 Okay, we're back. My name is Dave Vellante and this is theCUBE's coverage of AWS Storage Day. You know, coming off of reinforce, I wrote that the cloud was a new layer of defense. In fact, the first line of defense in a cybersecurity strategy. And that brings new thinking and models for protecting data. Data protection specifically, traditionally thought of as backup and recovery, it's become a critical adjacency to security and a component of a comprehensive cybersecurity strategy. We're here in our studios outside of Boston with two CUBE alums and we're going to discuss this and other topics. Wayne Duso is the vice president for AWS Storage Edge and Data Services and Nancy Wong is general manager of AWS backup and data protection services guys. Welcome, great to see you again. Thanks for coming on. Of course, always a pleasure Dave. Good to see you Dave. All right, so Wayne, let's talk about how organizations should be thinking about this term data protection. It's an expanding definition, isn't it? It is an expanding definition. Dave, last year we talked about data and the importance of data to companies. Every company is becoming a data company. You know, the amount of data they generate, the amount of data they can use to create models to do predictive analytics. And frankly, to find ways of innovating is grown rapidly. And you know, there's this tension between access to all that data or getting the value out of that data and how do you secure that data? And so this is something we think about with customers all the time. So data durability, data protection, data resiliency. And you know, trust in their data. If you think about running your organization on your data, trust in your data is so important. So you know, you gotta trust where you're putting your data. You know, people who are putting their data on a platform need to trust that platform will in fact ensure its durability, security, resiliency. And you know, we see ourselves, AWS as a partner in securing their data, making their data durable, making their data resilient. All right, so some of that responsibility is on us, some of that is on them. It's a shared responsibility around data protection, data resiliency. And you know, we think about forever, you know, the notion of, you know, compromise of your infrastructure. But more and more people think about the compromise of their data as data becomes more valuable. And in fact, data is a company's most valuable asset. We've talked about this before, only second to their people. You know, the people that are most valuable asset, but right next to that is their data. So really important stuff. So Nancy, you talked to a lot of customers, but by the way, it always comes back to the data. We've been saying this for years, haven't we? So you've got this expanding definition of data protection, you know, governance is in there. You think about access, et cetera. When you talk to customers, what are you hearing from them? How are they thinking about data protection? Yeah, so a lot of the customers that Wayne and I have spoken to, often come to us seeking thought leadership about, you know, how do I solve this data challenge? How do I solve this data sprawl challenge? But also more importantly, tying it back to data protection and data resiliency is how do I make sure that data is secure, that it's protected against, let's say ransomware events, right? And continuously protected. So there's a lot of mental frameworks that come to mind and a very popular one that comes up in quite a few conversations is in this cybersecurity framework, right? And from a data protection perspective is just as important to protect and recover your data as it is to be able to detect different events or be able to respond to those events, right? So recently I was just having a conversation with a regulatory body of financial institutions in Europe where we're designing a architecture that could help them make their data immutable but also continuously protected. So taking a step back, that's really where I see AWS's role in that we provide a wide breadth of primitives to help customers build secure platforms and scaffolding so that they can focus on building the data protection, the data governance controls and guardrails on top of that platform. And that's always been AWS's philosophy, make sure that developers have access to those primitives and APIs so that they can move fast and essentially build their own if that's in fact what they want to do. And as I was saying, Wayne, data protection is now this adjacency to cybersecurity but there's disaster recoveries in there, business continuance, cyber resilience, et cetera. So maybe you could pick up on that and sort of extend how you see AWS helping customers build out those resilient services. So two core pillars to a data protection strategy is around their data durability which is really an infrastructural element. It's by and large the responsibility of the provider that infrastructure to make sure that data is durable because if it's not durable, everything else doesn't matter. And the second pillar is really about data resiliency. So in terms of security controls and governance, like these are really important but these are a shared responsibility, like the customers working with us with the services that we provide are there to architect the design. It's really human factors and design factors that get them resiliency. Nancy, anything you would add to what Wayne just said? Yeah, absolutely. So customers tell us that they want always on data resiliency and data durability. So oftentimes in those conversations three common themes come up which is they want a centralized solution. They want to be able to transcribe their intent into what they end up doing with their data. And number three, they want something that's policy driven because once you centralize your policies it's much better and easier to establish control and governance at an organizational level. So keeping that in mind with policy as our interface there's two managed AWS solutions that I recommend you all check out in terms of data resiliency and data durability. Those are AWS backup which is our centralized solution for managing protection, recovery and also provides an audit capability of how you protect your data across 15 different AWS services as well as on-premises VMware. And for customers whose mission critical data is contained entirely on disk we also offer AWS elastic disaster recovery services especially for customers who want to fail over their workloads from on-premises to the cloud. So you can essentially centralize just a quick follow up, centralize the policy and like you said the intent but you can support a federated data model as you're building out this massive global system but you can take that policy and essentially bring it anywhere on the AWS cloud. Is that right? Exactly and actually one powerful integration I want to touch upon is that AWS backup is natively integrated with AWS organizations which is our de facto multi-account federated organization model for how AWS services work with customers both in the cloud, on the edge, at the edge and on-premises. So that's really important because as we talk about all the time on theCUBE this notion of a decentralized data architecture, data mesh but the problem is how do you ensure governance in a federated model so we're clearly moving in that direction. Wayne I want to ask you about cyber as a board level discussion. Years ago I interviewed Dr. Robert Gates former defense secretary and he sat on a number of boards and I asked him how important and prominent is security at the board level is it really a board level discussion? He said absolutely. Every time we meet we talk about cyber security but not every company at the time this is kind of early last decade was doing that. That's changed. Now ransomware is front and center here about it all the time. What's AWS, what's your thinking on cyber as a board level discussion and specifically what are you guys doing around ransomware? Yeah, so