[Music] the cyber security landscape has changed dramatically over the past 24 to 36 months rapid cloud migration has created a new layer of security defense sure but that doesn't mean csos can relax in many respects it further complicates or at least changes the cso's scope of responsibilities in particular the threat surface has expanded and that creates more seams and csos have to make sure their teams pick up where the hyperscaler clouds leave off application developers have become a critical execution point for cyber assurance shift left is the kind of new buzz phrase for devs but organizations still have to shield right meaning the operational teams must continue to partner with secops to make sure infrastructure is resilient so it's no wonder that an etr's latest survey of nearly 1500 cios and it buyers that business technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics rounding out the top four but budgets are under pressure and csos have to prioritize it's not like they have an open checkbook they have to contend with other key initiatives like those just mentioned to secure the funding and what about zero trust can you go out and buy zero trust or is it a framework a mindset in a series of best practices applied to create a security consciousness throughout the organization can you implement zero trust in other words if a machine or human is not explicitly allowed access then access is denied can you implement that policy without constricting organizational agility the question is what's the most practical way to apply that premise and what role does infrastructure play as the enforcer how does automation play in the equation the fact is that today's approach to cyber resilient type resilience can't be an either or it has to be an and conversation meaning you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible and don't even talk to me about the edge that's really going to keep you up at night hello and welcome to the special cube presentation a blueprint for trusted infrastructure made possible by dell technologies in this program we explore the critical role that trusted infrastructure plays in cyber security strategies how organizations should think about the infrastructure side of the cyber security equation and how dell specifically approaches securing infrastructure for your business we'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile first up are pete gear and steve kenniston they're both senior cyber security consultants at dell technologies and they're going to talk about the company's philosophy and approach to trusted infrastructure and then we're going to speak to paris our godaddy who's a senior consultant for storage at dell technologies to understand where and how storage plays in this trusted infrastructure world and then finally rob emsley who heads product marketing for data protection and cyber security he's going to take a deeper dive with rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy okay let's get started pete gear steve kenniston welcome to the cube thanks for coming into the marlboro studios today great to be here dave thanks dave good to see you great to see you guys pete start by talking about the security landscape you heard my little rap up front what are you seeing i thought you wrapped it up really well and you touched on all the key points right technology is ubiquitous today it's everywhere it's no longer confined to a monolithic data center it lives at the edge it lives in front of us it lives in our pockets and smartphones along with that is data and as you said organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago and along with that cyber crime has become a very profitable uh enterprise in fact it's been more than 10 years since uh the nsa chief actually called cybercrime the biggest transfer of wealth in history that was 10 years ago and we've seen nothing but accelerating cybercrime and really sophistication of how those attacks are are perpetrated and so the new security landscape is really more of an evolution we're finally seeing security catch up with all of the technology adoption all the build out the work from home and work from anywhere that we've seen over the last couple of years we're finally seeing organizations and really it goes beyond the i.t directors it's a board level discussion today security's become a board level discussion so yeah i think that's true as well it's like it used to be the security was okay the sec ops team you're responsible for security now you've got the developers are involved the business lines are involved it's part of onboarding for most companies you know steve this concept of zero trust it was kind of a buzzword before the pandemic and i feel like i've often said it's now become a a mandate but it's it's it's still fuzzy to a lot of people how do you guys think about zero trust what does it mean to you how does it fit yeah i thought again i thought your opening was fantastic in this whole lead into to what is zero trust it had been a buzzword for a long time and now ever since the federal government came out with their implementation or or desire to drive zero trust a lot more people are taking a lot more seriously because i don't think they've seen the government do this but ultimately let's see ultimately it's just like you said right if you don't have trust to those particular devices applications or data you can't get at it the question is and and you phrase it perfectly can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive because we're seeing with your whole notion around devops and the ability to kind of build make deploy build make deploy right they still need that functionality but it also needs to be trusted it needs to be secure and things can't get away from you yeah so it's interesting we attended every uh reinforce since 2019 and the narrative there is hey everything in this in the cloud is great you know and this narrative around oh security is a big problem is you know doesn't help the industry the fact is that the big hyperscalers they're not strapped for talent but csos are they don't have the the capabilities to really apply all these best practices they're they're playing whack-a-mole so they look to companies like yours to take their your r d and bake it into security products and solutions so what are the critical aspects of the so-called dell trusted infrastructure that we should be thinking about yeah well dell trusted infrastructure for us is a way for us to describe uh the the work that we do through design development and even delivery of our it system so dell trusted infrastructure includes our storage it includes our servers our networking our data protection our hyper-converged everything that infrastructure always has been it's just that today customers consume that infrastructure at the edge as a service in a multi-cloud environment i mean i view the cloud as really a way for organizations to become more agile and to become more flexible and also to control costs i don't think organizations move to the cloud or move to a multi-cloud environment to enhance security