 Begin journey, navigating the road to cyber resiliency. The state of cybersecurity has never been more challenging for organizations. You hear there's narrative constantly and people might be getting sensitized to it, but it's true. Organizations are rightly scared because of fear of the unknown. Namely, surprise attacks by increasingly crafty hackers with sophisticated cyber tools. Organizations don't know what they don't know. Look, even if you could prevent all attacks, which you can't, all it takes is one disgruntled or unethical developer with access or a careless or misguided person on the inside to compromise your systems, literally in seconds and at a scale greater than ever seen before. And the threats continue to evolve. The latest concern to have gone mainstream of course is AI. Foundation models like GPT are being used to escalate attacks through better phishing scams, automation and more. While new techniques can also be used for defense, it seems the hackers are always first to find novel and creative ways to break in. Or, you know what? They're even still exploiting legacy tried and true methods of infiltrating organizations because let's face it, with so many tools old and new, it's impossible to keep up with the state of the art because you can't just get rid of technical debt overnight. The point is, there's been an unprecedented focus on greater preparedness for cyber attacks from boards of directors even now public policy mandates from the government. As such, as our data shows, cyber resiliency remains at or near the top of organizations IT priorities. But are we making progress? Well, some organizations are closing the gap. We have to ask why are so many feeling less than confident that they're prepared and what can they do about it? Welcome to Navigating the Road to Cyber Resiliency. My name is Dave Vellante and I'll be your host of a new cybersecurity series that we're launching made possible by Dell Technologies. Here's the scoop. SiliconANGLE and Dell are kicking off a series of events and coverage on this critically important topic to run through 2023. We'll be bringing together industry execs, subject matter experts, analysts, partners, customers, and more to help drive this discussion with the goal of arming all organizations with the information they need to navigate, i.e. to map their own route to cyber resiliency. Today we'll introduce you to the first in a series of three programs. Our fundamental premise is that backup and recovery, sometimes generally referred to as data protection, must become an integral part of a cybersecurity strategy. It's really that simple. You can't protect against everything. You can't predict what will happen next and how severe it will be. So your last line of defense, that is the ability to recover from a breach, has to be front and center on your journey to achieve a zero trust approach. Now we have three segments today. First up is Rob Emsley, who directs marketing for Dell's data protection portfolio products. He's going to help us set the stage and put cyber resiliency into context and will also share some data from the Dell Global Data Protection Index. Then we'll hear from Daniel Newman of the Futurum Group. Daniel is a friend of the Cube and recognizes one of the top market analysts in the technology business. He'll share his perspectives on the market, zero trust, and some of the top industry trends. And then we're going to close with Jim Schuch. He's the director of cybersecurity and compliance practice at Dell Technologies. Jim, he's got a background as an attorney and spends a lot of time with customers and boards of directors, helping them to figure out how to reduce risk. And we're going to pick his brain as how to reduce yours. With that, let's kick off episode one of navigating the road to cyber resiliency. Wow, lots of people on the road to cyber resilience today. They know that to supercharge innovation, they need a foundation of modern data protection that includes recovery from cyber attacks. Excuse me, I'm looking for modern data protection. Uh, cross any cloud? Yeah, any workload? Definitely. Oh, you're looking for Dell Technologies. Straight ahead, can't miss it. Thanks. He didn't give us a chance to tell him that Dell Data Protection is modern, simple, and resilient, all by design. He'll see when he gets there. Okay, we're kicking things off with Rob Emsley, who directs product marketing for Dell's data protection products. Rob, I'm really excited about the collaboration that we're doing the series and great to have you back in the studio. Oh, it's great to be back, Dave. I mean, it's been only a few months since we did the future of multi-clad data protection event with you. You know, and certainly, you know, we're really excited by, you know, this engagement that we are kicking off with this inaugural show. Yeah, now, as our audience knows, we've covered many data protection topics on theCUBE over the years, but this topic, it seems to continue to dominate the headlines, Rob. Why is that? Yeah, I mean, I think you're aware that every year we run a global data protection survey of rough and tough about 1,200 customers around the globe. And one of the things that we've really started to inquire about a lot more in our surveys is the question around cybersecurity and cyber resiliency. One of the things that we found is that two thirds of the organization surveyed last year are really concerned that they don't believe that their existing data protection measures in infrastructure is