 Live from San Francisco, celebrating 10 years of high tech coverage, it's theCUBE. Covering VMworld 2019. Brought to you by VMware and its ecosystem partners. So good to have you here with us on the first day of three days of live coverage here in San Francisco as theCUBE continues its 10th year of coverage here at VMworld 2019. Along with John Troyer, I'm John Walls, glad to have you with us, and we're joined now by Bita Holman, who's the Vice President of Storage at IBM. Bita, good to have you with us this afternoon. Thanks for having me. You bet. The problem or your everyday assignment is what is keeping so many people up at night, right? And that's how do we defend ourselves, you know, cyber? How do we develop these resilient networks and these resilient services? Give, let's take a step back for a second and just try to paint the scope of the problem in terms of what you're seeing at IBM in terms of cyber intrusions, the nature of those attacks and the areas that they're happening. Yeah, and I'll tell you from a client industry perspective, right, touch on that a little bit, but cyber resiliency, cyber security, it's just a huge topic. And this is something that every business thinking about is talking about and it's not just a discussion in the different departments, it's actually at the C-suite level, the board level, because if you think about it, cyber crimes as frequent and they are and as impactful as they are, they can really affect the overall company's revenue generation. The cost of recovering from them can be very expensive. We're talking about more than just breaches here. I mean, every week we hear that ransomware is at the moment is very interesting or well, it's very prevalent and we're here, I honestly hear a lot of government, like small count governments or state governments or municipal governments, maybe because they have reporting requirements, I don't know what goes on underneath in the private sector, but it seems like that is one of the things. That's right, that's right. And we hear it in the news a lot, right? We hear about ransomware quite a bit, it's data breaches, it's other types of things, but when you look at some of the analyst statistics and what they say about the frequency of these types of events and the likelihood of a business getting affected, I read where a likelihood of a business getting affected by a cyber event is one in three. Used to be one in four a couple of years ago, one in three over the next two years. Ransomware in itself is increasing frequency I think it was like every 14 seconds, there's a ransomware attack somewhere in the world. And the cost of this is tremendous, it's in the trillions of dollars, both from recovering from that attack, the loss in business and the revenue generation and actually the impact to the company's reputation, right? And again, not just ransomware. And it's happening in many industries, you talked about government, it's in manufacturing, it's in financial, it's in health, it's in transportation. And when you step back and say, how is it so broad? Well, when you think about every organization to some extent is going through some level of transformation, their digital transformation, their leveraging capabilities like hybrid multi-cloud, having resources on-prem, workloads on-prem, some services in the cloud, they've got team members that are using mobile devices, some companies depending on their business might have IoT. So when you look at all of those entry points, these are new ways that the bad guys can get into an organization, that creates the scale and the complexity just gets very, very large. It used to be that you'd have a backup, the traditional way for business resiliency used to be, you do a backup, you have the data on an external system, you restore it if something happened. And then there was a business continuity, you'd have a secondary infrastructure that in the case of an accident or some kind of a natural disaster, which didn't happen very often, you'd have somewhere to, you know, a secondary infrastructure. But all of those were designed with the likelihood being very low of happening and then the recovery times and the disruption to business was somewhat tolerable. Well these days, with all of the dynamics that we're talking about and all the potential areas of entry, you need a more of an end-to-end solution. And that's what a lot of the strategy, the cyber resiliency strategy that is really, you know, comprehensive. And that's what a lot of the businesses are thinking about today, is how do I make sure I have a complete solution and a strategy that allows me to survive through and come up very quickly after an attack that happens? I think most people recognize the attack is going to, they're going to get impacted at some point. So it's not if, but it's when and when it does, how do I quickly recover? Well you even said it with the statistic that one in three every two years, so I mean, my math tells me that in six years' time I'm going to get hit by that standard. But that tells me that it's not if, it is when. So in terms of the strategies that companies are adopting that, I mean, what do you recommend? What do you suggest now? Because you paint in a realistically grim picture that there's just so many different avenues, different opportunities, and it's hard to put your fingers in all those holes. But I think that there's a lot happening in this space. And I think that there are different standards, a lot of regulations, but one that has been accepted and being leveraged in the US is around a framework and some guidance that the NIST organization, National Institute of Standards and Technology, it's a framework that they've put in place, a guidance on how do you plan for, how do you detect and then recover from these types of situations. And I'll talk about it a little bit, but it's a very, very good approach. It starts with, you know, an organization needs to start by identifying what are some of the critical business services that their business is dependent on. What are they and what are the systems? What