 Hey everyone, welcome to this CUBE Conversation featuring Cloud Storage Security. I'm your host, Lisa Martin. Today, excited to be joined by CUBE alumni Ed Casmer, founder and CTO of Cloud Storage Security. Ed, great to have you. Thanks so much for joining us today. Yeah, definitely. Thanks for having me. I'm glad to be here. Cyber Security Ed is one of the, it's a global initiative, right? Everyone's talking about it. The threat landscape continues to change. The perimeter of the forest, say, Morphus, we're seeing cyber criminals continue to focus on storage in the cloud. Cloud application workflows that ingest data from individuals can introduce malware. With that context, Ed, tell us a little bit about Cloud Storage Security. Yeah, definitely. So we are a cloud security company focused on data specifically in the cloud. We're really about trying to give you visibility and control of your data. That's the biggest piece that we see missing. Originally when we were here a year ago talking to you, it was the conversation about no one's thinking about storage except the bad guys. And now we've seen a fundamental shift between then and now, and it's really at the forefront of how do we protect that data in the cloud? Talk a little bit more about the gaps in the market that you saw with respect to particularly malware, ransomware and storage in the cloud when you decided to found the company. Certainly, it's so easy to think about how do I protect the end points? How do I protect traffic coming in from the outside world and forget about how it's consumed downstream? And so we saw gaps there because the storage itself is being attacked on a very routine basis. And I'm talking about daily, weekly, monthly, over or nearly 50% of organizations are still being attacked by ransomware every day. A lot of those hit directly in the storage. So we saw that there weren't cloud native tools out there solving the simple task of identifying your storage and securing your storage. And so we really came to market thinking about how can we help you answer the questions? Is my data safe to use? Is it not too sensitive to share? And do I know exactly what I have and where it is? So incredibly important as we've seen the last couple of years, the cybersecurity landscape is changing so much. Ransomware is a household word. It's now not a, if we're going to get hit, it's when, it's how often, it's what's going to be the impact. You mentioned a stat, but share some of the recent market trends. I think you guys have some great stats from enterprise strategy group that I think the audience would be interested to hear. That's right. We've been doing work with them. And if we look across our own customer base, our stats back up their stats as well. So if we look at it, it's nearly half, 47% of organizations are getting attacked very regularly. And as I mentioned before, it's daily or weekly, sometimes monthly, but it's that often. The other pieces that we're seeing are over a quarter of the customers out there are seeing malware move from workloads into their storage and they're being attacked. That's 27%. And a third of customers have issues with their data really because they don't know what it is. They haven't been able to classify it. They don't understand what it is. And so when they do have breaches or they do have data losses, it's primarily because they didn't know what it was. So they didn't know how to configure it and they didn't know how to protect it. Is it more of a people problem than a technology problem? Well, I think it's both. As we talk about cloud, you've probably heard this from a hundred different interviews that you've done. When you go to cloud and you go to scale, you really have to automate and you have to figure things out. You have to bring the right tools in. So yes, is it a people problem? Yes, is it a technology problem? Yes, it's both. And you really have to figure out about bringing the right tools in, having the right folks set it up and really get automation in place. We talked about, you mentioned those staggering stats from ESG that almost half of organizations are routinely targeted with ransomware. Almost a third have malware moved to the cloud workloads because of things like misconfigurations, a third or more suffering data loss. How does cloud storage security help organizations start dialing down some of those staggering stats so that they can become far more secure from a resiliency perspective? Yeah, so it's a great thing to try to have to figure out. And luckily we're here to help folks figure it out. I mean, you really have to think about what do I have and where is it? How is the data coming into the environment? And so we've put tools in place that give you visibility and control over that data. We'll tell you what you have, where it exists, what types of configurations are on it. But the other piece that we're missing because that's still part of the configuration aspect was that initial touch of the data. So we've come from a different focus on how we help people protect their data. We came at the lowest level. We started at the data itself. Is it clean? So we scan it for malware. There's not real good native solutions out there for that. Is it sensitive? We do classification on that. So we build at the data and now we add layers on top of that to then say, okay, we've got potentially a dirty data, potentially sensitive data. Let's check the configuration of it. Is it public? Is it private? Who has access to it? How old is it? Are we keeping around data longer than we need to be? And so we've kind of built from the initial scanning outwards to help add value around that data security control. Let's talk about specifically the work that you're doing with AWS. How is cloud storage security protecting AWS storage services for your customers? So data is data. It comes in lots of different ways. And so the question is, how does the data come in? And if you look at it and we'll talk about it later in the context of a customer as well, we see many ways for that data to come