 From around the globe, it's theCUBE with digital coverage of IBM Think 2021, brought to you by IBM. Welcome back to theCUBE's ongoing coverage of IBM Think 2021, the virtual cube. You know, the pandemic has caused us to really rethink this whole concept of operational resilience. So we're going to dig into that and talk about the importance of constructing a holistic resilience plan and get the perspective of some really great domain experts, Alan Downs is the Vice President of Global Cloud Security and Resiliency Services at IBM, and he's joined by Michelle Weston, who's the Director of Cloud Security and Resiliency Offerings at IBM. Folks, welcome to theCUBE. Thanks for coming on. Thank you. Now, before we get into it, I said IBM, but I want to ask you, Alan, about an announcement you made last month about Kindrel, new spin-out from IBM. What can you tell us? Very excited about the name. I think there's a lot of meaning in the name censored around new growth and censored around partnership and relationship. So if you look at the name that was announced, I think it really does typify what we set out to be as a trusted partner in the industry, all born around new growth, censored around strong partnership and relationship. So very pleased and excited and look forward to the opportunity we have going forward. Yeah, congratulations on that. Add some clarity. Martin Schroeder, new CEO, Cube alum, great exec, love it. So good luck. Alan, let me stay with you for a second. I mean, operational resilience, it means different things to different people. And we know from speaking with CIOs in our community during the pandemic, it doesn't just mean disaster recovery. In fact, a lot of CIOs said that their business continuing strategy were too focused on DR. Alan, what does operational resilience mean from your perspective? So I'll answer it this way. Operational resiliency risk is defined as the quantifiable steps that any client needs to take in order to respond, recover from an unplanned outage. It sits squarely within operational risk. And if you think about it, operational risk is the kind of non-financial element of risk and defined within that category. Operational resiliency risk is trying to identify those steps, both pre-active and reactive, that a client needs to consider that they would have to take in the event of an unplanned disruption or an unplanned outage that would impact their ability to serve their clients or to serve their organization. That's how I define operational resiliency risk. Great, and I wonder, Michelle, I mean, you can add to that, but I think, you know, I sometimes say that the pandemic was like a forced march to digital. And part of that was business resilience. But, you know, where do we go from here? You know, we had 14 months shoved into our face and now we have some time to think about. So how should clients think about evolving their strategies in this regard? Yeah, well, certainly with respect to what was called NUCO Now Kindrel, our approach has been advisory led. We will help clients along this journey. One thing that I'd like to point out in one of the journeys that we've been taking over the last couple of years is it really is about security and resiliency together. If you think of that planning and how to mitigate your operational risk, the security and resiliency go hand in hand. They're the same people within the organization that are planning for that and worried about it. And so we had already started about three years ago to pull the two together and to have a unified value proposition for clients around security and resiliency, both being advisory led, doing everything for a client from project based to the digital consumption world, which we know clients live in today to a fully managed service all around security and resiliency together. Yeah, so I mean, it's a really important topic. I mean, you heard Chair Powell last month, he was on 60 minutes saying, well, yeah, you're worried about inflation. We're way more worried about security. So, Alan, let's say you're in the virtual conference room with the board of directors. What's that conversation like, where does it start? I think there is a huge concern right now with regards to security and obviously resiliency as well. But if you just think about what we've all been through and what's transpired in the last 12 months, the what we call the threat landscape has broadened significantly. And therefore clients have had to go through a rapid transformation, not just by moving employees to home base, but also their clients having a much higher expectation in terms of access to systems, access to transactions, which are all digital. So you referred to it earlier, but the transformation our clients have had to go on driving a higher dependence on those systems that enable them to serve their clients digitally and enable them to allow the employees to work remotely in this period has increased the dependencies that they have across the environment that are running many of the critical business processes. So the discussion of the boardroom is very much, are we secure, are we safe, how do we know, how safe and secure and resilient should we be? And based on that fact about how safe and secure should we be, where are we today as an organization? And I think these are the questions that are at the boardroom is basically from a resiliency security perspective, where should we be that supports our strategy vision and our client expectation? And then the second question is very much, where are we today? How do we know that we are secure? How do we know that we can recover from any unplanned or unforeseen disruption to our environments? So Michelle, I mean now I just mentioned the threat surface is expanding and we're just getting started. Everybody's like crazy about 5G leaning in the edge IoT and that's just, it's going to be orders of magnitude by the