Dell Technologies | Navigating the Road to Cyber Resiliency

thank you [Music] begin journey navigating the road to cyber resiliency the state of cyber security has never been more challenging for organizations you hear this narrative constantly and people might be getting sensitized to it but it's true organizations are rightly scared because of fear of the unknown namely surprise attacks by increasingly crafty hackers with sophisticated cyber tools organizations don't know what they don't know look even if you could prevent all attacks which you can't all it takes is one disgruntled or unethical developer with access or a careless or misguided person on the inside to compromise your systems literally in seconds and at a scale greater than ever seen before and the threats continue to evolve the latest concern to have gone mainstream of course is AI Foundation models like GPT are being used to escalate attacks through better phishing scams Automation and more while new techniques can also be used for defense it seems the hackers are always first to find novel and creative ways to break in or you know what they're even still exploiting Legacy tried and true methods of infiltrating organizations because let's face it with so many tools old and new it's impossible to keep up with the state of the art because you can't just get rid of technical debt overnight the point is there's been an unprecedented focus on greater preparedness for cyber attacks from Boards of directors even now public policy mandates from the government as such as our data shows cyber resiliency remains at or near the top of organization's I.T priorities but are we making progress well some organizations are closing the Gap we have to ask why are so many feeling less than confident that they're prepared and what can they do about it welcome to navigating the road to cyber resiliency my name is Dave vellante and I'll be your host of a new cyber security series that we're launching made possible by Dell Technologies here's a scoop silicon angle and Dell are kicking off a series of events and coverage on this critically important topic to run through 2023 we will be bringing together industry execs subject matter experts analysts Partners customers and more to help drive this discussion with the goal of arming all organizations with the information they need to navigate IE to map their own route to cyber resiliency today we'll introduce you to the first in a series of three programs our fundamental premise is that backup and Recovery sometimes generally referred to as data protection must become an integral part of a cyber security strategy it's really that simple you can't protect against everything you can't predict what will happen next and how severe it will be so your last line of defense that is the ability to recover from a breach has to be front and center on your journey to achieve a zero trust approach now we have three segments today first up is Rob emsley who directs marketing for Dell's data protection portfolio products he's going to help us set the stage and put cyber resiliency into context and I'll also share some data from the Dell global data protection index and we'll hear from Daniel Newman of the featuring group Daniel is a friend of the cube and recognizes one of the top Market analysts in the technology business he'll share his perspectives on the market zero trust and some of the top industry Trends and then we're going to close with Jim shook he's the director of cyber security and compliance practice at Dell Technologies Jim he's got a background as an attorney and spends a lot of time with customers and Boards of directors helping them to figure out how to reduce risk and we're going to pick his brain as to how to reduce yours with that let's kick off episode one of navigating the road to cyber resiliency [Music] wow lots of people on the road to cyber resilience today they know that the supercharge Innovation they need a foundation of modern data protection that includes recovery from cyber attacks excuse me I'm looking for modern data protection across any Cloud yeah any workload definitely oh you're looking for Dell Technologies Straight Ahead can't miss it thanks he didn't give us a chance to tell him that Dell data protection is modern simple and resilient All By Design see when he gets there [Music] okay we're kicking things off with Rob emsley who directs product marketing for Dell's data protection products Rob I'm really excited about the collaboration that we're doing the series and great to have you back in the studio oh it's great to be back Dave I mean it's been uh only a few months since we we did the future of uh multi-cloud data protection event with you you know and certainly you know we're really excited by you know this engagement that we are kicking off with this inaugural show yeah now as our audience knows we've covered many data protection topics on the cube over the years but this topic it seems to continue to dominate the headlines Rob why is that yeah I mean I think you're aware that every year we run a global data protection survey of rough and tough about uh 1200 customers around the globe and one of the things that we've really started to inquire about a lot more in our surveys is the question around cyber security and cyber resiliency one of the things that we found is that two-thirds of the organization surveyed last year are really concerned that they don't believe that their existing data protection measures and infrastructure is sufficient to cope with malware