 Welcome back to the IBM Storage Summit. We're here live in our Palo Alto studios. You know the hallmark of any modern cloud company, even one that's say 112 years old like IBM, is its ecosystem. We're going to dig into that ecosystem with Karen Shue, who's the IBM VP of Storage Ecosystems and DJ Singly, who is the CTO and Enterprise Architect at Mapsys. Folks, welcome to theCUBE. Thanks for coming on to our live program. It's good to be here. Hey, Karen, let's start with you. We always talk about your algorithm and what you're trying to solve for. What are you trying to solve for as it relates to the ecosystem for IBM Storage customers? Well, our storage ecosystem is really an extension of IBM. I would say that me, with my ecosystem partners like DJ, we are working to solve the same exact problems that you maybe just heard Scott and Sam talk about. Making from a storage perspective the data available, making it available quickly, making sure it's secure, making sure we have the right governance and enabling our partners to really deliver a complete solution that may or may not include additional products beyond just the storage. So DJ, what's Mapsys all about? What's your sort of unique approach? Yeah, great. I'm glad you asked that question. So Mapsys is a premium or a platinum IBM business partner headquartered here in central Ohio, serving the entire of the United States. So we are a real big IBM proponent. We only sell IBM and we really plant our flag with the IBM Storage portfolio. It's not only about speeds and feeds these days, right? I think the speeds and feeds conversations are over in storage, quite frankly. We're now on what else can the storage do for us? And that's where this whole cyber resiliency and the cyberball strategy to come from with IBM. It's the next level of what storage can do for you and your enterprise. Yeah, I was gonna say that it seems like cyber resilience and being built into the product from the beginning is a key advantage of what and why you go to IBM storage. What are you hearing from customers? Because I think everybody leaned on disaster recovery having been in that industry myself. You start to look at it. It doesn't solve all the problems, especially when you get into this unstructured world. What are you seeing from customers and how is the cyber resilience built in and helping you? Sure, sure. So a couple of things here. So I would say that before COVID, right? There was no such thing as a breach as a ransomware attack in any of our patch. However, since COVID we've had a multitude of customers come down with the COVID cough and unfortunately a little bit of the ransomware attack here and there. And it's a scourge, it really is. And that's where the next part of IBM storage strategy, the cyber resilience comes into play. So MAPSIS unfortunately has had to respond to, I'd say probably eight or nine attacks since COVID started and it always goes the same way. We land our team of engineers on site and they get back to work rearchitecting the environment and bringing the customer back up. And we always again, recommend the cyber vault and cyber resiliency features of IBM storage and other products wrapped around it. It's not just IBM and things like Raktop systems, CyberNAS and other things like perhaps Q-Radar or Splunk, other things like that, right? So IBM is a very big pivotal key of all that but it's certainly not the only product. So once we get the customer back up and running with things like safeguarded flash copy, which is a way to take a logical air gap of your data for use in restores, you really have a much more resilient architecture for the customer. Additionally, we need to save off any of those those encrypted data sets for forensics purposes. And that's what we do. We typically work with law enforcement or other firms at that point to do that, to do that forensic analysis while also getting the customer back up and running fast. Safeguarded flash copy in 2023, that's table stakes. And if you're not doing that type of a security with your storage, then you're just not hitting the mark, I think. Kerry, IBM obviously has a massive portfolio, a lot of different capabilities from product to services, et cetera. How do you think about where you leave off and the ecosystem picks up? What are those dividing lines or maybe you try to make them seamless? But I wonder if you could discuss how people should think about that. So we do really, like I said before, view our ecosystem partners as an extension of IPO. I don't think it makes sense for it to be 100% seamless. Obviously, a lot of things are from a skills perspective, from a product offering solution building perspective, but our partners come in and they add tremendous value. So there is a distinction when you start looking at providing the whole solution, if multiple vendors are needed, if additional skills are needed, if additional services are needed, that's our partners really come in and they come and go above and beyond what IBM is offering to build a more comprehensive solution. So it's both seamless from one perspective, but then also very differentiated when you start looking with the additional value that the partners can bring to our clients. Yeah, I mean, I think, and I wanna circle back around because I think that DJ, you hit on a pretty good point with the customers and what they're doing and how cyber