 Live from San Francisco, it's theCUBE. Covering RSA Conference 2020 San Francisco, brought to you by SiliconANGLE Media. Okay, welcome back everyone. Keeps coverage here in San Francisco for RSA Conference 2020. I'm John Furrier, your host. You know, cybersecurity industry's changing. Enterprises are now awake to the fact that it's now a bigger picture around securing the enterprise, and it's not only the data center, it's cloud. It's the edge, a lot of great stuff. We've got a great guest here from Dell, EFC, Peter Garrett, consultant, cyber resilient solutions and services marketing at Dell EMC. Great to see you, thanks for coming on. You too, John. Good to see you again, thank you. So, you know, I was joking with Dave Vellante just this morning around the three ways of cloud, public cloud, hybrid cloud, multi-cloud. And we see, obviously, the progression. Hybrid cloud is where everyone's spending most of their time. That's from ground to cloud, on-premises to cloud. Yep, so pretty much everyone knows that on-premise is not going away, validated by all the big cloud players, but you got to nail the equation down from on-premises to the cloud, whether it's Amazon, Amazon, Azure, Azure, whatever, all those clouds. But the multi-cloud will be a next generation wave. That is an industry backdrop, but it's very, very key. Plus, AI and data are huge inputs into solving a lot of what is going to be new gaps, blind spots, whatever in security. So I got to, you know, Dell's has a history with huge client base, traditional enterprises, transforming, you're in the middle of all this. So you got, you know, the airplane at 3,000 to 30,000 feet and the companies have to swap out their engines and reboot their teams. And it's a huge task. What's going on with cyber and the enterprises? What are some of the key things? Well, so I like to keep it pretty simple. I've been in this industry over 20 years and I've really consistently talked about data as the global currency, right? So it's beautifully simple, whatever industry you're in, whatever size company you're in, enterprise, or even now, small to medium businesses, their businesses are driven by data. Connectivity data data, availability of the data, integrity of the data and confidentiality of the data. And so the sort of the area of the world that I focus upon is protecting customers' most valuable data assets, now whether those are on-prem in the cloud or in a variety of modalities and ensuring that those assets are protected and isolated from the attack surface and then ability to recover those critical assets quickly so they can resume business operations. That's really the area that I work in. Now that data, as you pointed out, it could start on-prem, it could live in multi-cloud, it can live in a hybrid environment. The key is really to understand that not all data is created equally. If you were to have a widespread cyber attack, really the key is to bring up those critical applications, systems and data sets first to return to business operations. It's really challenging. You know, it's not funny, it's actually just ironic, but it's really kind of indicative of the society now is that EMC was bought by Dell, storage, and the idea of disruption has always been a storage concept. We don't want a lot of disruption when we're doing things, right? So whether it's back in recovery or cyber ransomware, whatever it is, the idea of non-disruptive operations has been a core tenet. Now that's obviously the same for cyber, as you can tell. So I got to ask you, what is your definition and view of cyber resilience? Because that's what we're talking about here, cyber resilience, what's your view on that? So when we started developing our cyber recovery solution about five years ago, we used the NIST Cyber Security Framework, which is a very well-known standard that defines really five pillars of how organizations can think about building a cyber resilience strategy. A cyber resilience strategy really encompasses everything from perimeter threat detection and response, all the way through incident response after an attack and everything that happens in between, protecting the data and recovering the data, right? And critical systems. So I think of cyber resilience as that holistic strategy of protecting an organization and its data from a cyber attack. That's great insight. I want to get your thoughts on how that translates into the ecosystem. Okay. Because there's an ecosystem around cyber resilience. Absolutely. I was just saying, you may or may not be able to comment on this, but RSA is now being sold. Yeah, no, that's fair. So that's going out of the Dell family, but you guys obviously have VMware and for insecure works, but it's not just you guys, it's an ecosystem. It really is. How does Dell now, with and without RSA, fit into the ecosystem? So as I mentioned, cyber resilience is really thought of as a holistic strategy. RSA and other Dell assets, like Carbon Black, fit in somewhere in that continuum, right? So RSA is really more on threat detection and response perimeter protection. The area of the business that I work on, data protection and cyber recovery, really doesn't address the prevention of attacks. We really start with the premise that preventing a cyber attack is not 100% possible. If you believe that, then you need to look at protecting and recovering your assets, right? And so whether it's RSA, whether it's Carbon Black, whether it's secure works, which is about cyber incident and response, we really work across those groups. It's about technology, processes and people. It's not any one thing. We also work outside of the Dell Technologies umbrella. So we integrate our cyber recovery solution as integrated with UNICEF's Stealth. So there's an example of how we're expanding and extending the cyber recovery solution to bring in other industry standards. You know, it's interesting. I talk to a lot of people that come on the queue because you're here at RSA. Sure. Everyone wants better technology, but this also has shift back to best of breed. Because you want to have the best new technology. At the same time, you got to have proven solutions. That's the key. So what are you guys selling? What is the best of breed from Dell that you guys are delivering to customers? What are some of the areas? So I'm old EMC guy myself, right? And back from the days of disaster recovery and business continuity, right? More traditional data protection and backup. The reality is that the modern threats of cyber hackers, breaches, insider attacks, whatever you like, those traditional data protection strategies weren't built to address those types of threats. So along with transformation and modernization, we need to modernize our data protection. That's what cyber recovery is. It's a modern solution to the modern threat. And what it does is it augments your data, excuse me, your disaster recovery and your backup environment with a purpose built, isolated air gap digital vault, which is built around our proven data domain and power protect DD platforms that I've been around for over a decade. But what we've done is added