 From Miami Beach, Florida, it's theCUBE, covering Acronis Global Cyber Summit 2019, brought to you by Acronis. Hello everyone, welcome back to theCUBE's coverage here in Miami Beach, Florida, at the Fontainebleau Hotel for the Acronis Global Cyber Summit 2019, where cyber protection is becoming an emerging trend. And we see these once in a while when you have these big waves, you know, some unique trends, observability in cloud computing, automation in cloud computing, came out of nowhere from these white spaces. Now you're seeing the confluence of data protection and cyber security coming together with the platform. That's what they're talking about here. And my next guest to break it all down is an analyst from Forrester Research, Navin Chabra. Thanks for joining us today. Thank you for having me here. So Miami Beach is not a bad venue, is it? Oh yeah, absolutely. It's gonna dip in the ocean there, it's warm. I got to ask you, let's break down this market. Acronis is on here earlier, they got a story to tell. And their story is not something that's obvious. It's kind of a new category, I guess, emerging. Not really a traditional category from a research standpoint, but cyber protection by combining traditional thinking about data protection and cyber security software, bringing them together into one thinking holistic data model that's a platform that can enable services. I mean, this is a classic platform. This is what these guys have. What's your take on the industry? Is the industry ready for this? Is this a real trend? The industry certainly needs the technology and it'll give you some examples as to why. So if you think upon the ransomware attacks that have happened in the past, the ransomware attacks would cripple any organization, right? And the best defense that an organization has to recover from backups. Now what that means is, okay, I can certainly recover from a backup which was taken last hour, last yesterday, or a few days back, few weeks back. But the most important question is, how do I find out that the last copy, or the last snapshot, is a clean, uninfected copy? Because that's important, right? So if you recover from an infected copy, you're gonna be hit again and you don't want that. So the million dollar question there is, how do I get back to the copy which is clean and uninfected, right? And you cannot do that traditionally, the way organizations have been structured. You have infrastructure and operations, guys. Those who are responsible for operations, keeping copies in the place wherever required. And then you have the second group which is security and risk, right? Which is responsible for identifying all things security. But ransomware is one thing in the industry which is pulling these two teams together. But the organizations are not ready yet. In one of the survey that I did, I asked the respondent, I said, do you have these two teams working together to solve this problem? And the answer was abysmally low. No, they don't work with each other. You point a great point. I think one of the things you highlight there I think is really critical is, backup and recovery was because of some operational disruption, outage, blood. So roll back. The disruption wasn't a hack. So to that point, all those mechanisms around generations of backup and recovery didn't actually take into account security. Exactly. Meaning the malware or the infection. The disruption is coming from a secure breach, not some electrical outage or some sort of other disruption. And they used to call that non-disruptive operations. I remember all the storage vendors talking about that. Right. Now it's not that anymore. The disruption is coming from security. So how do you bake security in from day one? That's the million dollar question that I always hear. What's your answer to that? What's the industry doing to get security baked in? What are some of the mechanisms that you've seen successful for the large enterprise to adopt a plan that way? So specifically from a technology standpoint I see very little efforts, right? The technology vendors are doing their own efforts but my guidance to clients is to be proactive in terms of using the right storage for that matter. Let's say if you have a worm storage, right? Which cannot be encrypted, right? Written ones cannot be changed, right? Use that model, right? Which will ensure that whatever you backed up yesterday one that backup is not infected, right? Or even from your core business applications standpoint you want to schedule the data to be kept at a particular point in time to that worm storage, for example, right? I don't see much of an effort from the organizations because again, security is a domain which is handled by security. Backup has not looked at using worm as a potential storage target. We're being write once, read many for the folks at home tracking this. Right, and not that they do not know the technology. They know the technology. What's up also about thinking out of the box and applying what's available to another, to a known problem and ransomware is so bad. It's such a hard problem to solve. I've heard ear gapping has been a solution. Worm's a good one. That's the first time I heard that. That's awesome. Makes sense. Absolutely. How do you deploy at scale throughout