 Welcome back everyone to theCUBE and the Dhruva special presentation of why ransomware isn't your only problem. I'm John Furrier, host of theCUBE. We're here with W. Curtis Preston. Curtis Preston as he known in the industry, Chief Technical Evangelist at Dhruva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. Happy to be here. So we always see each other events now, events are back so it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I'd like to get your thoughts and I'd like you to reflect on the analysis that we've been covering here in the survey data, how it lines up with the real world that you're seeing out there. Yeah, I think it's the survey results really, I'd like to say that they surprised me but unfortunately they didn't. The data protection world has been this way for a while where there's this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been successfully hit by ransomware, paid the ransom and or lost data. And yet the same people that were surveyed they had high degrees of confidence in their backup system. And I could probably go on for an hour as to the various reasons why that would be the case. But I think that this long running problem that as long as I've been associated with backups which has been a while, it's that problem of nobody wants to be the backup person and people often just they don't wanna have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh, the backup system is great because the backup person often might say that it's great because maybe it's their job to say so but the reality has always been very, very different. It's funny, we're good, boss, we got this covered. Backs up, the fingers crossed, right? So again, this is the reality and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware also the other thing is people get ransomware hit multiple times. So it's not only like to get hit once. So this is a constant chasing the tail on some ends but there are some tools out there you guys have a solution. And so let's get into that. You have had hands-on backup experience. What are the points that surprised you the most about what's going on in this world and the realities of how people should be going forward? What's your take? Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, there was a huge percentage of people that said that they had a ransomware response in readiness program. And you look at that and how could you be, that higher percentage of people be comfortable with their ransomware readiness program and which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack and then there's the recovery aspect. And so you believe that your company was ready for that and then you go and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most because you talked about reinfections. The surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail. And you're in business, you're a good customer, AOR for ransomware. Yeah, so the fact that, you know, 60, what, two thirds of the people that were attacked by ransomware paid the ransom, that one statistic just hurt my heart. Yeah, and I think this is the reality. I mean, you look back and even the psychology of the practitioners was, you know, it's super important to get back and recover and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved. Like I said, the AOR, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up. And if you're stupid enough not to change your tooling, right? So again, it works both ways. So I got to ask you, why do you think so many organs are unable to successfully respond after an attack? Is it because they know it's coming? I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? I think it's a litany of things, starting with that aspect that I mentioned before that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand, you know, that's a good idea, Curtis. Why don't you look into that, right? Nobody wants to be responsible. Where's that guy now? He doesn't work here anymore. Yeah, but I hear where you come from. Exactly. Psychology. Yeah, so there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like octa so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if that production environment is compromised, now knowing that the backup systems are a significant portion of the attack vector, then if the production system is compromised and the backup system is compromised. So you've got to segregate all of that and I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. So what you're saying is that the attack vectors and the attackers are getting smarter, they're saying, hey, we'll just take out the backup first so they can back up, so we got the ransomware. That makes sense. Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. Okay, so you guys have a lot of customers. They all kind of have seen this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? Well, again, you've got to fully segregate that data. There are, and everything about how that data is stored and everything about how that data is created and accessed, there are ways to do that with other commercial products. You can take a standard product and put a number of layers of defense on top of it or you can switch to the way Druba does things which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account and it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the way Druba stores your backups is the best you can get after doing many, many layers of defense on the other side and having you do all that work with us, you just log in and you get all of that. I guess, how do you break the laws of physics? I guess that's the question here. Well, because that's the other thing is that by storing the data in the cloud, we do it. And I've said this a few times that you get to break the laws of physics. And the only way to do that is time travel. So yeah, so Druba has time travel. And this is a courtesism, by the way. I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's kind of what I mean by time travel in that basically you configure your DR, your disaster recovery environment in Druba one time. And then we are pre restoring your data as often as you tell us to do, to bring your DR environment up to the current environment as quickly as we can so that in a disaster recovery scenario which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics is you break the laws of time. Well, I had never wants to know the next question and this is the real big question is, are you from the future? Yeah, very much the future. What's it like in the future, a backup recovery as a restorer, is it air gapping everything? Yeah, well it's a world where people don't have to worry about their backups. I like to use the phrase, get out of the backup business, just get into the restored business. I'm a grandfather now and I love having a granddaughter and I often make the joke that if I'd known how great grandkids were, I would have skipped straight to them, right? Not possible, just like this. Recoveries are great, backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. Yeah, and what's great about your background is you've got a lot of historical perspective, seen that in the ways of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on and automated things got to be rocking and rolling. Absolutely, yeah. I do remember, again, having worked so hard with many clients over the years, back then we worked so hard just to get the backup done, there was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to try to break the laws of physics. I've been fighting the laws of physics my entire career. To get the backup done in the first place, then to secure all the data, right? To air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible. And they get to do a full test by simply pressing a single button. And, you know, I wish that, I wish everybody had that ability. Yeah, I mean, it's a big part of it. Data's in the middle of it. All this is now mainstream, front lines, great stuff. It's great to have you on, bring that perspective and thanks for the insight, really appreciate it. Always happy to talk about my favorite subject.