and cyber threats also the same amount two-thirds also believe that in the reality of of work from anywhere learn from anywhere that's actually increased their exposure to cyber attacks so certainly there's just a lot of concern as far as do I really have what I need in order to protect the business so it's interesting because basically you're saying that people are aware of it so some of these numbers might surprise you a bit when you think about just the sheer number of vendors that are offering Solutions in this space and as folks know you know Cloud really doesn't solve the problem so why do you think we continue to struggle so much I think a lot of it is because we have a very fragmented security Market I think we've um you know sort of seen research that says there's somewhere north of 4 000 incumbent vendors startups uh adjacent players addressing various points of the security landscape so we really believe that you know the challenges are that you know there's just a lot of inconsistency because there's so many solutions that are out there and that's one of the things that that we're already looking at here at Dell to try and address by you know bringing you know our perspective about how you actually navigate through this complexity well we saw this during the pandemic rob it was so much funding that went in and a lot of that went to cyber security and so people naturally say okay here's a tool that's going to solve this narrow problem let's let's try it because we have a you know maybe we just got snake bit and got got hacked and now we've got this new little Shiny Toy and so four thousand I mean that is just an incredible number yeah I mean I think it's the old adage that in order to solve cyber security challenges you need technology people and process and you really need to be uh wary of um vendors that come to you and say buy this solution and it will solve your problem you know I think the reality is that it's a multi-faceted challenge you know and that's where you really need to to look at you know the entirety of the problem you know and and break it down into into into piecemeal chunks that you can address and and and build a holistic solution okay so let me set up the sort of next part of our discussion we have a lot of noise in the market as we just talked about you got more sophisticated attacks you got too many organizations that don't have adequate preparedness csos tell us they still have a lack of skills inside their organizations so what we want to do with Rob is we want to go and understand like where do we go from here and more relevant to our series is what's the relationship between data protection and cyber resiliency so Rob how does Dell think about cyber security in general yeah well we really frame the conversation into into three specific areas the first you know is protection so it's really the the goal is to stay secure against evolving threats so that is certainly an area where you know all of the work that that many customers have done to protect their perimeter protect their infrastructure you know certainly if you think about some of the techniques within um infrastructure itself things like Hardware route of trust certainly work that we do with you know our partners like Intel within you know our data protection appliances even down to the components that we use you know so if you think about things like our broadcom components you know silicon root of trust becomes really so important also the fact that the infrastructure that you deploy comes through a secure supply chain you know that we guarantee you know hasn't uh has got to you in in a very secure way so protection Still Remains a key element of the conversation the second one though is really where I think this series is going to really focus on which is resiliency how do you withstand and recover from attacks and I think that's where the data protection and the backup and Recovery Market becomes such a close adjacency to the overall cyber security space you know backup has been around for a long time but I think that you and I have discussed how the entire industry is really spending so much more time now talking about how your data protection and your backup and Recovery infrastructure helps you become more resilient and allow you to recover from cyber attacks so those are two very key pieces and the last one I think is a real key element to Dell's message around security is you need confidence so yes protection resilience and great a lot of that is around technology and process but confidence really comes from the people that you work with and one of the great things that Dell is able to provide is a global set of resources that are able to not only help you implement techniques and processes and tools but also is there for you to respond when you need it and nobody knows when you're going to need it but the pure scale of Global Services from Dell you know we have many situations where we have been able to work with customers immediately when they need it you know and I think that's such a key important piece so protection resilience and confidence you know this idea and I'll share our audience knows that we've talked about this a lot during the pandemic so many cios told us that their their their resiliency their business resiliency was way too focused on disaster recovery so we talk about cyber resiliency we're talking about being able to survive an attack and specifically being able to recover and resume your critical business operations now Dell's been in the market for a