>>from >>Around the globe. It's the cube with digital coverage of IBM think 2021 brought to you by IBM. >>Welcome back to the cubes ongoing coverage of IBM Think 2021 virtual cube, you know, the pandemic has caused us to really rethink this this whole concept of operational resilience and we're gonna dig into that and talk about the importance of constructing a holistic resilience plan and get the perspective of some really great domain experts. Alan Downs is the vice president, global Cloud security and resiliency services at IBM and he's joined by MS Michelle what? Weston who is the director of cloud security and resiliency offerings at IBM folks. Welcome to the cube. Thanks for coming on. >>Thank you. >>Now before we get into it, I said IBM but I want to ask you, alan about an announcement you made last month about Kendrell new spin out from IBM. What can you tell us? >>Very excited about the name? I think there's a lot of meaning in the name centered around new growth and censored around partnership and relationship. So if you look at the name that was announced I think it really does typify what we set out to be as a trusted partner in the industry. All born around new growth centered around strong partnership and relationship. So very pleased and excited and look forward to the opportunity we have going forward. >>Yeah congratulations on that. Had some clarity martin schroder. New ceo Cubillan. Great executive love it. So good luck. Um Alan let me stay with you for a second. I mean operational resilience it means different things to different people and we know from speaking with C. IOS in our community during the pandemic. It doesn't just mean disaster recovery. In fact a lot of C. I. O. Said that their business continuing strategy were too focused on on D. R. Ellen. What does operational resilience mean from your perspective? >>So I'll answer it this way. Operational resiliency risk is defined as the quantifiable steps that any client needs to take in order to respond, recover from an unplanned outage. It sits squarely within operational risk. And if you think about it, operational risk is the kind of non financial element of risk. And defined within that category, operational resiliency risk is trying to identify those steps both pre active and reactive that a client needs to consider that they would have to take in the event of an unplanned disruption or an unplanned outage that would impact their ability to serve their clients or to serve their organization. That's how I define operational resiliency risk. >>Great and I wonder Michelle if you can add to that but I think you know I sometimes say that the pandemic was like a forced march to digital and part of that was business resilience. But You know, where do we go from here? You know, we had 14 months shoved into our face and now we have some time to think about. So how should clients think about evolving their strategies in this regard? >>Yeah, Well, certainly with respect to what was called Newco now, Kendrell, um our approach has been advisory led. Uh we will help clients along this journey. Uh, one thing that I'd like to point out in one of the journeys that we've been taking over the last couple of years is it really is about security and resiliency together. If you think of that planning and how to mitigate your operational risk, the security and resiliency go hand in hand through the same people within the organization that are planning for that and worried about it. And so we had already started about three years ago to pull the two together and to have a unified value proposition for clients around security and resiliency, both being advisory lead, doing everything for a client from project based to the digital consumption world which we know clients live in today to a fully managed service all around security and resiliency together. >>Yeah, so I mean it's really important topic. I mean you heard Chair Powell last month. He was he was on 60 minutes saying well yeah worried about inflation, were way more worried about security. So so alan you know, were let's say you're in the virtual, you know, conference room with the board of directors. What's that conversation like? Uh where does it start? >>I think there is a huge concern right now with regard to security and obviously resiliency as well. But if you just think about what we've all been through and what's transpired in the last 12 months, the what we call the threat landscape has broadened significantly and therefore clients have had to go through a rapid transformation not just by moving employees to home base, but also their clients having a much higher expectation in terms of access to systems, access to transactions which are all digital. So you referred to it earlier. But the transformation, our clients have had to go on driving a higher dependence on those systems that enable them to serve their clients digitally and enable them to allow the employees to work remotely in this period has increased the dependencies that they have across the environment that are running many of the critical business processes. So the discussion in the boardroom is very much are we secure? Are we safe? How do we know how safe and secure and resilient should we be? And based on that fact about how safe and secure should we be? Where are we today as an organization? And I think these are the questions that are at the boardroom is basically from a resiliency security perspective, where should we be that supports our strategy vision and our client expectation? And then the second question is very much where are we today? How do we know that we are secure? How do we know that we can recover from any unplanned or unforeseen disruption to our environments? >>So Michelle, I mean I just mentioned the threat surface is expanding and we're just getting started, everybody's like crazy about five G leaning in the edge Iot and that's just uh this could be orders of magnitude by the end of the decade compared to where it is today. So how do you think about the key steps that