sufficient to cope with malware and cyber threats. Also, the same amount, two thirds also believe that in the reality of work from anywhere, learn from anywhere, that's actually increased their exposure to cyber attacks. So certainly, there's just a lot of concern as far as do I really have what I need in order to protect the business? So it's interesting, basically you're saying that people are aware of it. So some of these numbers might surprise you a bit when you think about just a sheer number of vendors that are offering solutions in this space. And as folks know, cloud really doesn't solve the problem. So why do you think we continue to struggle so much? I think a lot of it is because we have a very fragmented security market. I think we've sort of seen research that says there's somewhere north of 4,000 incumbent vendors, startups, adjacent players addressing various points of the security landscape. So we really believe that, the challenges are that there's just a lot of inconsistency because there's so many solutions that are out there. And that's one of the things that we're really looking at here at Dell to try and address by bringing our perspective about how you actually navigate through this complexity. Well, and we saw this during the pandemic, Robert, there was so much funding that went in and a lot of that went to cybersecurity. And so people naturally say, okay, here's a tool that's gonna solve this narrow problem. Let's try it because we have a, maybe we just got snake bit and got hacked and now we've got this new little shiny toy. And so 4,000, I mean, that is just incredible number. Yeah, I mean, I think it's the old adage that in order to solve cybersecurity challenges, you need technology, people and process. And you really need to be wary of vendors that come to you and say, buy this solution and it will solve your problem. I think the reality is that it's a multifaceted challenge. And that's where you really need to look at the entirety of the problem. And break it down into piecemeal chunks that you can address and build a holistic solution. Okay, so let me set up this sort of next part of our discussion. We have a lot of noise in the market as we just talked about. You got more sophisticated attacks. You got too many organizations that don't have adequate preparedness. CISOs tell us they still have lack of skills inside their organizations. So what we want to do with Rob is we want to go and understand like where do we go from here? And more relevant to our series is what's the relationship between data protection and cyber resiliency? So Rob, how does Dell think about cybersecurity in general? Yeah, well, we really frame the conversation into three specific areas. The first is protection. So it's really the goal is to stay secure against evolving threats. So that is certainly an area where all of the work that many customers have done to protect their perimeter, protect their infrastructure. Certainly if you think about some of the techniques within infrastructure itself, things like hardware, router, trust, certainly work that we do with our partners like Intel within our data protection appliances, even down to the components that we use. So if you think about things like our Broadcom components, the Silicon root of trust becomes really so important. Also the fact that the infrastructure that you deploy comes through a secure supply chain, that we guarantee hasn't, has got to you in a very secure way. So protection still remains a key element of the conversation. The second one though is really where I think this series is going to really focus on, which is resiliency. How do you withstand and recover from attacks? And I think that's where the data protection and the backup and recovery market becomes such a close adjacency to the overall cybersecurity space. Backup has been around for a long time, but I think that you and I have discussed how the entire industry is really spending so much more time now talking about how your data protection and your backup and recovery infrastructure helps you become more resilient and allow you to recover from cyber attacks. So those are two very key pieces. And the last one I think is a real key element to Dell's message around security is you need confidence. So yes, protection and resilience are great. A lot of that is around technology and process, but confidence really comes from the people that you work with. And one of the great things that Dell's able to provide is a global set of resources that are able to not only help you implement techniques and processes and tools, but also is there for you to respond when you need it. And nobody knows when you're going to need it, but the pure scale of global services from Dell, you know, we have many situations where we have been able to work with customers immediately when they need it. You know, and I think that's such a key important piece. So protection, resilience and confidence. You know, this idea, I'll share our audience knows that we've talked about this a lot during the pandemic. So many CIOs told us that their resiliency, their business resiliency was way too focused on disaster recovery. So we talk about cyber resiliency. We're talking about being able to survive an attack and specifically being able to recover and resume your critical business operations. Now Dell's been in the market for a long, long time with cyber recovery solutions. So my question is, does your solution have staying power in the market? And what can you say that gives customers