 Hello and welcome to IBM's Beyond Firewalls, Resilience Strategies for All, focused on the importance of cyber and data resilience. I'm Rob Streche, managing analyst with theCUBE Research. Today I'm joined and very excited to be joined by Dell Hoobler, who's the principal storage specialist with IBM. Welcome Dell. Ah, thanks Rob, it's really great to be here today. Yeah, it's always great to be live in the studio where we get to talk about these things because I think getting practical about cyber and data resilience is the key in the name of this. It's something I hold near and dear to my heart is having been an IT practitioner and been on the customer's side as well as being on the vendor side. And I think organizations really need to understand and have a better focus on this, especially with all the threats that are going on. We've had a couple of your colleagues on already. We've covered a wide range of things from some of the data to what's going on with Defender. In your mind, what does it mean to be data resilient? What does that really mean to you? Yeah, Rob, it used to be 10 years ago, you talk about backup, it's like you put data on the shelf and you only bring it back when you need to, right? Well, it's different nowadays. There's a serious threat against us, right? These guys are after our data. And to be data resilient, yeah, you have to keep the bad guys out, but you gotta assume they're gonna get in. So you have to put your perimeter defenses up, but you need to make sure your copies of data are secure and cannot be messed with. Yeah, I think that's key. And like you said, I mean, I can remember sending 80 terabytes, which at the time in 2002 was a huge amount of data to be sending offsite on tape every night. And then trying to bring it back and trying to even make it usable in an emergency was, there was just not a lot, it was a lot of run books and things of that nature. How are, you know, how can, and why should people really care about this? And why should they really take that next step? Because I mean, again, like you said, we've been doing things for quite some time now. Yeah, absolutely. I mean, right now, compared to five years ago, it's the most important thing to do for your business today. If you're not cyber resilient, you're going to be in trouble. You need to make sure that your data is safe because it's now, it's a warfare out there. It's warfare. For example, I was in, I was actually at the MGM. Everybody probably knows about the MGM attack already now. I was there right when it was happening. Experiencing something like that firsthand, it's like, wow, right? Now these guys aren't just taking casinos. They're attacking hospitals. They're attacking infrastructure. They don't care who they're attacking if they can get money from them. And now you've got cyberware for out there, which really is about, I don't care about extorting your data. I care about bringing your infrastructure down, bringing your hospitals down. So that scares me. So now this is a real mission for me now because they are not, it's not just a backup anymore. It's critical data that they're after trying to bring us down. And so it's really, really exciting to be able to levy this attack against them. Yeah, I think it's critical. I mean, data really is the crown jewels in the intellectual property of most organizations at this point. And as people know, you're gaining more and more data. You have AI out there. You're trying to build models on top of that data. And as we see, organizations just are trying to figure out how do I get started with this? And how do I really start to become more resilient, especially the ones that are on the smaller side of the scale as well as they're trying to understand where do I start? What are the things I get? The MGMs, I mean, they have huge IT budgets and huge organizations, but where should everybody look to, take, put a stake in the ground and this is where you get started? That's a great question, Robin. I get asked that all the time because one time they'll say, hey, you know what, this is so big. I can't boil the ocean. I'm not even gonna start it, right? So it's kind of like one of those things, like I gotta go do all of this. I'm just, I'm gonna give up on it, right? Well, no, you can take baby steps. Cyber security, data resilience is not about an on-off switch. It's a spectrum, right? From very weak to very strong. You never can be perfectly data resilient. The most important thing is to get started, right? You gotta take that first step. Your business, your company relies on it, right? And in cases like hospitals, for example, I'll talk about one of those in a few minutes. This is critical for patients to stay alive and I mean that. So taking that first step, just take it. You can sit down and take a cyber resilience assessment available from us, free of charge, vendor agnostic, we come, we sit down very, very informally with your security team, your storage team and your infrastructure team. We just ask you some questions. We don't ask if you're using IBM. We don't ask if you're using XYZ. We ask you basic questions that say, do you have a plan? Have you tested your plan? And so at the end of that, you get an assessment and you'll say, hey, I'm weak