resilience has become since COVID really has to be there. Also though, I'm sure given the economy and what they're seeing, the value of flash and how that cost-benefit value has to play out, what are you seeing there about how they balance cyber resilience versus cost and value? Yeah, yeah, cost is certainly a very big thing really. It really is. But also I think the easy button is something that's vastly overlooked. Other competitive solutions out there, we see them all aren't easy. It's the customer has to install something somewhere, configure something somewhere else, and then learn how to use it. IBM really brings the easy button to the market with their cyber resilience strategy, especially the features that are built into IBM's flash systems. And I'm talking about again, safeguarded flash copy and other features like TPI, two-person authentication, and then lastly ransomware detection features that are now built into the arrays. So these are really important points, right? They're built in, there's very little for you to do other than take the machine out of the box, put it in the rack, turn it on, and start using it. Perhaps you'll need a little bit of a how-to session from your friendly neighborhood business partner. I can recommend a good one, and just to figure out how to use it and after that you're off to the races with all of IBM's latest cyber resiliency protections. So it's pretty great. I wonder if you could both comment on the business case and as to whether or not that's changed. I mean, you've talked about a number of situations or you've alluded to where people got snake bitten with ransomware kind of during COVID or even post COVID. Of course, after you, the horse leaves the barn, you close the door. So the business case has traditionally been, hey, we're going to get hit. We're going to lose money or have a business impact. And it's sort of the probability of that occurrence and the degree of impact. And of course, we know that the probability has increased dramatically. The frequency has increased dramatically. The impact may or may not be concomitant with that, but has the business case changed from sort of fear, uncertainty, and doubt? So you better do this CFO or are there other sort of business value attributes that you can get from cyber resiliency that people should include in their business case? Would you like me to take that? Absolutely. Sure. Okay, yeah. So I think there's a four pronged approach, right? To looking at the business case. There's certainly a lot of fear, I think, out there with a lot of customers going through this, but the cyber vault strategy really plays in four different areas, right? Number one is immutable data copies, which I think it's the easy button, everybody can get there. Number two, it's a proactive monitoring. That's a little harder, but for the most part, we have products like IBM Storage Insights that'll help you monitor your storage and monitor for malware and whatnot in the on the block level storage. Very, very, very good. Other products such as Splunk or IBM Q-Railer can go into play there. Then there's the testing and validation of data, which I would only really say that's more of an enterprise grade type of a solution where we actually take those copies and make sure each one of them is good. And if it's not good, then that's when we have a real hard time with it. We go back and we try to figure out what happened, right? And then lastly, it's the party, it's the rapid recovery. It's the holy grail of why we're doing this in the first place. So I think as a customer looks at this and says, what does my budget look like for storage or cyber resiliency? You can kind of pick the pieces of these four pillars out and say, which ones can I afford? Which ones can I implement now? Or which ones can I implement later? I really feel at this point in time, every single sale that we make, every single one includes the first two, right? So you're going to take advantage of all of those features and functions in the IBM Flash systems. You got to understand one thing too, IBM bundles all this stuff together. It's not like you're going to be nickel and dime for a feature code that you didn't buy because you didn't buy it, right? So it's all there. You should use it day one because why not, right? Especially when you're working with competent business partners that can show you a quick demo of how it's used and how you should use it. And then you're off to the races with it. So I look at it is not really as a CTO or CIO looking at this saying, hey, I don't want to buy this. It's some extra thing. I'm going to get hit. I should rely on my backups. It's more like I bought this new storage drain, this new storage subsystem. It's included with it. I should leverage it because it's going to help me in the future. Karen, thank you for that, DJ. Karen, how unique do you see IBM's approach relative to the competition? And maybe you could give us some details as to why. From a storage perspective, when you look at the products that we bring to market and DJ's been talking a lot about cyber resilience, been talking a lot about Flash system. And that really is our key differentiator. Our ability to recover from a cyber attack in hours is something that nobody else can do. We've got inline data corruption detection that was recently announced and being rolled out and available is