so i don't see cloud computing as a panacea for security i see it as another attack surface and another uh aspect in front that organizations and and security organizations and departments have to manage it's part of their infrastructure today whether it's in their data center in a cloud or at the edge i mean i think it's a huge point because a lot of people think oh the data's in the cloud i'm good it's like steve we've talked about oh why do i have to back up my data it's in the cloud well you might have to recover it someday so i don't know if you have anything to add to that or any additional thoughts on it no i mean i think i think like what pete was saying when it comes to when it comes to all these new vectors for attack surfaces you know people did choose the cloud in order to be more agile more flexible and all that did was open up to the csos who need to pay attention to now okay where can i possibly be attacked i need to be thinking about is that secure and part of the part of that is dell now also understands and thinks about as we're building solutions is it is it a trusted development life cycle so we have our own trusted development life cycle how many times in the past did you used to hear about vendors saying you got to patch your software because of this we think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective and make sure we don't give up or or have security become a whole just in order to implement a feature we got to think about those things yeah and as pete alluded to our secure supply chain so all the way through knowing what you're going to get when you actually receive it is going to be secure and not be tampered with becomes vitally important and pete and i were talking earlier when you have tens of thousands of devices that need to be delivered whether it be storage or laptops or pcs or or whatever it is you want to be tr you want to know that that that those devices are can be trusted okay guys maybe pete you could talk about the how dell thinks about it's its framework and its philosophy of cyber security and then specifically what dell's advantages are relative to the competition yeah definitely dave thank you so i we've talked a lot about dell as a technology provider but one thing dell also is is a partner in this larger ecosystem we realize that security whether it's a zero trust paradigm or any other kind of security environment is an ecosystem with a lot of different vendors so we look at three areas uh one is protecting data in systems we know that it starts with and ends with data that helps organizations combat threats across their entire infrastructure and what it means is dell's embedding security features consistently across our portfolios of storage servers networking the second is enhancing cyber resiliency over the last decade a lot of the funding and spending has been in protecting or trying to prevent cyber threats not necessarily in responding to and recovering from threats right we call that resiliency organizations need to build resiliency across their organization so not only can they withstand a threat but they can respond recover and continue with their operations and the third is overcoming security complexity security is hard it's more difficult because of the the things we've talked about about distributed data distributed technology and and attack surfaces everywhere and so we're enabling organizations to scale confidently to continue their business but know that all all the i.t decisions that they're making um have these intrinsic security features and are built and delivered in a consistent security so those are kind of the three pillars maybe we could end on what you guys see as the key differentiators uh that people should know about that that dell brings to the table maybe each of you could take take a shot at that yeah i i think first of all from from a holistic portfolio perspective right the secure supply chain and the secure development life cycle permeate through everything dell does when building things so we build things with security in mind all the way from as pete mentioned from from creation to delivery we want to make sure you have that that secure device or or asset that permeates everything from servers networking storage data protection through hyper converge through everything that to me is really a key asset because that means you can you understand when you receive something it's a trusted piece of your infrastructure i think the other core component to think about and pete mentioned as dell being a partner for um making sure you can deliver these things is that even though those are that's part of our framework these pillars are our framework of how we want to deliver security it's also important to understand that we are partners and that you don't need to rip and replace but as you start to put in new components you can be you can be assured that the components that you're replacing as you're evolving as you're growing as you're moving to the cloud as you're moving to more on-prem type services or whatever that your environment is secure i think those are two key things got it okay pete bring us home yeah i think one of one of the big advantages of dell uh is our scope and our scale right we're a large technology vendor that's been around for decades and we develop and sell almost every piece of technology we also know that organizations are might make different decisions and so we have a large services organization with a lot of experienced services people that can help customers along their security journey depending on uh whatever type of infrastructure or solutions that they're looking at the other thing we do is make it very easy to consume our technology whether that's traditional on-premise in a multi-cloud environment uh or as a service and so the best of breed technology can be consumed in any variety of fashion and know that you're getting that consistent secure infrastructure that dell provides well and dell's forgot the probably top supply chain not only in the tech business but probably any business and so you can actually take take your dog food and then and allow other your champagne sorry allow other people to you know share share best practices with your with your customers all right guys thanks so much for coming thank you appreciate it okay keep it right there after this short break we'll be back to drill into the storage domain you're watching a blueprint for trusted infrastructure on the cube the leader in enterprise and emerging tech coverage be right back you

