>>Hello and welcome back to the live coverage of the Cube here. Live in Detroit, Michigan for Cub Con, our seventh year covering all seven years. The cube has been here. M John Fur, host of the Cube, co-founder of the Cube. I'm here with Lisa Mart, my co-host, and our new host, Savannah Peterson. Great to see you guys. We're wrapping up day one of three days of coverage, and our guest analyst is Sario Wall, who's the cube analyst who's gonna give us his report. He's been out all day, ear to the ground in the sessions, peeking in, sneaking in, crashing him, getting all the data. Great to see you, Sarvi. Lisa Savannah, let's wrap this puppy up. >>I am so excited to be here. My first coupon with the cube and being here with you and Lisa has just been a treat. I can't wait to hear what you have to say in on the report side. And I mean, I have just been reflecting, it was last year's coupon that brought me to you, so I feel so lucky. So much can change in a year, folks. You never know where you're be. Wherever you're sitting today, you could be living your dreams in just a few >>Months. Lisa, so much has changed. I mean, just look at the past this year. Events we're back in person. Yeah. Yep. This is a big team here. They're still wearing masks, although we can take 'em off with a cube. But mask requirement. Tech has changed. Conversations are upleveling, skill gaps still there. So much has changed. >>So much has changed. There's so much evolution and so much innovation that we've also seen. You know, we started out the keynote this morning, standing room. Only thousands of people are here. Even though there's a mass requirement, the community that is CNCF Co Con is stronger than I, stronger than I saw it last year. This is only my second co con. But the collaboration, what they've done, their devotion to the maintainers, their devotion to really finding mentors for mentees was really a strong message this morning. And we heard a >>Lot of that today. And it's going beyond Kubernetes, even though it's called co con. I also call it cloud native con, which I think we'll probably end up being the name because at the end of day, the cloud native scaling, you're starting to see the pressure points. You're start to see where things are breaking, where automation's coming in, breaking in a good way. And we're gonna break it all down Again. So much going on again, I've overs gonna be in charge. Digital is transformation. If you take it to its conclusion, then you will see that the developers are running the business. It isn't a department, it's not serving the business, it is the business. If that's the case, everything has to change. And we're, we're happy to have Sarib here with us Cube analysts on the badge. I saw that with the press pass. Well, >>Thank you. Thanks for getting me that badge. So I'm here with you guys and >>Well, you got a rapport. Let's get into it. You, I >>Know. Let's hear what you gotta say. I'm excited. >>Yeah. Went around, actually attend some sessions and, and with the analysts were sitting in, in the media slash press, and I spoke to some people at their booth and the, there are a few, few patterns, you know, which are, some are the exaggeration of existing patterns or some are kind of new patterns emerging. So things are getting complex in open source. The lawn more projects, right. They have, the CNCF has graduated some projects even after graduation, they're, they're exploring, right? Kubernetes is one of those projects which has graduated. And on that front, just a side note, the new projects where, which are entering the cncf, they're the, we, we gotta see that process and the three stages and all that stuff. I tweeted all day long, if you wanna know what it is, you can look at my tweets. But when I will look, actually write right on that actually after, after the show ends, what, what I saw there, these new projects need to be curated properly. >>I think they need to be weed. There's a lot of noise in these projects. There's a lot of overlap. So the, the work is cut out for CNCF folks, by the way. They're sort of managerial committee or whatever you call that. The, the people who are leading it, they're try, I think they're doing their best and they're doing a good job of that. And another thing actually, I really liked in the morning's keynote was that lot of women on the stage and minorities represented. I loved it, to be honest with you. So believe me, I'm a minority even though I'm Indian, but from India, I'm a minority. So people who have Punjab either know that I'm a minority, so I, I understand their pain and how hard it is to, to break through the ceiling and all that. So I love that part as well. Yeah, the >>Activity is clear. Yeah. From day one. It's in the, it's in the dna. I mean, they'll reject anything that the opposite >>Representation too. I mean, it's not just that everyone's invited, it's they're celebrated and that's a very big difference. Yeah. It's, you see conferences offer discounts for women for tickets or minorities, but you don't necessarily see them put them running where their mouth is actually recruit the right women to be on stage. Right. Something you know a little bit about John >>Diversity brings better outcomes, better product perspectives. The product is better with all the perspectives involved. Percent, it might go a little slower, maybe a little debates, but it's all good. I mean, it's, to me, the better product comes when everyone's in. >>I hope you didn't just imply that women would make society. So >>I think John men, like slower means a slower, >>More diversity, more debate, >>The worst. Bringing the diversity into picture >>Wine. That's, that's how good groups, which is, which is >>Great. I mean, yeah, yeah, >>Yeah, yeah. I, I take that mulligan back and say, hey, you knows >>That's >>Just, it's gonna go so much faster and better and cheaper, but that not diversity. Absolutely. >>Yes. Well, you make better products faster because you have a variety >>Of perspectives. The bigger the group, there's more debate. More debate is key. But the key to success is aligning and committing. Absolutely. Once you have that, and that's what open sources has been about for. Oh God, yeah. Generations >>Has been a huge theme in the >>Show generations. All right, so, so, >>So you have to add another, like another important, so observation if you will, is that the security is, is paramount right. Requirement, especially for open source. There was a stat which was presented in the morning that 60% of the projects in under CNCF have more vulnerabilities today than they had last year. So that was, That's shocking actually. It's a big jump. It's a big jump. Like big jump means jump, jump means like it can be from from 40 to 60 or or 50 or 60. But still that percentage is high. What, what that means is that lot more people are contributing. It's very sort of di carmic or ironic that we say like, Oh this project has 10,000 contributors. Is that a good thing? Right. We do. Do we know the quality of that, where they're coming from? Are there any back doors being, you know, open there? How stringent is the process of rolling those things, which are being checked in, into production? You know, who is doing that? I've >>Wondered about that. Yeah. The quantity, quality, efficacy game. Yes. And