>> Hello everyone. Welcome to theCUBE's coverage of International Women's Day. I'm John Furrier, host of theCUBE been profiling the leaders in the technology world, women in technology from developers to the boardroom, everything in between. We have two great guests promoting in from Malaysia. Nancy Wang is the general manager, also CUBE alumni from AWS Data Protection, and founder and board chair of Advancing Women in Tech, awit.org. And of course Kate Watts who's the executive director of Advancing Women in Tech.org. So it's awit.org. Nancy, Kate, thanks for coming all the way across remotely from Malaysia. >> Of course, we're coming to you as fast as our internet bandwidth will allow us. And you know, I'm just thrilled today that you get to see a whole nother aspect of my life, right? Because typically we talk about AWS, and here we're talking about a topic near and dear to my heart. >> Well, Nancy, I love the fact that you're spending a lot of time taking the empowerment to go out and help the industries and helping with the advancement of women in tech. Kate, the executive director it's a 501C3, it's nonprofit, dedicating to accelerating the careers of women in groups in tech. Can you talk about the organization? >> Yes, I can. So Advancing Women in Tech was founded in 2017 in order to fix some of the pathway problems that we're seeing on the rise to leadership in the industry. And so we specifically focus on supporting mid-level women in technical roles, get into higher positions. We do that in a few different ways through mentorship programs through building technical skills and by connecting people to a supportive community. So you have your peer network and then a vertical sort of relationships to help you navigate the next steps in your career. So to date we've served about 40,000 individuals globally and we're just looking to expand our reach and impact and be able to better support women in the industry. >> Nancy, talk about the creation, the origination story. How'd this all come together? Obviously the momentum, everyone in the industry's been focused on this for a long time. Where did AWIT come from? Advancing Women in Technology, that's the acronym. Advancing Women in Technology.org, where'd it come from? What's the origination story? >> Yeah, so AWIT really originated from this desire that I had, to Kate's point around, well if you look around right and you know, don't take my word for it, right? Look at stats, look at news reports, or just frankly go on your LinkedIn and see how many women in underrepresented groups are in senior technical leadership roles right out in the companies whose names we all know. And so that was my case back in 2016. And so when I first got the idea and back then I was actually at Google, just another large tech company in the valley, right? It was about how do we get more role models, how we get more, for example, women into leadership roles so they can bring up the next generation, right? And so this is actually part of a longer speech that I'm about to give on Wednesday and part of the US State Department speaker program. In fact, that's why Kate and I are here in Malaysia right now is working with over 200 women entrepreneurs from all over in Southeast Asia, including Malaysia Philippines, Vietnam, Borneo, you know, so many countries where having more women entrepreneurs can help raise the GDP right, and that fits within our overall mission of getting more women into top leadership roles in tech. >> You know, I was talking about Teresa Carlson she came on the program as well for this year this next season we're going to do. And she mentioned the decision between the US progress and international. And she's saying as much as it's still bad numbers, it's worse than outside the United States and needs to get better. Can you comment on the global aspect? You brought that up. I think it's super important to highlight that it's just not one area, it's a global evolution. >> Absolutely, so let me start, and I'd love to actually have Kate talk about our current programs and all of the international groups that we're working with. So as Teresa aptly mentioned there is so much work to be done not just outside the US and North Americas where typically tech nonprofits will focus, but rather if you think about the one to end model, right? For example when I was doing the product market fit workshop for the US State Department I had women dialing in from rice fields, right? So let me just pause there for a moment. They were holding their cell phones up near towers near trees just so that they can get a few minutes of time with me to do a workshop and how to accelerate their business. So if you don't call that the desire to propel oneself or accelerate oneself, not sure what is, right. And so it's really that passion that drove me to spend the next week and a half here working with local entrepreneurs working with policy makers so we can take advantage and really leverage that passion that people have, right? To accelerate more business globally. And so that's why, you know Kate will be leading our contingent with the United Nations Women Group, right? That is focused on women's economic empowerment because that's super important, right? One aspect can be sure, getting more directors, you know vice presidents into companies like Google and Amazon. But another is also how do you encourage more women around the world to start businesses, right? To reach economic and freedom independence, right? To overcome some of the maybe social barriers to becoming a leader in their own country. >> Yes, and if I think about our own programs and our model of being very intentional about supporting the learning development and skills of women and members of underrepresented groups we focused very much on providing global access to a number of our programs. For instance, our product management certification on Coursera or engineering management our upcoming women founders accelerator. We provide both access that you can get from anywhere. And then also very intentional programming that connects people into the networks to be able to further their networks and what they've learned through the skills online, so. >> Yeah, and something Kate just told me recently is these courses that Kate's mentioning, right? She was instrumental in working with the American Council on Education and so that our learners can actually get up to six college credits for taking these courses on product management engineering management, on cloud product management. And most recently we had our first organic one of our very first organic testimonials was from a woman's tech bootcamp in Nigeria, right? So if you think about the worldwide impact of these upskilling courses where frankly in the US we might take for granted right around the world as I mentioned, there are women dialing in from rice patties from other, you know, for example, outside the, you know corporate buildings in order to access this content. >> Can you think about the idea of, oh sorry, go ahead. >> Go ahead, no, go ahead Kate. >> I was going to say, if you can't see it, you can't become it. And so we are very intentional about ensuring that we have we're spotlighting the expertise of women and we are broadcasting that everywhere so that anybody coming up can gain the skills and the networks to be able to succeed in this industry. >> We'll make sure we get those links so we can promote them. Obviously we feel the same way getting the word out. I think a couple things I'd like to ask you guys cause I think you hit a great point. One is the economic advantage the numbers prove that diverse teams perform better number one, that's clear. So good point there. But I want to get your thoughts on the entrepreneurial equation. You mentioned founders and startups and there's also different makeups in different countries. It's not like the big corporations sometimes it's smaller business in certain areas the different cultures have different business sizes and business types. How do you guys see that factoring in outside the United States, say the big tech companies? Okay, yeah. The easy lower the access to get in education than stay with them, in other countries is it the same or is it more diverse in terms of business? >> So what really actually got us started with the US State Department was around our work with women founders. And I love for Kate to actually share her experience working with AWS startups in that capacity. But frankly, you