(upbeat music) >> The cybersecurity landscape has changed dramatically over the past 24 to 36 months. Rapid cloud migration has created a new layer of security defense, sure, but that doesn't mean CISOs can relax. In many respects, it further complicates, or at least changes, the CISO's scope of responsibilities. In particular, the threat surface has expanded. And that creates more seams, and CISOs have to make sure their teams pick up where the hyperscaler clouds leave off. Application developers have become a critical execution point for cyber assurance. "Shift left" is the kind of new buzz phrase for devs, but organizations still have to "shield right," meaning the operational teams must continue to partner with SecOps to make sure infrastructure is resilient. So it's no wonder that in ETR's latest survey of nearly 1500 CIOs and IT buyers, that business technology executives cite security as their number one priority, well ahead of other critical technology initiatives including collaboration software, cloud computing, and analytics rounding out the top four. But budgets are under pressure and CISOs have to prioritize. It's not like they have an open checkbook. They have to contend with other key initiatives like those just mentioned, to secure the funding. And what about zero trust? Can you go out and buy zero trust or is it a framework, a mindset in a series of best practices applied to create a security consciousness throughout the organization? Can you implement zero trust? In other words, if a machine or human is not explicitly allowed access, then access is denied. Can you implement that policy without constricting organizational agility? The question is, what's the most practical way to apply that premise? And what role does infrastructure play as the enforcer? How does automation play in the equation? The fact is, that today's approach to cyber resilience can't be an "either/or," it has to be an "and" conversation. Meaning, you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible. And don't even talk to me about the edge. That's really going to keep you up at night. Hello and welcome to this special CUBE presentation, "A Blueprint for Trusted Infrastructure," made possible by Dell Technologies. In this program, we explore the critical role that trusted infrastructure plays in cybersecurity strategies, how organizations should think about the infrastructure side of the cybersecurity equation, and how Dell specifically approaches securing infrastructure for your business. We'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile. First up are Pete Gerr and Steve Kenniston, they're both senior cyber security consultants at Dell Technologies. And they're going to talk about the company's philosophy and approach to trusted infrastructure. And then we're going to speak to Parasar Kodati, who's a senior consultant for storage at Dell Technologies to understand where and how storage plays in this trusted infrastructure world. And then finally, Rob Emsley who heads product marketing for data protection and cyber security. We're going to going to take a deeper dive with Rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy. Okay, let's get started. Pete Gerr, Steve Kenniston, welcome to theCUBE. Thanks for coming into the Marlborough studios today. >> Great to be here, Dave. Thanks. >> Thanks, Dave. Good to see you. >> Great to see you guys. Pete, start by talking about the security landscape. You heard my little wrap up front. What are you seeing? >> I thought you wrapped it up really well. And you touched on all the key points, right? Technology is ubiquitous today. It's everywhere. It's no longer confined to a monolithic data center. It lives at the edge. It lives in front of us. It lives in our pockets and smartphones. Along with that is data. And as you said, organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago. And along with that, cyber crime has become a very profitable enterprise. In fact, it's been more than 10 years since the NSA chief actually called cyber crime the biggest transfer of wealth in history. That was 10 years ago. And we've seen nothing but accelerating cyber crime and really sophistication of how those attacks are perpetrated. And so the new security landscape is really more of an evolution. We're finally seeing security catch up with all of the technology adoption, all the build out, the work from home and work from anywhere that we've seen over the last couple of years. We're finally seeing organizations, and really it goes beyond the IT directors, it's a board level discussion today. Security's become a board level discussion. >> Yeah, I think that's true as well. It's like it used to be that security was, "Okay, the SecOps team. You're responsible for security." Now you've got, the developers are involved, the business lines are involved, it's part of onboarding for most companies. You know, Steve, this concept of zero trust. It was kind of a buzzword before the pandemic. And I feel like I've often said it's now become a mandate. But it's still fuzzy to a lot of people. How do you guys think about zero trust? What does it mean to you? How does it fit? >> Yeah. Again, I thought your opening was fantastic. And this whole lead in to, what is zero trust? It had been a buzzword for a long time. And now, ever since the federal government came out with their implementation or desire to drive zero trust, a lot more people are taking it a lot more seriously, 'cause I don't think they've seen the government do this. But ultimately, it's just like you said, right? If you don't have trust to those particular devices, applications, or data, you can't get at it. The question is, and you phrase it perfectly, can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive? 'Cause we're seeing, with your whole notion around DevOps and the ability to kind of build, make, deploy, build, make, deploy, right? They still need that functionality but it also needs to be trusted. It needs to be secure and things can't get away from you. >> Yeah. So it's interesting. I've attended every Reinforce since 2019, and the narrative there is, "Hey, everything in the cloud is great. And this narrative around, 'Oh, security is a big problem.' doesn't help the industry." The fact is that the big hyperscalers, they're not strapped for talent, but CISOs are. They don't have the capabilities to really apply all these best practices. They're playing Whac-A-Mole. So they look to companies like yours, to take your R&D and bake it into security products and solutions. So what are the critical aspects of the so-called Dell Trusted Infrastructure that we should be thinking about? >> Yeah, well, Dell Trusted Infrastructure, for us, is a way for us to describe the the work that we do through design, development, and even delivery of our IT system. So Dell Trusted Infrastructure includes our storage, it includes our servers, our networking, our data protection, our hyper-converged, everything that infrastructure always has been. It's just that today customers consume that infrastructure at the edge, as a service, in a multi-cloud environment. I mean, I view the cloud as really a way for organizations to become more agile and to become more flexible, and also to control costs. I don't think organizations move to the cloud, or move to a multi-cloud environment, to enhance security. So I don't see cloud computing as a panacea for security, I see it as another attack surface. And another aspect in front that organizations and security organizations and departments have to manage. It's part of their infrastructure today, whether it's in their data center, in a cloud, or at the