what a balance that must be for someone like CNCF putting in the structure to try and >>That's >>Hard. Curate and regulate and, and you know, provide some bumpers on the bowling lane, so to speak, of, of all of these projects. Yeah. >>Yeah. We thought if anybody thought that the innovation coming from, or the number of services coming from AWS or Google Cloud or likes of them is overwhelming, look at open source, it's even more >>Overwhelming. What's your take on the supply chain discussion? More code more happening. What are you hearing there? >>The supply chain from the software? Yeah. >>Supply chain software, supply chain security pays. Are people talking about that? What are you >>Seeing? Yeah, actually people are talking about that. The creation, the curation, not creation. Curation of suppliers of software I think is best done in the cloud. Marketplaces Ive call biased or what, you know, but curation of open source is hard. It's hard to know which project to pick. It's hard to know which project will pan out. Many of the good projects don't see the day light of the day, but some decent ones like it becomes >>A marketing problem. Exactly. The more you have out there. Exactly. The more you gotta get above the noise. Exactly. And the noise echo that. And you got, you got GitHub stars, you got contributors, you have vanity metrics now coming in to this that are influencing what's real. But sometimes the best project could have smaller groups. >>Yeah, exactly. And another controversial thing a little bit I will say that is that there's a economics of the practitioner, right? I usually talk about that and economics of the, the enterprise, right? So practitioners in our world, in software world especially right in systems world, practitioners are changing jobs every two to three years. And number of developers doubles every three years. That's the stat I've seen from Uncle Bob. He's authority on that software side of things. Wow. So that means there's a lot more new entrance that means a lot of churn. So who is watching out for the enterprise enterprises economics, You know, like are we creating stable enterprises? How stable are our operations? On a side note to that, most of us see the software as like one band, which is not true. When we talk about all these roles and personas, somebody's writing software for, for core layer, which is the infrastructure part. Somebody's writing business applications, somebody's writing, you know, systems of bracket, some somebody's writing systems of differentiation. We talk about those things. We need to distinguish between those and have principle based technology consumption, which I usually write about in our Oh, >>So bottom line in Europe about it, in your opinion. Yeah. What's the top story here at coupon? >>Top story is >>Headline. Yeah, >>The, the headline. Okay. The open source cannot be ignored. That's a headline. >>And what should people be paying attention to if there's a trend coming out? See any kind of trends coming out or any kind of signal, What, what do you see that people should pay attention to here? The put top >>Two, three things. The signal is that, that if you are a big shop, like you'd need to assess your like capacity to absorb open source. You need to be certain size to absorb the open source. If you are below that threshold, I mean we can talk about that at some other time. Like what is that threshold? I will suggest you to go with the managed services from somebody, whoever is providing those managed services around open source. So manage es, right? So from, take it from aws, Google Cloud or Azure or IBM or anybody, right? So use open source as managed offering rather than doing it yourself. Because doing it yourself is a lot more heavy lifting. >>I I, >>There's so many thoughts coming, right? >>Mind it's, >>So I gotta ask you, what's your rapport? You have some swag, What's the swag look >>Like to you? I do. Just as serious of a report as you do on the to floor, but I do, so you know, I come from a marketing background and as I, I know that Lisa does as well. And one of the things that I think about that we touched on in this is, is you know, canceling the noise or standing out from the noise and, and on a show floor, that's actually a huge challenge for these startups, especially when you're up against a rancher or companies or a Cisco with a very large budget. And let's say you've only got a couple grand for an activation here. Like most of my clients, that's how I ended up in the CU County ecosystem, was here with the A client before. So there actually was a booth over there and I, they didn't quite catch me enough, but they had noise canceling headphones. >>So if you just wanted to take a minute on the show floor and just not hear anything, which I thought was a little bit clever, but gonna take you through some of my favorite swag from today and to all the vendors, you know, this is why you should really put some thought into your swag. You never know when you're gonna end up on the cube. So since most swag is injection molded plastic that's gonna end up in the landfill, I really appreciate that garden has given all of us a potable plant. And even the packaging is plantable, which is very exciting. So most sustainable swag goes to garden. Well done >>Rep replicated, I believe is their name. They do a really good job every year. They had some very funny pins that say a word that, I'm not gonna say live on television, but they have created, they brought two things for us, yet it's replicated little etch sketch for your inner child, which is very nice. And given that we are in Detroit, we are in Motor City, we are in the home of Ford. We had Ford on the show. I love that they have done the custom K eight s key chains in the blue oval logo. Like >>Fords right behind us by the way, and are on you >>Interviewed, we had 'em on earlier GitLab taking it one level more personal and actually giving out digital portraits today. Nice. Cool. Which is quite fun. Get lap house multiple booths here. They actually IPOed while they were on the show floor at CubeCon 2021, which is fun to see that whole gang again. And then last but not least, really embracing the ship wheel logo of a Kubernetes is the robusta accrue that is giving out bucket hats. And if you check out my Twitter at sabba Savvy, you can see me holding the ship wheel that they're letting everyone pose with. So we are all in on Kubernetes. That cove gone 2022, that's for sure. Yeah. >>And this is something, day one guys, we've got three. >>I wanna get one of those >>Hats. We we need to, we need a group photo >>By the end of Friday we will have a beverage and hats on to sign off. That's, that's my word. If I can convince John, >>Don, what's your takeaway? You guys did a great kind of kickoff about last week or so about what you were excited about, what your thoughts were going to be. We're only on day one, There's been thousands of people here, we've had great conversations with contributors, the community. What's your take on day one? What's your, what's your tagline? >>Well, Savannah and I had at we up, we, we were talking about what we might see and I think we, we were right. I think we had it right. There's gonna be a lot more people than there were last year. Okay, check. That's definitely true. We're