know, we looked at the content and the mentor programs that were providing women who wanted to be executives, you know, quickly realize a lot of those same skills such as finding customers, right? Scaling your product and building channels can also apply to women founders, not just executives. And so early supporters of our efforts from firms such as Moderna up in Seattle, Emergence Ventures, Decibel Ventures in, you know, the Bay Area and a few others that we're working with right now. Right, they believed in the mission and really helped us scale out what is now our existing platform and offerings for women founders. >> Those are great firms by the way. And they also are very founder friendly and also understand the global workforce. I mean, that's a whole nother dimension. Okay, what's your reaction to all that? >> Yes, we have been very intentional about taking the product expertise and the learnings of women and in our network, we first worked with AWS startups to support the development of the curriculum for the recent accelerator for women founders that was held last spring. And so we're able to support 25 founders and also brought in the expertise of about 20 or 30 women from Advancing Women in Tech to be able to be the lead instructors and mentors for that. And so we have really realized that with this network and this individual sort of focus on product expertise building strong teams, we can take that information and bring it to folks everywhere. And so there is very much the intentionality of allowing founders allowing individuals to take the lessons and bring it to their individual circumstances and the cultures in which they are operating. But the product sense is a skill that we can support the development of and we're proud to do so. >> That's awesome. Nancy, I want to ask you some never really talk about data storage and AWS cloud greatness and goodness, here's different and you also work full-time at AWS and you're the founder or the chairman of this great organization. How do you balance both and do you get, they're getting behind you on this, Amazon is getting behind you on this. >> Well, as I say it's always easier to negotiate on the way in. But jokes aside, I have to say the leadership has been tremendously supportive. If you think about, for example, my leaders Wayne Duso who's also been on the show multiple times, Bill Vaas who's also been on the show multiple times, you know they're both founders and also operators entrepreneurs at heart. So they understand that it is important, right? For all of us, it's really incumbent on all of us who are in positions to do so, to create a pathway for more people to be in leadership roles for more people to be successful entrepreneurs. So, no, I mean if you just looked at LinkedIn they're always uploading my vote so they reach to more audiences. And frankly they're rooting for us back home in the US while we're in Malaysia this week. >> That's awesome. And I think that's a good culture to have that empowerment and I think that's very healthy. What's next for you guys? What's on the agenda? Take us through the activities. I know that you got a ton of things happening. You got your event out there, which is why you're out there. There's a bunch of other activities. I think you guys call it the Advancing Women in Tech week. >> Yes, this week we are having a week of programming that you can check out at Advancing Women in Tech.org. That is spotlighting the expertise of a number of women in our space. So it is three days of programming Tuesday, Wednesday and Thursday if you are in the US so the seventh through the ninth, but available globally. We are also going to be in New York next week for the event at the UN and are looking to continue to support our mentorship programs and also our work supporting women founders throughout the year. >> All right. I have to ask you guys if you don't mind get a little market data so you can share with us here at theCUBE. What are you hearing this year that's different in the conversation space around the topics, the interests? Obviously I've seen massive amounts of global acceleration around conversations, more video, things like this more stories are scaling, a lot more LinkedIn activity. It just seems like it's a lot different this year. Can you guys share any kind of current trends you're seeing relative to the conversations and topics being discussed across the the community? >> Well, I think from a needle moving perspective, right? I think due to the efforts of wonderful organizations including the Q for spotlighting all of these awesome women, right? Trailblazing women and the nonprofits the government entities that we work with there's definitely more emphasis on creating access and creating pathways. So that's probably one thing that you're seeing is more women, more investors posting about their activities. Number two, from a global trend perspective, right? The rise of women in security. I noticed that on your agenda today, you had Lena Smart who's a good friend of mine chief information security officer at MongoDB, right? She and I are actually quite involved in helping founders especially early stage founders in the security space. And so globally from a pure technical perspective, right? There's right more increasing regulations around data privacy, data sovereignty, right? For example, India's in a few weeks about to get their first data protection regulation there locally. So all of that is giving rise to yet another wave of opportunity and we want women founders uniquely positioned to take advantage of that opportunity. >> I love it. Kate, reaction to that? I mean founders, more pathways it sounds like a neural network, it sounds like AI enabled. >> Yes, and speaking of AI, with the rise of that we are also hearing from many community members the importance of continuing to build their skills upskill learn to be able to keep up with the latest trends. There's a lot of people wondering what does this mean for my own career? And so they're turning to organizations like Advancing Women in Tech to find communities to both learn the latest information, but also build their networks so that they are able to move forward regardless of what the industry does. >> I love the work you guys are doing. It's so impressive. I think the economic angle is new it's more amplified this year. It's always kind of been there and continues to be. What do you guys hope for by next year this time what do you hope to see different from a needle moving perspective, to use your word Nancy, for next year? What's the visual output in your mind? >> I want to see real effort made towards 50-50 representation in all tech leadership roles. And I'd like to see that happen by 2050. >> Kate, anything on your end? >> I love that. I'm going to go a little bit more touchy-feely. I want everybody in our space to understand that the skills that they build and that the networks they have carry with them regardless of wherever they go. And so to be able to really lean in and learn and continue to develop the career that you want to have. So whether that be at a large organization or within your own business, that you've got the potential to move forward on that within you. >> Nancy, Kate, thank you so much for your contribution. I'll give you the final word. Put a plug in for the organization. What are you guys looking for? Any kind of PSA you want to share with the folks watching? >> Absolutely, so if you're in a position to be a mentor, join as a mentor, right? Help elevate and accelerate the next generation of women leaders. If you're an investor help us invest in more women started companies, right? Women founded startups and lastly, if you are women looking to accelerate your career, come join our community. We have resources, we have mentors and who we have investors who are willing to come in on the ground floor and help you accelerate your business. >> Great work. Thank you so much for participating in our International Women's Day 23 program and we'd look to keep this going quarterly. We'll see you next year, next time. Thanks for coming on. Appreciate it. >> Thanks so much John. >> Thank you. >> Okay, women leaders here. >> Nancy: Thanks for having us >> All over the world, coming together for a great celebration but really highlighting the accomplishments, the pathways the investment, the mentoring, everything in between. It's theCUBE. Bring as much as we can. I'm John Furrier, your host. Thanks for watching.