edge. >> I mean, I think that's a huge point. Because a lot of people think, "Oh, my data's in the cloud. I'm good." It's like Steve, we've talked about, "Oh, why do I have to back up my data? It's in the cloud?" Well, you might have to recover it someday. So I don't know if you have anything to add to that or any additional thoughts on it? >> No, I mean, I think like what Pete was saying, when it comes to all these new vectors for attack surfaces, you know, people did choose the cloud in order to be more agile, more flexible. And all that did was open up to the CISOs who need to pay attention to now, okay, "Where can I possibly be attacked? I need to be thinking about is that secure?" And part of that is Dell now also understands and thinks about, as we're building solutions, is it a trusted development life cycle? So we have our own trusted development life cycle. How many times in the past did you used to hear about vendors saying you got to patch your software because of this? We think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective, and make sure we don't give up or have security become a hole just in order to implement a feature. We got to think about those things. And as Pete alluded to, our secure supply chain. So all the way through, knowing what you're going to get when you actually receive it is going to be secure and not be tampered with, becomes vitally important. And then Pete and I were talking earlier, when you have tens of thousands of devices that need to be delivered, whether it be storage or laptops or PCs, or whatever it is, you want to be know that those devices can be trusted. >> Okay, guys, maybe Pete, you could talk about how Dell thinks about its framework and its philosophy of cyber security, and then specifically what Dell's advantages are relative to the competition. >> Yeah, definitely, Dave. Thank you. So we've talked a lot about Dell as a technology provider. But one thing Dell also is is a partner in this larger ecosystem. We realize that security, whether it's a zero trust paradigm or any other kind of security environment, is an ecosystem with a lot of different vendors. So we look at three areas. One is protecting data in systems. We know that it starts with and ends with data. That helps organizations combat threats across their entire infrastructure. And what it means is Dell's embedding security features consistently across our portfolios of storage, servers, networking. The second is enhancing cyber resiliency. Over the last decade, a lot of the funding and spending has been in protecting or trying to prevent cyber threats, not necessarily in responding to and recovering from threats. We call that resiliency. Organizations need to build resiliency across their organization, so not only can they withstand a threat, but they can respond, recover, and continue with their operations. And the third is overcoming security complexity. Security is hard. It's more difficult because of the things we've talked about, about distributed data, distributed technology, and attack surfaces everywhere. And so we're enabling organizations to scale confidently, to continue their business, but know that all the IT decisions that they're making have these intrinsic security features and are built and delivered in a consistent, secure way. >> So those are kind of the three pillars. Maybe we could end on what you guys see as the key differentiators that people should know about that Dell brings to the table. Maybe each of you could take a shot at that. >> Yeah, I think, first of all, from a holistic portfolio perspective, right? The secure supply chain and the secure development life cycle permeate through everything Dell does when building things. So we build things with security in mind, all the way from, as Pete mentioned, from creation to delivery, we want to make sure you have that secure device or asset. That permeates everything from servers, networking, storage, data protection, through hyperconverged, through everything. That to me is really a key asset. Because that means you understand when you receive something it's a trusted piece of your infrastructure. I think the other core component to think about, and Pete mentioned, as Dell being a partner for making sure you can deliver these things, is that even though that's part of our framework, these pillars are our framework of how we want to deliver security, it's also important to understand that we are partners and that you don't need to rip and replace. But as you start to put in new components, you can be assured that the components that you're replacing as you're evolving, as you're growing, as you're moving to the cloud, as you're moving to more on-prem type services or whatever, that your environment is secure. I think those are two key things. >> Got it. Okay. Pete, bring us home. >> Yeah, I think one of the big advantages of Dell is our scope and our scale, right? We're a large technology vendor that's been around for decades, and we develop and sell almost every piece of technology. We also know that organizations might make different decisions. And so we have a large services organization with a lot of experienced services people that can help customers along their security journey, depending on whatever type of infrastructure or solutions that they're looking at. The other thing we do is make it very easy to consume our technology, whether that's traditional on premise, in a multi-cloud environment, or as a service. And so the best-of-breed technology can be consumed in any variety of fashion, and know that you're getting that consistent, secure infrastructure that Dell provides. >> Well, and Dell's got probably the top supply chain, not only in the tech business, but probably any business. And so you can actually take your dog food, or your champagne, sorry, (laughter) allow other people to share best practices with your customers. All right, guys, thanks so much for coming up. I appreciate it. >> Great. Thank you. >> Thanks, Dave. >> Okay, keep it right there. After this short break, we'll be back to drill into the storage domain. You're watching "A Blueprint for Trusted Infrastructure" on theCUBE, the leader in enterprise and emerging tech coverage. Be right back. (upbeat music)