confidence that it's going to get them, you know, through the future, this uncertain future that we face? Yeah. So certainly if we go back to our global data protection research, you know, last year, you know, one of the really upsetting facts is that 48% of the organizations that we surveyed had actually suffered a cyber attack in the last 12 months that prevented access to their data. So this is something which, you know, is deeply concerning. I think one of the realities is that bad actors are not only going after production systems, but invariably they're going after backup infrastructure. So as you mentioned, they're literally half a decade ago and it was really after, you know, the infamous attack on Sony that we really introduced the concept of isolation into our backup and recovery solution as a additional layer of security that we could provide to our customers to make them more secure and make their backup infrastructure more secure. So really our cyber recovery solutions is really focused on three distinct areas. First is immutability, you know, and certainly whether or not you're implementing a cyber recovery vault, immutability nowadays is effectively something that you should be implementing across all of your backup infrastructure. You know, certainly our backup appliances that have been in our portfolio as you know, for many, many years, you know, have inbuilt security and inbuilt immutability and they have done for a very long time. But we continue to make those systems, you know, more highly protected with things like multifactor authentication, things like very specific role-based access control. So that's on the protection side. And certainly you would like to think that being able to recover from your primary backup copy you know, would be, you know, your first line of defense and your first line of recoverability. But over the last six years, we've been supplementing that with this concept of isolation. So immutability first, isolation, and then intelligence being, you know, the second two elements of our solution. And that's really where the whole concept of delivering a backup copy, maybe not of all of your data, but certainly of your critical rebuild, applications, systems, and the data that they need in order to get you back up and running and make that copy of that environment completely isolated from the rest of production, from the rest of your backup infrastructure. You know, I like about what you're saying, Rob, is I mean Dell Technologies, a product company, but you're talking about much more than product. It's a wider scope. The supply chain security, you know, not just a single point product. You're talking to services or a key piece of it. You kind of alluded to that earlier. I really appreciate you helping us set up this series and episode one, really appreciate it. You're great, thanks Dave. Okay, you're very welcome. Okay, keep it right there. We're coming back with Daniel Newman who was voted the number one independent market analyst. You're watching navigating the road to cyber resiliency. Hey there, need any help? I was trying to help these customers track down their critical data. Let me guess, cyber attack. I'm afraid so. And they're not very confident all of it can be reliably recovered. Oh man, we're toast. Well, I'm not surprised. 63% of IT decision makers share their concern. The good news is Dell Technologies delivers modern, simple, resilient, multi-cloud data protection that's secured by design. Not to mention cyber recovery with immutability, isolation, and intelligence. That sure sounds great. We're headed there now. Hop in. Yay! I should have been more specific, right? You should have been more specific. We're back with Daniel Newman who's a top industry analyst. He's also the CEO of the Futurum Group of very rapidly growing research firm. Hello my friend. Thanks for joining the program. Great to see you. Dave, always good to go on theCUBE. All right, let's get right into it. I want to share, Daniel, some recent data from SurveyHouse ETR which confirms what everybody's been talking about. And that is security, of course as we know, is the number one priority for technology organizations. This survey specifically identifies zero trust which seems to have gone from buzzword. You remember Daniel, pre-pandemic. And now it's become this kind of mandate. How do you see zero trust? Is it going mainstream in your view? And what's driving that? Yeah, first of all, Dave, I'm really glad that you brought that particular notion about technology and security being in vogue as the line-on variety has been protected during this economic challenging period that we're in right now. The investment in security is actually going up. And that's something that I saw and had predicted as we sort of saw the economy turn. I mean, zero trust is really all about the way. It's not just a technology, it's really a culture. It's about an end-to-end approach to security that really looks at hardware, software and people. And in considers that first and foremost, we need to sort of not really trust that anybody is as secure as they need to be. As the attackers get more innovative, it means that the traditional perimeter-based security that we've used, it's not sufficient. We saw recent legislation and strategy coming out of the Biden-Harris administration. And actually zero trust is one of the things they've focused on for federal and public sector. We're seeing it at government, we're seeing it in enterprise. This is a really big thing. And as I