>>Okay, we're back. My name is Dave Valante and this is the Cube's coverage of AWS storage day. You know, coming off of reinforc I wrote the, the cloud was a new layer of defense. In fact, the first line of defense in a cyber security strategy. And that brings new thinking and models for protecting data, data protection, specifically, traditionally thought of as backup and recovery, it's become a critical adjacency to security and a component of a comprehensive cybersecurity strategy. We're here in our studios outside of Boston with two cube alums, and we're gonna discuss this in other topics. Wayne do so is the vice president for AWS storage edge and data services, and Nancy Wong as general manager of AWS backup and data protection services, guys. Welcome. Great to see you again. Thanks for coming on. Of >>Course, always a pleasure, Dave. Good to >>See you, Dave. All right. So Wayne, let's talk about how organizations should be thinking about this term data protection. It's an expanding definition, isn't >>It? It is an expanding definition. They, last year we talked about data and the importance of data to companies. Every company is becoming a data company, you know, da the amount of data they generate, the amount of data they can use to create models, to do predictive analytics. And frankly, to find ways of innovating is, is grown rapidly. And, you know, there's this tension between access to all that data, right? Getting the value out of that data. And how do you secure that data? And so this is something we think about with customers all the time. So data durability, data protection, data resiliency, and, you know, trust in their data. If you think about running your organization on your data, trust in your data is so important. So, you know, you gotta trust where you're putting your data. You know, people who are putting their data on a platform need to trust that platform will in fact, ensure it's durability, security, resiliency. >>And, you know, we see ourselves AWS as a partner in securing their data, making their data dur durable, making their data resilient, right? So some of that responsibility is on us. Some of that is on so shared responsibility around data protection, data resiliency. And, you know, we think about forever, you know, the notion of, you know, compromise of your infrastructure, but more and more people think about the compromise of their data as data becomes more valuable. And in fact, data is a company's most valuable asset. We've talked about this before. Only second to their people. You know, the people that are most valuable asset, but right next to that is their data. So really important stuff. >>So Nancy, you talked to a lot of customers, but by the way, it always comes back to the data. We've saying this for years, haven't we? So you've got this expanding definition of data protection, you know, governance is in there. You, you think about access cetera. When you talk to customers, what are you hearing from them? How are they thinking about data protection? >>Yeah. So a lot of the customers that Wayne and I have spoken to often come to us seeking thought leadership about, you know, how do I solve this data challenge? How do I solve this data sprawl challenge, but also more importantly, tying it back to data protection and data resiliency is how do I make sure that data is secure, that it's protected against, let's say ransomware events, right. And continuously protected. So there's a lot of mental frameworks that come to mind and a very popular one that comes up in quite a few conversations is this cybersecurity framework, right? And from a data protection perspective is just as important to protect and recover your data as it is to be able to detect different events or be able to respond to those events. Right? So recently I was just having a conversation with a regulatory body of financial institutions in Europe, where we're designing a architecture that could help them make their data immutable, but also continuously protected. So taking a step back, that's really where I see AWS's role in that we provide a wide breadth of primitives to help customers build secure platforms and scaffolding so that they can focus on building the data protection, the data governance controls, and guardrails on top of that platform. >>And, and that's always been AWS's philosophy, you know, make sure that developers have access to those primitives and APIs so that they can move fast and, and essentially build their own if that that's in fact what they wanna do. And as you're saying, when data protection is now this adjacency to cyber security, but there's disaster recoveries in there, business continuance, cyber resilience, et cetera. So, so maybe you could pick up on that and sort of extend how you see AWS, helping customers build out those resilient services. >>Yeah. So, you know, two core pillars to a data protection strategy is around their data durability, which is really an infrastructure element. You know, it's, it's, it's, it's by and large the responsibility of the provider of that infrastructure to make sure that data's durable, cuz if it's not durable, everything else doesn't matter. And then the second pillar is really about data resiliency. So in terms of security, controls and governance, like these are really important, but these are shared responsibility. Like the customers working with us with the services that we provide are there to architect the design, it's really human factors and design factors that get them resiliency, >>Nancy, anything you would add to what Wayne just said. >>Yeah, absolutely. So customers tell us that they want always on data resiliency and data durability, right? So oftentimes in those conversations, three common themes come up, which is they want a centralized solution. They want to be able to transcribe their intent into what they end up doing with their data. And number three, they want something that's policy driven because once you centralize your policies, it's much better and easier to establish control and governance at an organizational level. So keeping that in mind with policy as our interface, there's two managed AWS solutions that I recommend you all check out in terms of data resiliency and data durability. Those are AWS backup, which is our centralized solution for managing protection recovery, and also provides an audit audit capability of how you protect your data across 15 different AWS services, as well as on-premises VMware and for customers whose mission critical data is contained entirely on disk. We also offer AWS elastic disaster recovery services, especially for customers who want to fail over their workloads from on premises to the cloud. >>So you can essentially centralize as a quick follow up, centralize the policy. And like I said, the intent, but you can support a federated data model cuz you're building out this massive, you know, global system, but you can take that policy and essentially bring it anywhere on the AWS cloud. Is that >>Right? Exactly. And actually one powerful integration I want to touch upon is that AWS backup is natively integrated with AWS organizations, which is our defacto multi account federated organization model for how AWS services work with customers, both in the cloud, on the edge, at the edge and on premises. >>So that's really important because as, as we talk about all the time on the cube, this notion of a, a decentralized data architecture data mesh, but the problem is how do you ensure governance and a federated model? So we're clearly moving in that direction. Wayne, I want to ask you about cyber as a board level discussion years ago, I interviewed Dr. Robert Gates, you know, former defense secretary and he sat on a number of boards and I asked him, you know, how important and prominent is security at the board level? Is it really a board level discussion? He said, absolutely. Every time we meet, we talk about cyber security, but not every company at the time, this was kind of early last decade was doing that. That's changed now. Ransomware is front and center. Hear about it all the time. What's AWS. What's your thinking on cyber as a board level discussion and specifically what are you guys doing around ran ransomware? >>Yeah. So, you know, malware in general, ransomware being a particular type of malware. Sure. It's a hot topic and it continues to be a hot topic. And whether at the board level, the C-suite level, I had a chance to listen to Dr. Gates a couple months ago and super motivational, but we think about ransomware and the same way that our customers do. Right? Cause all of us are subject to an incident. Nobody is immune to a ransomware incident. So we think very much the same way. And you, as Nancy said, along the lines of the, this framework, we really think about, you know, how do customers identify their critical access? How do they plan for protecting those assets, right? How do they make sure that they are in fact protected? And if they do detect the ransomware event and ransomware events come from a lot of different places, like there's not one signature, there's not one thumbprint, if you would for ransomware. >>So it's, it's, there's really a lot of vigilance that needs to be put in place, but a lot of planning that needs to be put in place. And once that's detected and a, a, we have to recover, you know, we know that we have to take an action and recover having that plan in place, making sure that your assets are fully protected and can be restored. As you know, ransomware is a insidious type of malware. You know, it sits in your system for a long time. It figures out what's going on, including your backup policies, your protection policies, and figures out how to get around those with some of the things that Nancy talked about in terms of air gaping, your