 We're back with Daniel Newman, who's a top industry analyst. He's also the CEO of the Futurum Group, a very rapidly growing research firm. Hello my friend, thanks for joining the program. Great to see you. Dave, always good to go on theCUBE. All right, let's get right into it. I want to share, Daniel, some recent data from SurveyHouse ETR, which confirms what everybody's been talking about. And that is security, of course as we know, is the number one priority for technology organizations. This survey specifically identifies zero trust which seems to have gone from buzzword, you remember Daniel, pre-pandemic. And now it's become this kind of mandate. How do you see zero trust? Is it going mainstream in your view and what's driving that? Yeah, first of all, Dave, I'm really glad that you brought that particular notion about technology and security being in vogue as the line-on variety has been protected during this economic challenging period that we're in right now. The investment in security is actually going up and that's something that I saw and had predicted as we sort of saw the economy turn. I mean, zero trust is really all about the way, it's not just a technology, it's really a culture. It's about an end-to-end approach to security that really looks at hardware, software, and people. And in considers that first and foremost, we need to sort of not really trust that anybody is as secure as they need to be. As the attackers get more innovative, it means that the traditional perimeter-based security that we've used, it's not sufficient. We saw recent legislation and strategy coming out of the Biden-Harris administration and actually zero trust is one of the things they've focused on for federal and public sector. We're seeing it at government, we're seeing it in enterprise. This is a really big thing. And as I said, Dave, and probably the most important thing is it's all about end-to-end cyber across the IT stack. And for example, when you hear companies like Intel talk about TXT or you hear about Broadcom when they talk about root-of-trust capabilities in their nicks, really what they're talking about is hardware to software to humans, putting that right technology in there that enables end-to-end. And that's why companies are picking certain hardware to go into certain devices. It's a really good point. I mean, you're right. It starts at the very lower layers of the stack all the way up to- Look into people, look into people. Exactly, all the way up through culture. And you know, CISO told me the other day, Daniel, love to get your feedback on this. He said, part of the reason why we're going for zero trust is because when a project is ready to be delivered or an application or initiative, particularly around stuff that's going to drive revenue in this day and age, we don't have to go through as much friction to get the stamp of approval. And it just accelerates time to market. Yeah, I think that's true. I mean, I think companies right now are in a different juxtaposition. Before when we were in this sort of wild, frothy growth period of time, that you and I have had many conversations about over the years, Dave, it was all about spending for growth. It was growing infrastructure to get more customers, be able to deliver more services, et cetera. But now when we're seeing companies sort of reconfigure for what will be the next wave of growth, they need to make sure that their data is protected. They need to make sure that data is going to be available and that their systems are going to be up and working. As we see digital transformation enabling companies to actually deliver and grow, they can't not put security at the top of their priority list. You have to be secure. And if your data cannot be backed up, you also open a whole lot of risk to things like ransomware because that's what the black hats, that's what the people that are trying to get into your systems know is if you can't bring your system back up quickly, the vulnerabilities are really substantial. So I want to ask you about data protection because the series, of course, the program we're running is around data protection. And what role do you see data protection, specifically we're talking about backup and recovery? What role does that play as an adjacency to cybersecurity or even as a key component of a zero trust architecture? Yeah, I think there's a really significant interdependence. And that was kind of what I was alluding to just before this was if a company's backup is vulnerable, meaning if that data protection is not in place, or if a hacker is able to get access to that backup, then the whole system becomes more at risk because the one thing is if a company knows it can bring its system back up, it's less likely to potentially pay out ransomware requests. So data protection just in that way creates a ton of risk. And so we're seeing new capabilities related to data protection, whether that's role-based, whether that's multi-factor authentication, multi-person, two-person concurrent, these are all things that are being done along with gapping, data vaulting, these are all strategies. And these are things might seem a future group have looked at really closely as some of the key ways that companies are going to be able to defend, but not being able to backup and bring up systems quickly creates vulnerabilities and risks that companies really shouldn't be allowing themselves to be in such a position. Yeah, and there's no silver bullet to your point. There's just a lot of different strategies that organizations have to employ. And Daniel, I got to say, the last 110 days or so with the AI trend has just been amazing. So I want to ask you about technology trends that are impacting security, but before we get to the generative AI, let me just sort of list a couple at our top of mind. Cloud and multi-cloud, when you're doing cross-cloud, it creates other complexities. The hybrid work, remote work, we've talked about that a lot and the impact on cyber and of course AI, ML, generative AI, GPT, how do you see tech and today's tech trends impacting cybersecurity? Yeah, maybe I'll take that a bit one by one because my natural gravity would be talked just about generative AI because it's so in vogue right now, but we, you know, to your point, multi-cloud, for instance, is a important operating model. You know, companies that are going to obviously from prem to hybrid to multi are introducing a number of new security vulnerabilities. There's different API access. There's different remote security connectivity. You have different user access and multi-tenancies and of course the risk of unsecure devices, you know? And by the way, hyperscalers, whether it's GCP AWS or Azure, for instance, they all have different administration. So what your team may be extremely good at hardening for one, they may not have the capabilities or be as up to speed on another and that creates all kinds of risks. So when you work across multiple clouds and prem, and as we know, I know I think you like to talk about the super cloud, Dave, but as you work across these multiple