said, Dave, and probably the most important thing is it's all about end-to-end cyber across the IT stack. And for example, when you hear companies like Intel talk about TXT or you hear about Broadcom when they talk about root-of-trust capabilities in their NICs, really what they're talking about is hardware, two software, two humans putting that right technology in there that enables end-to-end. And that's why companies are picking certain hardware to go into certain devices. It's a really good point. I mean, you're right. It starts at the very lower layers of the stack all the way up through- Look into people. Look into people. Exactly, all the way up through culture. And you know, Asiso told me the other day, Daniel, love to get your feedback on this. He said, part of the reason why we're going for zero trust is because when a project is ready to be delivered or an application or initiative, particularly around stuff that's going to drive revenue in this day and age, we don't have to go through as much friction to get the stamp of approval. And it just accelerates time to market. Yeah, I think that's true. I mean, I think companies right now are in a different juxtaposition. Before when we were in this sort of wild, frothy growth period of time, that you and I have had many conversations about over the years, Dave, it was all about spending for growth. It was growing infrastructure to get more customers, be able to deliver more services, et cetera. But now when we're seeing companies sort of reconfigure for what will be the next wave of growth, they need to make sure that their data is protected. They need to make sure that data is going to be available and that their systems are going to be up and working. As we see digital transformation enabling companies to actually deliver and grow, they can't not put security at the top of their priority list. You have to be secure. And if your data cannot be backed up, you also open a whole lot of risk to things like ransomware, because that's what the black hats, that's what the people that are trying to get into your systems know, is if you can't bring your system back up quickly, the vulnerabilities are really substantial. So I want to ask you about data protection because that's the series of course, the program we're running is around data protection. And what role do you see data protection, specifically we're talking about backup and recovery. What role does that play as an adjacency to cybersecurity or even as a key component of a zero trust architecture? Yeah, I think there's a really significant interdependence. And that was kind of what I was alluding to just before this was if a company's backup is vulnerable, meaning if that data protection is not in place, or if a hacker is able to get access to that backup, then the whole system becomes more at risk. Because the one thing is if a company knows it can bring its system back up, it's less likely to potentially pay out ransomware requests. So data protection just in that way creates a ton of risk. And so we're seeing new capabilities related to data protection, whether that's role-based, whether that's multi-factor authentication, multi-person, two-person concurrent, these are all things that are being done along with gapping, data vaulting. These are all strategies. And these are things might seem a future group have looked at really closely as some of the key ways that companies are going to be able to defend, but not being able to backup and bring up systems quickly creates vulnerabilities and risks that companies really shouldn't be allowing themselves to be in such a position. Yeah, and it's no silver bullet to your point. There's just a lot of different strategies that organizations have to employ. And, Daniel, I got to say, the last 110 days or so with the AI trend has just been amazing. So I want to ask you about technology trends that are impacting security. But before we get to the generative AI, let me just sort of list a couple that are top of mind. Cloud and multi-cloud, when you're doing cross-cloud, it creates other complexities, the hybrid work, remote work, we've talked about that a lot and the impact on cyber and of course, AI, ML, generative AI, GPT. How do you see tech and today's tech trends impacting cyber security? Yeah, maybe I'll take that a bit one by one because my natural gravity would be talked just about generative AI because it's so in vogue right now, but we, to your point, multi-cloud, for instance, is a important operating model. Companies that are going to obviously from prem to hybrid to multi are introducing a number of new security vulnerabilities. There's different API access. There's different remote security connectivity. You have different user access and multi-tenancies and of course the risk of unsecure devices. And by the way, hyperscalers, whether it's GCP AWS or Azure, for instance, they all have different administration. So what your team may be extremely good at hardening for one, they may not have the capabilities or be as up to speed on another and that creates all kinds of risks. So when you work across multiple clouds and prem, and as we know, I know I think you like to talk about the super cloud, Dave, but as you work across these multiple clouds that are really creating the enterprise fabric, this creates a whole bunch of new complexities. It would be like having five, 10 different prems with different hardware and different software running on them. And that's what enterprise IT leaders and CISOs are being expected