capabilities, being able to, if you would scan your secondary, your backup storage for malware, knowing that it's a good copy. And then being able to restore from that known good copy in the event of an incident is critical. So we think about this for ourselves and the same way that we think about these for our customers. You gotta have a great plan. You gotta have great protection and you gotta be ready to restore in the case of an incident. And we wanna make sure we provide all the capabilities to do >>That. Yeah. So I'll glad you mentioned air gaping. So at the recent re reinforce, I think it was Kurt kufeld was speaking about ransomware and he didn't specifically mention air gaping. I had to leave. So I might have, I might have missed it cause I was doing the cube, but that's a, that's a key aspect. I'm sure there were, were things on the, on the deep dives that addressed air gaping, but Nancy look, AWS has the skills. It has the resources, you know, necessary to apply all these best practices and, you know, share those with customers. But, but what specific investments is AWS making to make the CISO's life easier? Maybe you could talk about that. >>Sure. So following on to your point about the reinforced keynote, Dave, right? CJ Boes talked about how the events of a ransomware, for example, incident or event can take place right on stage where you go from detect to respond and to recover. And specifically on the recovery piece, you mentioned AWS backup, the managed service that protects across 15 different AWS services, as well as on-premises VMware as automated recovery. And that's in part why we've decided to continue that investment and deliver AWS backup audit manager, which helps customers actually prove their posture against how their protection policies are actually mapping back to their organizational controls based on, for example, how they TA tag their data for mission criticality or how sensitive that data is. Right. And so turning to best practices, especially for ransomware events. Since this is very top of mind for a lot of customers these days is I will, will always try to encourage customers to go through game day simulations, for example, identifying which are those most critical applications in their environment that they need up and running for their business to function properly, for example, and actually going through the recovery plan and making sure that their staff is well trained or that they're able to go through, for example, a security orchestration automation, recovery solution, to make sure that all of their mission critical applications are back up and running in case of a ransomware event. >>Yeah. So I love the game day thing. I mean, we know, well just the, in the history of it, you couldn't even test things like disaster recovery, right? Because it was too dangerous with the cloud. You can test these things safely and actually plan out, develop a blueprint, test your blueprint. I love the, the, the game day >>Analogy. Yeah. And actually one thing I'd love to add is, you know, we talked about air gaping. I just wanna kind of tie up that statement is, you know, one thing that's really interesting about the way that the AWS cloud is architected is the identity access and management platform actually allows us to create identity constructs, that air gap, your data perimeter. So that way, when attackers, for example, are able to gain a foothold in your environment, you're still able to air gap your most mission critical and also crown jewels from being infiltrated. >>Mm that's key. Yeah. We've learned, you know, when paying the ransom is not a good strategy, right? Cuz most of the time, many times you don't even get your data back. Okay. So we, we're kind of data geeks here. We love data and we're passionate about it on the cube AWS and you guys specifically are passionate about it. So what excites you, Wayne, you start and then Nancy, you bring us home. What excites you about data and data protection and why? >>You know, we are data nerds. So at the end of the day, you know, there's this expressions we use all the time, but data is such a rich asset for all of us. And some of the greatest innovations that come out of AWS comes out of our analysis of our own data. Like we collect a lot of data on our operations and some of our most critical features for our customers come out of our analysis, that data. So we are data nerds and we understand how businesses view their data cuz we view our data the same way. So, you know, Dave security really started in the data center. It started with the enterprises. And if we think about security, often we talk about securing compute and securing network. And you know, if you, if you secured your compute, you secured your data generally, but we've separated data from compute so that people can get the value from their data no matter how they want to use it. And in doing that, we have to make sure that their data is durable and it's resilient to any sort of incident and event. So this is really, really important to us. And what do I get excited about? You know, again, thinking back to this framework, I know that we as thought leaders alongside our customers who also thought leaders in their space can provide them with the capabilities. They need to protect their data, to secure their data, to make sure it's compliant and always, always, always durable. >>You know, it's funny, you'd say funny it's it's serious actually. Steven Schmidt at reinforc he's the, the, the chief security officer at Amazon used to be the C C ISO of AWS. He said that Amazon sees quadrillions of data points a month. That's 15 zeros. Okay. So that's a lot of data. Nancy bring us home. What's what excites you about data and data protection? >>Yeah, so specifically, and this is actually drawing from conversations that I had with multiple ISV partners at AWS reinforc is the ability to derive value from secondary data, right? Because traditionally organizations have really seen that as a call center, right? You're producing secondary data because most likely you're creating backups of your mission critical workloads. But what if you're able to run analytics and insights and derive insights from that, that secondary data, right? Then you're actually able to let AWS do the undifferentiated heavy lifting of analyzing that secondary data state. So that way us customers or ISV partners can build value on the security layers above. And that is how we see turning cost into value. >>I love it. As you're taking the original premise of the cloud, taking away the under heavy lifting for, you know, D deploying, compute, storage, and networking now bringing up to the data level, the analytics level. So it continues. The cloud continues to expand. Thank you for watching the cubes coverage of AWS storage day 2022.

[Music] okay we're back my name is dave vellante and this is thecube's coverage of aws storage day you know coming off of reinforce i wrote that the cloud was a new layer of defense in fact the first line of defense in a cyber security strategy that brings new thinking and models for protecting data data protection specifically traditionally thought of as backup and recovery it's become a critical adjacency to security and a component of a comprehensive cyber security strategy we're here in our studios outside of boston with two cube alums and we're going to discuss this and other topics wayne dusso is the vice president for aws storage edge and data services and nancy wong as general manager of aws backup and data protection services guys welcome great to see you again thanks for coming on of course always a pleasure dave good to see you dave all right so wayne let's talk about how organizations should be thinking about this term data protection it's an expanding definition isn't it it is an expanded definition dave last year we talked about uh data and the importance of data to companies every company um is becoming a data company uh you know the amount of data they generate uh the amount of data they can use to uh create models to do predictive analytics and frankly uh to find ways of innovating uh is is growing uh rapidly and you know there's this tension between access to all that data right getting the value out of that data and how do you secure that data and so this is something we think about with customers all the time so data durability data protection data resiliency and you know trust in their data if you think about running your organization on your data trust in your data is so important so you know you got to trust where you're putting your data you know people who are putting their data on a platform need to trust that platform will in fact ensure its durability security resiliency and you know we see ourselves uh aws as a partner uh in securing their data making their data they're built durable making their data resilient all right so some of that responsibility is on us some of that is on amazon responsibility around data protection data resiliency and you know um we think about forever you know the notion of um you know compromise of your infrastructure but more and more people think about the compromise of their data as data becomes more valuable in fact data is a company's most valuable asset we've talked about this before only second to their people you know the people who are the most valuable asset but right next to that is their data so really important stuff so nancy you talk to a lot of customers but by the way it always comes back to the data we've been saying this for years haven't we so you've got this expanding definition of data protection you know governance is in there you think about access etc when you talk to customers what are you hearing from them how are they thinking about data protection yeah so a lot of the customers that wayne and i have