long long time with cyber Recovery Solutions so my question is does your solution have staying power in the market and and what can you say that gives customers confidence that it's going to get them you know through the future this uncertain future that we face yeah so certainly if we go back to our global data protection research you know last year you know one of the um you know the really upsetting facts is that it's that 48 of the organizations that we surveyed had actually suffered a Cyber attack in the last 12 months that prevented access to their data so this is you know something which um you know is deeply concerning I think one of the realities is that um Bad actors are not only going after production systems but invariably they're going after backup infrastructure so as you mentioned they're literally half a decade ago and it was really after you know the infamous attack on Sony that we really introduced the concept of of isolation into our backup and Recovery Solution as a additional layer of security that we could provide to our customers to make them more secure and make their backup infrastructure more secure so really our cyber Recovery Solutions is really focused on three distinct areas first is immutability you know and certainly whether or not you're you're implementing a cyber recovery Vault immutability nowadays is is effectively something that you should be implementing across all of your your backup infrastructure you know certainly our backup appliances that have been in our portfolio as you know for for many many years you know have inbuilt security and inbuilt immutability and they have done for a very long time but we continue to to make those systems you know more highly protected with things like multi-factor authentication things like very specific role-based access control so that's on the protection side and certainly you would like to think that being able to recover from your your primary backup copy you know would be um you know your first line of of defense and your first line of recoverability but over the last six years we've been supplementing that with this concept of of isolation so immutability first isolation and then Intelligence being you know the second two elements of our solution and that's really where the whole concept of delivering a backup copy maybe not of all of your data but certain certainly of your critical rebuild applications systems and the data that they need in order to get you back up and running and make that that copy of that environment completely isolated from the rest of production from the rest of your backup infrastructure you know I like about what you're saying rob is I mean Dell technology is a product company but you're talking about much more than product it's a it's a wider scope the the supply chain security you know you know not just a single point product you're talking the services are a key piece of it you kind of alluded to that earlier I really appreciate you helping us set up this uh this series and uh in episode one really appreciate it you're great thanks Dave okay you're very welcome okay keep it right there we're coming back with Daniel Newman who was voted the number one independent Market analyst you're watching navigating the road to cyber resiliency [Music] hey there need any help I was trying to help these customers track down their critical data let me guess Cyber attack I'm afraid so and they're not very confident all of it can be reliably recovered oh man we're toast oh no well I'm not surprised 63 percent of it decision makers share their concern the good news is Dell Technologies delivers modern simple resilient multi-club data protection that's secure by Design not to mention cyber recovery with a mutability isolation and intelligence that sure sounds great we're headed there now right should have been more specific foreign [Music] we're back with Daniel Newman who's a top industry analyst he's also the CEO of the future group of very rapidly growing research firm hello my friend thanks for joining the program great to see you uh Dave always good to go on thecube all right let's get right into it um I want to share Daniel some recent data from survey house ETR which confirms what everybody's been talking about and that is security of course we know is the number one priority for technology organizations this survey specifically identifies zero trust which seems to have gone from buzzword you remember Daniel pre-pandemic and now it's become this kind of mandate how do you see zero trust is is it going mainstream in your view and what's driving that yeah first of all Dave I'm really glad that you brought that particular uh notion about uh technology and security being in Vogue as the line item for it has been protected during this economic challenging period that we're in right now the investment in security is actually going up and that's something that I saw and had predicted as we sort of saw the economy turn I mean zero trust is really all about the way it's not just a technology it's really a culture it's about an end-to-end approach to security that really looks at Hardware software and people and considers that first and foremost we need to sort of not really trust that anybody is as secure as they need to be as the attackers get more Innovative it means that the traditional you know perimeter-based security that we've used is not sufficient we saw recent uh legislation and strategy coming out of the Biden Harris Administration and actually zero trust is one of the things they focused