 Welcome back to the program and we're going to dig into the number one topic on the minds of every technology organization that's cybersecurity. You know, survey data from ETR or data partner shows that among CIOs and IT decision makers, cybersecurity continues to rank as the number one technology priority to be addressed in the coming year. That's ahead of even cloud migration and analytics. And with me to discuss this critical topic area are Jim Schuch, who's the global director cybersecurity and compliance practice at Dell Technologies. And he's joined by Andrew Gonzales, who focuses on cloud and infrastructure consulting at DXC Technology. Gents, welcome. Good to have you. Thanks, Dave. Great to be here. Thank you. Jim, let's start with you. What are you seeing from the front lines in terms of the attack surface and how are customers responding these days? It's always up and down and back and forth. The bad actors are smart. They adapt to everything that we do. So we're seeing more and more kind of living off the land. They're not necessarily deploying malware, makes it harder to find what they're doing. And I think though, Dave, we've adapted and this whole notion of cyber resilience really helps our customers figure this out. And the idea there goes beyond cybersecurity. It's let's protect as much as possible. So we keep the bad actors out as much as we can. But then let's have the ability to adapt to and recover to the extent that the bad actors are successful. So we're recognizing that we can't be perfect 100% of the time against 100% of the bad actors. Let's keep out what we can, but then recognize and have that ability to recover when necessary. Yeah, thank you. So Andrew, I like what Jim was saying about living off the land, of course, meaning using your own tooling against you, kind of hiding in plain sight, if you will. And as Jim was saying, you can't be perfect, but so given that, what's your perspective on what good cybersecurity hygiene looks like? Yeah, so you have to understand what your crown jewel data looks like, what a good copy of a recoverable asset looks like when you look at an attack, if it were to occur, right? How you get that copy of data back into production. And not only that, but what that golden image actually entails. So whether it's networking, storage, some copy of a source code intellectual property, maybe seem to be data or an active directory or DNS dump, right? Understanding what your data actually entails so that you can protect it and that you can build out your recovery plan for it. So, and where does that live? Where does that gold copy put in a yellow sticky? No, it's gotta be somewhere safe, right? So you have to think about that chain as well, right? Absolutely, yeah, so a lot of folks have not gone through the exercise of identifying what that golden copy looks like. Everyone has a DR scenario, everyone has a DR strategy, but actually identifying what that golden crown jewel data, let's call it, actually entails as one aspect of it and then where to put it, how to protect it, how to make it immutable and isolated, that's the other portion of it. You know, if I go back to sort of earlier part of last decade, cybersecurity was kind of a check off item and as you got toward the middle part of the decade, I'd say clearly by 2016, it, security became a boardroom issue, it was on the agenda, you know, every quarter at the board meetings. So compliance is no longer the driver is my point. The driver is business risk, real loss of reputation or data, you know, or money, et cetera. What are the business implications of not having your cyber house in order today? They're extreme, Dave. I mean, you know, the bad actors are good at what they do. These losses by organizations, 10 hundreds of millions into the billions sometimes, plus the reputational damage that's difficult to really measure. There haven't been a lot of organizations that have actually been put out of business by an attack, at least not directly on if they're larger organizations, but that's also on the table too. So you can't just rely on, oh, we need to do, you know, A, B and C because our regulators require it. You need to look at what the actual risk is to the business and then come up with the strategy from there. You know, Jim, say with you, one of the most common targets we hear of attackers is to go after the backup corpus. So how should customers think about protecting themselves from that tactic? Well, Dave, you hit on it before, right? Everybody's had the backup and DR strategies for a long time going back to requirements that we had in place for physical disaster or human error. And that's a great starting point for resilience capability, but that's all it is as a starting point because the bad actors will, they also understand that you have those capabilities and they've adapted to that. In every sophisticated attack that we see, the backup is a target. The bad actors want to take it out or corrupt it or do something else to that backup so that it's not available to you. That's not to say they're always successful and it's still a good control to have in place because maybe it will survive, but you have to plan beyond that. So the capabilities that we talk about with resilience, let's harden that backup infrastructure. You've already got it in place. Let's use the capabilities that are there like immutability and other controls to make it more difficult for the bad actors to get to. But then as Andrew said, that gold copy, that critical systems, you need to protect that in something that's more secure, which commonly we might say a cyber vault or there's a lot of different capabilities for cyber vaulting some far better than others. And that's some of the things that we focus on. You know, it's interesting, but I've talked to a lot of CIOs about this as prior to the pandemic, they had their, as you're pointing out, Jim, they had their DR strategy in place, but they felt like they weren't business resilient and they realized that when we had the forced march to digital. So Andrew, are there solutions out there to help with this problem? Do you guys have an answer to this? Yeah, absolutely. So I'm glad you brought up resiliency. We take a position that to be cyber resilient, it includes operational resiliency. It includes understanding at the C level, what the implication of an attack means as we stated, and then how to recover back into production. When you look at protecting that data, not only do you want to put it into what we call a vault, which is a Dell technology that is an offline immutable copy of your crown jewel data, but also how to recover it in real time. So DXC offers a, I don't want to call it a turnkey solution since we architect these specific each client needs, right? When we look at what client data entails, their recovery point objectives, recovery time objectives, what we call quality of the restoration. But when we architect these out, we look at not only how to protect the data, but how to alert and monitor for attacks in real time, how to understand what we should do when it breaches in progress, putting together with our security operation centers, a forensic and recovery plan and a runbook for the client, and then being able to cleanse and remediate so we can get that data back into production. These are all services that DXC offers in conjunction with the Dell