>> Announcer: Live from San Francisco, it's theCUBE covering RSA Conference 2020 San Francisco, brought to you by SiliconANGLE Media. >> Okay, welcome back, everyone, to CUBE's coverage here in San Francisco at RSA Conference 2020. I'm John Furrier, your host. You know, cybersecurity industry's changing. Enterprises are now awake to the fact that it's now a bigger picture around securing the enterprise, 'cause it's not only the data center. It's cloud, it's the edge, a lot of great stuff. We've got a great guest here from Dell EMC. Peter Gerr's a consultant, cyber resilience solutions and services marketing at Dell EMC. Great to see you. >> You too, John. >> Thanks for coming on. >> Good to see you again, thank you. >> So, you know, I was joking with Dave Volante just this morning around the three waves of cloud, public cloud, hybrid cloud, multicloud. And we see obviously the progression. Hybrid cloud is where everyone spends most of their time. That's from ground to cloud, on-premises to cloud. So pretty much everyone knows-- >> Peter: On-ramp, kind of. >> That on-prem is not going away. Validated by all the big cloud players. but you got to nail the equation down for on-premises to the cloud, whether it's, I'm Amazon-Amazon, Azure-Azure, whatever, all those clouds. But the multicloud will be a next generation wave. That as an industry backdrop is very, very key. Plus AI and data are huge inputs into solving a lot of what is going to be new gaps, blind spots, whatever insecurity. So I got to, you know, Dell has a history with huge client base, traditional enterprises transforming. You're in the middle of all this, so you got the airplane at 30,000 feet and the companies have to swap out their engines and reboot their teams, and it's a huge task. What's going on with cyber and the enterprises? What are some of the key things? >> Well, so I like to keep it pretty simple. I've been in this industry over 20 years and I've really consistently talked about data as the global currency, right? So it's beautifully simple. Whatever industry you're in, whatever size company you're in, enterprise or even now small to medium businesses, their businesses are driven by data. Connectivity to that data, availability of the data, integrity of the data, and confidentiality of the data. And so sort of the area of the world that I focus upon is protecting customers' most valuable data assets, now, whether those are on-prem, in the cloud, or in a variety of modalities, and ensuring that those assets are protected and isolated from the attack surface, and then ability to recover those critical assets quickly so they can resume business operations. That's really the area that I work in. Now, that data, as you pointed out, it could start on-prem. It could live in multicloud. It can live in a hybrid environment. The key is really to understand that not all data is created equally. If you were to have a widespread cyber attack, really the key is to bring up those critical applications systems and data sets first to return to business operations. >> Yeah, it's funny-- >> Peter: It's really challenging >> You know, it's not funny, it's actually just ironic, but it's really kind of indicative of the society now is that EMC was bought by Dell Storage and the idea of disruption has always been a storage concept. We don't want a lot of disruption when we're doing things, right? >> Peter: None, we can't, yeah. >> So whether it's backup and recovery or cyber ransomware, whatever it is, the idea of non-disruptive operations-- >> Absolutely. >> Has been a core tenant. Now, that's obviously the same for cyber, as you can tell. So I got to ask you, what is your definition and view of cyber resilience? Because, well, that's what we're talking about here, cyber resilience. What's your view on that? >> So when we started developing our cyber recovery solution about five years ago, we used the NIST cybersecurity framework, which is a very well-known standard that defines really five pillars of how organizations can think about building a cyber resilience strategy. A cyber resilience strategy really encompasses everything from perimeter threat detection and response all the way through incident response after an attack and everything that happens in between, protecting the data and recovering the data, right? And critical systems. So I think of cyber resilience as that holistic strategy of protecting an organization and its data from a cyber attack. >> That's great insight. I want to get your thoughts on how that translates into the ecosystem, because this is an ecosystem around cyber resilience. >> Peter: Absolutely. >> And let's just say, and you may or may not be able to comment on this, but RSA is now being sold. >> Peter: Yeah, no, that's fair. >> So that's going out of the Dell family. But you guys have obviously VMware and Secureworks. But it's not just you guys. It's an ecosystem. >> It really is. >> How does Dell now without, with and without RSA, fit into the ecosystem? >> So as I mentioned, cyber resilience is really thought of as a holistic strategy. RSA and other Dell assets like Carbon Black fit in somewhere in that continuum, right? So RSA is really more on threat detection and response, perimeter protection. The area of the business that I work on, data protection and cyber recovery, really doesn't address the prevention of attacks. We really start with the premise that preventing a cyber attack is not 100% possible. If you believe that, then you need to look at protecting and recovering your assets, right? And so whether it's RSA, whether it's Carbon Black, whether it's Secureworks, which is about cyber incident and response, we really work across those groups. It's about technology, processes, and people. It's not any one thing. We also work outside of the Dell technologies umbrella. So we integrate, our cyber recovery solution is integrated with Unisys Stealth. So there's an example of how we're expanding and extending the cyber recovery solution to bring in other industry standards. >> You know, it's interesting. I talk to a lot of people, like, I'm on theCube here at RSA. Everyone wants better technology, but there's also a shift back to best-of-breed, 'cause you want to have the best new technology, but at the same time, you got to have proven solutions. >> Peter: That's the key. >> So what are you guys selling, what is the best-of-breed from Dell that you guys are delivering to customers? What are some of the areas? >> So I'm old EMC guy myself, right? And back from the days of disaster recovery and business continuity, right? More traditional data protection and backup. The reality is that the modern threats of cyber hackers, breaches, insider attacks, whatever you like, those traditional data protection strategies weren't built to address those types of threats. So along with transformation and modernization, we need to modernize our data protection. That's what cyber recovery is. It's a modern solution to the modern threat. And what it does is it augments your data, excuse me, your disaster recovery and your backup environment with a purpose-built isolated air gap digital vault which is built around our proven Data Domain and PowerProtect DD platforms that have been around for over a decade. But what we've done is added intelligence, analytics, we've hardened that system, and we isolate it so customers can protect really their most valuable assets in that kind of a vault. >> So one of things I've been doing some research on and digging into is cyber resilience, which you just talked about, cyber security, which is the industry trend, and you're getting at cyber recovery, okay? >> Peter: Correct. >> Can you talk about some examples of how this all threads together? What are some real recent wins or examples? >> Sure, sure. So think of cyber recovery as a purpose-built digital vault to secure your most valuable assets. Let me give you an example. One of our customers is a global paint