on for federal and public sector we're seeing it at government we're seeing it in Enterprise um this is a really big thing and you know as I said Dave and probably the most important thing is it's all about end-to-end cyber across the I.T stack and for example when you hear companies like Intel talk about txt or you hear about uh broadcom when they talk about you know root of trust capabilities in their Nicks really what they're talking about is Hardware to software to humans putting that right technology in there that enables end to end um and that's why companies are picking certain Hardware to go into certain devices it's a really good point I mean you're right it starts at the very lower layers of the stack all the way up look into people exactly all the way up through culture and and you know ciso told me the other day Daniel love to get your feedback on this he said part of the reason why we're going for zero trust is because when a project is ready to be delivered or an application or initiative particularly around stuff that's going to drive Revenue in this day and age we don't have to go through as much friction to get the stamp of approval and it just accelerates time to Market yeah I think that's that's that's true I mean I think companies right now are in a different juxtaposition before when we were in this sort of wild frothy growth period of time that you and I have had many conversations about over the years Dave uh it was all about spending for growth it was growing infrastructure to get more customers be able to deliver more services Etc but now when we're seeing companies sort of reconfigure for what will be the next wave of growth they need to make sure that their data is protected they need to make sure that data is going to be available and that their systems are going to be up and working as we see digital transformation enabling companies to actually deliver and grow they can't not put security at the top of their priority list you have to be secure and if your data cannot be backed up you also open a whole lot of risk to things like ransomware because that's what the that's what the black hats that's what the people that are trying to get into your systems know is if you can't bring your system back up quickly the vulnerabilities are really substantial so I want I want to ask you about data protection because that's the series of course the program we're running is around data protection and what role do you see data protection you know specifically we're talking about backup and and Recovery what role does that play as an adjacency to cyber security or even as a key component of a zero trust architecture yeah I think there's a really significant interdependence uh and that was kind of what I was alluding to just before this was if a company's backup is vulnerable meaning if that data protection is not in place or if the uh you know if a hacker is able to get access to that backup then the whole system becomes more at risk because the one thing is if a company knows it can bring its system back up it's less likely to potentially pay out a ransomware request so data protection just in that way creates a ton of risk and so you know we're seeing um you know new capabilities related to data protection whether that's role-based whether that's multi-factor authentication uh multi-person two-person concurrence uh these are all things that are be done being done along with uh you know gapping data vaulting these are all strategies and these are things might seem a future group have looked at really closely as some of the key ways that companies are going to be able to defend and but not being able to back up and bring up systems quickly creates vulnerabilities and risks that companies really shouldn't be allowing themselves to be in such a position yeah and it's no Silver Bullet to your point there's just a lot of different strategies that organizations have to employ and Daniel I gotta say the last 110 days or so with the AI trend has just been amazing so I want to ask you about technology trends that are impacting security but before we get to the generative AI let me just sort of list a couple that are top of Mind cloud and multi-cloud when you're doing cross-cloud it creates other complexities hybrid work remote work we've talked about that a lot and the impact on Cyber and of course AIML generative AI GPT how do you see Tech and today's Tech Trends impacting cyber security yeah maybe I'll take that uh a bit one by one because I my natural gravity would be talked just about generative AI because it's so in Vogue right now but we you know to your point multi-cloud for instance is a important operating model um you know companies that are going to obviously from Prem to hybrid to multi are introducing a number of new security vulnerabilities there's different API access there's different uh remote uh security connectivity you have different user access and multi-tenancies and of course the risk of unsecure devices you know um and by the way hyperscalers whether it's gcp AWS or Azure for instance they all have different Administration so what your team may be extremely good at hardening for one they may not have the capabilities or be as up to speed on another and that creates all kinds of risks so when you work across multiple clouds uh and Prem and as we know I know I think you like to talk about the soup super cloud Dave but as you work across these multiple clouds that are really creating the Enterprise fabric this creates a whole bunch of new complexities