organizations should should take to ensure operational resilience, you know, not only today, but also putting in a road map. >>Yeah, yeah. And and one thing that we do know from our clients is those that have actually planned for resiliency and security at the forefront. They tend to do that more effectively and more efficiently. Um It's much better to do that than to try to do that after an outage. You certainly learn a lot. Um but that's not the experience that you want to go through. You want to have that planning and strategy in the forefront. As Alan said in terms of the threat vector, the pandemic brought that on as well. We saw surgeons Of cyberattacks, opportunistic attacks. Um you know, we saw the best of people in the pandemic as well as the worst in people. Some of those attacks were on agencies that we're trying to recover. We're trying to treat the public with respect to the COVID-19 pandemic. So none of us can let our guard down here. I think we can anticipate that that's only going to increase. And with the emergence of these new technologies like cloud, we know that there's been such a massive benefit to clients. In fact those that were cloud enabled to sustain their businesses during the pandemic full stop. But with that comes a lot more complexity. Those threat vectors increase five G. I expect to be the same. So again, resilience and security have never been more relevant. More important, we see a lot of our clients putting budget there and those that plan for it with a strategic mindset and understand that whatever they have today may be good enough, but in the future they're going to have to invest and continue to evolve that strategy. Are those that have done the best. >>Yeah, the bolt on strategy doesn't doesn't really work that well, but and I wonder if you think about when we talk to CSOS for example, and you ask them what's your biggest challenge? They'll say things like lack of talent. We got too many tools. It's just as we're on the hamsters on wheels. So I would think that's, you know, unfortunately for some, but it's good for your, your business. That's that's a dynamic that you can help with. I mean you're a services organization, you got deep expertise in this. So I wonder if you could, could talk a little bit about that, that lack of talent, that skills gap and how you guys address that. >>I think this is really the fit for managed services providers like Kendrell, um, certainly with some of our largest clients, if we look at Peta as an example, that notion of phone a friend is really important when it starts to go down and you're not sure what you're gonna do next. You want the expertise, you want to be able to phone someone and you want to be able to rely on them to help you recover your most critical data. One of the things clients have also been asking us for is a vaulted capability, almost like the safe deposit box for your data and your critical applications. Being able to put them somewhere and then in the event of needing to recover, um, you certainly could call someone to help you do exactly that >>Ellen. I wonder if you can address this. I mean, I like IBM I was I'm a customer. I trust IBM. What's your relationship? Are you still gonna, you know, be able to allow me to tap the pieces that that I like and maybe you guys can be more agile in some respects, maybe you can talk about that a little bit. >>She has Sure, Dave and many of our clients, we have a long history with a very positive experience of delivering, you know, market leading and high high quality of services and product the relationship continue. So we will remain very close to IBM and we will continue to work with many of IBM's customers as will IBM work with our customers going forward. So the relationship, I believe whilst a different dynamic will continue and I believe engenders an opportunity for growth and you know, we mentioned earlier the very name signifies the fact that it's new growth and I do think that that partnership will continue and we'll continue together to deliver the type of service, the quality of products and services that our clients have, you know, enjoyed from IBM over the last number of years, >>Michelle my, one of my takeaway from your earlier comments as you guys are hands on consultative in nature. Um, and I think about the comment I made about a lot of Ceo said we were way too d our focus. But when I think about d are a lot of times it was a checkbox to the board. Hey, we got it. But it was last time you tested it. Well, we don't test it because it's too risky to test. You know, we, we do fail over, but we don't fail back because it's just too risky. Can I stress test, you know, my environment, we, at the point now where technology and expertise will allow us to do that is that part of what you bring to the table? >>It is exactly exactly what we bring to the table. So from a first of all, from a compliance and regulatory perspective, you no longer have that option. A lot of the auditors are asking you to demonstrate your d our plan. We have technology and I think we've talked about this before about the automation that we have in our portfolio with resiliency orchestration that allows you to see the risk in your environment on a day to day basis. Proactively manage it. I tried to recover this, there's a there's a failure and then you're able to proactively address it. I also give the example from a resiliency orchestration perspective in this very powerful software automation that we have for D. R. We've had clients that have come in scheduled A. D. R. Test, it was to be all day they've ordered in lunch And the D. R. test fail over failed back took 22 minutes and lunch was canceled. >>I love >>it. Very powerful and very powerful with an auditor. >>That's awesome. Okay guys, we've got to leave it there. Really great to get the update. Best of luck to you and congratulations. Thanks for coming on. >>Thank you so much >>and thank you for watching. This is Dave Volonte for the cubes continuous coverage of IBM think 2021 right back. >>Mhm.