manufacturer, okay? And when we worked with them to try to decide what of their apps and data sets should go into this cyber recovery vault, we said, "What is the most critical intellectual property "that you have?" So in their case, and, you know, some customers might say my Oracle financials or my Office 365 environment. For this customer it was their proprietary paint matching system. So they generate $80 to $100 million every day based upon this proprietary paint matching system which they've developed and which they use every day to run their business. If that application, if those algorithms were destroyed, contaminated, or posted on the public internet somewhere, that would fundamentally change that company. So that's really what we're talking about. We're working with customers to help them identify their most critical assets, data, systems, applications, and isolate those from the threat vector. >> Obviously all verticals are impacted by cyber security. >> Every vertical is data-driven, that's right. >> And so obviously the low-hanging fruit, are they the normal suspects, financial services? Is there a particular one that's hotter than, obviously financial services has got fraud and all that stuff on it, but is that still number one, or-- >> So I think there's two sides to the coin. One, if you look at the traditional enterprise environments, absolutely financial services and healthcare 'cause they're both heavily regulated, therefore that data has very high value and is a very attractive target to the would-be hackers. If you look on the other end of the spectrum, though, the small to medium businesses that all rely on the internet for their business to run, they're the ones that are most susceptible because they don't have the budgets, the infrastructure, or the expertise to protect themselves from a sophisticated hacker. So we work across all verticals. Obviously the government is also very susceptible to cyber threats. But it's every industry, any business that's data-driven. I mean, everyone's been breached so many times, no one even knows how many times. I got to ask you about some cool trends we're reporting on here. Homomorphic encryption is getting a lot of traction here because financial services and healthcare are two-- >> Peter: Homomorphic? >> Homomorphic, yeah. Did I say that right? >> It's the first time I've ever heard that term, John. >> It's encryption at in use. So you have data at rest, data in flight, and data in use. So it's encryption when you're doing all your, protecting all your transactional data. So it's full implementation with Discovery. Intel's promoting it. We discovered a startup that's doing that, as well. >> Peter: Yeah, that's new for me, yeah. >> But it allows for more use cases. But data in use, not just motion, or in-flight, whatever they call it. >> Peter: I get it, yeah, static. >> So that's opening up these other thing. But it brings up the why, why that's important, and the reason is that financial services and healthcare, because they're regulated, have systems that were built many moons ago or generations ago. >> Absolutely. >> So there was none of these problems that you were mentioning earlier, like, they weren't built for that. >> Correct. >> But now you need more data. AI needs sharing of data. Sharing is a huge deal. >> Real-time sharing, too, right? >> Real-time sharing. >> And I think that's where the homomorphic encryption comes in. >> That's exactly right. So you mentioned that. So these industries, how can they maintain their existing operations and then get more data sharing? Do you have any insight into how you see that? Because that's one of those areas that's becoming like, okay, HIPAA, we know why that was built, but it's also restrictive. How do you maintain the purity of a process-- >> If your infrastructure is old? That is a challenge, healthcare especially, because, I mean, if I'm running a health system, every dollar that I have should really go into improving patient care, not necessarily into my IT infrastructure. But the more that every industry moves towards a real-time data-driven model for how we give care, right, the more that companies need to realize that data drives their business. They need to do everything they can to protect it and also ensure that they can recover it when and if a cyber attack happens. >> Well, I really appreciate the insight, and it's going to be great to see Dell Technologies World coming up. We'll dig into a lot of that stuff. While we're here and talking us about some of these financial services, banking, I want to get your thoughts. I've been hearing this term Sheltered Harbor being kicked around. What is that about? What does that mean? >> Sheltered Harbor, you're right, I think you'll hear a lot more about it. So Sheltered Harbor is a financial industries group and it's also a set of best practices and specifications. And really, the purpose of Sheltered Harbor is to protect consumer and financial institutions' data and public confidence in the US financial system. So the use case is this. You can imagine that a bank having a cyber attack and being unable to produce transactions could cause problems for customers of that bank. But just like we were talking about, the interconnectedness of the banking system means that one financial institution failing because of a cyber attack, it could trigger a cascade and a panic and a run on the US financial banks and therefore the global financial system. Sheltered Harbor was developed to really protect public confidence in the financial system by ensuring that banks, brokerages, credit unions are protecting their customer data, their account records, their most valuable assets from cyber attack, and that they can recover them and resume banking operations quickly. >> So this is an industry group? >> It's an industry group. >> Or is it a Dell group or-- >> No, Sheltered Harbor is a US financial industry group. It's a non-profit. You can learn more about it at shelteredharbor.org. The interesting thing for Dell Technologies is we're actually the first member of the Sheltered Harbor solution provider program, and we'll be announcing that shortly, in fact, this week, and we'll have a cyber recovery for Sheltered Harbor solution in the market very shortly. >> Cyber resilience, great topic, and you know, it just goes to show storage is never going away. The basic concepts of IT, recovery, continuous operations, non-disruptive operations. Cloud scale changes the game. >> Peter: It's all about the data. >> It's all about the data. >> Still, yes, sir. >> Thanks for coming on and sharing your insights. >> Thank you, John. >> RSA coverage here, CUBE, day two of three days of coverage. I'm John Furrier here on the ground floor in Moscone in San Francisco. Thanks for watching (electronic music)