it would be like having five ten different prems with different hardware and different software running on them and that's what Enterprise I.T leaders and csos are being expected to defend defend uh of four right okay so I do like to talk about super cloud because it is the it is a metaphor for consistency across clouds what about generative AI I mean it's the hottest topic going how do you see that as yeah I had to take a breath I wanted to let you get in there yeah um look generative AI is probably one of the fastest and most disruptive trends that I've ever seen I think you and I could both agree that something like 12 to 16 weeks ago it was like you know it was a twinkle in our eye we understood AI directionally was going to move to be much more uh super self-supervising deep reinforced learning with less and less human in the loop in order to do more and more things I think the idea though that it's so quickly become pervasive and it's being utilized uh in ways that are driving all kinds of productivity gains that are giving you access today it's very exciting having said that it's also creating new security risks you got employees of companies uh we heard about this last week I believe it was Samsung uploading uh proprietary or or confidential data to chat GPT for synthesizing or utilization for for Content I mean think about how people that are going to try to use these tools are going to be feeding this data into systems where things like privacy and Safety and Security aren't even being considered talk about a risk for or zero trust I mean these are major risks and of course you got to figure the black hats and the hackers are going to be using this to create all kinds of new creative ways to do better fishing to do better spear phishing attacks these types of Technologies anytime they're used for good and positive you can be absolutely certain they're going to be used on the other side for those that are trying to take advantage of the opportunity yeah the cultural awareness becomes even more important it's definitely moved from the boardroom to the rest of the organization and now we you know we think we got it that we we when we see a phishing attack oh I got this it's spam well you ain't seen nothing yet um let me ask you a question I mean it seems like every year we look back and it's like record spending on cyber security I don't know 80 100 you know billion dollars and it's growing but the threat keeps escalating bad guys they're highly capable they're the adversaries they're motivated because there's big dollars there how do you see csos dealing with that moving Target yeah we see several Trends and you know I even spoke to our our team that leads the data protection practice one of the trends that they really brought to my attention um was the collaboration and and the collaboration that needs to take place both in Enterprises and across ecosystems so touching on on within the Enterprise you're seeing csos you know much more now involved in data storage and data protection uh decisions it used to be something that was more made at the I.T level um and as we see end-to-end security and zero trust becoming more priority the CSO is being brought in and that brings another collaboration I think is really important and that collaboration is ecosystem with vendor Partners um that's between the Enterprise and the vendor and then vendors themselves so you know I mentioned earlier you know the zero uh the root of trust at broadcom and then of course you know Dell has shown some preference in their power Edge servers for the broadcom Nix and that's because there's a collaboration going on between the OEM between the component maker and that of course ends up being something that integrates all the way down to the Enterprise where they're getting the best technology hardened for both the hardware software and these you and I have kind of alluded to throughout this conversation into the culture um also we see continued investment as we mentioned I think at the top of the show Dave um you know it spend is sort of seeing a ship more spend is going towards security companies need to secure their environments they need to know that they have their customers data and all their other critical data that it's available and that it's obviously going to be able to be brought back in the event of an emergency so that investment needs to be made and it needs to be made to try to get ahead of more of these risks because right now you know security has too long been reactive so by having those collaborations working with the ecosystem and then of course um you know being more proactive and investing to reduce risk of threat those are the things that are going to be done that are going to hopefully help CSO start to solve a problem that by the way that will be continuous will be pervasive and will never go away completely yeah and if great great comments and of course the generative AI the hackers are going to have it but one of the things that GPT is good for is ideation so maybe it can help us be more proactive last question when you think about the increasing sophistication the frequency of cyber threats and cyber attacks do you think organizations will really integrate backup and Recovery Solutions as a core component of their zero trust security strategies what are your thoughts on how viable that strategy is to improving overall cyber resiliency yeah if you're familiar with the zero trust framework the protection of critical data assets is actually a pretty important part and it's