spoken to often come to us seeking thought leadership about you know how do i solve this data challenge how do i solve this data sprawl challenge but also more importantly tying it back to data protection and data resiliency is how do i make sure that data is secure that it's protected against let's say ransomware events right and continuously protected so there's a lot of mental frameworks that come to mind and a very popular one that comes up in quite a few conversations is in this cyber security framework right and from a data protection perspective it's just as important to protect and recover your data as it is to be able to detect different events or be able to respond to those events right so recently i was just having a conversation with a regulatory body of financial institutions in europe where we're designing a architecture that could help them make their data immutable but also continuously protected so taking a step back that's really where i see aws's role in that we provide a wide breadth of primitives to help customers build secure platforms and scaffolding so that they can focus on building the data protection the data governance controls and guardrails on top of that platform and that's always been aws philosophy make sure that developers have access to those primitives and apis so that they can move fast and essentially build their own if that that's in fact what they want to do and as you're saying when data protection is now this adjacency to cyber security but there's disaster recoveries in there business continuance cyber resilience etc so so maybe you could pick up on that and sort of extend how you see aws helping customers build out those resilient services yeah so you know two uh core pillars to a data protection strategy is around their data durability which is really an infrastructural element you know it's it's it's by and large the responsibility of the provided that infrastructure to make sure that data is durable because if it's not durable and everything else doesn't matter um and the second pillar is really about data resiliency so in terms of security controls and governance like these are really important but these are a shared responsibility like the customers working with us with the services that we provide are there to architect the design it's really human factors and design factors that get them resiliency nancy anything you would add to what wayne just said yeah absolutely so customers tell us that they want always on data resiliency and data durability right so oftentimes in those conversations three common themes come up which is they want a centralized solution they want to be able to transcribe their intent into what they end up doing with their data and number three they want something that's policy driven because once you centralize your policies it's much better and easier to establish control and governance at an organizational level so keeping that in mind with policy as our interface there's two managed aws solutions that i recommend you all check out in terms of data resiliency and data durability those are aws backup which is our centralized solution for managing protection recovery and also provides an audit audit capability of how you protect your data across 15 different aws services as well as on-premises vmware and for customers whose mission-critical data is contained entirely on disk we also offer aws elastic disaster recovery services especially for customers who want to fail over their workloads from on-premises to the cloud so you can essentially centralize as a quick follow-up centralize the policy and as you said the intent but you can support a federated data model because you're building out this massive you know global system but you can take that policy and essentially bring it anywhere on the aws cloud is that right exactly and actually one powerful integration i want to touch upon is that aws backup is natively integrated with aws organizations which is our de facto multi-account federated organization model for how aws services work with customers both in the cloud on the edge at the edge and on premises so that's really important because as we talk about all the time on the cube this notion of a decentralized data architecture data mesh but the problem is how do you ensure governance in a federated model so we're clearly moving in that direction when i want to ask you about cyber as a board level discussion years ago i interviewed dr robert gates you know former defense secretary and he sat on a number of boards and i asked him you know how important and prominent is security at the board level is it really a board level discussion he said absolutely every time we meet we talk about cyber security but not every company at the time this was kind of early last decade was doing that that's changed um now ransomware is front and center hear about it all the time what's aws what's your thinking on cyber as a board level discussion and specifically what are you guys doing around ransomware yeah so you know malware in general ransomware being a particular type of malware um it's a hot topic and it continues to be a hot topic and whether at the board level the c-suite level um i had a chance to listen to uh dr gates a couple months ago and uh it was super motivational um but we think about ransomware in the same way that our customers do right because all of us are subject to an incident nobody is uh uh immune to a ransomware incident so we think very much the same way and as nancy said along the lines of the nist framework we really think about you know how do customers identify their critical access how do they plan for protecting those assets right how do they make sure that they are in fact protected and if they do detect a ransomware event and ransomware events come from a lot of different places like there's not one signature there's not one thumb print if you would for ransomware so it's it's there's really a lot of vigilance uh that needs to be put in place but a lot of planning that needs to be put in place and once that's detected and a we have to recover you know we know that we have to take an action and recover having that plan in place making sure that your assets are fully protected and can be restored as you know ransomware is a insidious uh type of malware you know it sits in your system for a long time it figures out what's going on including your backup policies your protection policies and figures out how to get around those with some of the things that nancy talked about in terms of air gapping your capabilities being able to if you would scan your secondary your backup storage for malware knowing that it's a good copy and then being able to restore from that known good copy in the event of an incident is critical so we think about this for ourselves in the same way that we think about these for our customers you've got to have a great plan you've got to have great protection and you've got to be ready to restore in the case of an incident and we want to make sure we provide all the capabilities to do that yeah so i'm glad you mentioned air gapping so at the recent reinforce i think it was kurt kufeld was speaking about ransomware and he didn't specifically mention air gapping i had to leave so i might i might have missed it because i'm doing the cube but that's a that's a key aspect i'm sure there were things in the on the deep dives that addressed air gapping but nancy look aws has the skills it has the resources you know necessary to apply all these best practices and you know share those as customers but but what specific investments is aws making to make the cso's life easier maybe you could talk about that sure so following on to your point about the reinforced keynote dave right cj moses talked about how the events of a ransomware for example incident or event can take place right on stage where you go from detect to respond and to recover and specifically on the recover piece he mentioned aws backup the managed service that protects across 15 different aws services as well as on-premises vmware as automated recovery and that's in part why we've decided to continue that investment and deliver aws backup audit manager which helps customers actually prove their posture against how their protection policies are actually mapping back to their organizational controls based on for example how they tag their data for mission criticality or how sensitive that data is right and so turning to best practices especially for ransomware events since this is very top of mind for a lot of customers these days is i will always try to encourage customers to go through game day simulations for example identifying which are those most critical applications in their environment that they need up and running for their business to function properly for example and actually going through the recovery plan and making sure that their staff is well trained or that they're able to go through for example a security orchestration automation recovery solution to make sure that all of their mission critical applications are back up and running in case of a ransomware event yeah so i love the game date thing i mean we know well just in the history of it you couldn't even test things like disaster recovery be right because it was too dangerous with the cloud you can test these things safely and actually plan out develop a blueprint test your blueprint i love the the game day analogy yeah and actually one thing i love to add is you know we talked about air gapping i just want to kind of tie up that statement is you know one thing that's really interesting about the way that the aws cloud is architected is the identity access and management platform actually allows us to create identity constructs that air gap your data perimeter so that way when