 Live from Barcelona, Spain, it's theCUBE. Covering Cisco Live 2020. Brought to you by Cisco and its ecosystem partners. Welcome back to Espanya. This is theCUBE, the leader in live tech coverage. We're here in Barcelona at Cisco Live 2020. Inside the DevNet zone, this is day one. Eric Herzog is back to talk about cybersecurity. He's the CMO and Vice President of Global Channels for IBM Storage. Good to see you again, my friend. Dave, Stu, thank you very much for having us. We love being on theCUBE, and you are the leaders in IT information. No one better, especially for real time. Thank you very much for that. So we're going to talk cyber, very important topic. It's a big tailwind for Cisco. IBM, obviously a big player in security. It's on every CIO's mind. What's your angle, though, in storage specifically? Sure, well, I think one of the key things is that when people think security, they think keep the bad guy out, and when the bad guy gets in, chase him down and catch him. What they don't realize is sometimes it could be a day, a week, or weeks, until they know the bad guy's in. So how are you going to protect yourself when all your valuable data is exposed like that? And then, when you do have an incident, particularly malware or ransomware, how do you come back to a state where you know you have good data and you basically don't have to pay the ransom, or in the case of malware, the data is good data? So we can help on both fronts with the things we've done with our cyber resiliency play inside our storage portfolio. So compliments and gives IT and the CSO, as well as the CIO, an overall comprehensive security strategy so that when they're in my house, how am I keeping them from somehow stealing it even though they're in the house? That's what we can help. Okay, I see where you're going here. So, and by the way, I've seen stats that say it's upwards of 200 to 300 days before people even realize they've been infiltrated. And then it becomes a matter of, okay, how do I respond? Now you've got malware, not only malware, but you've got ransomware. And so, let's talk more specifically about how you attack that problem. Do you help me sort of find when something's been penetrated by looking at the backup corpus? So what do you, analytics? What do you guys do? So we do a couple of things. First of all, we do have in our spectrum protect suite, which is our modern data protection, does the backup, et cetera, is we can detect anomalous activity in backup data sets, snaps and replicas. We use AI and machine learning to understand if that's a new occurrence. So let's take an example. The backup data set runs from 11 a.m. to 1 p.m. At midnight, you have all kinds of weirdo backup activity. Why? Because if you're malware ransomware, you want to get to the secondary data sets first before you attack the primary, otherwise they'll just go back to the secondary. Yeah, they'll lose some time, but they'll go to that. So we can detect that and alert the backup admin, the storage admin, whoever you tell us to do. Then, over time, if that process changes, and so you're always going to have certain activity at a time that previously didn't, we learn that and stop sending alerts and stop sending notes. And obviously, we don't say we think it's malware this or ransomware that. What we do is alert them to anomalous activity as an attack could be started. So that's just one of the things we do. We have much more that we do in cyber resiliency, but in that case, monitoring and detection, threat detection, we help do by looking at secondary data sets. Yeah, Eric, I wonder if you can bring us on to the organization of your customers, because is this something that just the storage team buys or are you being bought in, like you said, by the CISO or some other organization and once it's sold then, how does this play out inside the organization? Sure, so it's a hybrid strategy. So let's take, for example, we have a thing called Safeguard Cop. You've had it for 18 months now in the main frame. Wildly successful, wildly successful. Not just with the new Z, but with the old Z14. And the reason is we would go into the storage guys and in the Z world, money was tight and we'd say, what if we could help you protect against malware, ransomware, or even internal threats. We have dual access control capability from an internal management perspective. They said, really? And then the storage guys actually took that, the security team and said, guess what, we can help you. And they said, oh my God, and they gave money actually to the storage guys. In other instances, we approach through the security side and in fact, one of the things we've done is talk to a lot of our partners who have a security practice, a storage practice and never thought about thinking of them in a holistic fashion. So from a partner perspective, it gives a more holistic solution to the end user. They sell, keep the bad guy out, track the bad data. Oh by the way, did you know that IBM's flash system will do data rest encryption with no performance penalty so you can encrypt everything on that and there's no penalty, it's at line speed. So if they're there for a week or 200 days or whatever, that data's protected because it's encrypted. So that's more of a, the partner's work in a holistic security strategy. I mean, IBM is a long heritage in security. RACF, all your old main framers, Resource Access Control Facility was the cold standard back in the day and really set the roadmap for best practice. So obviously things have changed a lot. What is best practice today? Are you recommending customers set up air gaps? There's certainly tooling, but more tooling is a challenge for people. How would you see in customers combat the problem? So what we do is we look at it from a storage perspective. So we have a couple of things. A, we have air gapping to tape and air gapping out to clouds. So our spectrum