in >>Person, which >>Is refreshing. I was very surprised about the mask mandate that kind of caught me up guard. I was major. Yeah. Cause I've been comfortable without the mask. I'm not a mask person, but I had to wear it and I was like, ah, mask. But I understand I support that. But whatever. It's >>Corporate travel policy. So you know, that's what it is. >>And then, you know, they, I thought that they did an okay job with the gates, but they wasn't slow like last time. But on the content side, definitely Kubernetes security, top line headline, Kubernetes at scale security, that's, that's to me the bumper sticker top things to pay attention to the supply chain and the role of docker and the web assembly was a surprise. You're starting to see containers ecosystem coming back to, I won't say tension growth in the functionality of containers cuz they have to solve the security problem in the container images. Okay, you got scanning technology so it's a little bit in the weeds, but there's a huge movement going on to fix that problem to scale it so it's not a problem area contain. And then Dr sent a great job with productivity interviews. Scott Johnston over a hundred million in revenue so far. That's my number. They have not publicly said that. That's what I'm reporting from sources extremely well financially. And they, and they love their business model. They make productivity for developers. That's a scoop. That's new >>Information. That's a nice scoop we just dropped there on the co casually. >>You're watching that. Pay attention to that. But that, that's proof. But guess what, Red Hat's got developers too. Yes. Other people have to, So developers gonna go where it's the best. Yeah. Developers are voting with their code, they're voting with their feet. You will see the winners with the developers and that's what we've talked about. >>Well and the companies are catering to the developers. Savannah and I had a great conversation with Ford. Yeah. You saw, you showed their fantastic swag was an E for Ev right behind us. They were talking about the, all the cultural changes that they've really focused on to cater towards the developers. The developers becoming the influencers as you say. But to see a company that is as, as historied as Ford Motor Company and what they're doing to attract and retain developer talent was impressive. And honestly that surprised me. Yeah. >>And their head of deb relations has been working for, for, for 29 years. Which I mean first of all, most companies on the show floor haven't been around for 29 years. Right. But what I love is when you put community first, you get employees to stick around. And I think community is one of the biggest themes here at Cuco. >>Great. My, my favorite story that surprised me and was cool was the Red Hat Lockheed Martin interview where they had edge deployments with micro edge, >>Micro shift, >>Micro >>Shift, new projects under, there's, there are three new projects under, >>Under that was so, so cool because it was an edge story in deployment for the military where lives are on the line, they actually had it working. That is a real world example of Kubernetes and tech orchestrating to deploy the industrial edge. And I think that's proof in my mind that Kubernetes and this ecosystem is gonna move faster through this next wave of growth. Because once things start clicking, you get hybrid on premise to super cloud and edge. That was, that was my favorite cause it was real. That was real >>Story that it can make is literally life and death on the battlefield. Yeah, that was amazing. With what they're doing and what >>They're talking check out the Lockheed Martin Red Hat edge story on Silicon Angle and then a press release all pillar. >>Yeah. Another actually it's impressive, which we knew this which is happening, but I didn't know that it was happening at this scale is the finops. The finops is, I saw your is a discipline which most companies are adopting bigger companies, which are spending like hundreds of millions dollars in cloud average. Si a team size of finops for finops is seven people. And average number of tools is I think 3.5 or around 3.7 or something like that. Average number of tools they use to control the cost. So finops is a very generic term for years. It's not financial operations, it's the financial operations for the cloud cost, you know, containing the cloud costs. So that's a finops that is a very emerging sort of discipline >>To keep an eye on. And well, not only is that important, I talked to, well one of the principles over there, it's growing and they have real big players in that foundation. Their, their events are highly attended. It's super important. It's just, it's the cost side of cloud. And, and of course, you know, everyone wants to know what's going on. No one wants to leave there. Their Amazon on Yeah, you wanna leave the lights on the cloud, as we always say, you never know what the bill's gonna look like. >>The cloud is gonna reach $3 billion in next few years. So we might as well control the cost there. Yeah, >>It was, it was funny to get the reaction I found, I don't know if I was, how I react, I dunno how I felt. But we, we did introduce Super Cloud to a couple of guests and a, there were a couple reactions, a couple drawn. There was a couple, right. There was a couple, couple reactions. And what I love about the super cloud is that some people are like, oh, cringing. And some people are like, yeah, go. So it's a, it's a solid debate. It is solid. I saw more in the segments that I did with you together. People leaning in. Yeah. Super fun. We had a couple sum up, we had a couple, we had a couple cringes, I'll say their names, but I'll go back and make sure I, >>I think people >>Get 'em later. I think people, >>I think people cringe on the, on the term not on the idea. Yeah. You know, so the whole idea is that we are building top of the cloud >>And then so I mean you're gonna like this, I did successfully introduce here on the cube, a new term called architectural list. He did? That's right. Okay. And I wanna thank Charles Fitzgerald for that cuz he called super cloud architectural list. And that's exactly the point of super cloud. If you have a great coding environment, you shouldn't have to do an architecture to do. You should code and let the architecture of the Super cloud make it happen. And of course Brian Gracely, who will be on tomorrow at his cloud cast said Super Cloud enables super services. Super Cloud enables what Super services, super service. The microservices underneath the covers have to be different. High performing, automated. So again, the debate and Susan, the goal is to keep it open. And that's our, that's our goal. But we had a lot of fun with that. It was fun to poke the bear a little bit. So >>What is interesting to see just how people respond to it too, with you throwing it out there so consistently, >>You wanna poke the bear, get a conversation going, you know, let let it go. We'll see, it's been positive so far. >>There, there I had a discussion outside somebody who is from Ford but not attending this conference and they have been there for a while. I, I just some moment hit like me, like I said, people, okay, technologists are horizontal, the codes are horizontal. They will go from four to GM