an enterprise where you have these traditional work streams, workflows that come back down to the people problem? You've been doing a lot of work around the people equation. People process technology as everyone says is digital transmission. But the people equation is a hard nut to crack. What's your take on the people situation? It certainly is a hard nut to crack because security would not trust what infrastructure and operations guys would be doing. Right, they've been told to operate in that model. And now comes a situation, ransomware situation where they're asked to trust each other and work with each other. Boy, that's not happening easily. Yeah, they hated each other before. Now they're going to have to like each other. I mean, that's been a 20 year, 10 year, five year. You've seen it all over time. DevOps is certainly with cloud force, a lot of that. That's kind of brought people together under the DevOps infrastructure as code. But we're talking about application development is growing like crazy. CISOs want to build in-house stacks and communicate via APIs and or some data sharing with vendors. So this idea of there's a restructuring I guess going on at least from a architectural, technically and staffing. What's some of the best practices that you've seen? What is some of the customer environments out there that you can talk to to show and point out a success story? I think some of the examples that I've seen organizationally addressing this problem holistically is to start from the top. I came out with this report a couple of years back titled ransomware is a business continuity issue. So don't approach it with a technology solution. While eventually you will end up in adopting that same technology, but identifying why do you need to use that technology so that it ties up to your business requirements. So start from identifying that as a business risk, which I see very little organizations do that today. Cyber risks are not identified as vulnerable, as important to risk, as they should be. So start off from that and trickle down into the next sub steps that you must be taking going eventually to the same technology. You know, one of the things I want to get your thoughts on is that obviously the digital threats are the industrialization of automating attacks. You're seeing zero day. You're seeing all this malware out there. You've got surface areas with IOTs increasing. So the threats are coming, they're not going away. In fact, they're going to be increasing over time. Maybe you might not see it like DDoS kind of distracted away. But now the complexity is a huge issue because the costs are, and we'll kick off the complexity, is something that Chronos is talking about, and this is one of the ones I want to get your thoughts on. Complexity is one of those things, if you don't solve it, and if you look the other way, it gets more expensive to solve over time. So as complexity piles up, it's like climate change, or cleaning up the Boston Harbor, the longer you wait, the more expensive it's going to be. So that's starting to be realized in some people's minds. They call it replatforming, digital transfers, there's buzzwords for that, but I think this is a reality that people are like, I got to take care of business. I got IoT, I got complete industrial IoT and IOC, I got all this data center, moving to the cloud. I got to clean up the complexity problem. Yeah. What's the answer? How do you, what's the research tell you? Unfortunately, there's no easy answer because all the tools, technologies that the organizations are using, they're using it for a purpose, right? So silos is a challenge. Increasing silos is a challenge. So I would, I would highly recommend organizations start to think about reducing the silos, not by reducing the tools, but by potentially looking at cross leveraging by integrating, right? And one of the examples here is very pertinent around recovery from ransomware attacks, right? So going back to the point that, okay, how do you identify where is the right clean copy of the backup, right? So these two teams would have to work together. Now the teams would not work out of their own heads. They need to, they got to depend on technology, right? So that's where the requirement of the tools themselves working with each other, security tool identifying, okay, when through the forensics tracing, you know, the ransomware path, would identify when did the ransomware get in, when did the malware get in, right? Which systems did it infect, right? And then the backup tools correspondingly acting on those backup instances, right? Which have been identified as clean and uninfected. Easier said than done. But that's a path forward. And the other thing to make that more complex is that you said business continuity before, that's a people issue as well, not just technical process. Absolutely. You got, okay, the teams have to have a plan. Yes. Like what's the plan? Do they actually huddle and do dry runs? Do they have buyer drills? I mean, these are the things that most cyber groups do. They tend to have, you know, very structured approaches to either incidents, response. So as these worlds come together, what does your research tell you around the questions of working together proactively show you? Interestingly