here. I'm strong here. Maybe I could use some help. So sit and then you can sit down with your IBM friend or your business partner and have that conversation. How can I improve this, right? How can I get better? Yeah, and I think we had Jeff and Chris on earlier and talking about NIST and the NIST 2.0 framework, which is in draft and being looked at and how you can start to move around the wheel and picking little places to start. And I assume that's where this assessment really helps you is, hey, let's look across that and get a better idea, understand your own gaps. That's exactly right, Rob. So where am I good? Where am I weak? Where did I need to start shoring up a little bit and then you can take the baby steps, get a little bit stronger here, a little bit stronger here, right? Everybody's got, say, I don't have any money to go be stronger. I need to do this, right? Well, you have to do this, right? And you don't have to do it all at once, right? That's the beauty. Number one, start by making sure your data's encrypted because first thing you're gonna do is try to extort you or extort your customers. So if your data's encrypted, guess what? Your data's saved, they can't extort you there. The next thing to do is make it immutable because the first thing that they're doing is going after your backups. They're going after your snapshots. If your snapshots and your backups are locked and secure, guess what? You have somewhere to restore from if they go after your primary data. So just take that first step, take that cyber resilience assessment and we can help you when you start taking those right steps to get cyber resilient. Yeah, I think that's the key is that everybody, no matter the size of the company, no matter if you're public or private, really needs to take, because it becomes one of these things that, and I think, again, Chris and Jeff were talking about, on average, some of the research that IBM has done is like 300 days, almost a year, of somebody being inside the company and not knowing, and I've seen it firsthand with some of the companies I've been with and organizations I've talked to that hey, they may understand and see that somebody's in there, but they're trying to get started and where to start and figure out how they got to that place. They hadn't done tabletop exercises. They hadn't done things of that nature. So let's dig in and really share some of those practical insights, because you see way more of this than I do. And I think, how has it been or where have organizations and some real life examples of where they got started and how they went through this journey? Yeah, great question. So let me start with a city in Massachusetts, local around here, right? One of the things that they didn't understand is how long would it take to recover my data? Because one of the key things that people don't understand is I have a backup. I can restore from the backup, I'm good, right? Well, when they tried to recover their data, it took two days to recover the data. It's like, wait, if it takes me two days to recover the data, I'm in trouble. The services for my city are down. So I am in trouble. I need to do something better. So it's not just about recovering your data, it's about recovering those key applications in your company that are providing services, right? So you need to make sure not only can I recover my data, but I can recover it quickly. So in this particular case, the first thing we did is we made sure their data was locked down. The next thing we did is we made sure their tier one applications could recover in a timely manner so that the services, providing service to the citizens of the city, we're not gonna be without services for two days for that recovery to complete. So that's number one, right? So we had a real case where we're able to go in there, make sure that, hey, those serious applications that need to be there for the citizens, we can recover them in minutes, not days, right? There's another example of a hospital in the Midwest. Of course, all the hospitals, a lot of the hospitals use Epic, which is a key application for patients sitting, whether they're in the emergency room or just a doctor visit. They did a test recovery of an Epic database. Of course, these things are very large, right? All the data that's in there, those Epic databases, right? Very large, and it took them two days to recover their database. Now, when you have a patient in the ER that needs some medication and the Epic database is down, which was attacked by a cyber attacker, by the way, they could not recover it timely. So they said, nope, our patients are number one. We need a better solution. So we were able to say, let's lock your data down, they can't delete your backups, and then let's make sure your recovery can happen faster. So that's another real example that affected patients' lives, and that really, really hit me home. And so helping design and architect their solution for cyber resilience was very, very helpful. Yeah, and I think you hit on, you want to test it before you get to it as well, and you want to understand that you have a known good and you have an outcome. And I think those are critical things that people really need to understand. It's not all about just the technology