to defend of four. Right, okay. So you're right. I do like to talk about super cloud because it is a metaphor for consistency across clouds. What about generative AI? I mean, it's the hottest topic going. How do you see that as- Yeah, I had to take a breath. I wanted to let you get in there. Yeah, thank you. Look, generative AI is probably one of the fastest and most disruptive trends that I've ever seen. I think you and I could both agree that something like 12 to 16 weeks ago, it was like, it was a twinkle in our eye. We understood AI directionally was going to move to be much more self supervising, deep reinforced learning with less and less human in the loop in order to do more and more things. I think the idea though, that it's so quickly become pervasive and it's being utilized in ways that are driving all kinds of productivity gains that are giving you access today. It's very exciting. Having said that, it's also creating new security risks. You got employees of companies. We heard it about this last week. I believe it was Samsung uploading proprietary or confidential data to chat GPT for synthesizing or utilization for content. I mean, think about how people that are going to try to use these tools are going to be feeding this data into systems where things like privacy and safety and security aren't even being considered. Talk about a risk for zero trust. I mean, these are major risks. And of course you got to figure the black hats and the hackers are going to be using this to create all kinds of new creative ways to do better phishing, to do better spear phishing attacks. These types of technologies, anytime they're used for good and positive, you can be absolutely certain they're going to be used on the other side for those that are trying to take advantage of the opportunity. Yeah, the cultural awareness becomes even more important. It's definitely moved from the boardroom to the rest of the organization. And now we, you know, we think we got it that. We, when we see a phishing attack, oh, I got this, it's spam. Well, you ain't seen nothing yet. Let me ask you a question. I mean, it seems like every year we look back and it's like record spending on cybersecurity, 80, 100, you know, billion dollars and it's growing, but the threat keeps escalating. Bad guys, they're highly capable. The adversaries, they're motivated because there's big dollars there. How do you see CISOs dealing with that moving target? Yeah, we see several trends. And you know, I even spoke to our team that leads the data protection practice. One of the trends that they really brought to my attention was the collaboration and the collaboration that needs to take place both in enterprises and across ecosystems. So touching on, within the enterprise, you're seeing CISOs, you know, much more now involved in data storage and data protection decisions. It used to be something that was more made at the IT level. And as we see end-to-end security and zero trust becoming our priority, the CISOs being brought in. And that brings another collaboration I think is really important. And that collaboration is ecosystem of vendor partners. That's between the enterprise and the vendor and then vendors themselves. So, you know, I mentioned earlier, you know, the zero, the root of trust at Broadcom. And then of course, you know, Dell has shown some preference in their PowerEdge servers for the Broadcom Nix. And that's because there's a collaboration going on between the OEM, between the component maker. And that of course ends up being something that integrates all the way down to the enterprise where they're getting the best technology hardened for both the hardware, software and these UNI've kind of alluded to throughout this conversation into the culture. Also, we see continued investment. As we mentioned, I think at the top of the show, Dave, you know, IT spend is sort of seeing a shift. More spend is going towards security. Companies need to secure their environments. They need to know that they have their customers data and all their other critical data that it's available. And then it's obviously going to be able to be brought back in the event of an emergency. So that investment needs to be made. And it needs to be made to try to get ahead of more of these risks. Because right now, you know, security has too long been reactive. So by having those collaborations, working with the ecosystem, and then of course, you know, being more proactive in investing to reduce risk of threat, those are the things that are going to be done that are going to hopefully help CISO start to solve a problem that, by the way, that will be continuous, will be pervasive and will never go away completely. Yeah, and great, great comments. And of course the generative AI, the hackers are going to have it. But one of the things that GPT is good for is ideation. So maybe it can help us be more proactive. Last question. When you think about the increasing sophistication, the frequency of cyber threats and cyber attacks, do you think organizations will really integrate backup and recovery solutions as a core component of their zero trust security strategies? What are your thoughts on how viable that strategy is to improving overall cyber resiliency? Yeah, if you're familiar with the NIST zero trust framework, the protection of critical data assets is actually a pretty important part and it's specifically called out. And so that sort of gives us a de facto answer of yes. I think the relationship is symbiotic between data and security