specifically called out and so that sort of gives us a de facto answer of yes um I think the relationship is symbiotic between data and security right now and I expect that you know being able to deal with and recover critical assets quickly is going to be a really core part of zero trust now obviously zero trust is you know like we said in the beginning it's treating everything like like there's a risk everything like it could fail but we do know Dave that no matter what ends up happening there will be malicious attacks there will be um you know there will be parameters that will be compromised and that can be that can happen to some of the best csos and cios in the world with the most sophisticated uh cyber security so it's all about making those Investments it's about you know investing up front investing consistently and of course building that culture where security is laid into it from the very onset from every worker in the company that basically touches the I.T so put into a

really short sort of thought you know security needs to be addressed everywhere in the I.T stack uh from the Silicon layer to the human layer on hardware and on software and of course everyone who touches Enterprise I.T needs to be part of a zero trust environment data protection has to be part of it I don't see any other way Daniel as always awesome comments just such a clear think I really appreciate you coming on the program great to be here Dave see you soon all right keep it right there we'll be back right after this short break every day it seems there's a new headline about the devastating Financial impacts or trust that's lost due to ransomware or other sophisticated cyber attacks but with our help Dell Technologies customers are taking action by becoming more cyber resilient and deterring attacks so they can greet students daily with a smile they're ensuring that a range of essential government services remain available 24 7 to Citizens wherever they're needed from swiftly dispatching public safety personnel or sending an inspector to sign off on a homeowner's dream to protecting restoring and sustaining our precious natural resources for future generations with ever-changing cyber attacks targeting organizations in every industry our cyber resiliency Solutions are right on the money providing the security and controls you need we help customers protect and isolate critical data from ransomware and other cyber threats delivering the highest data Integrity to keep your doors open and ensuring that hospitals and health care providers have access to the data they need so patients get life-saving treatment without fail if a cyber incident does occur our intelligence analytics and responsive team are in a class by themselves helping you reliably recover your data and applications so you can quickly get your organization back up and running with Dell Technologies behind you you can stay ahead of cyber crime safeguarding your business and your customers Vital Information learn more about how Dell Technologies cyber resiliency Solutions can provide true peace of mind for you okay we're back with Jim shook who is the director of the cyber security and compliance practice at Dell Technologies Jim good to see you thanks for coming on thecube Dave thank you delighted to be here in person with you yeah it's great to be in studio I always have a better conversation right so for our audience Jim is someone who spends an enormous amount of time with customers so we're going to dig into what's changed in the conversations and in particular who are the decision makers these days regarding cyber security and data protection versus in the past so Jim what about it what's changed who's in who's driving the bus these days yeah I've had a good perspective on this day because I've been talking to our customers now about cyber resilience and recovery from ransomware Destruction for eight years and we've really evolved the conversation over that time one of the things I've seen that I think is really important is we've we've moved from having just say I.T and infrastructure at the table to talk about these things we added along the way to cyber security took an interest obviously we get risk and compliance from time to time but even legal will get involved now it's a lot of seats at the table are taken by people who are focused on the business sometimes it's the c-suite sometimes it's heads of business lines but that's been a really important development and audit too right audit in in some cases from a a process standpoint is like the last line of defense actually backup and Recovery is the last line of defense and we're going to talk about that a little bit but as you as you point out and I'll share with the audience I've observed and I think most people understand this exactly what Jim was saying that cyber it was once the domain of I.T and the secops team and then it became a boardroom issue and it now feels as though it's organization wide and and Jim has cyber security in in your mind you know gone mainstream and if so why is that it definitely definitely has especially over that same time frame we get more and more digitally oriented over time and so businesses have realized that they they are digital and so cyber security cyber attacks are a threat to the business just as any other threat would have been before cyber really came along and became an issue so if you're not protecting against those threats and have the ability to be resilient to them you're not protecting your business and it's everybody's job to do that