very expensive or almost impossible to get insurance in the future We also heard that by starting to think about resiliency and these these backup solutions and changing their perspective on security and recovery It created a culture change in the organization. So it started to affect other areas of the business um on a More tactical side for organizations that were experiencing audits They could kind of check a box and say yes, we have a recovery solution in place And it made that a lot less painful Employees were happier. They felt better. They could sleep at night, which you can't really put a number to but it's pretty important People also felt that partnering with Dell provided additional benefits ways to think about their recovery and security and then finally there's uh technology involved in the broader implementation called cyber sense which scans those backups as they go into the system and Provides an additional level of assurance that the backups are good that they haven't been compromised And um may make it easier to recover in the event that they need to Yeah, those are those are some good ones. I mean insurance like when you put your The alarm system in your home you get a discount on your insurance But your other point is you might not even be able to get insurance if you don't have these things in place these becoming board level uh criteria And and the audit is sort of the last line of defense So you want to make sure you can check those bosses. Elizabeth nice work. I really appreciate you taking the time and and sharing the The results of the tei study. Thank you. Thanks much for having me. You bet. Okay. Don't go anywhere We have more outstanding content coming your way from cyber experts. We have practitioners technologists You're watching navigating the road to cyber resiliency the summit made possible by del technologies. We're right back