are the workloads? What are the applications? They identify and then what's the tolerance level? How quickly do you need to come up? Right, what's the RPO, RTO? And based on that, develop and prioritize a plan. And that plan has to be holistic. It involves, you know, from the CIO to the CISO, the security office, to the operations, to the business continuity, to the data owners, a line of business, right? And then in this environment, you've got partners, you've got services you're leveraging, all of that has to be encompassing for those key services that you identify and prioritize as a client that you need up and running and up and running very quickly. One of the examples of a client financial institution they determined they had 300 services. They needed up and running within 24 hours in case there was a attack or in case something happened to their data or their environment. And that they defined as what their requirement was. And then you go about working with them to do a few things, so you identify and then there's other phases around that that I can talk about as well. I always kind of go over to IBM a little bit in that obviously, so you're with IBM and we're talking about storage. Many people may not realize how integral storage is now in PIS security, but IBM brings to the table a lot more than just storage. So can you talk a little bit about that portfolio and IBM's approach? Sure, sure, so when I talk about the NIST framework and I talk about the identify stage, there's also things around protection, protecting the environment and those services and those systems, the infrastructure. We do a lot in that space. It's around detection, so now that you've got the protection and protection might include things like having identity management, having access control, having just making sure the applications are at the latest level, code levels. Oftentimes that's where the vulnerability comes in when you don't have those security patches that install data protection. And when it comes to that segment, we've got a very rich portfolio of data protection capabilities with our spectrum protect offerings. From a protection perspective, doing into an encryption, having capabilities where the infrastructure is designed to have multiple types. You can have physical separation, so you can have air gap. Things like tape are ideal for that because it's physically separated. Tearing to the cloud. You can have technologies like Write Once, Read Many to where they're immutable. You can't change those. You can read them, but you can't change them. We've done a lot of work and innovation around what we call safeguarded copies. This is making snapshots, but then those snapshots are not deleteable. They're access-controlled. They're read-only. And so that allows you to very quickly bring up an environment. I think some people don't realize that what I've seen some patterns of, well-known that sometimes these things hide. They'll be in there and they'll be innocuous. And then, so you can't just restore the last backup. That's right. And they may try to rewrite the backup, so you may have to go back and try to find a good one. Absolutely, and detection is very important. I mean, detecting that as early as possible is the best way to reduce the cost of covering from these kinds of events. But like you said, I think I want to say 160 days your environment may be exposed for 160 days before you actually detect it. So having capabilities in a portfolio, in our offerings, and we do a lot working with our research team, our security team, on things like our data protection where we have algorithms built in, where we look for patterns, and we look for anomalies. And as soon as we see the patterns for malware, ransomware, we alert the operator. So you don't allow it to be resident for that period of time. You quickly try to identify it. Another example is in our infrastructure management software where you can see your whole heterogeneous storage environment. You typically start out by baselining a normal environment similar to the backup piece, but then it looks for anomalies, right? And are there certain things happening in the network to storage, and warns the operator. I almost get the feeling that sometimes it's almost like termites, that you don't realize you have a problem until it's too late, because they haven't been visible. And so in a 160 day window, whatever it might be, you might be past that, but because of whatever that attack was, it was malicious and as clandestine enough that you didn't find it, and it does cause problems. So as we're wrapping up here, what kind of confidence do you want to share with the end users, with people to let me know that there are tools that they can deploy, that it's not all grim reaper, but it is difficult. It's difficult, it's very real, but it's absolutely something that every business can have under control, have a plan around. And I mean, from an IBM perspective, we are number one leader in security. We're the leader in security when it comes to from N10, our focus is not just at a software level. It's starting from the chips we design, to the servers we deliver, to the storage, the flash core modules, SIPPS 140 compliance, the storage software, the data protection, the storage management software, all the way through the stack, all the way up through our cloud infrastructure. So having that comprehensive end-to-end security, and we have those capabilities, we also have services. There are services and our security organization that work with clients, establish these, evaluate the environment, establish these strategies and end-to-end plans, and it's really about creating the plan, prioritizing it, and implementing it, making sure the whole organization is aware and educated on it. You got to prepare, no doubt about that. Thanks for the time, Beena, we appreciate that. And yeah, it's not all doom and gloom, but it is tough, tough work and very necessary work. Back with more here on theCUBE, you're watching our coverage from VMworld 2019, here in San Francisco. And I'll see you guys next time.