attackers for example are able to gain a foothold in your environment you're still able to air gap your most mission critical and also crown jewels from being infiltrated that's key yeah we've learned you know when paying the ransom is not a good strategy right because most of the time many times you don't even get your data back okay so we we're kind of data geeks here we love data um and we're passionate about it on the cube aws and you guys specifically are passionate about it so what excites you wayne you start and then nancy you bring us home what excites you about data and data protection and why you know we are data nerds uh so at the end of the day um you know there's there's expressions we use all the time but data is such a rich asset for all of us some of the greatest innovations that come out of aws comes out of our analysis of our own data like we collect a lot of data on our operations and some of our most critical features for our customers come out of our analysis that data so we are data nerds and we understand how businesses uh view their data because we view our data the same way so you know dave security really started in the data center it started with the enterprises and if we think about security often we talk about securing compute and securing network and you know if you if you secured your compute you secured your data generally but we've separated data from compute so that people can get the value from their data no matter how they want to use it and in doing that we have to make sure that their data is durable and it's resilient to any sort of incident event so this is really really important to us and what do i get excited about um you know again thinking back to this framework i know that we as thought leaders alongside our customers who also thought leaders in their space can provide them with the capabilities they need to protect their data to secure their data to make sure it's compliant and always always always durable you know it's funny you'd say it's not funny it's serious actually steven schmidt uh at reinforce he's the the chief security officer at amazon used to be the c c iso of aws he said that amazon sees quadrillions of data points a month that's 15 zeros okay so that's a lot of data nancy bring us home what's what excites you about data and data protection yeah so specifically and this is actually drawing from conversations that i had with multiple isv partners at aws reinforce is the ability to derive value from secondary data right because traditionally organizations have really seen that as a cost center right you're producing secondary data because most likely you're creating backups of your mission critical workloads but what if you're able to run analytics and insights and derive insights from that secondary data right then you're actually able to let aws do the undifferentiated heavy lifting of analyzing that secondary data as state so that way you as customers or isv partners can build value on the security layers above and that is how we see turning cost into value i love it you're taking the original premise of the cloud taking away the undifferentiated heavy lifting for you know deploying compute storage and networking now bringing up to the data level the analytics level so it continues the cloud continues to expand thank you for watching thecube's coverage of aws storage day 2022

(upbeat music) >> Hey, everyone. Welcome to theCUBE's coverage of the International Women's Showcase for 2022. I'm your host, Lisa Martin. I'm pleased to welcome Nancy Wong, the general manager of Data Protection and Governance at AWS to the program. Nancy, it's great to have you. >> Thanks so much for having me Lisa, and you know, I really hope that this is hopefully the last year that we'll be celebrating International Women's Day all virtually. >> I agree. I agree. Well, we're going in that right direction globally. So let's cross our fingers. Talk to me a little bit about your role at AWS and what you do there. >> Sure. So as a GM of AWS Data Protection and Governance, a lot of, we tackle quite a few problems that our biggest customers face, right? When they think about, "How do I manage my data?" Right. Especially in this digital world. And speaking of the pandemic, how much data has been generated by consumers, by devices, by systems, by servers? How do you protect all of that data? Right. Especially we hear about cyber crime, cyber attacks. Right. Data breaches. It's really important to make sure that all of our customers have a coherent strategy around not just management, right, but also protection and really how you govern your data. Right. And there's just so many awesome conversations that my team and I have had lately with CSOs or chief technology officers on this topic, as it evolves. >> Data protection is so critical. It's one of my favorite topics to talk about, cybersecurity as well. Talk to me about what it means though if we keep this at a bit of a different level to be an operator within the the big ecosystem that is AWS. >> Yeah. And that's actually one of the the favorite aspects of my role. Right. Which is, you know, I get to innovate every day on behalf of my customers. For example, I love having one-on-one dialogues. I love having architecture conversations where we brainstorm. Right. And so those type of conversations help inform how we deliver and develop products. And so in an operator role, right, for the the women in the audience today, is it really gives you that perspective into not just how, what type of products do you want to build that delight your customers but also from an engineering. Right. And a bottom line perspective of, well how do you make this happen? Right. How do you fund this? And how do you plan out your development milestones? >> What are, tell me a little bit about your background and then what makes women in technology such an important initiative for you to stand behind? >> Absolutely. So I'm so proud today to see that the number of women or the percentage of women enrolled at engineering curriculums just continue to rise. Right. And especially as someone who went through an engineering degree in her undergraduate studies, that was not always the case. Right. So oftentimes, you know, I would look around the classroom and be the only woman on the lab bench or only woman in a CS classroom. And so when you have roles in tech, specifically, that require an undergraduate degree in computer science or a degree in engineering, that helps to, or that only serves to really reduce the population of eligible candidates. Right. Who then, if you look at that pool of eligible candidates who then you can invest and accelerate through the career ladder to become leaders in tech, well that's where you may end up with a representation issue. Right. And that's why we have, for example, so few women leaders in tech that we can look up to as role models. And that's really the problem or the gap that I'm very passionate about solving. And also, Lisa, I'm really excited to tell you a little bit more about advancing women in tech, which is a 501c3 nonprofit organization that I started to tackle this exact problem. >> Talk to me about that, cause it's one of the things that you bring up is, you know, we always say when we're having conversations like this, we can't be what we can't see. We need to be able to see those female leaders. To your point, there aren't a ton in comparison to the male leaders. So talk to me about advancing women in technology, why you founded this, and what you guys are accomplishing. >> Absolutely. So it's been such a personal journey as well. Just starting this organization called Advancing Women In Tech because I started it in 2017. Right. So when I really was, you know, just starting out as a product manager, I was at another big tech company at the time. And what I really realized, right, is looking around you know, I had so many, for example, bosses, managers, peer leaders, who were really invested in growing me as a product manager and growing my tech and career. And this is right after I'd made the transition from the federal government into big tech. What that said though, looking around, there weren't that many women tech leaders that I could look up to, or get coffee, or just have a mentoring conversation. And quickly I realized, well, it's not so much that women can't do it. Right. It's the fact that we're not advancing enough women into leadership roles. And so really we have to look at why that is. Right. And we, you know, from a personal perspective, one contribution towards that angle is upskilling. Right. So if you think about what skills one needs as one climbs a career ladder, whether that's your first people management role, or your first manager manager's role, or obviously for bigger leaders when they start managing thousands, tens of thousands of individuals, well all of that requires different skills. And so learning those skills about how to manage people, how to motivate your teams effectively, super, super important. And of course on the other side, and one that I'm, you know, near to dear to me is that of mentorship and executive sponsorship because you can have all the skills in the world, right. And especially with digital learning and AWIT is very involved with Coursera and AWS in producing and making those resources readily available and accessible. Well, if you don't have those opportunities, if you don't have mentors and sponsors who are well to push you or give you a step ladder to those roles, well you're still not going to get there. Right. And so, that's why actually, if you look at the AWIT mission, it's really those two pillars working very closely together to help advance women into leadership roles. >> The idea of mentorship and sponsorship is so critical. And I think a lot of