to Chrysler to Bank of America to, you know, GE whatever, you know, like cross vertical within vertical different vendors. So, but the culture of a company is local, right? Right. Ford has been building cars for forever. They sort of democratize it. They commercialize it, right? But they have some intense culture. It's hard to change those cultures. And how do we bring in the new thinking? What is, what approach that should be? Is it a sandbox approach for like putting new sensors on the car? They have to compete with te likes our Tesla, right? Yeah. But they cannot, if they are afraid of deluding their existing market or they're afraid of failure there, right? So it's very >>Tricky. Great stuff. Sorry. Great to have you on as our cube analyst breaking down the stories. We'll document that, that we'll roll out a post on it. Lisa Savannah, let's wrap up the show for day one. We got day two and three. We'll start with you. What's your summary? Quick bumper sticker. What's today's show all about? >>I'm a community first gal and this entire experience is about community and it's really nice to see the community come together, celebrate that, share ideas, and to have our community together on stage. >>Yeah. To me, to me it was all real. It's happening. Kubernetes cloud native at scale, it's happening, it's real. And we see proof points and we're gonna have faster time to value. It's gonna accelerate faster from here. >>The proof points, the impact is real. And we saw that in some amazing stories. And this is just a one of the cubes >>Coverage. Ib final word on this segment was well >>Said Lisa. Yeah, I, I think I, I would repeat what I said. I got eight, nine years back at a rack space conference. Open source is amazing for one biggest reason. It gives the ability to the developing nations to be at somewhat at par where the dev develop nations and, and those people to lift up their masses through the automation. Cuz when automation happens, the corruption goes down and the economy blossoms. And I think it's great and, and we need to do more in it, but we have to be careful about the supply chains around the software so that, so our systems are secure and they are robust. Yeah, >>That's it. Okay. To me for SAR B and my two great co-host, Lisa Martin, Savannah Peterson. I'm John Furry. You're watching the Cube Day one in, in the Books. We'll see you tomorrow, day two Cuban Cloud Native live in Detroit. Thanks for watching.

(soft upbeat music) >> The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know. This had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cyber security strategies. And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President, Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time (indistinct) and chief technology officer at Druva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. Right now I'm going to toss it to Lisa Martin, another one of the hosts, for today's program. Lisa, over to you. (soft upbeat music) >> Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that ransomware that has everybody's attention. And it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also was accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, that we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it >> Inextricably linked. And it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience, for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomwares. The other thing about it is, it's really a lot like Whack-A-Mole. They attack us in one area, and we defend against it, so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded, "I don't think so, because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable the bad guys aren't going to just fade into the night without giving it a lot of fight." So I really think that ransomware is one of those things that is here for the long term, and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was in a worldwide study, it was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, is a little over 500 different individuals across the globe, in North America, select countries in Western Europe as well as several in Asia-Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attack successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't necessarily to be trusted. And so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared, and on the other hand, the results are absolutely horrible. Two thirds of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to... kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready, based on the information you have, and these people are smart people and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason a lot of these have been successful. So that was kind of the key finding to me in kind of the "aha" moment, really, in this whole thing, Lisa. >> That's a massive disconnect, with the vast majority saying, "We have a cyber recovery playbook," yet, nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience, as we said, this is a matter of this is going to happen, just a matter of when and how often? >> It is a matter, yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on-demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you had double the infrastructure if your financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on-demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have, and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >> So what do you think the big issue here is? Is it that these IT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know and until you get into a specific attack... there are so many different ways that organizations can be attacked. And in fact, from this research that we found, is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high probability of recovery, things like that, those are the kinds of things that organizations have to put into place, really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think, "We are prepared, we've got a playbook," yet so many are are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, "Hey guys, across every industry we are vulnerable, this is going to happen, we've got to make sure that we are truly resilient and proactive"? >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the the consequences of ransomware it's not just the ransom, it's the lost productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CISO, whoever it is, they're extremely concerned about this. And I can tell you they are fully engaged in addressing these issues within their organization. >> So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on premises aren't going away, so that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge, is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here, Phil. I wish we had more time. But I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. (gentle music)