virtualized sits on-prem and off-prem. We can do air gapping with our spectrum scale product, which AI and big data again, put it out. IBM could all put eventually a snap or replica out to a cloud, gives you a logical air gap. Tape will work with anything, file block an object, then you have a physical air gap. So that's one aspect. The other thing, of course, they had mentioned already is encrypting. We can encrypt file block an object data. In fact, we can worm it. So make it immutable and then encrypt a worm. So, and in fact, with our object storage because of the way we do our hashing and the way we do our eraser encoding and the way we hide the keys, we basically can make it almost non-crackable. So file block an object, what we do to prevent and then the air gapping. And the last thing we do is incidence recovery. So they had an incident to go back to a known good copy. So the safeguarded copy, we can basically mount instantaneously snaps or replicas. They would do a ring fence network because obviously they do it online with the real network, they could crash it or compromise. So you set up a ring fence network and you keep bringing back the snaps or replicas and look it at, right? Have the app guys come in, run an app and oh no, there's malware around. Okay, we can't use that snap. And it's very easy to do. We can automate the process. They have to put the ring fence around and they can go back to as many copies or replicas they have whether it be the file side block or object. So that would help in incident recovery after they know they've had an attack. They've cleaned it up. Now you go on and make sure that your secondary data is good data before you restore it. Otherwise you could put the malware ransomware right back into what you had. So both recovery side, protection side, on-prem with encryption and then obviously with air gapping protection but if you will out of house either physical or out to cloud. Eric, help us connect the dots between what you're talking about and the audience here at Cisco Live. Obviously networking people, there's always a little bit of security inside there. So help us understand how these go together and the reception you get from them. Well, again, the reception is very good because what we do is their look, Cisco's looking at doing all the network security. We're a partner of theirs. Again, it allows them or their channel partners to go in and say, here's a holistic strategy. Keep the bad guy out. Okay, here's what you do to track the gag, gag down. By the way, here's what you do on the network side with our Cisco gear, but here's what you can do with the storage here. So partnering with a holistic strategy to the end user, right? And say, here's what we do for the network. Here's what we'll do for the storage. And of course it doesn't step on each other because we're looking at the network traffic. We're looking of course at primary storage and secondary storage and actually hybrid multicloud storage as ways for the protective data. So it's completely a complementary play. By the way, the other things that IBM security division does both to keep the bad guy out and track the bag are also coming. None of these things step on each other. It allows you to have a truly holistic strategy because right now network security is semi-thought about. Storage security almost never thought about. So it's like, let me give you a whole strategy that's going to work, bring the data back, help you understand it, keep the data from being stolen, immutable copies. If they get there and they steal the data, encrypted data, so all kinds of strategies that networking guys do. So it allows the end user or certainly the CIO to go to the CSL or the chief legal officer to say, I got a holistic strategy. Yes, I'm good. It's not an if question. It's a win. So here's what I'm doing to reduce the incidence time. Here's what I'm doing to keep the bad guy out which is not what we do in the storage division. Here's what we do if they're in to keep the data safe. So we know if it gets stolen, it can't be used. And by the way, once we clean up the malware ransomware, we need to get you up and going as soon as possible. Mr. CEO or CFO now or the line of business guys and we can do that without having the data being compromised or the data being bad data. It's interesting to hear tape as part of the equation, right? Keeps coming back, but it is part of the best practice. So there's air gap, but tape kind of the last resort. You don't want to really recover from tape, but if you have tape in an offsite location, if it's a lot of data, it's fast to move because as you put on a truck, it may be an RPO issue. But are you seeing that certain industries, financial services in particular, maybe are or certain companies are mandating that last resort? So what you're seeing with tape overall is for IBM and Renaissance, both inside the data centers. So from that perspective, think enterprise accounts, the global fortune 2000. And from that perspective, it's partially about the air gapping. It's partially I've got gobs of data. What's the cheapest way to make sure I got a backup copy? Then we're also seeing a huge take up with hyperscalers and cloud providers. So you have several of the top 10 cloud providers on the planet that when you buy their archiver cold store, it actually goes on the IBM tape lever. So you have a cost angle, which is independent of the cyber resiliency side. Then you've got the cyber resilience side. And for us, when we're talking bigger accounts, so think enterprise up to that fortune 2000, they're probably going to do different things for different data sets. So certain things might be snapped out to the cloud, other data sets might go out to tape. And there are regulated industries still like healthcare, finance, and obviously the government itself where sometimes tape is still like mandated. And so even