I think it's really interesting that the business has become more involved and that's also evolved the conversation to focus more on outcomes what happens how can we return to business and how much time versus say let's buy the next Shiny Toy or have a cyber control that does this it's more focusing on the business outcome it seems like there was a change you know when the when the board started to get involved it was almost like prior to that it's kind of early last decade let's say it was like this there was a mentality of failure equals fire so a lot of times people are like oh talk about that and we saw that change where you know folks who understand cyber would come to the board and say no you are going to get attacked you were going to get infiltrated it's going to happen so it's it's all about that response and you've got to be transparent do you agree with that that sort of failure equals fire mentality has changed and there's now much more transparency and that's part of the sort of mainstream awareness yeah clearly and it's been a really good development it used to be a lot of times cyber security teams would not get involved in these conversations because their thought was well if we're having a recovery conversation if we're working on being more resilient we failed at our job they've realized that's not the case the attackers are going to be successful sometimes and part of a good cyber practice is the resilience and the ability to recover if those attacks are successful now Jim is a lawyer so and there's an intersection going on at the board level between cyber security and legal issues so Jim we want to understand that from your you know put on your legal hat for a second what's that board discussion like these days it's really interesting the board is aware that these are risks to the business so they have to become more involved there's regulatory pressure the SEC has been looking at new roles that might come out this month it might come out in the fall that's going to require the board to take more interest and have more expertise in these in these areas there's just risk to the business and that's always what one of the things that the board has focused on and I'll give you a really good example where the board's getting more involved it's in the idea of having to pay a ransom so a lot of times I would hear from customers well we're not worried about this problem worst case we'll just pay the ransom why not yeah and they don't understand sometimes there is no Ransom to pay sometimes it takes longer to recover if you have the ransom but from the board perspective I think where they got interested is there are some laws that will prevent you from paying a ransom depending on who gets the money so those get really complex it's very difficult to tell who's going to get the money so you may make a payment and then get in trouble later on even though you've been diligent with your process that's high risk and so the better outcome is to not have to pay the ransom it's to be prepared to recover clearly but I got to ask you so you're saying it's it's it's illegal because not necessarily to pay a ransom but it's illegal to what pay a felon yeah there there are laws on the books um in financial uh industry that say you can't do business with certain restricted Nationals or geographical areas so North Korea is a really good example of that if you do business with them and paying a ransom to them would be doing business with them you violated those laws yeah this is where you definitely need somebody who understands the law to figure this stuff out all right let's talk about misconceptions what are the most common misconceptions that you see in cyber security that people really need to understand I think I still see a lot of the same ones but fortunately we've all learned along the way and I don't see them quite as frequently a big one is that the thought that we've already invested in disaster recovery and that's going to cover us for a cyber recovery situation and that's just not the case the technologies that you have for outages and natural disasters are still as important as they ever were think about backup think about replication even continuous data protection they're not going to help you very much in a what we would call severe but plausible cyber disruption so you have to look at those things separately you're not you spend a lot of money and time it's just not going to help you that much in those types of disruptions what about the cloud a lot of people think well I got my data in the cloud those guys have awesome security which they do by the way they do but does the cloud solve my problem do I have to not worry about it if my data is in the cloud I think they're still They're laughing yeah there's still some misconceptions out there and if you think about in the cloud the shared responsibility model your cloud provider or your SAS provider or whoever you're working with covers certain things but you maintain responsibility for other things and if you're not understanding where that point is what is your responsibility you're going to be in trouble ultimately and I've heard this a lot from Regulators they don't care who you use as a partner who you use for a cloud provider it's on you to make sure that things work properly Jim are there any other misconceptions that you want people to know about yeah there's a few that come to mind pretty quickly that I'm hearing frequently one is we're not a Target we don't need to worry about this and I think that totally