>> The past 2 1/2 years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This we know. This had several ripple effects on CSO and CIO strategies that were highly visible at the Board of Directors' level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies, and more specifically, CIOs quickly realized that their business resilience strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to "Why Ransomware isn't Your Only Problem," a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today, we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President Phil Goodwin is here to share the highlights of the study and to summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically, and data protection, generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time CUBE alum and Chief Technology Officer at Druva, and Anjan is Vice President and General Manager of Product Management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. But right now I'm going to toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. (upbeat music) >> Bill Goodwin joins me next, the VP of Research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyberattacks massively increasing, the threat landscape changing so much. What is IDC seeing? >> You know, you really hit the top topic that we find from IT organizations as well as business organizations. And really, it's that digital resilience, that ransomware that has everybody's attention, and it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also has accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty, and this is relatively new for 2022, but within IDC we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to have the scale up or scale down on demand nature of cloud. So those are, in a nutshell, kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You can't have IT resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked, and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomers. The other thing about it is it's really a lot like Whac-A-Mole, you know. They attack us in one area and we defend against it so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that is here for the long term and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware? >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it was a little over 500 different individuals across the globe in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries there were 20 different industries represented, they're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, you know, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet, when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than 1/3 of organizations were able to fully recover their data without paying the ransom, and some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't necessarily to be trusted, and so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, wow. On the one hand, people think they're really, really prepared, and on the other hand, the results are absolutely horrible. You know, 2/3 of people having to pay the ransom. So you start to ask yourself, well, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing. You think you're ready, based on the information you have. And these people are smart people, and they're professionals, but oftentimes, you don't know what you don't know. And like I said, the bad guys are always dreaming up new ways to attack us. And so, I think, for that reason, a lot of these have been successful. So that was kind of the key finding to me and kind of the aha moment really in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly 1/2 being the victims of ransomware in the last three years, and then 1/2 of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen, just a matter of when and how often. >> It is a matter, yeah, as you said, it's not if, when, or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services, you know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more, in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You know, you can have on-demand resources. In the old days, when we had disaster recoveries where we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If you're financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts, and that extends the time to recover that they have and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here is? Is it that these IPT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. You don't know what you don't know, and until you get into a specific attack, you know, there are so many different ways that organizations can be attacked. And, in fact, from this research that we found is that, in many cases, data exfiltration exceeds data corruption by about 50%. But when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place, really as a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous. What do you recommend organizations do? You talked to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is going to happen. We've got to make sure that we are truly resilient and proactive? >> Yes, and in fact, what we found from this research is in more than 1/2 of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the lost productivity, it's the loss of revenue. It's the loss of customer faith and goodwill, and organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, you know, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing those issues within their organization. >> So all the way at the top, and critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen a big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable. But what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it, we're just cracking the surface here, Phil. I wish we had more time, but I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that, take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin, and you are watching theCUBE, the leader in live tech coverage. >> We live in a world of infinite data. Sprawling, dispersed, valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats, and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about, different deployments for workloads running on-premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four to five copies of the same data, increasing costs and risk, building to an incoherent mess of complications. Now, imagine a world free from these complexities. Welcome to the the Druva Data Resiliency Cloud, where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resilience. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. Through a true cloud experience built on Amazon Web Services, the Druva platform automates and manages critical daily tasks, giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly. With the Druva Data Resiliency Cloud, your data isn't just backed up, it's ready to be used 24/7 to meet compliance needs and to extract critical insights. You can archive data for long-term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. Druva is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500, costing up to 50% less than the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Druva makes it simple. (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE and the Druva special presentation of "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W Curtis Preston, Curtis Preston, as he's known in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at "Why Ransomware isn't Your Only Problem." Great to see you, thanks for coming on. >> Happy to be here. >> So we always see each other at events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I'd like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here in this survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately, they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit, successfully