though it's legacy, the bottom line is they need it. And then once you get in there between the cost angle of what they can save, and the fact that, oh wait, I thought just back is a, well wait, what about malware and ransomware? And by the way, a smart company's going to use a hybrid combination, so they'll have some stuff going out to the cloud. They may have on-premises, again, our safeguard copy on the mainframe is actually can be on-premise. So you've got 500 immutable snaps that are encrypted, and then you keep going back to find the one that didn't have the malware ransomware. So it's probably a combination strategy, even on the storage side, which would include tape, what we could do for a file block and object on flash. We could even do it for if someone's got older disk or want to use second, like IBM Cloud Object Storage is mostly done on disk. Well guess what, now that older data is encrypted, it's wormed, it's protected, by the way, we can air gap IBM Cloud Object Storage out to the cloud too. So I think it'll be a very comprehensive strategy based on application workload use case, value of the data set, and obviously with things like tape and backup to the cloud. You have a secondary use case, which is not just about the security, but I need to backup the data, in case there's a fire. Or me being the Silicon Valley guy, I need to go out to tape, because there might really be an earthquake, and as great as IBM arrays are, or any of our competitors are at, because we, as you know with our software, support all our competition, those arrays are going to be crushed when the building falls down in Silicon Valley, so you might need to have tape for cheap backup. So there's a lot of different angles that involve not just cyber resilience, but the combination of cyber resiliency, and really data reliability and data safety, that are independent of the cyber attack worry. And you can combine them, because of the way we put this together with our technologies. Yeah, you're talking about a comprehensive strategy, which is very important, because this has become a board level topic, and it's no longer, I'm sure it still happens in many organizations. So yeah, check off item. Yeah, we do that, we do backup to whatever, cloud tape, check off. But in many organizations, if not most certainly publicly traded organizations, it's a board level conversation, and they really do their homework. Down to even the testing, although testing is a little tough, right? It's time consuming and cumbersome, but definitely thinking through, the board wants to know, what happens if, okay, what about this, what about that? They've experienced a lot of different permutations. So it's, again, not just a check off item anymore, you can say, oh yeah, we comply, it's really no, we need something that actually works, because we know we're going to get hacked. Well, and that's part of the reason the safeguarded copy on the mainframe side has done so well. Companies that are using mainframe, it is the most mission critical workloads, the highest transaction workloads. So in the financial sector, in the government sector, in some of the big giant manufacturing or retailers, they're running mainframes, and they have been for years, and they're not stopping. And so for them, system uptime is an issue, security is an issue. So the safeguarded copy for us has really been really a grand slam homerun product to use a very US centric term, but maybe a sixer if you like cricket, or it was a try if you like rugby, but for all those various sports, it's been very successful because of what they use that mainframe for and how critical that data is. So it's been very successful in that perspective. There we go. How about you obviously sharing a lot of knowledge specific to storage. I said before IBM's got a long heritage in security. How do you collaborate with the other security pros at IBM? How much of that sort of filters into storage and back out? So what we do is we make sure that they're aware of what we do. They're looking at some new things that I can't disclose around security that would make places for people to go and practice if you will and do some other things. We're going to be involved in that program, which allows people to try things out if you will in a very secure way. And some that IBM's going to do across storage will be part of its security and some of the other divisions, but we haven't yet rolled it out, but it's something they're working on that will be part of. And then obviously there are many times in the big accounts where the security division in there, the storage guys in there, but the account team knows that there's both issues and bring us together inside of a big account. So that happens as well more if you will from the sales side versus this official program that could be launching shortly later this year. So wrap it up with what's going on at Cisco Live. What are the conversations like with customers? What's IBM all about here? So for us, our big thing has been about both our hybrid multi-cloud technology, which allows seamless move data back and forth. And we have a product called the VersaStack, which incorporates our award winning flash systems. So we position it either standalone or with the VersaStack. VersaStack in the booth. And then also obviously cyber resiliency. So I just presented yesterday on hybrid multi-cloud and then today I presented on cyber resiliency and how those things work together and what we do with Cisco. So it's been a very good show and very successful for IBM here at Cisco Live. Good job. Well, you guys are great partners. Thanks for coming on theCUBE. Love the shirt as always. Eric Kurtzog, IBM, thanks so much. Thank you. You're welcome. All right, keep it right there everybody. We'll be back with our next guest for Cisco Live Barcelona de Valente with Stu Miniman for John Furrier. We'll be right back.