misunderstands the landscape everybody's a Target you think about attacks like not Petra a lot of organizations were not focused on the target but were collateral damage because sometimes malware does unexpected things and really anybody who has a presence on the internet the Bad actors many times look for just a vulnerability that's out there and if they can find it they'll leverage it they're not looking to see who has the vulnerability just somebody has it I get in I lock up their data I demand they're knocking on doors and it's automated door's open I'm going in and if I get something out of a grade if not I'll move on that's exactly another one is we have cyber insurance and cyber insurance is definitely a component of an overall risk strategy you help to transfer some of the risk but it's not the strategy you have to be secure in fact in today's world if you don't have good cyber security you may not be able to get a cyber policy at all and in any case an attack is always going to have costs related to it there are going to be exclusions and insurance policies you know ultimately an insurance policy is just a contract and the terms of that contract control there's no such thing as cyber insurance and everybody gets it it's what you negotiate with the provider that's a big one I heard Warren Buffett on TV the other day you know they you know Berkshire owns a Geico saying they're now going to six every six months they change the policy he'd love to go to a month so wow you know you're exposed yeah absolutely it's it's a key component and the third one is kind of along similar lines but it's a technical side of it we have turned on a mute ability on our storage platform and that's a great control we talk about that a lot in our data protection portfolio with our data domain turn on that retention lock but it's not the destination it's really a first step it will make you much more resilient but there's a lot of other things that you have to do to really build that resilience tell us why customers should trust tell for their you know cyber security strategy generally but you know you guys obviously we're talking data protection and backup and Recovery why Dell I think there's a lot of reasons I mean we we have a big Practice Group so my group alone eight years that we've since we founded it just out there to help customers understand and deal with these problems that kind of fits into the whole idea of Dell's global scale and skill we're everywhere we have a lot of expertise we have a certainly a wide range of of offerings Best in Class among compute to storage to the things that we do in the cloud with the hyperscalers our partners are Consulting all of those things really tied together and Dave those are becoming more important because a lot of customers are working on their cyber strategy which includes a component of managing and the risk from their third-party service providers so as part of that number one they have to vet their partners and number two many of them are scaling back they don't want to have 200 300 people that they do business with and so our ability to have those offerings to have all that global scale and skill is important and then when they dive deeper and they have to make sure that their partners are doing the right things to protect them the things that we do with secure development life cycle things that we do with the secure supply chain are really powerful we don't talk about those enough we're starting to talk about them more and surfacing those for our customers so that they understand what we're doing in that space yeah all right Jim thank you appreciate your time thanks Dave okay in a moment I'll be back to share some new information about data protection and its relationship to a comprehensive cyber security strategy keep it right there [Music] thank you [Music] foreign we heard today that the challenges of securing your Enterprise have never been more acute and hopefully we gave a perspective as to why this is in some of the ways organizations are thinking about mitigating risk one of the key points we heard from our guests generally and confirmed specifically by analyst Daniel Newman is that you have to think in system terms where an end view of your security regime is considered holistically from the software supply chain to the Silicon root of trust to the hardware and software infrastructure all the way up through the value chain of products and services in your organization and then back out to your ecosystem we also heard how backup and Recovery processes have to be there if all else fails but even that is evolving where new capabilities like immutability and air gapping and the cloud become considerations that really weren't top of Mind five years ago today they are fundamental we hope you've enjoyed this first in our three-part series navigating the road to cyber resiliency made possible by Dell Technologies everything here will be on demand at thecube.net siliconangle.com has all the news and

you want to check out the security section of the site where a team of writers and journalists and analysts including myself rob hoef Paul Gillen Duncan Riley Maria Deutscher Kristen Martin Mark Albertson and our newest journalist David Strom WE Post news analysis and in-depth features regularly now to learn more about Dell's data protection and cyber Recovery Solutions visit dell.com data protection this is Dave vellante thanks for watching and we'll see you on the road on your journey to cyber resiliency [Music] [Music]

2023-05-22 07:22

Other news