 Hi everybody, we're here in downtown Seattle covering AWS Storage Day. My name is Dave Vellante with theCUBE. And we're really excited. We're going to talk about rethinking data protection in the 2020s. I'm here with Nancy Wong, who is the general manager of AWS backup and Satish Lakshmanan, the director of storage business development at AWS. Folks, welcome. Good to see you again. So let's talk about the evolution of data protection. You've got three major disruptors going on. There's obviously the data explosion. We talk about that all the time, but there's cloud has changed the way people are thinking about data protection. And now you've got cyber. What's AWS's point of view on all this? Yeah, great question, Dave. You know, in my role as the global head of storage business development and solution architecture for storage, I have the privilege of working with customers all around the globe in every geography in every segment. And we recently talked to thousands of customers and we did a survey of about 5,000 customers. And many of them told us that they expect to see ransomware attack once every 11 seconds. So it's top of mind for almost every customer, so much so that if you remember earlier this year, the White House issued an executive order, you know, making the nation aware across public and private sector about cybersecurity and the need for us to be prepared. Customers as a result, largely think of not only ransomware protection, but also recovery. And they have largely allocated budgets across every geography to make sure that they're well protected. And in the event of an attack, they can recover from it. That's where Nancy's, you know, data protection services and backup services come into play. And maybe she'll add a few comments about how she approaches it from a technology perspective. Yeah, please. Sure, thanks, Ateesh. Yeah, as a general manager of AWS Backup and our data protection services, it's really my team and my charter to help our customers centralize, automate, and also protect themselves from attacks like ransomware, right? And so for example, you know, across our many services today, we offer AWS Backup as a secondary data collection and management across our many AWS regions and also across the many AWS accounts that a single customer must manage, right? And if you recall, having multiple copies of your data exist in backups is a core part of any customer's ransomware protection strategy. And lastly, I just want to say something that we just launched recently called AWS Backup Audit Manager also helps you operationalize and monitor your backups against any ransomware attack. So the adversary obviously, as we know, was well-equipped and they're quite sophisticated. And anybody who has inside access can become a ransomware attacker because of things like ransomware as a service. So what are you specifically doing to address ransomware? So in talking to several thousand of our customers, what we've learned is customers are typically vulnerable in one or more three scenarios, right? The first scenario is when they're not technically ready. What that means is either their software patches are not up to date or they have too many manual processes that really prevent them from being prepared for defending it against an attack. The second is typically around a lack of awareness. You know, these are situations where IT administrators leveraging cloud-based services are recognizing that or not recognizing per se that they're EC2 instances, Lambda instances have public access and same applies to S3 buckets. And the third is lack of governance and governance-based practices. The way we are educating our customers, training and enabling them and empowering them because it's a shared security model is really through our well-architected framework. That's the way we share best practices that we have learned across all our customers, across our industries, and we enable and empower them to not only identify areas of vulnerability, but also be able to recover in the event of an attack. Nancy? Yeah, and to add to that, right? Our team, my team and I, for example, watch every ransomware incident because it really informs the way that we plan our product roadmap and deliver features that help our customers protect, detect, and also recover from ransomware. So there's an e-book out there suggesting I'll check it out of securing your cloud environment against ransomware attacks. And aside from the technical maintenance suggestions that Satish provided, as well as the security awareness suggestions, there's really two things that I usually tell customers who come to me with ransomware questions, which is one, right? Don't rely on the goodwill of your ransomware attacker to restore your data because, I mean, just studies show over 90% of ransom payers actually don't successfully recover all of their data because, hey, what if they don't give you the full decryption utility? Or what if your backups are not restorable, right? So rather than relying on that goodwill, make sure that you have a plan in place where you can recover from backups in case you get ransomed, right? And two is make sure that in addition to just taking backups, which obviously as a GM of AWS backup, I would highly recommend you do, right? Is make sure that those backups are actually restorable, right? Do game day testing, make sure that it's configured