>> Announcer: From Chicago, it's theCUBE. Covering Veritas Vision Solution Day 2018. (funky music) Brought to you by Veritas. >> Welcome back to the Windy City everybody, my name is Dave Vellante. We're here covering the Veritas Vision Solution days at the Palmer House Hotel in Chicago right near the lake. You're watching theCUBE, the leader in live tech coverage. Lurlene Brown is here. She's an independent security consultant with CJJFC. Lurlene, welcome, thanks for coming on theCUBE. >> Thank You, thanks for inviting us. >> So CJJFC, what are you guys all about? >> Well, basically we're re-startup company, small, independent company. We work with SMBs and non-profits in dealing with their security issues basically. No matter how big, how small. It's the small companies that have one of those things that's, well it's not going to happen to us, or if it does happen to us, what do we do about it? Because they hear about the big breaches but it can happen to a small company as well an SMBs, especially if you have limited budgets and stuff, how do we deal with that? How do we deal with ransomware? How do we pay it off? A lot of questions and stuff like that that they are really concerned about, but a lot of them have the attitude that it's not going to happen to me, something like that, but it can happen. >> There's a lot to talk about there, so let's start with small business. Small business, there's often times not even a CEO, it's an owner, and the distance between the owner and the IT is very short. It's a flat organization. Like you said, they have so many things to worry about, the last thing they want to worry about is security. A lot of times they'll have the attitude of, well, I'm not really a target, which is, well yeah, you are. But let's hope. (chuckles) And a lot of them just clearly don't have, they don't have a SecOps team. >> That's true. >> Many of them just rely on cloud, they have a zillion different SaaS products. They'd rather not have IT. So that sort of paints a picture. >> That's true. >> How do you help them? And do they contact you, do you contact them? Both? >> Well, it goes both ways. Basically a lot of them don't even have an IT department or an IT person. They're going by somebody knows how to work a computer, turn it off and on. Make sure the stuff is backed up. (laughing) >> Fred's really good with this, ask him. >> And then turn it off at the end of the day. So you have to deal with that. You also have to deal with, if they do have an IT department, it's one person that's going to deal with a whole lot of issues. Back up, where is it going to go to? Do we have a cloud provider? If we do, who is it? What is it? Do we have anything else? Do we have on-site premise or off-sites? So it's a lot of stuff you got to do. And the main bottom line is budgeting. Do we have the money or the budget to get this stuff that we need, that we basically need in order for us to survive? Because it boils down to, if you don't have and then something happens to you, something major, a crash or whatever, do you have the backup? Do you have something viable to say to your clients, oh, we're okay, we got your data and we're secure, we can go on with business as usual; or will they just go off and find somebody else? >> So we always talk about on theCUBE people, process and technology, bad security practices by users can always trump good technology. So I presume a lot of your consulting is around people and processes. >> Mm-hmm, that's true, that's true And a lot of it is in transition, I'll give a good example. When Windows decided to go from XP to 7 and 8 and all this stuff, there was a big brouhaha about it. Some people still want to deal with XP. They don't want, because they hear about how good Windows 8 or 10 is and stuff like that. But a lot of people, it's a slow transition for a lot of people to move over from XP because it was very dependable, you didn't hear a lot of problems out of it. All of a sudden you hear, oh, Windows 10. We got some issues, we got some stuff we got to fix, and it kind of is like a panic attack mode. You're in panic modes. Do we want to go back to XP or do you want to, you know, one of our records are in XP and we want to go to 10, will they transfer over? How secure is going to be that? How secure is that? So it's like that kind of example. It takes time for people to slowly migrate from one thing to another to make sure it's safe and it's dependable. And also, it's secure enough, they can be comfortable with it so when the next phase comes up, they can be a little bit more comfortable and say, well, okay, we go to Windows 12 or something like that, and then we'll be okay from 10 to 12 and have no problems with it. >> So that's an example of just basically having core infrastructure that's kept up to date, you're up to date on patching. This is basic security hygiene. There's also the perimeter, and we always hear, well, people spend a lot of time and effort and money on the perimeter, but people are going to get through the perimeter. Phishing is a huge problem. >> Yes it is >> The threat matrix with mobile, you got a zillion mobile apps, and it's impossible to keep them up to date. So are small business owners, which I presume is your