clouds that are really creating the enterprise fabric, this creates a whole bunch of new complexities. It would be like having five, 10 different prems with different hardware and different software running on them. And that's what enterprise IT leaders and CSOs are being expected to defend of four. Right, okay, so you're right. I do like to talk about super cloud because it is a metaphor for consistency across clouds. What about generative AI? I mean, it's the hottest topic going. How do you see that as- Yeah, I had to take a breath. I wanted to let you get in there. Yeah, thank you. Look, generative AI is probably one of the fastest and most disruptive trends that I've ever seen. I think you and I could both agree that something like 12 to 16 weeks ago, it was like, you know, it was a twinkle in our eye. We understood AI directionally was going to move to be much more self supervising, deep reinforced learning with less and less human in the loop in order to do more and more things. I think the idea though, that it's so quickly become pervasive and it's being utilized in ways that are driving all kinds of productivity gains that are giving you access to data. It's very exciting. Having said that, it's also creating new security risks. You got employees of companies. We heard about this last week, I believe it was Samsung uploading proprietary or confidential data to chat GPT for synthesizing or utilization for content. I mean, think about how people that are going to try to use these tools are going to be feeding this data into systems where things like privacy and safety and security aren't even being considered. Talk about a risk for zero trust. I mean, these are major risks. And of course you got to have figured the black hats and the hackers are going to be using this to create all kinds of new creative ways to do better fishing, to do better spear fishing attacks. These types of technologies, anytime they're used for good and positive, you can be absolutely certain they're going to be used on the other side for those that are trying to take advantage of the opportunity. Yeah, the cultural awareness becomes even more important. It's definitely moved from the boardroom to the rest of the organization. And now we, you know, we think we got it that we, when we see a fishing attack, oh, I got this. It's spam. Well, you ain't seen nothing yet. Let me ask you a question. I mean, it seems like every year we look back and it's like record spending on cybersecurity, 80, 100, you know, billion dollars and it's growing, but the threat keeps escalating. Bad guys, they're highly capable. The adversaries are motivated because there's big dollars there. How do you see CISOs dealing with that moving target? Yeah, we see several trends. And, you know, I even spoke to our team that leads the data protection practice. One of the trends that they really brought to my attention was the collaboration and the collaboration that needs to take place both in enterprises and across ecosystems. So touching on within the enterprise, you're seeing CISOs, you know, much more now involved in data storage and data protection decisions. It used to be something that was more made at the IT level. And as we see end-to-end security and zero trust becoming more priority, the CISOs being brought in. And that brings another collaboration I think is really important. And that collaboration is ecosystem with vendor partners. That's between the enterprise and the vendor and then vendors themselves. So, you know, I mentioned earlier, you know, the root of trust at Broadcom. And then of course, you know, Dell has shown some preference in their PowerEdge servers for the Broadcom Nix. And that's because there's a collaboration going on between the OEM, between the component maker. And that of course ends up being something that integrates all the way down to the enterprise where they're getting the best technology hardened for both the hardware, software and these you and I have kind of alluded to throughout this conversation into the culture. Also, we see continued investment. As we mentioned, I think at the top of the show Dave, you know, IT spend is sort of seeing a shift. More spend is going towards security. Companies need to secure their environments. They need to know that they have their customers data and all their other critical data that it's available and that it's obviously going to be brought back in the event of an emergency. So that investment needs to be made and it needs to be made to try to get ahead of more of these risks. Because right now security has too long been reactive. So by having those collaborations, working with the ecosystem, and then of course being more proactive and investing to reduce risk of threat, those are the things that are going to be done that are going to hopefully help CISO start to solve a problem that by the way, that will be continuous, will be pervasive and will never go away completely. Yeah, and great, great comments. And of course the generative AI, the hackers are going to have it. One of the things that GPT is good for is ideation. So maybe it can help us be more proactive. Last question. When you think about the increasing sophistication, the frequency of cyber threats and cyber attacks, do you think organizations will really integrate backup and recovery solutions as a core component of their zero trust security strategies? What are your thoughts on how viable that strategy is to improving overall cyber resiliency? Yeah, if you're familiar with the NIS zero trust framework, the protection of critical data assets is actually a pretty important part and it's specifically called out. And so that sort of gives us a de facto answer of yes. I think the relationship is symbiotic between data and security right now. And I expect that being able to deal with and recover critical assets quickly is going to be a really core part of zero trust. Now, obviously zero trust is like we said in the beginning it's treating everything like there's a risk, everything like it could fail, but we do know Dave that no matter what ends up happening there will be malicious attacks, there will be parameters that will be compromised and that can happen to some of the best CISOs and CIOs in the world with the most sophisticated cyber security. So it's all about making those investments. It's about investing upfront, investing consistently and of course building that culture where security is laid into it from the very onset from every worker in the company it basically touches the IT. So put into a really short sort of thought, you know security needs to be addressed everywhere in the IT step from the Silicon layer to the human layer on hardware and on software. And of course everyone who touches enterprise IT needs to be part of a zero trust environment. Data protection has to be part of it but don't see any other way. Daniel, as always, awesome comments. You're such a clear thinker really appreciate you coming on the program. Great to be here Dave, see you soon. All right, keep it right there. We'll be back right after this short break.