end of the decade compared to where it is today. So how do you think about the key steps that organizations should take to ensure operational resilience? Not only today, but also putting in a roadmap. Yeah, yeah. And one thing that we do know from our clients is those that have actually planned for resiliency and security at the forefront, they tend to do that more effectively and more efficiently. It's much better to do that than to try to do that after an outage. You certainly learn a lot, but that's not the experience that you wanna go through. You wanna have that planning and strategy in the forefront, as Alan said. In terms of the threat vector, the pandemic brought that on as well. We saw a surge in cyber attacks, opportunistic attacks. You know, we saw the best of people in the pandemic as well as the worst in people. Some of those attacks were on agencies that we're trying to recover. We're trying to treat the public with respect to the COVID-19 pandemic. So none of us can let our guard down here. I think we can anticipate that that's only going to increase. And with the emergence of these new technologies like cloud, we know that there's been such a massive benefit to clients. In fact, those that were cloud-enabled sustained their businesses during the pandemic. Full stop. But with that comes a lot more complexity. Those threat vectors increase. 5G, I expect to be the same. So again, resiliency and security have never been more relevant, more important. We see a lot of our clients putting budget there. And those that plan for it with a strategic mindset and understand that whatever they have today may be good enough. But in the future, they're going to have to invest and continue to evolve that strategy. Are those that have done the best? Yeah, the bolt-on strategy doesn't really work that well. And I wonder if you think about, when we talk to CISOs, for example, and you ask them what's your biggest challenge, they'll say things like lack of talent, we got too many tools, we're on hamsters on wheels. So I would think that's, unfortunately for some, but it's good for your business. That's a dynamic that you can help with. I mean, you're a services organization. You got deep expertise in this. So I wonder if you could talk a little bit about that lack of talent, that skills gap and how you guys address that. I think this is really the fit for managed services providers like Kindral. Certainly with some of our largest clients, if we look at PETA as an example, that notion of phone a friend is really important. When it starts to go down and you're not sure what you're gonna do next, you want the expertise, you wanna be able to phone someone and you wanna be able to rely on them to help you recover your most critical data. One of the things clients have also been asking us for is a vaulted capability, almost like the safe deposit box for your data and your critical applications, being able to put them somewhere and then in the event of needing to recover, you certainly could call someone to help you do exactly that. Alan, I wonder if you can address this. I mean, I like IBM. I'm a customer, I trust IBM. What's your relationship? Are you still gonna be able to allow me to tap the pieces that I like and maybe you guys can be more agile in some respects? Maybe you could talk about that a little bit. Yes, sure, Dave. And many of our clients we have a long history with and a very positive experience of delivering market leading and high quality of services and product. The relationship continues. We will remain very close to IBM and we will continue to work with many of IBM's customers as will IBM work with our customers going forward. So the relationship I believe whilst the different dynamic will continue and I believe engenders an opportunity for growth. And we mentioned it earlier, the very name signifies the fact that it's new growth. And I do think that that partnership will continue and we'll continue together to deliver the type of service, the quality of product and services that our clients have enjoyed from IBM over the last number of years. Michelle, one of my takeaways from your earlier comments is you guys are hands-on, you're consultative in nature. And I think about the comment I made about a lot of CIOs that we were way too DR focused, but when I think about DR, a lot of times it was a checkbox to the board. Hey, we got it, but when was the last time you tested it? Well, we don't test it because it's too risky to test. We do fail over, but we don't fail back because it's just too risky. Can I stress test my environment? Are we at the point now where technology and expertise will allow us to do that? Is that part of what you bring to the table? It is exactly what we bring to the table. So, first of all, from a compliance regulatory perspective, you no longer have that option. A lot of the auditors are asking you to demonstrate your DR plan. We have technology, and I think we've talked about this before about the automation that we have in our portfolio with resiliency orchestration that allows you to see the risk in your environment on a day-to-day basis proactively managing. I tried to recover this, there's a failure, and then you're able to proactively address it. I also give the example from a resiliency orchestration perspective in this very powerful software automation that we have for DR. We've had clients that have come in, scheduled a DR test, it was to be all day, they've ordered in lunch, and the DR test fail over fail back took 22 minutes. And lunch was canceled. So, very powerful and very powerful with an auditor. That's awesome. Okay, guys, we got to leave it there. Really great to get the update. Best of luck to you and congratulations. Thanks for coming on. Thank you. Thank you so much. All right, and thank you for watching. This is Dave Vellante for theCUBE's continuous coverage of IBM Think 2021. Right back.