primary discussion point, how aware are they of this problem? On a scale from one to 10, is it a two? Because they have so many other things to worry about. Or is it escalating up to six, seven, eight? What do you-- >> It depends of the company. Some are twos and some are fives and sixes. One size doesn't fit all, and that's one thing they have to realize, that one can do more than the other and some can do less than the other. It all depends on the company, their attitude and it boils down to trust. Do we trust ourselves enough to go into that next phase of updating our security or updating our software and all that stuff, the patches and stuff? Do we have the equipment to do, to have that ability to do that as well too, because you got to look at your budget costs and your security. That goes hand-in-hand. >> Backup and security used to be largely two separate domains, sort of in their own little islands. They're certainly intertwined today. Why is that, and how are those two worlds coming together? >> Well, I think it was a gradual process because everybody wanted to keep things separate. But they found out there's a whole lot of commonality, a whole lot of links that they finally came to realize that it's together, dealing with security, because if you didn't have security we would have more than enough breaches than we have now. Especially with small businesses, you can't afford to have a breach because that makes or breaks your company. So you have to look at that and say, well, we need that. But like I said, within the perimeters of your business. Some can afford more, some can afford less or just stabilize what they have now. >> Mm-hmm, okay, so let's talk about ransomware a little bit. It's in the news. As a small business owner, you're like wow, oh god, I hope that never happens to me, but a lot of times they're thinking, well, that's never going to happen to me because I'm the small guy. But is could happen. >> Oh yeah! >> And so what do you advise people to do? You're trying to create air gaps. What role does backup and data protection play? >> Backup is a major thing especially if you have a lot of old data and you want to make sure you have that because once its lost, its lost. A lot of people are not really familiar with ransomware. They hear about it, they think oh, my, I have to, it's just like anything else, like if you kidnap somebody you hold them for ransom. You want this amount of money in order for them to get this person back. Ransomware is the same thing but you're using bitcoins instead of money. Well, it technically is money but a lot of them don't have that thing about it's not going to affect me. Like you was talking about earlier. Does it affect me? How will it affect me? I'll read up more about it. A lot of people have not really read up about it. They hear the word, it's like a buzz word and they say, oh ransomware, what is that? Is that a new software product? Or is that a new something like that, you know? So they have to really keep informed and keep up with what is going on, especially in small businesses. The possibility is, I think, is more greater than big businesses. Because big businesses can recover, small businesses can't. >> Big businesses, they've got the resources, they know what ransomware is, they maybe created some kind of air gap between their data center and their off-site. They've got something in the iron mountain and archived, Maybe they've got stuff on tapes. Small companies are like, they don't even think about that stuff-- >> No they don't, what resources do they have? Or do they have enough resources as well? And have they kept up with the different kind of resources that are available, especially gearing towards them? >> What's your relationship with Veritas? Why are you here? You're not a customer, you're not a big gold partner but what brought you here? >> Well, I want to see what's going on with Veritas, I've heard a lot about it. And we are here to get some information and how we're going to relate to what we're going to be dealing with future customers or present customers and stuff like that. So that's basically what we're here for. It's just to gather information, sort it out, how it will affect small business and non-profitS, and how it can help them and benefit them as much as for larger companies. >> My last question for you is could you summarize the advice that you would give to a small business owner or a non-profit, MD. What do you tell them in the context of security and data protection? >> Backup, especially backup and do your homework. A lot of them, do your due diligence because it makes or breaks you. >> And so they listen to that advice? >> Some of them do, and some of them... It's up to them. I have to say, everybody is an individual, you can't say, but just look at what happens to other people, find examples, talk to other people that you know and do your homework and backup, backup backup. >> Ignore that advice at your own peril. Lurlene, thanks very much for coming on theCUBE. It was great to have you. >> Thank you very much for inviting us. >> You're very welcome. Okay, you're watching theCUBE. We're here at Veritas Vision Day in Chicago, we'll be right back after this short break. (funky music)