>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angled media. >>Okay, welcome back. Everyone's keeps coverage here in San Francisco for RSA. Copper's 2020. I'm John Farrow, your host, you know, cybersecurity industry's changing and enterprises are now awake to the fact that is now a bigger picture around securing the enterprise cause it's not only the data center, it's cloud, it's the edge. A lot of great stuff. I've got a great guest here from Dell, EMC, Peter Garris, consultant cyber resilient solutions and services marketing, uh, Dell EMC. Great to see you. Thanks for to John. Good to see you again. So you know, I was joking with Dave Alante just this morning around the three ways of cloud, public cloud, hybrid cloud, multi-cloud. And we see obviously the progression hybrid cloud is where everyone spend most of their time. That's from ground to cloud on premises to cloud. Yep. So pretty much everyone knows around on premise is not going away, validated by all the big cloud players. >>But you've got to nail the equation down for on premises to the cloud, whether it's Amazon, Amazon, Azure, Azure, whatever, all those costs. But the multicloud will be a next generation wave that is an industry backdrop and it's very, very key. Plus AI and data are huge inputs into solving a lot of what is going to be new gaps, blind spots, whatever insecurity. So I guess, you know, Dell's has a history with huge client base, traditional enterprises transforming. You're in the middle of all this. So you've got, you know, the airplane at three to 30,000 feet. Yep. And the companies have to swap out their engines and reboot their teams and it's a huge task. What's going on with cyber and the enterprises? What are, what are some of the key things? Well, so I like to keep it pretty simple. I've been in this industry over 20 years and I've really consistently talked about data as the global currency, right. >>So it's beautifully simple. Whatever industry you're in, whatever size company you're in, enterprise or even now, small to medium businesses, their businesses are driven by data connectivity. That data availability of the data, integrity of the data and confidentiality of the data, and so the sort of the area of the world that I focus upon is protecting customers. Most valuable data assets now, whether those are on prem, in the cloud or in a variety of modalities, and ensuring that those assets are protected and isolated from the attack surface and then ability to recover those critical assets quickly so they can return resume business operations. That's really the area that I work in. Now, that data, as you pointed out, it could start on prem, it could live in multi-cloud, it can live in a hybrid environment. The key is really to to understand that not all data is created equally if you were to have a widespread cyber attack, really the key is to bring up those critical applications, systems and datasets first to return to business operations. >>Really challenging. You know, it's not funny. It's actually, I just, I run it, but it's, it's, it's, it's really kind of indicative of the society now is that EMC was bought by Dell storage and the idea of disruption was always been a storage concept. Yes, we want, we don't want a lot of disruption when we're doing things right. So not know whether it's backup and recovery or cyber ransomware, whatever it is, the idea of non-disruptive operations. Absolutely. A core tenant. Now that's obviously the same for cyber as you can tell. So I've got to ask you, what is your definition in view of cyber resilience because, well, that's what we're talking about here. Cyber resilience. What's your view on this? So when we started developing our cyber recovery solution about five years ago, we used, uh, the NIST cybersecurity framework, which is a very well known standard that defines really five pillars of how organizations can think about building a cyber resilience strategy. >>A cyber resilience strategy really encompasses everything from a perimeter threat detection and response all the way through incident response after an attack. And everything that happens in between protecting the data and recovering the data, right? And critical systems. So I think of cyber resilience is that holistic strategy of protecting an organization and its data from a cyber attack as great insight. I want to get your thoughts on how that translates into the ecosystem. Okay. Because there's an ecosystem around cyber resilience. Absolute, let's just say, and you may or may not be able to comment on this, but RSA was now being sold. Yeah, no, that's fair. That's going out of the Dell family. But you guys have, you know, obviously VMware and insecure words, but it's not just you guys. It's an ecosystem. It really is. Does Dell now without, with and without RSA fit into the ecosystem. >>So as I mentioned, cyber resilience is really thought of as a holistic strategy. RSA and, and other Dell assets like carbon black, um, fit in somewhere in that continuum. Right? So RSA is really more on threat detection and response, perimeter protection. The area of the business that I work on, data protection and cyber recovery really doesn't address the, um, prevention of attacks. We really start with the premise that preventing a cyber attack is not a hundred percent possible. If you believe that, then you need to look at protecting and recovering your assets. Right? And so whether it's RSA, whether it's carbon black, whether it's secure works, which is about cyber incident and response, we really work across those groups. It's, it's about technology processes and people. It's not any one thing. We also work outside of the Dell technologies umbrella. So we integrate, our cyber recovery solution is integrated with Unisys stealth. >>Uh, so there's an example of how we're expanding and extending the cyber recovery solution to bring in, you know, other industry standards. You know, it's interesting, I talked to a lot of people that come on the Q of history here at RSA. Sure. Everyone wants better technology, but this also has shipped back the best of breed because you one of the best new technologies. At the same time, you've gotta have proven solutions. So what are you guys selling? What is the best of breed from, uh, Dell? Yeah, you guys are delivering to customers. What are some of the areas? So I, I'm old EMC guy myself, right? And, and back from the days of disaster recovery and business continuity, right? More traditional data protection and backup. The reality is that the modern threats of cyber sec of cyber hackers, breaches, insider attacks, whatever you like, those traditional data protection strategies weren't built to address those types of threats. >>So along with transformation and modernization, we need to modernize our data protection. That's what cyber recovery is. It's a modern solution to the modern threat. And what it does is it augments your data or your, excuse me, your disaster recovery and your backup environment with a purpose built isolated air gap digital vault, which is built around our proven data domain and power protect DD platforms. Uh, that, you know, I've been around for over a decade. Um, but what we've done is added intelligence, uh, analytics. We've hardened that system and we isolate it. Uh, so customers can protect really the most valuable assets in that kind of evolved. So one of the things I've been doing