something that nobody else can do. So we've got these really key pillars that are there to help our clients be prepared and to identify a breach and attack immediately and then be able to recover very, very quickly. I wonder as well, DJ, one of the concerns that I hear from customers is the insider threat. And so if they want to really get you, they're going to get you. It's like the hit man. He's going to get you. So, but there's many, many things you could do to increase the costs of the bad guys. And that's sort of your goal here is make them go somewhere else that maybe isn't as resilient. So what I'm interested in is, what's the best practice? Do you recommend sort of setting up separate business processes for things that remote vaulting and things like that? Is it sort of, or is that too complicated? How are customers approaching that insider threat? Yeah, I think this again is sort of a multi-tiered approach based on how large the customer is, right? An enterprise customer has certainly different worries than a mid-size or an entry-level customer, right? Enterprise customers are going to have everything scripted. If this happens, do this. And these employees do that. And you have multiple times a year that you'll do a DR test and you'll test all of these features here. The smaller customers again, they typically don't think like that. They need to be agile. They just don't have the time to think like that. So I'd say, you know, they should really lean on the business partners more to help them with the cyber vault features and all these cybersecurity features to help them leverage them appropriately across their enterprise, because they're just not going to have the recovery plans available to them. Additionally, I think the smaller customers or mid-sized customers, when you do have an event, before you do anything, just stop, right? Stop and, you know, don't accuse anyone in your organization of doing anything. I think you should stop, take a big deep breath and then call your business partner who has dealt with this stuff over and over and over again of what the next steps should be. So, you know, there's other things we can do with insider threats as well with other technologies, which are quite capable, like Edwin Snowden type CIA stuff. And one of our favorite products is to leverage Raktop NAS on a IBM flash top system. That can help with the theft of files and it does a nice job. And we do that often as well. Part of our cyber resiliency assessments and how we help customers when they fall into these traps, so. Yeah, and I think what's interesting is it's not just cyber resilience, right? And I think, Karen, when you look at it, you have ecosystem partners all over the world at this point. And you have data privacy and PII and all kinds of different issues that are really driving some of this technology. How does that work, you know, even outside of the US? And what kinds of demands are you seeing from the ecosystem back to IBM? Well, our partners and our clients both wanna be confident that IBM is able to meet any sort of regulations that are put in place by a local country. So my responsibility is in the Americas, but we work a lot with our counterparts overseas. And so we actually learn a lot here in the US from what's happening over in Europe and other parts of the world. So I would say that, you know, we have to make sure that we're taking all of that into consideration when we're developing our products, when we're bringing things to market, so that our partners and our clients have the confidence and the comfort level that we'll be able to stand up to any of those threats. Yeah, and DJ, what are you seeing from the customers? Because most customers, and especially at the mid-sized to larger, they have to deal with this because they have a European footprint and GDPR or they're in California with CCPA or Virginia with VCPD, I believe is what the acronym is for their Virginia data privacy. But how are you seeing that impacting, because they have to take that into consideration and with cyber resilience. So putting everything in one place and trying to protect it just doesn't work. So what are you seeing from your customers? Yeah, yeah, we do a few things here and we work with some managed service providers that have to go through all of those letters yearly to maintain their certifications. So it's pretty tough. I guess I'll take this down to two, I think easily digestible pieces, right? And the first one is encryption is a really important thing to do and it should be required for every business everywhere. It's practically free on flash systems or any other IBM technologies. And if you're not using it, you really should. There's two ways to manage encryption that I think are very easy. I bring this up because I see even mid-range customers having trouble with it sometimes, right? Number one is you can use a key manager, right? That's important. Those customers that have the skills to do that. But number two, I think was just as important is that you can use a USB key right in the back of the machine to store your encryption keys, right? And that's the easy button because now you don't have to worry about a key manager. Some of these mid-range customers, you just, you know, they don't have the skills in their data center to maintain this key manager over five, six, seven years. You wouldn't leave the