in, whether that's a direct copy and upload, whether that's a front end application that end users interact with, if it's data ingestion pipelines. But one of the things that we've seen recently is a massive uptick in managed file transfer. So we intentionally put an integration together with the AWS transfer family to help protect and secure that. You would think a 50 year old technology is more on its way out than on its way in, but there's massive spend in the ecosystem right now on managed file transfer. And the biggest thing is, how do I make that more secure? And so the notion of being able to scan for malware and classify the data as it comes in through that standard protocol that people have been using for decades was a big thing. And so we intentionally did that integration, put it together, and now you can ensure that one, the transfer of the file is secure, but also the endpoint, you know exactly what's going on in that data. What are some of the data security risks that come into play for customers when transferring files and how does the integration with AWS transfer family eliminate those for your customers? Yep, that's a great question. So ultimately, why do people use managed file transfer? It's typically for either large scale business to business headless transfers of data, or it's the notion that you have a distributed workforce out there that needs to send data and you don't have control over that workforce, whether that's the general contractor sitting in the front seat of his truck at a job site, or whether that's some other employee in another part of the world that doesn't have direct access and needs to go through that mechanism. The idea there is you have no control over where and how this data is coming from. You know, there's a standard saying that no data should be trusted. You know, there's no good data out there until you've actually scanned it and validated it. So the notion of the concerns are, where did it come from? Are my users safe? Are the third party businesses safe that are sending me that data as well? And so it's a force multiplier that you have to touch that data. Right. So then when you're in customer conversations, data management is complex. The cloud is complex. What are some of the core tenants of good data security management that you talk about when you're in customer conversations? Yeah, initially it was, can I even tell what my data is? You know, it really boils down to there's five main tenants. The first would be visibility. So do I know what I have? Do I know where it is? Is it in one account? Is it in many accounts? Is it one type of data? Or is it many types of data? So the notion of having global data visibility. The second is a hygiene issue. And hygiene comes down to how old my data is, how often is it being accessed? Is it hot or cold? If you look at, you know, we've been in this industry a long time. I have at least I should speak for myself. And I've seen whether it's people focused on compliance, you know, you don't wanna keep data around any longer than you have to. So the notion of hygiene brings in the idea of, yeah, how often is my data used? And can I get rid of some of that? Because if you ever do run into an issue, all the data that you have around will be requested. And if you've intentionally gotten rid of it, because you're following your own compliance rules, that's a smart move to make on that as well. The other aspects, the other tenants that fall into that are the risk aspect of that. Am I configured properly or not? Am I public when I mean to be public? Cause public isn't a bad thing, but you wanna be intentional about it and know that you're public. Am I private in other ways? And am I limiting the access to that data as best I can to the very fewest amount of people? The other things we look at then are access itself that falls into that risk piece where it's compliance, but it's also who's touching my data? Are they touching it, you know, as I would expect them to from the places that they are from all of a sudden other parts of the world that we wouldn't expect. It's that idea of really being able to keep track of that. And then falling back on the compliance piece, that's the fourth piece. You know, it's like, am I configured properly against best practices? Well, how about am I configured properly to solve for things like PCI and HIPAA and the like? Right, and all the things that are coming down the pike. So good data security management, it sounds to me like what you're saying is layered, it's visibility, it's hygiene, risk assessment, access, compliance. So ensuring data is safe to use is your top priority for your customers? How does cloud storage security deliver that? What are some of the differentiators of what you're doing? Yeah, so we've gone to, we've tried to create an enterprise management solution here that gives you visibility and control in a very simple format. So we've made intentional decisions here. We allow you to install the product yourself in-house. And why do we do that? Because customers don't like to send their data out to be touched and scanned. Metadata around configuration is one thing, but the actual IP and content that they've developed and they're consuming and they're using throughout the rest of their business, they really don't want to send anywhere else. So we deliver a solution that can be installed in under 10 minutes. It's very simple to get up and running. It's highly scalable and we'll look at all of your data everywhere it is and report back to you on what you have and then give you the ability to really add point and click protection. I want to protect this, I don't want to protect that. This is what I should protect because it's public or misconfigured. Let's go chase that down and get it all figured out. And so that's been our goal is simplicity, the idea of bringing all of these core tenants into one spot, giving you data residency and control, chain of custody aspects. And then we also are ones that we want to bring in the highest efficacy possible. So we