people don't understand the difference between a mentor and a sponsor. How do you define that difference and how do you bring them into the organization so that they can be mentors and sponsors? >> Yeah, absolutely. And there's, you know, these two terms are often used today so interchangeably that I do get a lot of questions around, well, what is the difference? Right. And how does, let's say a mentor become a sponsor? So, maybe just taking a few steps back, right. When you have let's say questions around compensation or, "Hey I have some job offers, which ones do I consider?" And you ask someone a question or advice, well that person's likely your mentor. Right? And typically a mentor is someone who you can ask those questions on a repeated basis. Who's very accessible to you. Well, a sponsor takes that a few steps forward in the sense that they are sponsoring you into a role or into a project or initiative that you on your own may not be able to achieve. And by doing so, I think what really differentiates a sponsor from a mentor is that the sponsor will actually put their own reputation on the line. Right. They're using their own political capital in order to make sure that you get into that role, you get into that room. Right. And that's why it's so key, for example, especially if you have that relationship already with a person who's your mentor, you're able to ask questions or advice from, to convert them into a sponsor so that you can accelerate your career. >> Great definition, description, and great recommendations for converting mentors to sponsors. You know, I only learned the difference about a mentor and a sponsor a few years ago at another women in tech event that I was hosting. And I thought, "It's brilliant. It makes perfect sense." We need more people to understand the difference, the synergies, and how to promote mentors to sponsors. Talk to me now about advancing women in tech plus the power of AWS. How are they helping this nonprofit to really accelerate? >> Sure. So from an organization perspective, right, there's many women, for example, across the the tech companies who are part of Advancing Women In Tech, obviously Amazon of course as an employee has a very large community within who's part of AWIT. But we also have members across the tech industry from startups to VC firms to of course, Google, Microsoft, and Netflix. You name it. With that said, you know, what AWS has done with AWIT is actually very special in the sense that if you go to the Coursera platform, coursera.org/awit you can see our two Coursera specializations. Four courses each that go through the real world product management fundamentals. Or the business side, the technical skills, and even interviewing for mid-career product management roles. And the second specialization, which I'm super excited to share today, is actually geared towards getting folks ramped up and prepared to successfully pass the Cloud Practitioner's Exam, which is one of the industry recognized standards about understanding the AWS Cloud and being functional in the AWS Cloud. This summer, of course, and I'm sharing kind of a sneak peek announcement that I'll be making tomorrow with the University of Pennsylvania, is that we're kicking off a program for the masters of CIS program, or the Computer Information Systems Master students, to actually go through this Coursera specialization, which is produced by AWIT, sponsored by AWS, and AWS Training and Certifications has so generously donated exam vouchers for these students so that they can then go on and be certified in the AWS Cloud. So that's one just really cool collaboration that we are doing between AWS and AWIT to get more qualified folks in the door in tech jobs, and hopefully at jobs in AWS. >> That's a great collaboration. What are some of the goals in terms of metrics, the number of women that you want to get into the program and complete the program? What are some of those on your radar? >> Absolutely. So one of the reasons, of course, that the Master's of CIS Program, the University of Pennsylvania caught my eye, not withstanding, I graduated from there, but also that just the statistics of women enrolled. Right. So what's really notable about this program is it's entirely online, which as a university creating a Master's degree fully online, well, it takes a ton of resources from the university, from the faculty. And what's really special about these students is that they're already full-time adult professionals, which means that they're working a full-time job, they might be taking care of family obligations, and they're still finding time to advance themselves, to acquire a Master's degree in CS. And best of all, 42% of these students are women. Right. And so that's a number that is multiples of what we're finding in engineering curriculums today. And so my theory is, well if you go to a student population that is over 40%, 42 to be exact percent women, and enable these women to be certified in AWS Cloud, to have direct interview prep and mentorship from AWS software development leaders, well, that greatly increases their chances of getting a full-time role, right, at AWS. Right. At which then we can help them advance their careers to further and further roles in software development. >> So is this curriculum also open to women who aren't currently in tech to be able to open the door for them to get into tech and STEM fields? >> Absolutely. And so in my bad and remiss in mentioning, which is students of this Master's in CS Program are actually students not from tech already. So they're not in a tech field. And they did not have a degree in CS or even engineering as part of their undergraduate studies. So it's truly folks who are outside of tech, that are 42% women, that we're getting into the tech industry with this collaboration between AWS, AWIT, and the University of Pennsylvania. >> That's outstanding to get them in from completely different fields into tech. >> Absolutely. >> How do you help women have the confidence to say, "I want to try this." Cause if we think about every company today is a tech company. It's a data company. It has to be to be competitive. You know, the pandemic taught us that everything we're able to do online and digitally, for example, but how do you help women get the confidence to say, "Okay, I'm going to go from a completely different field into tech." >> Absolutely. So if we, you know, define tech of course as big tech or, you know, now the main companies, right, I myself made that transition, which is why it is a topic near and dear to me because I can personally speak to my journey because I didn't start my career out in tech. Right. Yes. I studied engineering. But with that said, my first full-time job out of college was with the federal government because I wanted to go and build healthdata.gov, right, which gave folks a lot of access to the healthcare data, roles, right, that existed within the U.S. government and the CMS, NIH, you know, CDC, so on and so forth. But that was quite a big change from then taking a product management job at Google. Right. And so how did I make that change? Well, a lot of it came from, you know, the mentors that I had. Right. What I call my personal board of directors who gave me that confidence. And sure, I mean even today, I still have imposter syndrome where, you know, I think, "Am I good enough." Right. "Should I be leading this organization," right, "of data protection and governance." But I think what it boils down to is, you know, inner confidence. Right. And goes back to those two pillars of having the right skills and also the right mentors and sponsors who are willing to help sponsor you into those opportunities and help sponsor you to success. >> Absolutely. Great advice and recommendations. Thanks for sharing your background, Nancy, it's outstanding to see where you started to where you are now and also to what you're enabling for so many other females to get into tech with the AWIT program combined with AWS and UPenn. Exciting stuff. Can't wait to talk to you next year to see where you guys go from here. >> Absolutely Lisa. And what I'm really looking forward to sharing with you next year is the personal testimonials of other women who have gone through the AWIT, the AWS, the UPenn Program and have gotten their tech jobs and also promotions. >> That sounds like a great thing to look forward to. I'm looking forward to that. Nancy, thanks so much for your time and the insight that you shared. >> Thanks so much for having me, Lisa. >> My pleasure. For Nancy Wong, I'm Lisa Martin. You're watching theCUBE's coverage of the International Women's Showcase 2022. (upbeat music)