malware in general ransomware being a particular type of malware. Sure. It's a hot topic and it continues to be a hot topic and whether at the board level, the C-suite level, I had a chance to listen to Dr. Gates a couple of months ago and super motivational. But we think about ransomware in the same way that our customers do because all of us are subject to an incident. Nobody is immune to a ransomware incident. So we think very much the same way and as Nancy said along the lines of the NIST framework we really think about how do customers identify their critical access? How do they plan for protecting those assets? How do they make sure that they are in fact protected and if they do detect a ransomware event? And ransomware events come from a lot of different places like there's not one signature, there's not one thumbprint if you would for ransomware. So there's really a lot of vigilance that needs to be put in place but a lot of planning that needs to be put in place and once that's detected and we have to recover, we know that we have to take an action and recover. Having that plan in place making sure that your assets are fully protected and can be restored. As ransomware is an insidious type of malware it sits in your system for a long time, it figures out what's going on including your backup policies, your protection policies and figures out how to get around those with some of the things that Nancy talked about in terms of air gapping your capabilities being able to if you would scan your secondary, your backup storage for malware knowing that it's a good copy and then being able to restore from that known good copy in the event of an incident is critical. So we think about this for ourselves in the same way that we think about these for our customers. You've got to have a great plan, you've got to have great protection and you've got to be ready to restore in the case of an incident and we want to make sure that we provide all the capabilities to do that. Yeah, so I'll be glad you mentioned air gapping so that the recent reinforce, I think it was Kurt Kufeld was speaking about ransomware and he didn't specifically mention air gapping. I had to leave so I might have missed it because I was doing the cube but that's a key aspect I'm sure there were things on the deep dives that addressed air gapping but Nancy look, AWS has the skills it has the resources necessary to apply all these best practices and share those with customers but what specific investments is AWS making to make the CISOs life easier? Maybe you could talk about that. Sure, so following on to your point about the reinforced keynote Dave, CJ Moses talked about how the events of a ransomware for example incident or event can take place on stage where you go from detect to respond and to recover and specifically on the recover piece he mentioned AWS backup, the managed service that protects across 15 different AWS services as well as on-premises VMware as automated recovery and that's in part why we've decided to continue that investment and deliver AWS backup audit manager which helps customers actually prove their posture against how their protection policies are actually mapping back to their organizational controls based on for example how they tag their data for mission criticality or how sensitive that data is, right? And so turning to best practices especially for ransomware events since this is very top of mind for a lot of customers these days is I will always try to encourage customers to go through game day simulations. For example, identifying which are those most critical applications in their environment that they need up and running for their business to function properly. For example, and actually going through the recovery plan and making sure that their staff is well trained or that they're able to go through for example a security orchestration automation recovery solution to make sure that all of their mission critical applications are back up and running in case of a ransomware event. Yeah, so I love the game day thing. I mean, we know well just in the history of IT you couldn't even test things like disaster recovery because it was too dangerous. With the cloud, you can test these things safely and actually plan out, develop a blueprint, test your blueprint. I love the game day analogy. Yeah, and actually one thing I'd love to add is we've talked about air gapping and I just want to kind of tie up that statement is one thing that's really interesting about the way that the AWS cloud is architected is the identity access and management platform actually allows us to create identity constructs that air gap your data perimeter so that way when attackers for example are able to gain a foothold in your environment you're still able to air gap your most mission critical and also crown jewels from being infiltrated. That's key. Yeah, we've learned. Paying the ransom is not a good strategy because most of the time, many times you don't even get your data back. Okay, so we're kind of data geeks here. We love data and we're passionate about it on theCUBE, AWS and you guys specifically are passionate about it. So what excites you, Wayne, you start and then Nancy you bring us home. What excites you about data and data protection and why? You know, we are data nerds. So at the end of the day, you know, there's expressions we use all the time but data is such a rich asset for all of us. And some of the greatest innovations that come out of AWS comes out of our analysis of our own data. Like we collect a lot of data on our operations and some of our most critical features for our customers come out of our analysis of that data. So we are data nerds and we understand how businesses view their data because we view our data the same way. So, you know, security really started in the data center. It started with the enterprises and if we think about security, often we talk about securing compute and securing network. And you know, if you secured your compute, you secured your data generally but we've separated data from compute so that people can get the value from their data no matter how they want to use it. And in doing that, we have to make sure that their data is durable and it's resilient to any sort of incident and event. So this is really, really important to us. And what do I get excited about? You know, again, thinking back to this framework, I know that we as thought leaders alongside our customers who also thought leaders in their space can provide them with the capabilities they need to protect their data, to secure their data and make sure it's compliant and always, always, always durable. You know, it's funny, it's not funny, it's serious actually. Stephen Schmidt at Reinforce, he's the Chief Security Officer at Amazon, used to be the CISO of AWS. He said that Amazon sees quadrillions of data points a month. That's 15 zeros, okay? So that's a lot of data. Nancy, bring us home. What excites you about data and data protection? Yeah, so specifically, and this is actually a drawing from conversations that I had with multiple ISV partners at AWS Reinforce, is the ability to derive value from secondary data, right? Because traditionally, organizations have really seen that as a cost center, right? You're producing secondary data because most likely you're creating backups of your mission critical workloads. But what if you're able to run analytics and insights and derive insights from that secondary data, right? Then you're actually able to let AWS do the undifferentiated heavy lifting of analyzing that secondary data as state, so that way you as customers or ISV partners can build value on the security layers above. And that is how we see turning cost into value. I love it, it's taking the original premise of the cloud, taking away the undifferentiated heavy lifting for deploying compute storage and networking, now bringing up to the data level, the analytics level, so it continues, the cloud continues to expand. Thank you for watching theCUBE's coverage of AWS Storage Day 2022.