 From Chicago, it's theCUBE, covering Veritas Vision Solution Day 2018. Brought to you by Veritas. Welcome back to the windy city, everybody. My name is Dave Vellante. We're here covering the Veritas Vision Solution Days at the Palmer House Hotel in Chicago, right near the lake. You're watching theCUBE, the leader in live tech coverage. Lerlene Brown is here. She's an independent security consultant with CJJFC Lerlene. Welcome, thanks for coming on theCUBE. Thank you for inviting us. CJJFC, what are you guys all about? Well, basically, we're a restart-up company, small, independent company. We work with SMBs and nonprofits in dealing with their security issues, basically. No matter how big, how small, it's the small companies that have one of those things that is not going to happen to us. Oh, if it does happen, what do we do about it? Because they hear about the big reaches, but it can happen to a small company as well, or an SMB, especially in limited budgets and stuff. How do we deal with that? How do we deal with ransomware? How do we pay it off? A lot of questions and stuff like that, they're really concerned about, but a lot of them have the attitude, it's not going to happen to me, something like that, but it can happen. There's a lot to talk about there. So let's start with small business. Small business, there's oftentimes not even a CEO. It's an owner, and the distance between the owner and the IT is very short. It's a flat organization. Like you said, they have so many things to worry about. The last thing they want to worry about is security. A lot of times they'll have the attitude of, well, I'm not really a target, which is, well, yeah, you are, but so. And a lot of them just clearly don't have, they don't have a SecOps team. That's true, that's true. Many of them just rely on cloud. They have a zillion different SaaS products. They'd rather not have IT. So that sort of, I think, paints a picture. That's true. How do you help them? And do they contact you? Do you contact them? Well, it goes both ways. Basically, a lot of them don't even have an IT department or an IT person. They go on by, somebody knows how to work a computer, turn it off and on, make sure the stuff is backed up. Fred's really good with this, ask him. And then turn it off at the end of the day. But so you have to deal with that. You also have to deal with, if they do have an IT department, it's one person's gonna deal with a whole lot of issues. Back up, where is it gonna go to? Do we have a cloud provider? If we do, who is it, what is it? Do we have anything else? Do we have on-site permits or off-sites? So it's a lot of stuff we gotta do. And the main bottom line is budgeting. Do we have the money or the budget to get this stuff that we basically need in order for us to survive? Because this boils down to, if you don't have it and something happens to you, something major, or crash or whatever, do you have the backup? Do you have something viable to say to your clients, oh, we're okay, we got your data, we're secure, we can go on with business as usual, or do they just go off and find somebody else? So we always talk about in theCUBE, people process and technology, bad security practices by users, it always trump good technology. So I presume a lot of your consulting is around people and processes. That's true, that's true. And a lot of this is in transition. You know, a good example, when Windows decided to go from XP to seven and eight dollars, it was a big brouhaha about it. Some people still want to deal with XP. They don't want, because they hear about how good Windows eight or 10 is and stuff like that, but a lot of people, it was a slow transition for a lot of people to move over from XP because it was very dependable. You didn't hear a lot of problems out of it. All of a sudden, you hear, oh, Windows 10, we got some issues, we got some stuff we got to fix. And it's kind of like a panic attack mode. You know, you're in those panic modes. Do we want to go back to XP, or do you want to, you know, what of our records are in XP, but we want to go to 10, where they transfer over? How secure is going to be that? How secure is that? So it's like that kind of example. It takes time for people to slowly migrate from one thing to another to make sure it's safe and it's dependable. And also it's secure enough that it can be comfortable with it. So when the next phase comes up, they can be a little bit more comfortable and saying, well, okay, we go to Windows 12 or something like that. And then we'd be okay from 10 to 12, and there are no problems with it. So that's an example of just because you're basically having core infrastructure that's kept up to date, you're up to date on patching. And it's a basic security hygiene. There's also the perimeter, and we always hear, well, people spend a lot of time and effort and money on the perimeter, but people are going to get through the perimeter. Fishing is a huge problem. Yes, it is. You know, the threat matrix with mobile, you know, you got a zillion mobile apps and it's impossible to keep them up to date. So our small business owners, which I presume is your primary