hit by ransomware, paid the ransom and/or lost data, and yet the same people that were surveyed, they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system, and so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know. "We're good, boss, we got this covered." >> Yeah, it's all good, it's all good. >> And the fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution, and so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, there was a huge percentage of people that said that they had, you know, a ransomware response, you know, and readiness program. And you look at that, and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program, which includes a number of things, right? There's the cyberattack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number, I think, just hurt me the most is that because, you talked about re-infections. The surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail. >> You're in business, you're a good customer >> Yeah, yeah, exactly. >> for ransomware. >> Yeah, so the fact that, you know, 60, what, 2/3 of the people that were attacked by ransomware paid the ransom. That one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back, and even the psychology of the practitioners was, you know, it's super important to get backup and recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change your tooling. So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things, starting with that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand, "You know, that's a good idea, Curtis, why don't you look into that?" Nobody wants to be- >> Where's that guy now? He doesn't work here anymore. Yeah, I hear where you coming from. >> Exactly. >> It's psychology (indistinct) >> Yeah, so there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of Active Directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if that production environment is compromised, now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't backup. So we got the ransomware." It makes sense. >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first, and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it, or you can switch to the way Druva does things, which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. It's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically, what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, because that's the other thing is that by storing the data in the cloud, and I've said this a few times, you get to break the laws of physics, and the only way to do that is time travel. (both laughing) So yes, so Druva has time travel. And this is a Curtisism, by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it, and that's kind of what I mean by time travel, in that you, basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics is you break the laws of time. >> (laughs) Well, all right, everyone wants to know the next question, and this is a real big question is, are you from the future? >> (laughs) Yeah. Very much the future. >> What's it like in the future, backup, recovery? How does it restore? Is it air gapping everything? >> Yeah, well, it's a world where people don't have to worry about their backups. I like to use the phrase get out of the backup business, just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter, and I often make the joke that if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah, and what's great about your background is you've got a lot of historical perspective. You've seen that, the waves of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on. And got to think automated, things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not, that our customers don't have to do all of those things that all of our competitors have to do to, you know, to break, to try to break the laws of physics, I've been fighting the laws of physics my entire career, to get the backup done in the first place, then to secure all the data, and to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> All right, we'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data, and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches, and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva Data Resiliency Cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software as a service model delivers 24/7/365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches, and upgrades for you. Druva also makes zero trust security easy with built-in multifactor authentication, single sign-on, and role-based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built-in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean, unencrypted data from the entire timeframe of the attack. Cyberattacks are a major threat, but you can make protection and recovery easy with Druva. (electronic music) (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE's special presentation with Druva on "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. Our next guests are Stephen Manley, Chief Technology Officer of Druva, and Anjan Srinivas, who is the General Manager and Vice President of Product Management at Druva. Gentlemen, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic. The IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Great to be here, John. >> So what's your thoughts on the survey's conclusion? Obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is, on the one hand, everybody who sees the survey and reads it is going to say, "Well, that's obvious." Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is, it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that they needed to do. A lot of people are even still wondering, when that happens next time, what do I even do? So clearly not very surprising. Clearly, I think it's here to stay, and I think as long as people don't retool for a modern era of data management, this is going to to stay this way. >> Yeah, I hear this all the time in our CUBE conversations with practitioners. It's kind of like the security pro, give me more tools, I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because, you know, people claim that they have tools at crime points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing, but it doesn't seem there's confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first, and Stephen can add to it. What happens is, I think this is a panic buying and they have accumulated this tooling now just because somebody said they could solve your problem, but they haven't had a chance to take a real look from a ground up perspective to see where are the bottlenecks? Where are the vulnerabilities? And which tooling set needs to lie where? Where does the logic need to reside? And what, in Druva, we are watching people do and people do it successfully, is that as they have adopted Druva technology, which is ground up built for the cloud, and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware, and then there's a whole plethora of ecosystem players that kind of combine to really finish the story, so to say, right? So I think this has been a panic buying situation. This is like, "Get me any help you can give me." And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva, and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> Yes, Stephen? >> I was going to say, I mean, one of the the really interesting things in the survey for me, and for a moment, a little more than a moment, it made me think was that the large number of respondents who said, "I've got a really efficient, well-run back environment," who, then, on basically the next question said, "And I have no confidence that I can recover from a ransomware attack." And you scratch your head and you think, "Well, if your backup environment is so good, why do you have such low confidence?" And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture, and let's face it, the disk-based architecture's been around for almost two decades now, in terms of disk-based backup, you can have that tuned to the hilt. