 Perhaps you've been hacked or you're just feeling exposed. For many customers, it's a bit overwhelming to try and figure out how to secure your entire state or even where to start. Well, we'd like to help. We're here with Arun Krishnamurthy, who is a wide range of experience across all aspects of IT management, generally in security specifically. Arun, good to see you. Thanks for coming in. Thank you for having me. So you're very welcome. So give us a quick overview of Dell services and specifically the cybersecurity piece in your role. Happy to do it, Dave. Super excited. Dell's doing a lot in the security space. We've been doing a lot for many decades. What we are doing now is bringing together some key services that will help our customers really tackle this big challenge in cybersecurity. We all know that ransomware is rising. Many of our customers are struggling and we see that across all segments, small business, medium business, commercial, and even enterprises, some customers may have a sock and dedicated teams, other customers do not have it. But in general, this is a widespread challenge and it's really causing a lot of grief for our customers. We know it. I mean, the stats are very, probably more than half the companies don't even have a sock. That's great. And so, Dell, what I like is end to end, right? Small all the way up to large. And we could spend a lot of time talking about the challenges that organizations face. I think that's been well covered. But what we really want to do is share a framework. We have a slide, actually, that you and I were looking at earlier, Alex, if you would bring that up. And I want to understand sort of how you frame the conversation, what you've learned over the years. Sure. So look, cybersecurity is really a risk mitigation conversation, right? And what we've learned over many years of our experience working with our customers and really solving real problems for them, this is one of the blueprints that's emerged for us in how we engage and talk to customers. There's three critical things in the blueprint that'll help our customers not only prepare, which is pre-breach, what do they have to do, and also help them think through, God forbid something happened, how do I recover my, this is kind of the cyber resilience conversation, which is, how do I understand both scenarios and be ready for it? So the middle of this is this slide is where everybody has all the tools, right? We all know that, but start at the top here. This is where, what's interesting to me is you guys go in, you do a portfolio assessment essentially and evaluate the risk, is that correct? That is correct. So one of the most important things in cybersecurity is it is not just the CISO and their team that need to be worried about it. The top layer is what we think of business layer, risk layer, we want the business units, the IT teams, the application teams, the risk teams, the security teams, collectively working together and understanding what does risk exposure look for this company? And it widely varies between different companies because they are in different stages of maturity and they have different priorities. So we need to understand that risk, appetite and exposure first and then understand and build that strategy, right? How are we now going to tackle it? Where should we start and what does next steps look like? Can you bring that slide back up? I want to talk about the bottom layer now as well. So this is where you get into the architecture. Explain what you've got going on down here. Yeah, this is an interesting one. So this is your layer technology architecture and another way of looking at it is if you looked at some recent zero trust mandates, the NIST DOD model reference architecture for zero trust also talks about this as different pillars with the remote workforce that we have today and the remote target destinations that workers are going which is multi-cloud, you now have a very diverse distributed workforce accessing very diverse distributed applications whether it's private, public, SaaS, multiple forms. So how do you now connect these different pieces together is where some of the new technologies are evolving? And one of the interesting challenges is in the old model, you had one data center, one firewall, you knew who was coming in. Once they came in, you kind of understood what they were doing, but in the distributed model, you have to build security posture along the way, right? If I'm a user with a laptop and I'm coming in, what applications do I access, where do they sit? How do I traverse the network and how do I protect every piece of it? So what you're looking there is the technology stack and we want to make sure that every piece of that is protected. Okay, so this is, like I said, overwhelming for a lot of customers. So we've got another graphic that I want to bring up because where do you start? Simplify, if you could bring up slide two, Alex, simplify for the audience, like where do I start? Like I say, I've been hacked or I'm afraid I'm going to get hacked. I come to Dell, what do you tell me? So when you look at it from a customer journey, our first priority is understanding what exposures currently customers have today and we want to make sure we want to solve for that, right? So a great example, we had one customer that had multiple domains, multiple websites that had forgotten about it. So when we do our attack surface management assessment, we uncovered that these assets were out there exposed for the bad guys to operate on. So let's understand the open vulnerabilities you have and make sure that we address it. And while we are doing that, let's also take a protection point of view, right? Let's protect what you have. God forbid the hackers came in, we are protecting the data. So can we double click on that second pillar here? You know, that's something that we talk about often on theCUBE and that is the adjacency of data protection to cybersecurity. Our audience has heard that a lot. How are firms thinking about this adjacency? How do you think about it? So one of the critical aspects of data protection is the recovery component, right? Are we protecting the right assets? Do we understand what does a recovery scenario for a particular business process look like? So when we talk to customers, they have hundreds of applications. They have some business process that has to come up. God forbid they had a cyber attack. So understanding the priority of the