right now. And I expect that, you know, being able to deal with and recover critical assets quickly is going to be a really core part of zero trust. Now, obviously zero trust is, you know, like we said in the beginning, it's treating everything like there's a risk, everything like it could fail. But we do know, Dave, that no matter what ends up happening, there will be malicious attacks, there will be parameters that will be compromised. And that can happen to some of the best CISOs and CIOs in the world with the most sophisticated cybersecurity. So it's all about making those investments. It's about investing upfront, investing consistently. And of course, building that culture where security is laid into it from the very onset from every worker in the company that basically touches the IT. So put into a really short sort of thought, you know, security needs to be addressed everywhere in the IT step from the Silicon layer to the human layer on hardware and on software. And of course, everyone who touches enterprise IT needs to be part of a zero trust environment. Data protection has to be part of it. I don't see any other way. Daniel, as always, awesome comments. You're such a clear thinker. I really appreciate you coming on the program. Great to be here, Dave. See you soon. All right, keep it right there. We'll be back right after this short break. Every day, it seems there's a new headline about the devastating financial impacts or trust that's lost due to ransomware or other sophisticated cyber attacks. But with our help, Dell Technologies customers are taking action by becoming more cyber resilient and deterring attacks so they can greet students daily with a smile. They're ensuring that a range of essential government services remain available 24-7 to citizens wherever they're needed. From swiftly dispatching public safety personnel or sending an inspector to sign off on a homeowner's dream to protecting, restoring and sustaining our precious natural resources for future generations. With ever-changing cyber attacks targeting organizations in every industry, our cyber resiliency solutions are right on the money, providing the security and controls you need. We help customers protect and isolate critical data from ransomware and other cyber threats, delivering the highest data integrity to keep your doors open and ensuring that hospitals and healthcare providers have access to the data they need so patients get life-saving treatment without fail. If a cyber incident does occur, our intelligence, analytics and responsive team are in a class by themselves, helping you reliably recover your data and applications so you can quickly get your organization back up and running. With Dell Technologies behind you, you can stay ahead of cyber crime, safeguarding your business and your customers' vital information. Learn more about how Dell Technologies' cyber resiliency solutions can provide true peace of mind for you. Okay, we're back with Jim Schuch, who is the Director of the Cyber Security and Compliance Practice at Dell Technologies. Jim, good to see you. Thanks for coming on theCUBE. Dave, thank you. Delighted to be here in person with you. That's great to be in studio. It's always a better conversation, right? So for our audience, Jim is someone who spends an enormous amount of time with customers. So we're going to dig into what's changed in the conversations and in particular, who are the decision makers these days regarding cybersecurity and data protection versus in the past. Jim, what about it? What's changed? Who's driving the bus these days? Yeah, I've had a good perspective on this, Dave, because I've been talking to our customers now about cyber resilience and recovery from ransomware destruction for eight years. And we've really evolved the conversation over that time. One of the things I've seen that I think is really important is we've moved from having, just say, IT and infrastructure at the table to talk about these things. We added along the way that cybersecurity took an interest, obviously. We get risk and compliance from time to time, but even legal will get involved. Now, a lot of seats at the table are taken by people who are focused on the business. Sometimes it's the C-suite, sometimes it's heads of business lines, but that's been a really important development. And audit, too, right? Audit, in some cases, from a process standpoint, is like the last line of defense actually back up in recovery is the last line of defense. And we're going to talk about that a little bit. But as you point out, and I'll share with the audience, I've observed, and I think most people understand this exactly what Jim was saying, that cyber, it was once the domain of IT and the SecOps team and then it became a boardroom issue and it now feels as though it's organization-wide. And Jim, has cybersecurity, in your mind, gone mainstream? And if so, why is that? It definitely, definitely has, especially over that same timeframe. We get more and more digitally oriented over time and so businesses have realized that they are digital. And so cybersecurity, cyber attacks are a threat to the business, just as any other threat would have been before cyber really came along and became an issue. So if you're not protecting against those threats and have the ability to be resilient to them, you're not protecting your business. And it's everybody's job to do that. I think it's really interesting that the business has become more involved and that's also evolved the conversation to