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues, you know, really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, "I'm doing the best I can," but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so, yeah. >> Well, that's a great point. Before we get into the customer side I want to get to in second, you know, I interviewed Jaspreet, the founder and CEO many years ago, even before the pandemic, and you mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built kind of backup and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now. It's a huge issue. >> I think, to me there's three things that come up over and over and over again as we talk to people in terms of, you know, being built in cloud, being cloud native, why is it an advantage? The first one is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. The second advantage is the scalability. And you know, this certainly plays into account as your business grows, or, in some cases, as you shrink or repurpose workloads, you're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on premises as much or as little as you want. And then I think the third one is we're seeing, basically, things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is we're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, "Wow, I needed six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks, and it's backed by Druva to make sure it works. >> Anjan, you know, you got the product side, you know, it's a challenging job 'cause you have so many customers asking for things, probably on the roadmap, you probably can go an hour for that one, but I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated, probably on the feature requests, but also structurally as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think, after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in, as Druva, is that we are providing them the cloud operating model and a data protection operating model, combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate, because this is not just about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate in the middle of the war, so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour, while they're just trying to live one day at a time. And unless they really develop this overall security operating model, helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS, and we are going to be continuing to evolve that to further the many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So new workloads, new security capabilities. Love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? You got new workloads, you got the new security needs, what's the disruption impact? 'Cause you want to avoid that. How much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, you know, again, we're willing to put our money where our mouth is, and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say the goal of Druva is to do the job of protecting and securing your data for you so that you, as a customer, don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks, all with SLAs. So everything from your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally, and we're guaranteeing the long-term durability of the data so that if you backup with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there, and the only way for this to work is to have a service that can provide you SLAs across all of the risks, because that means, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. (laughs) People are concerned about it, so great stuff. In the last five minutes, guys, if you don't mind, I'd love to have you share what's on the horizon for Druva? You mentioned the new workloads, Anjan. You mentioned this new security. You're going to shift left. DevOps is now the developer model. They're running IT. Get data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace and the competition? >> Yeah, I think, listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first, from Druva, before they can start to get into much more advanced level of insights and analytics around that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which, I think, is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor, and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build, all the way from a feature level where we have things like (audio distorts) that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security, and that's where my focus is, to go and get those features delivered, and Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure, so, yeah, so John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications, and a lot of those SaaS applications have data. So there's the obvious things, like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because, if you think about it, if someone you know deletes some really important records in Salesforce, that's actually kind of the record of your business. And so, we're looking at more and more SaaS application protection, and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce, or something like Microsoft 365. You do want to look into sandboxing, you want to look into long-term archival, because this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks, because we're seeing across the globe. And then, of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because, let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud, and then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember, John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and then really the power of SaaS as a service, simplicity to kind of continue on, amongst kind of keeping these complex technologies together. >> Anjan, that's a great callout. I was going to mention ease of use and self-service. Big part of the developer and IT experience. Expected. It's the table stakes. Love the analytic angle, I think that brings the scale to the table, and faster time to value to get to learn best practices. But at the end of the day, automation, cross-cloud protection and security to protect and recover. This is huge, and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You have the experts talk about under the hood, the product, the value, the future of what's going on with Druva, and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva Data Resiliency Cloud is the only 100% SaaS data resiliency platform that provides centralized, secure, air gapped, and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyberattacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds, and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup and recovery, but also