intelligence, analytics. We've hardened that system and we isolated. So customers can protect really the most valuable assets in that kind of a vault. So one of the things I've been doing some research on and digging into is cyber resilience, which you just talked about, cyber security, which is the industry trend, and you're getting at cyber recovery. Can you talk about some examples of how this all threads together? What are some real recent wins or examples? Sure, so think of cyber recovery as a purpose built digital vault to secure your most valuable assets. Let me give you an example. One of our customers is a global paint manufacturer. And when we work with them to try to decide what of their apps and data sets should go into this cyber recovery vault and said what is the most critical intellectual property that you have? So in their case, some customers might say my Oracle financials or my Office 365 environment for this customer, it was their proprietary paint matching system. So they generate 80 to $100 million every day based upon this proprietary paint matching system which they've developed and which they use every day to run their business. If that application, if those algorithms were destroyed, contaminated, or posted on the public internet somewhere, that would fundamentally change that company. So that's really what we're talking about. We're working with customers to help them identify their most critical assets, data systems, applications, and isolate those from the threat vector. Obviously all verticals are impacted by cyber security. Every vertical is data driven. That's right. And so obviously the low hanging fruit, they know the normal suspects financial services. Is there a particular one that's hotter than obviously financial services got brought and all that stuff on it? But that's still number one. So I think there's two sides to the coin. One, if you look at the traditional enterprise environments, absolutely financial services in healthcare because they're both heavily regulated. Therefore that data has very high value and is a very attractive target to the would-be hackers. If you look on the other end of the spectrum though, the small to medium businesses that all rely on the internet for their business to run, they're the ones that are most susceptible because they don't have the budgets, the infrastructure, or the expertise to protect themselves from a sophisticated hacker. So we work across all verticals. Obviously the government is also very susceptible to cyber threats, but it's every industry, any business that's data driven. I mean, there has been breach so many times and no one even knows how many times. I got to ask you about some cool trends we're reporting on here. Homomorphic encryption is getting a lot of traction here because financial services in healthcare are too homomorphic. Yeah. Did I say that right? It's the first time I've ever heard that term, John. It's encryption at end use. So you have data in rest, data in flight, and data in use. So it's encryption when you're protecting all your transactional data. So it's full inclusion with discovery, Intel's promoting it, we just covered a startup that's doing that as well. Yeah, that's new for me. But it allows for more use cases. But data in use, not just motion, or in flight, or whatever you call it. Yeah, static. So that's opening up these old things, but it brings up the why that's important. And the reason is, is that financial services and healthcare, because they're regulated, have systems that were built many moons ago or generations ago. Absolutely. So there was not these problems that you were mentioning earlier, like the word built for that. But now you need more data. AI needs sharing of data. Sharing's a huge deal. Real-time sharing too. Real-time sharing. And I think that's where the homomorphic encryption comes in. That's exactly right. So you mentioned that. So these industries, how can they maintain their existing operations and then get more data shared? You have any insight into how you see that because that's one of those areas that's becoming like, okay, HIPAA, we know why that was built. But it's also restrictive. Yes. How do you maintain the purity of a process? If your infrastructure is old, that is a challenge, healthcare especially, because if I'm running a health system, every dollar that I have should really go into improving patient care, not necessarily into my IT infrastructure. But the more that every industry moves towards a real-time, data-driven model for how we give care, right? The more that companies need to realize that data drives their business, they need to do everything they can to protect it and also ensure that they can recover it when and if a cyber attack happens. Well, I really appreciate the insight. It's going to be great to see Dell Technologies World coming up. We'll dig into a lot of that stuff. Yes. While we're here on talking about some of these financial services in banking, I want to get your thoughts. I've been hearing this term, Sheltered Harbor, being kicked around. What is that about? What does that mean? Sheltered Harbor, you're right. I think you'll hear a lot more about it. So Sheltered Harbor is a financial industries group and it's also a set of best practices and specifications. And really the purpose of Sheltered Harbor is to protect consumer and financial institutions data and public confidence in the US financial system. So the use case is this. You can imagine that a bank having a cyber attack and being unable to produce transactions could cause problems for customers of that bank. But just like we were talking about the interconnectedness of the banking system means that one financial institution failing because of a cyber attack, it could trigger a cascade and a panic and a run on the US financial banks and therefore the global financial system. Sheltered Harbor was developed to really protect public confidence in the financial system by ensuring that banks, brokerages, credit unions are protecting their customer data, their account records, their most valuable assets from cyber attack and that they can recover them and resume banking operations quick. So this is an industry group? It's an industry group? Or is it a dual group? No, Sheltered Harbor is a US financial industry group. It's a nonprofit. You can learn more about it at shelteredharber.org. The interesting thing for Dell Technologies is we're actually the first member of the Sheltered Harbor solution provider program and we'll be announcing that shortly. In fact, this week and we'll have a cyber recovery for Sheltered Harbor solution in the market very shortly. Cyber resilience, great topic and it just goes to show storage is never going away. The basic concepts of IT, recovery, continuous operations, non-disruptive operations, cloud scale changes the game. It's all about the data. It's all about the data. It's still, yes sir. Thanks for coming on to share the insights. RSA coverage here, Cube Day two of three days of coverage. I'm John Furrier here on the ground floor in Moscone in San Francisco. Thanks for watching.