focus more on outcomes. What happens? How can we return to business and how much time versus, say, let's buy the next shiny toy or have a cyber control that does this, it's more focusing on the business outcome. It seems like there was a change. When the board started to get involved, it was almost like prior to that, it's kind of early last decade, let's say, it was like this, there was a mentality of failure equals fire. So a lot of times people were like, oh, don't talk about that. And we saw that change where folks who understand cyber would come to the board and say, no, you are going to get attacked. You were going to get infiltrated. It's going to happen. So it's all about that response and you got to be transparent. Do you agree with that, that that sort of failure equals fire mentality has changed and there's now much more transparency and that's part of this sort of mainstream awareness? Yeah, clearly. And it's been a really good development. It used to be a lot of times cyber security teams would not get involved in these conversations because their thought was, well, if we're having a recovery conversation, if we're working on being more resilient, we failed at our job. They've realized that's not the case. The attackers are going to be successful sometimes and part of a good cyber practice is the resilience and the ability to recover if those attacks are successful. Now, Jim is a lawyer. So, and there's an intersection going on at the board level between cyber security and legal issues. So, Jim, we want to understand that from your, putting your legal hat for a second, what's that board discussion like these days? It's really interesting. The board is aware that these are risks to the business. So they have to become more involved. There's regulatory pressure. The SEC has been looking at new rules that might come out this month. They might come out in the fall that's going to require the board to take more interest and have more expertise in these areas. There's just risk to the business and that's always what one of the things that the board has focused on. And I'll give you a really good example where the board's getting more involved. It's in the idea of having to pay a ransom. So a lot of times I would hear from customers, well, we're not worried about this problem. Worst case, we'll just pay the ransom. Why not? Yeah. And they don't understand sometimes there is no ransom to pay. Sometimes it takes longer to recover if you have the ransom. But from the board perspective, I think where they got interested is there are some laws that will prevent you from paying a ransom depending on who gets the money. So those get really complex. It's very difficult to tell who's going to get the money. So you may make a payment and then get in trouble later on even though you've been diligent with your process. That's high risk. And so the better outcome is to not have to pay the ransom. It's to be prepared to recover. Clearly, but I got to ask you. So you're saying it's illegal because not necessarily to pay a ransom but it's illegal to what pay a felon? Yeah, there are laws on the books in the financial industry that say you can't do business with certain restricted nationals or geographical areas. So North Korea is a really good example of that. If you do business with them and paying a ransom to them would be doing business with them, you violated those laws. Yeah, this is where you definitely need somebody who understands the law to figure this stuff out. All right, let's talk about misconceptions. What are the most common misconceptions that you see in cybersecurity that people really need to understand? I think I still see a lot of the same ones but fortunately we've all learned along the way and I don't see them quite as frequently. A big one is that the thought that we've already invested in disaster recovery and that's going to cover us for a cyber recovery situation. And that's just not the case. The technologies that you have for outages and natural disasters are still as important as they ever were. Think about backup, think about replication, even continuous data protection. They're not going to help you very much in a what we would call severe but plausible cyber disruption. So you have to look at those things separately. You're not, you spend a lot of money and time. It's just not going to help you that much in those types of disruptions. What about the cloud? I mean, a lot of people think, well, I got my data in the cloud. Those guys have awesome security, which they do, by the way. They do. But does the cloud solve my problem? Do I have to not worry about it if my data's in the cloud? I think they're still laughing. Yeah, there's still some misconceptions out there. And if you think about in the cloud, the shared responsibility model, your cloud provider or your SaaS provider, whoever you're working with covers certain things, but you maintain responsibility for other things. And if you're not understanding where that point is, what is your responsibility, you're going to be in trouble. Ultimately, and I've heard this a lot from regulators, they don't care who you use as a partner, who you use for a cloud provider. It's on you to make sure that things work properly. Jim, are there any other misconceptions that you want people to know about? Yeah, there's a few that come to mind pretty quickly that I'm hearing frequently. One is we're not a target. We don't need to worry about this. And I think that totally misunderstands the landscape. Everybody's a