solution to protect and recover and keep bad actors out. And if we can't keep them out to ensure that we are back into production in short order. You know, this discussion we've been having about DR kind of versus resilience. And you were just talking about RPO and RTO. I mean, it used to be that a lot of firms wouldn't even test their recovery because it was too risky or, you know, maybe they tested it on, you know, July 4th or something like that. But I'm inferring that's changed. I wonder if we could double click on recovery. How hard is it to test that recovery and how quickly are you seeing organizations recover from attacks? So it depends, right? On the industry vertical, what kind of data? Again, financial services client compared to a manufacturing client are going to be two separate conversations. We've seen it as quickly as being able to recover in six hours, in 12 hours. In some instances, we have the grace period of a day to a couple of days. We do offer the ability to run scenarios once a quarter where we can stand up in our systems, the production data that we are protecting to ensure that we have a good recoverable copy. But it depends on the client. I really like the emphasis here, Dave, that you're raising and that Andrew's talking about. It's not on the technology of how the data gets protected. It's focused on the recovery. That's all that we want to do. And so the solution with DXC really focuses on generating that recovery for customers. I think where people get a little bit twisted up on their testing capability is you have to think about different scenarios. So there are scenarios where the attack might be small. It might be limited to a database or an application. It might be really broadly based like the not-pecha attacks from a few years ago. The regulatory environment would call those attacks severe but plausible. So you can't necessarily test everything with the infrastructure, but you can test some things with the infrastructure. Others, you might sit around on a tabletop exercise or walk through what that looks like to really get that recovery muscle memory so that people know what to do when those things occur. But the key to it, as Andrew said before, have to focus down what are those critical applications? What do we need? What's most important? What has to come back first? And that really will go a long way towards having the right recovery points and recovery times from a cyber disaster. Yeah, it makes sense. Understanding the value of that data is going to inform you how to respond and how to prioritize. Andrew, one of the things that we hear a lot on theCUBE, especially lately is around IOT, I-I-O-T, Industry 4.0, the whole OT security piece of it. And the problem being that traditionally operations technologies have been air-gapped often by design but as businesses increasingly they're driving initiatives like Industry 4.0 and they're connecting these OT systems to IT systems, they're driving efficiency, preventative maintenance, et cetera. So a lot of data flowing through the pipes, if you will. What are you seeing in terms of the threats to critical infrastructure and how should customers think about addressing these issues? Yeah, so bad actors can come in many forms. We've seen instances of social engineering. We've seen a USB stick dropped in a warehouse. That data that is flowing through the IOT device is as sensitive now as your core mainframe infrastructure data. So when you look at it from a protection standpoint, conceptually it's not dissimilar from what we've been talking about where you wanna understand again what the most critical data is. Looking at IOT data and applications is no different than your core systems now, right? Depending on what your business is, right? So when we're looking at protecting these, yes we want firewalls, yes we want air-gap solutions, yes we want front end protection but we're looking at it from a resiliency perspective putting that data, understanding what data entails to put in the vault from an IOT perspective is just as critical as it is for your core systems. Jim, anything you can add to this topic? Yeah, I think you hit on the key points there. Everything is interconnected. So even in the days where maybe people thought the OT systems weren't online, oftentimes the IT systems are talking to them or controlling them, SCADA systems or perhaps supporting them. Think back to the pipeline attack of last year, all the public testimony was that the OT systems didn't get attacked directly but there was uncertainty around that and the IT systems hadn't been secured so that caused the OT systems to have to shut down. It certainly is a different recovery when you're shutting them down on your own versus being attacked but the outcome was the same that the business couldn't operate. So you really have to take all of those into account and I think that does go back to exactly what Andrew's saying, understanding your critical business services and then the applications and data and other components that support those and drive those and making sure those are protected. You understand them, you have the ability to recover them if necessary. So guys, I mean, you made the point. I mean, you're right, the adversary is highly capable. They're motivated because the ROI is so lucrative. It's like this never-ending battle that cyber security pros go through. It really is kind of frontline sort of technical heroes if you will. And so sometimes it just feels daunting. Why are you optimistic about the future of cyber from the good guy's perspective? I think we're coming at the problem the right way, Dave. So that focus, I'm so pleased with the idea that we are planning that the systems aren't going to be 100% capable every single time and let's figure that out, right? That's real world stuff. So just as the bad actors continue to adapt and expand, so do we. And I think the difference is there, the common criminals, it's getting harder and harder for them, the more sophisticated ones, they're tough to beat all the time. And of course, you've raised the question of some nation states and other activities, but there's a lot more information sharing. So a lot more focus from the business side of the house and not just the IT side of the house that we need to figure these things out. Yeah, to add to that, I think furthering education for the client base is important. You brought up a point earlier. It used to be a boardroom conversation due to compliance reasons. Now, as we have been in the market for a while, we continue to mature the offerings. It's further education for not only the business itself, but for the IT systems and how they interconnect and working together so that these systems can be protected and continue to be evolved and continue to be protected through multiple frameworks as opposed to seeing it as another check the box item that the board has to adhere to. All right, guys, we got to go. Thank you so much. Great conversation on a really important topic. Keep up the good work, appreciate it. Thanks, Dan. Thank you. All right, and thank you for watching. Stay tuned for more excellent discussions around the partnership between Dell Technologies and DXC Technology. We're talking about solving real world problems, how this partnership has evolved over time, really meeting the changing enterprise landscape challenges. Keep it right there.