bring multiple engines together and any of the data that you're scanning, we can touch with different engines and give you different results. Speaking of results, do you have a favorite customer story that you think really shines a light on the value proposition of cloud storage security? What you're delivering for customers? Sure, sure. So on the customer results side of things, it's interesting because as we saw with the ESG stats earlier, our numbers back this up as well. If you look at what we've scanned so far, it's petabytes of data. It's over 5 billion files on behalf of customers today. And one out of two of our customers finds malicious content in their environment. We found tens of thousands of pieces of malicious content across cloud storage on behalf of our customers today. So it's a massive thing. Now, if we focus in on one particular customer, we have a large financial services customer that's migrating petabytes and petabytes of data and bringing it in, they have a requirement to scan every bit of data that gets migrated in from other companies, whether that's through M&A or whatever it happens to be. What's interesting about these guys is that they really use the full breadth of the AWS services that are out there. So they are a transfer family shop. They're also a data sync shop and they also leverage the Snow family. So I love the notion of a suitcase going to a place, filling it up with data, bringing it back and then transporting it all in. And so they use all of these avenues, but one goal in mind has to come at the end and that is my data safe to use and is it sensitive or not so I can quarantine it in the right ways. And so this financial services company going through massive migrations right now, as I said, petabyte scale, billions of files themselves and it's really this notion of, hey, I've got all this data. I've got it coming in in 10 different ways. How can you help me protect it? And so these guys are a perfect example of taking advantage of every aspect of AWS and really the large scale because they're doing things over weekends where they bring petabytes of data in over weekends and they have to scan those petabytes and those billions of files in a single shot there. So high scalability, high security and a lot of flexibility. Incredibly important for financial services organizations. I can also imagine healthcare, manufacturing, retail really every industry, no one is safe from malware and ransomware, it's everywhere. And I'm sure you have a spectrum of customers across all the industries. From a tech perspective, kind of double click on what you're supporting today in AWS storage so the audience understands what they can work with you on. Sure, our goal is to cover all unstructured data. And so today for unstructured data, we have S3, we have a work docs, which is a file sync and share Amazon's file sync and share work docs. We have elastic file system and we have elastic block storage, also known as EBS and EFS. And the notion there is data comes in many formats. It's stored, but this is a lot of file content. And so we want to be able to help them protect across there the entire storage mechanism that they're leveraging. So S3, work docs, EBS, EFS, what's coming soon? What does the roadmap look like? Yep, we'll have FSX by re-invent and the goal is to continue to look at that and continue to expand. So what is beyond unstructured data? Well, it really becomes the conversation around structured data. And so it's this notion of, okay, let's go and evaluate the same types of mechanisms around your structured data as well. So this falls under RDS, other database types and the like. And then if you look at additional context and capabilities, it's always around making things simpler and giving you more visibility and control. So as we discussed in those five core tenants, those are one of those things that are never completed. And so we started here and we're working our way up and out to continually add really the so what of it? Yeah, you can tell me that I've got some things over here, but what do I really want to know about that? Well, you want to know whether it's safe or you want to know whether it's configured properly and is it following all of your standards? And so we're adding more and more around that. Awesome, lots more to come. We'll be keeping our eyes peeled for re-invent just in a couple of months from now. Where can the audience go to find more information about cloud storage security? Where can customers access the technology? Certainly, so you can land on our website, of course, cloudstoragesecurity.com. Go check all of that out. If you want to touch the product, we offer free trials through the marketplace. So go to AWS marketplace and find us there. We're in one of the top 20 found solutions on there, which is fantastic. And you can start a 30 day trial, which covers an amount of data. Any of the services that we offer, just malware scanning, whether that's a data classification or whether it's the integration with transfer family directly, all of those are sub 10 minute installs through a trial on the marketplace. Our help docs and everything else are wide open. So you can do that without having the product installed if you want to understand our architecture and other things. Feel free to go out there and check it out. And you can always email into info or sales at cloudstoragesec.com and we're here to help you guys out. Awesome. And thank you so much for coming back on theCUBE, really sharing what cloud storage security is doing to help organizations really dial down the risk, the continuous risks that are out there with respect to malware ransomware in cloud storage. We appreciate your insights and your time. Thank you. I appreciate it. Thanks. All right. We want to thank you for watching and reminding you to keep it here for more action on theCUBE. You can find all of our content online at thecube.net, all of our editorial related to interviews on siliconangle.com. You're watching theCUBE, the leader in hybrid tech event coverage.