target. You think about the tax like not pet you, a lot of organizations were not focused on the target, but were collateral damage because sometimes malware does unexpected things. And really anybody who has a presence on the internet, the bad actors many times look for just the vulnerability that's out there. And if they can find it, they'll leverage it. They're not looking to see who has the vulnerability, just somebody has it, I get in, I lock up their data, I demand my data. They're knocking on doors and it's automated. The door's open, I'm going in. And if I get something out of it, great. If not, move on. That's exactly. Another one is we have cyber insurance. And cyber insurance is definitely a component of an overall risk strategy. You help to transfer some of the risk, but it's not the strategy. You have to be secure. In fact, in today's world, if you don't have good cybersecurity, you may not be able to get a cyber policy at all. And in any case, an attack is always going to have costs related to it. There are going to be exclusions in insurance policies. You know, ultimately an insurance policy is just a contract. And the terms of that contract control, there's no such thing as cyber insurance and everybody gets it, it's what you negotiate with the provider. That's a big one. I heard Warren Buffett on TV the other day, you know, Berkshire owns Geico, saying they're now going to six, every six months they changed the policy. He'd love to go to a month. So, you know, you're exposed. Yeah, absolutely. It's a key component. And the third one is kind of along similar lines, but it's a technical side of it. We have turned on immutability on our storage platform. And that's a great control. We talk about that a lot in our data protection portfolio with our data domain. Turn on that retention lock, but it's not the destination. It's really a first step. It will make you much more resilient, but there's a lot of other things that you have to do to really build that resilience. Tell us why customers should trust Dell for their, you know, cybersecurity strategy generally. But you know, you guys obviously were talking data protection and backup and recovery. Why Dell? I think there's a lot of reasons. I mean, we have a big practice group. So my group alone, eight years that we've, since we founded it, just out there to help customers understand and deal with these problems. That kind of fits into the whole idea of Dell's global scale and skill. We're everywhere we have a lot of expertise. We have certainly a wide range of offerings, best in class among compute to storage to the things that we do in the cloud with the hyperscalers, our partners, our consulting, all of those things really tied together. And Dave, those are becoming more important because a lot of customers are working on their cyber strategy, which includes a component of managing and the risk from their third party service providers. So as part of that, number one, they have to vet their partners. And number two, many of them are scaling back. They don't want to have 200, 300 people that they do business with. And so our ability to have those offerings to have all that global scale and skill is important. And then when they dive deeper and they have to make sure that their partners are doing the right things to protect them, the things that we do with secure development lifecycle, things that we do with the secure supply chain are really powerful. We don't talk about those enough, we're starting to talk about them more and surfacing those for our customers so that they understand what we're doing in that space. All right, Jim, thank you, appreciate your time. Thanks Dave. Okay, in a moment, I'll be back to share some new information about data protection and its relationship to a comprehensive cyber security strategy. Keep it right there. We heard today that the challenges of securing your enterprise have never been more acute. And hopefully we gave a perspective as to why this is in some of the ways organizations are thinking about mitigating risk. One of the key points we heard from our guests generally and confirmed specifically by analyst Daniel Newman is that you have to think in system terms where end-to-end view of your security regime is considered holistically from the software supply chain to the silicon root of trust, to the hardware and software infrastructure all the way up through the value chain of products and services in your organization and then back out to your ecosystem. We also heard how backup and recovery processes have to be there if all else fails. But even that is evolving where new capabilities like immutability and air gapping and the cloud become considerations that really weren't top of mind five years ago. Today, they are fundamental. We hope you've enjoyed this first in our three-part series navigating the road to cyber resiliency made possible by Dell Technologies. Everything here will be on demand at thecube.net, siliconangle.com has all the news and you want to check out the security section of the site. We're a team of writers and journalists and analysts including myself, Rob Hoef, Paul Gillan, Duncan Riley, Maria Deutcher, Kristen Martin, Mark Albertson and our newest journalist, David Strom. We post news, analysis and in-depth features regularly. Now to learn more about Dell's data protection and cyber recovery solutions, visit dell.com slash data protection. This is Dave Vellante, thanks for watching and we'll see you on the road on your journey to cyber resiliency.