some research on and digging into is cyber resilience, which you just talked about cybersecurity, which is the industry trend and you're getting at cyber recovery. Okay. Can you talk about some examples of how this all threads together? >>What are some real recent examples? Sure. So think of cyber recovery as a purpose-built digital vault to secure your most valuable assets. Let me give you an example. One of our customers, is it a global paint manufacturer? Okay. And when we work with them to try to decide what of their apps and datasets should go into this cyber recovery vault, it said, what is the most critical intellectual property that you have? So in their Kenyan, Oh, some customers might say my Oracle financials or my office three 65 environment. For this customer it was their proprietary paint matching system. So they generate 80 to $100 million every day based upon this proprietary paint matching system, which they've developed and which they use every day to run their business. If that application, if those algorithms were destroyed, contaminated or you know, posted on the public internet somewhere, that would fundamentally change that company. >>So that's really what we're talking about. We're working with customers to help them identify their most critical assets, data systems, applications, and isolate those from the threat vector. Obviously all verticals are impacted by cyber security. Every vertical is data-driven. That's true. Obviously the low hanging fruit, are they below the normal suspects financial services? Is there, is there a particular one that's harder than having financial services got fraud and all that stuff on it, but yeah, that's still number one or so. I think there's two sides to the coin. One, if you look at the traditional enterprise environments, absolutely financial services in healthcare because they're both heavily regulated, uh, therefore that data has very high value and is a very attractive target to the Woodby hackers. If you look on the other end of the spectrum though, the small to medium businesses that all rely on the internet for their business to run, uh, they're the ones that are most susceptible because they don't have the budgets, the infrastructure or the expertise to protect themselves from a sophisticated hacker. >>Um, so we, you know, we work across all verticals. Obviously the government is also very susceptible to cyber threats, but it's every industry, any business that's data-driven. I mean, everyone's been breached so many times and no one even knows how many times. Uh, I gotta ask you about, um, um, some cool trends we're reporting on here. Sure. Homomorphic encryption is getting a lot of traction here because financial services in healthcare homomorphic homomorphic yeah. Okay. Did I say that right? Oh, it's the first time I've ever heard that term, John. I, it's encryption at end use. So you have data at rest, data in flight and data and use encryption. When you're doing all, you're protecting all your transactional data. Ah, so it's focusing with discovery. Intel's promoting it. Uh, we just covered a startup that's doing that as well. That's new, that's new for me, but allows for more use cases, but data and use, not just motion static. >>Yeah. That's opening up these other things. But it brings up the why, why that's important. And the reason is, is that financial services and healthcare, because they're regulated. Yes. Have systems that were built many moons ago or generations. Absolutely. So there was not these problems that you mentioned earlier that were built for that, but now you need more data. AI needs sharing of data sharing is a huge deal. Real time share real time. Right. And I think that's where the homomorphic encryption comes in. That's exactly right. So you mentioned that, so these industries, how can they maintain their existing operations and then get more data share? Do you have any insight into how you see that? Because that's one of those areas that's becoming like, okay, HIPAA, we know why that was built, but it's also restrictive. Yeah. How do you maintain the purity of a process if your infrastructure is, is old? >>That is, that is a challenge. Healthcare especially because, I mean, if I'm, if I'm, uh, you know, running a health system, every dollar that I have should really go into improving patient care, not necessarily into my it infrastructure, but the more that every industry moves towards a real time data-driven model for, for how we give care. Right? Yeah. Um, the more that, uh, companies need to realize that data drives their business, they need to do everything they can to protect it and also ensure that they can recover it when and if a cyber attack happens. Well, I really appreciate the insight and it's going to be great to see Dell technologies world coming up. We'll dig into a lot of that stuff while we're here on talking to us about some of this financial service in banking. I want to get your thoughts, I've been hearing this term sheltered Harbor. >>Yeah. Being kicked around. What does that about? What does that mean? Sheltered Harbor? You're right, I think you'll hear a lot more about it. So sheltered Harbor, uh, was, uh, is it isn't financial industries group and it's also a set of, uh, best practices and specifications. And really the, the purpose of sheltered Harbor is to protect consumer and financial institutions data, uh, and public confidence in the U S financial system. So the, the, the use cases, this, you can imagine that a, a bank having a cyber attack and B being unable to produce transactions could cause problems for customers of that bank. But the, just like we were talking about the interconnectedness of the banking system means that one financial institution failing because of a cyber attack, it could trigger a cascade and a panic and a run on the U S financial banks. And therefore the global financial system sheltered Harbor was developed to really protect public confidence in the financial system by ensuring that banks, brokerages, credit unions are protecting their customer data, their account records, their most valuable assets from cyber attack and that they can recover them and resume banking operations quick. >>So this is an industry group. It's an industry build group. Sheltered Harbor is a U S financial, uh, industry group. Uh, it's a nonprofit. You can, you can learn more about it. It's sheltered harbor.org. Uh, the interesting thing for Dell technologies is we're actually the first member of the sheltered Harbor solution provider program and we'll be announcing that shortly. In fact this week and we'll have a cyber recovery for sheltered Harbor solution in the market very shortly. Cyber resilience. Great topic, and you know, it just goes to show storage has never gone away. The basic concepts of it, recovery, continuous operations, not disruptive operations. Yeah, cloud scale changes the game. It's all about the data. All about the data. Still sites, RSA coverage here, cube day, two of three days of coverage. I'm John furrier here on the ground floor in Moscone in San Francisco. Thanks for watching.