(upbeat music) >> Hi everybody, we're here in downtown Seattle covering AWS storage day. My name is Dave Vellante with the Cube, and we're really excited. We're going to talk about rethinking data protection in the 2020s. I'm here with Nancy Wong, who is the general manager of AWS backup, and Satish Lakshmanan, the director of storage business development at AWS. Folks, welcome. Good to see you again. So let's talk about the evolution of data protection. You've got three major disruptors going on. There's obviously the data explosion. We talk about that all the time, but there's cloud has changed the way people are thinking about data protection and now you've got cyber. What's AWS's point of view on all this. >> Great question, Dave. You know, in my role as the global head of storage business development and solution architecture for storage, I have the privilege of working with customers all around the globe, in every geography and every segment. And we recently talked to thousands of customers and we did a survey for about 5,000 customers. And many of them told us that they expect to see a ransomware attack once every 11 seconds. So it's top of mind for almost every customer so much so that if you remember earlier this year, the white house issued an executive order, you know, making the nation aware of across public and private sector about cybersecurity and the need for, for, for us to be prepared. Customers as a result, largely think of not only ransomware protection, but also recovery. And they have largely allocated budgets across every geography to make sure that they're well protected. And in the, in the event of an attack, they can recover from it. That's where Nancy's, you know, data protection services and backup services come into play. And maybe she'll add a few comments about how she approaches it from a technology perspective. >> Yeah, sure. Thanks, Satish yeah, as a general manager of AWS backup and our data protection services, it's really my team and my charter to help our customers centralize, automate, and also protect themselves from attacks like ransomware. Right? And so for example, you know, across our many services today we offer AWS backup as a secondary data collection and management across our many AWS regions and also across the aid of many AWS accounts that a single customer must manage, right. And if you recall having multiple copies of your data exist in backups is a core part of any customers ransomware protection strategy. And lastly, I just want to say something that we just launched recently called AWS backup audit manager also helps you operationalize and monitor your backups against any ransomware attack. >> So, the adversary, obviously, as we know, was well-equipped and they're quite sophisticated. And anybody who has inside access can become a ransomware attacker because of things like ransomware as a service. So, what are you specifically doing to address ransomware? >> Yeah. So, in talking to several thousand of our customers, what we have learned is customers are typically vulnerable in one or more of three scenarios, right? The first scenario is when they're not technically ready. What that means is either their software patches are not up to date, or they have too many manual processes that really prevent them from being prepared for defending against an attack. The second is typically around a lack of awareness. These are situations where IT administrators leveraging cloud-based services are recognizing that, or not recognizing per se, that they're easy to instances, Lambda instances have public access and same applies to S3 buckets. And the third is lack of governance and governance based practices. The way we are educating our customers training in enabling them and empowering them, because it's a shared security model, is really through our well-architected framework. That's the way we shared best practices that we have learned across all our customers, across our industries. And we enable it and empower them to not only identify areas of vulnerability, but also be able to recover in the event of an attack. Nancy. >> Yeah, and to add to that right, our team, and now my team and I, for example, watch every ransomware incident and because it really informs the way that we plan our product roadmap and deliver features that help our customers protect, detect, and also recover from ransomware. So there's an ebook out there, suggest you go check it out, of securing your cloud environment against ransomware attacks. And aside from the technical maintenance suggestions that Satish provided, as well as the security awareness suggestions, there's really two things that I usually tell customers who come to me with ransomware questions. Which is one, right, don't rely on the good will of your ransomware attacker to restore your data. Because I mean, just studies show over 90% of ransom payers actually don't successfully recover all of their data because, hey, what if they don't give you the full decryption utility? Or what if your backups are not restorable? Right? So, rather than relying on that good will, make sure that you have a plan in place where you can recover from backups in case you get ransomed. Right? And two, is make sure that in addition to just taking backups, which obviously, you know, as a GM of AWS backup, I would highly recommend you do, right. Is make sure that those backups are actually restorable, right? Do game day testing, make sure that it's configured properly because you'd be surprised at the, just the number and the sheer percentage of customers who when, let's say the attack happens, actually find that they don't have a good set of data to recover their businesses from. >> I believe it. Backup is, one thing as they say, recovery is everything. So you've got the AWS well-architected framework. How does that fit in, along with the AWS data protection services into this whole ransomware discussion? >> Yeah, absolutely. You know, the AWS wall architected framework actually has four design approaches that I usually share with customers that are very relevant to the ransomware conversation. And one is, you know, anticipate where that ransomware attack may come from. Right? And two, make sure that you write down your approaches whereby you can solve for that ransomware attack, right? Three, just like I advocate my teams and customers to do, right. Then look back on what you've written down as your approach and reflect back on what are the best practices or lessons learned that you can gain from that exercise. And make sure as part four, is you consistently plan game days where you can go through these various scenario tests or ransomware game day attacks. And lastly, just as a best practice is ransomware recovery and protection isn't just the role of IT Professionals like us, right. It's really important to also include HR, professional, legal professionals. Frankly, anyone in a business who might come and be compromised by ransomware attack, and make sure that they're involved in your response. And so Satish, I'd love to hear as well, how you communicate to customers and what best practices you offer them. >> Yeah, thanks Nancy. I think in addition to the fantastic points you made, Nancy, Dave, the well architected framework has been built on eight to 10 years worth of customer engagements across all segments and verticals. And essentially it's a set of shared best practices, tools, training, and methodology that we, you know, exchange with customers in order to help them be more prepared to fight ransomware attacks and be able to recover from them. Recently, there've been some enhancements made where we have put industry or use case specific lenses to the well architected framework. For example, for customers looking to build IOT applications, customers who are trying to use server less and Lambda functions, customers who may be within the financial services or healthcare life sciences, where to go, looking to understand best practices from other people who've implemented, you know, some of the technologies that Nancy talked about. In addition, as I talked about earlier, training and enablement is extremely critical to make sure that if companies don't have the skillset, we are basically giving them the skillset to be able to defend. So we do a lot of hands-on labs. Lastly, the well architected framework tool has been integrated into the console, and it gives customers who are essentially managing the workloads, the ability to look at access permissions, ability to look at what risks they have through malware and ransomware detection techniques. Machine learning capability is built into all the services that are native to AWS that allow them to then react to them. If companies don't have the skills, we have a vast network of partners who can help them basically implement the right technologies. And they can always reach out to our technical account manager for additional information as well. >> I love the best practice discussion. For customers, it's a journey. I mean, CSOs tell us their one problem is lack of talent and so they need help. So, last question is what can people expect from AWS? You're the experts. In particular, how you can help them recover from ransomware? >> Yeah, and that conversation is ever evolving, right? As hackers get more sophisticated then clearly we have to get more sophisticated as well. And so one of our mental models that we often share with customers is defense in depth, right? So if you consider all of the layers, including all of the constructs that exist natively on AWS, right? The first layer is through identity access management constructs. So building a trust radius around your workloads, around your applications, whereby you can deny permissions or access permissions to individuals who are not authorized to access your mission critical applications, right. Then beyond that first layer of defense, the second layer should be automated monitoring or observability. For example, if individuals were to penetrate within your security perimeter, and often times I, you know, that could be done through a delayed response where it gives your CSO or your security operations team, the ability to react to such a unauthorized access, for example. And so the third line of defense is if someone were to penetrate both first layer, as well as the second layer, is actually through backups. And this is where it goes back to what I was mentioning earlier is make sure that your backups are ready and able to be restored and have the RTO and SLA guarantees that help your business remain functional even after an attack. >> Excellent. Guys, we got to go. I love that, zero trust layer defenses, got to have the observability in the analytics and then the last resort RTO, and of course, RPO. Guys, thanks so much, really appreciate your insights. >> Good to see you. >> Thank you for watching. Keep it right there for more great content from AWS storage day. (upbeat music)