enough, I, you know, a couple of years back I did a survey asking those organizations who have been hit by a ransomware attack and have lost data. I asked them, how many of you have these two teams working together? Apparently, you know, some 30 odd percent respondents said that yes, we have these two teams working together. But upon, you know, asking finer questions, qualifying questions about yes, these two teams work together, but do they effectively and eventually get to where they should be? Like have a common plan, right? I think three, four, five percent of the respondents would say that yes, we do have a common operating, you know, understood plan between the two teams, right? But largely like, I can say almost all the organizations do not have that plan, unfortunately. Yeah, I think one of the first ransomware experts I've had on theCUBE that's done a lot of research in the area directly. So I got to ask you, on ransomware, which is all it's really bad news, and it comes from multiple actors. People looking for cash and also, you know, state-sponsored, which I believe is going on a lot. No one's reporting on it, but still that's not proofed yet, but I still get a feeling it's done. On ransomware, do you have any data or insights around if the people clean up their act and get fixed? Because I see a lot of ransomware coming back to the same places, where, you know, they hit once, solve it, pay some Bitcoin or whatever their extortion currency is, and then they get hit again. And hit again. Because there's cash there. Do you see that as a trend? What's the data? Is there any anecdotal insight or are people getting hit twice, three times? There are incidents. And I was speaking on a, you know, customer, on a panel, like half an hour back. And I give this example. There was a hotel chain in central Europe, which was attacked in the key management system. Like, if you and I were the guests of that journey, we would not be able to get in into our rooms. And while they paid ransom for to release that key management application, they didn't do, they didn't secure that infrastructure and applications further, which was required. And three months later, they were attacked once again. Right, so such incidents are happening. And that's where, you know, guidance from, you know, Forrester, where we have published a paper about when to consider to pay ransom. Because you would not be sure that you get the keys. You get the keys for all the data, right? You don't get any traces of malware left behind or a new malware coming in. You never know, right? Of course, yeah. While this is an untrusted word, but you've got to trust if you're paying. Yeah, well, I think I would bet that the criminals will come back for, you know, new shoes, new coat, new car. They need new things. They need cash. They're going to come back to the bank. Absolutely. And they're coming back to the easy prey. Niveen, thanks for coming on. I want to get your thoughts, though, on the industry as we wrap up the segment around the trends around cyber protection, data protection platform. You know, really we're living in a cyber data driven world and data is a key part of it. What's the most important trend or story that you think needs to be told or is being told today in terms of customers to pay attention to? What's, is it ransomware? What's in your mind the top three things that are the most important stories that must be covered or need to be covered or aren't covered? So I think it's not just my story. It's about the state of the affairs at an industry level, globally. I was referring to the World Economic Forum where all the global risks that economies face, right? It could be famine. It could be a country going bankrupt, right? It could be any other risk that the industry faces. We have seen that through that study, the World Economic Forum did. In the last 10 years, cyber risk has started to appear on the list of top four, top five risks for the last three years. In the world. Globally. Global issues. Global issues, yes. And one of our research also tells us that the number of ransomware incidents have grown 500% in the preceding last 12 months, right? And the impact, intensity, and frequency of ransomware attack is simply growing. Many organizations have actually shut down operations. Medical practice in Midwest called upon the practice and said, oh, we are closing operations. And in fact, it's in public domain. We are closing operations. You can come back to us for whatever data we currently have on you. But, I mean, I think I did it from a regulation standpoint. HIPAA decays that you have to keep control of the data and also be able to provide. But guess what? In this case, the medical practice doesn't have data. If you were there, client, if you were a patient, they don't have any data on you. Guess what? If it was there for years, you've lost years of your medical data, right? So that's happening. Global issues, ransomwares, real, and cyber attacks are happening in high frequency. Absolutely. Naveen, thanks for coming on. We need job for our senior analysts at Forrester Research here inside theCUBE. We are at the Acronis Global Cyber Summit 2019. I'm John Furrier, back with more coverage for two days here in Miami Beach after the short break. Stay with us.