discussion point, how aware are they of this problem? On a scale of one to 10, is it a two? Because they have so many other things to worry about. Is it escalating up to a six, seven, eight? It depends on the company. Some are twos, and some are fives or six, and one size is enough at all. And that's one thing they have to realize that one can do more than the other, and some can do less than the other. But all depends on the company, their attitude, and it boils down to trust. Do we trust ourselves enough to go into that next phase of updating our security or updating our software and all that stuff, the patches and stuff? Do we have the equipment to have that ability to do that as well too, because you got to look at your budget costs and use security. That goes hand in hand. Back up in security used to be largely two separate domains, sort of in their own little islands. They're almost, you know, there would certainly intertwine today. Why is that and how are those two worlds coming together? Well, I think it was a gradual process because everybody wanted to keep things separate, but they found that there's a whole lot of commonality, a whole lot of links that they finally come to realize it's together dealing with security because if you didn't have security, we would have more than enough breaches than we have now. Especially with small businesses, you can't afford to have a breach, because that makes it break your company. So you have to look at that and say, well, we need that, but like I said, within the perimeters of your business. Some can afford more, some can afford less, or just stabilize what they have now. Okay, so let's talk about ransomware a little bit. Everybody's in the news. As a small business owner, you're like, wow, God, I hope that never happens to me, but a lot of times they're thinking, well, that's never gonna happen to me because I'm the small guy, but it could happen. And so what do you advise people to do? You're trying to create air gaps. What role does backup and data protection? Backup is a major thing especially. Especially if you have a lot of old data and you wanna make sure you have that because once it's lost, it's lost. A lot of people are not really familiar with ransomware, they hear about it, they think, oh, they hold my, you know, I have to, it's just like anything else, like if you're kidding at somebody, you know, you're holding from ransom, you want this amount of money in order to get that person back. Ransomware's the same thing, but you're using bitcoins instead of money, which technically is money, but a lot of them don't have that thing about, it's not gonna affect me. Like you were talking about earlier, does it affect me? How will it affect me? Or read up more about it. A lot of people that have not really read up about it, hear the word, it's like a buzzword, and they say, oh, ransomware, what is that? Is that a new software product or is that a new software product, you know? So they have to really keep informed and keep up with what is going on, especially in small businesses, where the possibility is, I think it's more greater than big businesses. The big businesses can recover. Small businesses can't. As much. The big businesses, they've got the resources and they know what ransomware is. They've maybe created some kind of air gap between their data center and their offsite. They've got something in the Iron Mountain and in the archive. Maybe they got stuff on tape, small companies. They don't even think about this. What resources do they have? Well, do they have enough resources as well? And have they kept up with the different kind of resources that are available, especially gearing towards them. What's your relationship with Veritas? Why are you here? You're not a customer. You're not a big, dull partner. But what brought you here? I don't want to see what's going on with Veritas. I've heard a lot about it. And we're here to get some information and how we relate to what we're going to be dealing with future customers or present customers and stuff like that. So that's basically what we're here for. So from gather information, sort it out how it'll affect small businesses and nonprofits and how it can help them and benefit them as much as for larger companies. My last question for you is, can you summarize the advice that you would give to a small business owner or a nonprofit, MD? What do you tell them in the context of security and data protection? Back up, especially back up and do your homework. A lot of them do your due diligence because it makes a breakthrough. And so they listen to that advice? Some of them do and some of them, it's up to them. I have to say it's up to everybody as an individual, you can't say, but just look at what happens to other people, find examples, talk to other people that you know and do your homework and back up, back up, back up. Ignore that advice at your own peril, Erlene. Thanks very much for coming on theCUBE. Thank you very much for inviting us. You're very welcome. Okay, you're watching theCUBE. We're here at Veritas Vision Day in Chicago. We'll be right back right after this short break.