phone calls I get after six years of saying, hey, how do I upgrade this key manager? Also, what's the password to it? So there's things like that. But the second part of the answer goes to, you know, with the IBM technology stack, you can take those, you can take your cyber resiliency up into IBM's cloud or other clouds by taking those snapshots of your data and migrating them into AWS or IBM cloud for safe storage, if you will. The kind of cool thing you can do is now that it's up in the cloud, your data can migrate anywhere you want in the world, number one. And number two is you can bring up that data on an IBM flash system software appliance in the cloud anywhere you need to. So that would satisfy some of that GDPR and compliance issues of where the data has to live or where it can't live, right? So for instance, we have customers that are replicated from the United States data centers here in IBM cloud all the way over to Germany, right? And that's fine. Or they need to keep it within IBM cloud and the United States and for various reasons. So there's a solution for anything or any problem that you're looking for with IBM. We've done it. Guys, we're almost out of time, but I have to ask you, I was interviewing somebody that got attacked. They went through a recovery. There was a ransomware attack. And I asked this individual, were you afraid you were going to get fired after this? And he said, absolutely not. And DJ, it was interesting to hear you talk about, don't start pointing fingers, don't accuse. When you think about some of the experiences that you've had with customers, love to, I mean, if you have a favorite one, you don't have to mention them, but things that you learned, not only from the technical standpoint, but the culture and if you could leave us with maybe some advice for the audience. Wow, okay. If I could give you a quick anecdotal story about these customers, right? And then the advice, right? Advice I think is already there a little bit, right? But so the first one, right? We had a large enterprise engineering firm, unfortunately get hits and all of their engineering data was encrypted. That was bad. So we brought in IBM Flash Systems to replace their competitive arrays while we took all the data in the competitive array and handed it over to the FBI, right? We got them back up and running in about a week and that was pretty good for them. They were back manufacturing product by that next weekend. That was good. So we're able to do that pretty fast and pretty efficiently. The second one, second customer, they were using IBM SafeGrad to Flash Copy and they did have an incident and the attackers got in and the very first thing they do is they look for honey pots and backups. A honey bot is always your NAS server. Couldn't get into there for whatever reason, but they destroyed the Veeam backup servers. No more backups, that was pretty tough to watch, right? Not only did they destroy the Veeam backup servers, but they destroyed several parts of some of the VMware clusters. Luckily for them, they didn't hit any of the data. Not all the data was safe. So it was a very easy restore for them for the most part, bring up your VMware cluster again and then get back to backing up all your data, right? So really it wasn't that much of an incident. Also, SafeGrad to Flash Copy and IBM Systems were safeguarding the rest of it. They couldn't get any further than that if they wanted to. This customer has been so excited and successful with SafeGrad to Flash Copy. They're now implementing TPI, the two person integrity I talked about earlier and they're gonna be implementing the IBM ransomware detection on block level, which is really cool technology. And guess what? It's all free, it's all free. That's the cool thing. It comes with the machine. It comes with the latest version of the firmware and they can easily install it. So what was the comment between these two events? Well, the one thing was is instead of panicking, both of them called us. Hey, you're my business partner, I just had this event. Can you help me out? What do I do next? And we walked them through it because we've been there and my big thing for customers is don't overreact when you first get attacked like this. You take a deep breath, call someone who has done this before if you don't have any defined procedures to go about doing this like larger enterprises might, but call someone who's done this before, don't start restoring data because you may restore data from, that still is infected and then 10 hours later you're going to have the same problem, right? And that's going to be bad, really bad. Or you're going to overwrite the data and you can't give it to law enforcement. Now we have no idea or any forensics analysis or trail on what happened to your enterprise and what could happen to others and other enterprises. So my big takeaway is call your best friend, call your business partner. I'm so glad we were able to get those stories in guys. I wish we had more time, but thank you DJ and Karen. It's great to have you on. Yeah, my pleasure. Thank you. All right, keep it right there. More action live from the IBM Storage Summit. We're going to talk about data resilience at the core. There's a premise here that inside the IBM flash systems, there's some IP that gives the company some competitive advantage. We're going to test that. You're up back.