applications, protecting the right data, isolating them and then having the ability to bring them back in an organized manner is super critical. So you can now prioritize those resources for the most critical applications. And from a protection standpoint, we also extend beyond data protection, which is where things like Zero Trust come in. So, and we'll talk about that, but so you're essentially connecting the architecture to the business process. So there's a lot of dependencies. So there's multiple databases. There's maybe multiple tools that you've got to deal with. We always focus on the tools, but there's a lot of other things going on in the business. What about that third pillar? If you could bring that slide back up, that idea of becoming more anticipatory versus being purely reactive. What are the keys there? You've got this manage proactively. Let's double click on that. So we, when you follow the journey and you have now protected your assets, you have closed some of the exposures, you have put the right controls in place. Well, you have to understand that every customer environment is dynamic. Users are going to come in, devices are going to come in, applications are going to come in, and the threat actors are constantly acting every second of the day. So you have to manage your security proactively. You have to make sure that you're doing active threat management, you're understanding through, you're bringing in a lot of threat intelligence. And Dell, for example, we have a SOC that spans 75 countries. We have a lot of different threat sources. We are able to bring that intelligence and understand if you're being hacked. If you're being hacked, we know what the connective points are so we can help you detect and respond very quickly. You know, one of the things that, you know, you see these frameworks like the NIST framework, which is great, but it's a lot. And I think organizations have trouble or operationalizing that. Is that something that you hear as a frustration and how can Dell help them actually bring this to reality? Yeah, so great question, Dave. The frameworks are an evolution of what the industry has collectively understood over many decades. So they are phenomenal guidelines for customers. So NIST, for example, has five functions and if you balance your investments across the five functions, your security posture is going to get better. NIST also has controls, understanding those different controls and how do they work. So with our services, we take a pragmatic approach. We have the frameworks as a reference point, guiding principle, but we also look for common cyber hygiene when we work with customers. There are some low-hanging fruits you can attack and immediately increase your cybersecurity posture and then worry about the broader framework alignment and regulatory and other align. How does all this fit into, everybody talks about zero trust. Zero trust is everybody's on the path to zero trust, but it's very challenging. CISOS tell us it's going to take three to five years, which is kind of depressing because they get a lot of other stuff to do. What's your take on zero trust? How does this all fit in? So first of all, zero trust is not a new concept. It's been around a lot. It's getting a lot of trust now because the cyber attacks are continuing to grow and we need to find a really solid architectural foundation. That's what zero trust gives. So when you look at many security programs, customers are running today. It's dependent on understanding a few good behaviors, but mostly customers are looking there needle in a haystack. Is there a bad behavior going on? What zero trust does, it shifts the paradigm. Let's focus a lot more on the good principles, good behaviors. Do we understand our users? What devices do they use? What applications do they have? And put the right technologies to make sure that we are enforcing those good behaviors and it reduces the burden on catching bad behaviors. So that's the fundamental concept, but there's a lot of vendors with a lot of technologies that all have some aspect of zero trust in it. What we are particularly proud in Dell is we are kind of bringing them all together so our customers have a better understanding of the roadmap. And the other thing is we find a lot of our customers at brownfield environments. So essentially where we are helping those customers is how do we take those existing investments and convert them into a zero trust type policy and architecture? Yeah, so you mentioned needle in a haystack. Sometimes it's like a needle in a needle. When people ask me why Dell, I'll often say that the company's obviously got great services capabilities, but I want to learn more about the ecosystem, particularly as it relates to security. So we have a third slide that I wanted to pull out of the deck because it really does talk to this. Big theme today in security is how do I reduce the number of tools I have? And there are a number of world-class companies that can help you do that, can help you consolidate, and there's some listed here. Talk about your ecosystem strategy. Yeah, that's another great question. Like you said, it's a highly fragmented industry because each vendor is solved for a particularly difficult problem, but the burden is on our customers to put it all together. The other interesting thing about technology, security technologies is they're not working on their own. So for example, when you detect a threat, you want to cross-reference that to open vulnerabilities. You want to potentially cross-reference that to your penetration testing and how the controls are behaving. So what Dell is doing is we are working with the industry leaders, and Dell is becoming the MSSP, the systems integrator, and we are not just working at the level of putting services together, but we are working at the engineering level. How do I now have secure API-based automation? How do we bring these technologies for customers? We want to onboard these technologies really quickly, and how do they all work together? So we're playing a very pivotal role in bringing these leaders together and collectively, we feel that we're going to have better message for our customers and solvers. You're making it easier in a very complex world. Arun, thanks so much for spending some time and coming into our studio. Thank you, Dave, appreciate it. All right, keep it right there for more content on navigating the road to cyber resiliency. This is episode two.