that goes in there that your IBM can help you with, but it's really about the people and the processes that go along with that. And is that what you're seeing is people trying to get more out of their infrastructure and really partnering up with somebody like an IBM so that they can join together on that? Yeah, that's exactly what we're seeing, right? One of the things now that we know in this industry is that practice, when the time comes, practice, practice, practice, then you know you can actually deliver, right? It wouldn't be surprising to know that most customers have not tested a recovery. And if they tested a DR plan maybe once or twice a year, well, a DR plan, that's for that case when probably something maybe never happened, right? A cyber recovery, you're going to get hit. So having a tested plan, maybe preventative testing, scanning, right? Making sure that when I recover, A, I know, because I tested it last night, I scanned it last night, and I know I can recover it in five minutes because I tested it last night. And I have a report that shows it. There's nothing that the CISO loves more than seeing that report that said I tested last night's backup and I recovered it quickly and I can prove. So again, basic preventative measures, proactive measures makes it when it happens, you're good. Yeah, attestation and all of that, all the reporting that goes into that and tying in with that we were just talking to Ram about how we really tie things together from a perspective of how cyber and DevSec and DevSecOps and really in SecOps need to come together in that. Are you, when you're talking to customers these days, are they taking a seat at the table as well and you're having discussions not just with storage people, even though that's in your title, but you're seeing that others like the SecOps people are coming along as well. Yes, absolutely. It used to be that the storage people said over here and the security people said over here, they'd meet each other at the water cooler and talk about the football game last night or whatever. But now, guess what? They're needing to talk together because they have to share information. So the communication between the two, the better it is, the more, the better chance they have of being cyber resilient. So having those conversations with both people in the room saying, oh, I thought you were doing that or I thought you were doing that. Well, you need to be doing it together. So security, infrastructure and storage together, make sure that you can have the end-to-end data resilient solution. Yeah, and I think, like you said, using the cyber resilience assessment as a key that's funded by IBM that, hey, comes in and gives you that kind of here's your gaps and bringing everybody to the table and having the same sheet of music to sing off of as well as one of the critical pieces of that. Yeah, absolutely. When you all have a plan and you see the plan, you review the plan, executing the plan together, for A, it's more expedient and it's more efficient, right? So having that plan, that cyber resilience, the assessment done, again, it's a couple hours of your time and what comes out of it is invaluable. Now, here's the other thing and I think maybe Chris talked a little bit about this. When the security person, the infrastructure person, the storage person all sit together, they get tremendous value saying, guess what, we can do this better, we can do it faster, we can do it more efficiently. So that cyber resiliency assessment will help you get a plan together and then execute. Yeah, I think that's so key. I think being prepared is one of those mantras I've always held very dear to my heart and having been there and had to actually execute my DR plans multiple times. I can tell you that you don't want it to take two days to bring something up that, somebody like a government agency or somebody like you said, you're a patient in a hospital and you can't have your surgery. That's not what you want to hear when you're going in there and you have something wrong, so. No, absolutely, you're right on Rob, you're right on. Yeah, well thank you, Del, for coming here and joining us and again, it's always great to be in person and be able to talk through these things. It's a critical piece of understanding cyber resilience is a team sport and understanding that data plays a huge role, a pivotal role in that as well. It does and my message really is just take that first step, right? Because you need to do it for your company, you need to do it for your business, you need to do it for the constituents, right? So making sure that you take that first step, it's not hard, you're not alone, don't worry about it, just take that first step, that cyber resiliency assessment and we can really help you get to a cyber resilient infrastructure. Well thank you again. Thank you Rob. And thank you, and remember you can stay up to date on all things cyber and data resilience by visiting silkenangle.com. Also we'll link to the cyber resilience assessment in the resources tab down below. I wanna thank you for watching and joining us for this episode of IBM's Beyond Firewall's Resilience Strategy for All on The Cube, the leader in high tech enterprise analysis and coverage. Stay tuned.