properly because you'd be surprised at just the number and the sheer percentage of customers who when, let's say, the attack happens, actually find that they don't have a good set of data to recover their businesses from. Oh, I believe it, backup. As one thing, as they say, recovery is everything. So you got the AWS Well-Architected Framework. How does that fit in along with the AWS Data Protection Services into this whole ransomware discussion? Yeah, absolutely. The AWS Well-Architected Framework actually has four design approaches that I usually share with customers that are very relevant to the ransomware conversation. And one is anticipate where that ransomware attack may come from, right? And two, make sure that you write down your approaches whereby you can solve for that ransomware attack, right? Three, just like I advocate my teams and customers to do, right? Then look back on what you've written down as your approach and reflect back on what are the best practices or lessons learned that you can gain from that exercise. And make sure, as part four, is you consistently plan game days where you can go through these various scenario tests or ransomware game day attacks. And lastly, just as a best practice is ransomware recovery and protection isn't just the role of IT professionals like us, right? It's really important to also include HR professionals, legal professionals, frankly, anyone in a business who might come and be compromised by ransomware attack. Make sure that they're involved in your response. And so Satish, I'd love to hear as well how you communicate to customers and what best practices you offer them. Yeah, thanks Nancy. I think in addition to the fantastic points you made Nancy, Dave, the well-architected framework has been built on eight to 10 years worth of customer engagements across all segments and verticals. And essentially it's a set of shared best practices, tools, training and methodology that we exchange with customers in order to help them be more prepared to fight ransomware attacks and be able to recover from them. Recently, there've been some enhancements made where we have put industry or use case specific lenses to the well-architected framework. For example, for customers looking to build IoT applications, customers who are trying to use serverless and laminar functions, customers who may be within the financial services or healthcare life sciences vertical, looking to understand best practices from other people who've implemented some of the technologies that Nancy talked about. In addition, as I talked about earlier, training and enablement is extremely critical to make sure that if companies don't have the skillset, we are basically giving them the skillset to be able to defend. So we do a lot of hands-on labs. Lastly, the well-architected framework tool has been integrated into the console and it gives customers who are essentially managing their workloads ability to look at access permissions, ability to look at what risks they have through malware and ransomware detection techniques, machine learning capabilities built into all the services that are native to AWS that allow them to then react to them. If companies don't have the skills, we have a lost network of partners who can help them basically implement the right tech technologies and they can always reach out to our technical account manager for additional information as well. Yeah, I love the best practice discussion. For customers, it's a journey. I mean, CSOS tell us their number one problem is lack of talent and so they need help. So last question, what can people expect from AWS and you're the experts in just in particular, how you can help them recover from ransomware? Yeah, and that conversation is ever-evolving as hackers get more sophisticated than clearly we have to get more sophisticated as well. And so one of our mental models that we often share with customers is defense in depth. So if you consider all of the layers, including all of the constructs that exist natively on AWS, the first layer is through identity access management constructs. So building a trust radius around your workloads, around your applications, whereby you can deny permissions or access permissions to individuals who are not authorized to access your mission critical applications, right? Then beyond that first layer of defense, the second layer should be automated monitoring or observability, for example, if individuals were to penetrate within your security perimeter. And oftentimes, that could be done through a delayed response where it gives your CISO or your security operations team the ability to react to such unauthorized access, for example. And so the third line of defense is if someone were to penetrate both first layer as well as the second layer, is actually through backups. And this is where it goes back to what I was mentioning earlier, is make sure that your backups are ready and able to be restored and have the RTO and SLA guarantees that help your business remain functional even after an attack. Excellent, guys, we got to go. I love that. Zero trust, layered defenses, got to have the observability and the analytics and then the last resort, RTO and of course, RPO. Guys, thanks so much. Really appreciate your insights. Good to see you there. And thank you for watching. Keep it right there for more great content from AWS Storage Day.