data resiliency across high value use cases, such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability, and ransomware protection. The Druva Data Resiliency Cloud, your data, always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past 2+ years, a lot of good technology practices have been put into place, but there's much more work to be done, specifically, because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a system's view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. Here we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net, and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching "Why Ransomware isn't Your Only Problem," made possible by Druva, in collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention, and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment. And, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered. Sometimes it's not. So you look at that and you go, Wow. On, on the one hand, people think they're really, really prepared, and on the other hand, the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue. It's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, It's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact, we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that, Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching the Cube, the leader in live tech coverage. >>We live in a world of infinite data, sprawling, dispersed valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about different deployments for workloads running on premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four of five copies of the same data, increasing costs and risk building to an incoherent mess of complications. Now imagine a world free from these complexities. Welcome to the dr. A data resiliency cloud where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resili. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. >>Through a true cloud experience built on Amazon web services, the DR A platform automates and manages critical daily tasks giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly with the dr A data resiliency cloud, your data isn't just backed up, it's ready to be used 24 7 to meet compliance needs and to extract critical insights. You can archive data for long term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. DVA is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500 costing up to 50% less in the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Dr. A makes it simple. >>Welcome back everyone to the cube and the drew of a special presentation of why ransomware isn't your only problem. I'm John Furrier, host of the Cube. We're here with w Curtis Preston. Curtis Preston, he known in the industry Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. >>Happy to be here. >>So we always see each other events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I to get your thoughts and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >>Yeah, I think it's the, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately they didn't. The, the, the, the data protection world has been this way for a while where there's this, this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit successfully, hit by ransomware, paid the ransom and, and, and or lost data. And yet the same people that were surveyed, they had to high degrees of confidence in their backup system. And I, you know, I, I could, I could probably go on for an hour as to the various reasons why that would be the case, but I, I think that this long running problem that as long as I've been associated with backups, which you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And, and people often just, they, they, they don't wanna have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh, the backup system's great, because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >>It's funny, you know, we're good boss, we got this covered. Good, >>It's all good, it's all good, >>You know, and the fingers crossed, right? So again, this is the reality and, and, and as it becomes backup and recovery, which we've talked about many times on the cube, certainly we have with you before, but now with ransomware also, the other thing is people get ransomware hit multiple times. So it's not, not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution. And so let's get into that. You know, you have had hands on backup experience. What are the points that surprised you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >>Well, I would say that the, the, the one part in the survey that surprised me the most was people that had a huge, you know, that there, there was a huge percentage of people that said that they had a, a, a, you know, a a a ransomware response, you know, in readiness program. And you look at that and you, how could you be, you know, that high percentage of people be comfortable with their ransomware readiness program and a, you know, which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so your, you believe that your company was ready for that, and then you go, and I, I think it was 67% of the people in the survey paid the ransom, which as, as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most is that because you, you talked about re infections, the surest way to guarantee that you get rein attacked and reinfected is to pay the ransom. This goes back all the way ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail and >>You're in business, you're a good customer arr for ransomware. >>Yeah. So the, the fact that, you know, 60 what two thirds of the people that were attacked by ransomware paid the ransom. That one statistic just, just hurt my heart. >>Yeah. And I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, it's super important to get back in recovery and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, the arr joking, but there's recurring revenue for the, for the bad guys if they know you're paying up and if you're stupid enough not to change, you're tooling, right? So, so again, it works both ways. So I gotta ask you, why do you think so many are unable to successfully respond after an attack? Is it because they know it's coming? I mean, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding and successfully to this? >>I I think it's a, it's a litany of thing starting with the, that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if, if you're the one that raises their hand, you know what, that's a good idea, Curtis, why don't you look into that? Right. Nobody, nobody wants to be, Where's >>That guy now? He doesn't work here anymore. Yeah, but I I I hear where you come from exactly. Psychology. >>Yeah. So there, there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They, they, they become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate for from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if you, if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then you've, if, if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I, and I just don't think that people are thinking about that. Yeah. You know, and they're using the same backup techniques that they've used for many, many years. >>So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, Hey, we'll just take out the backup first so they can backup. So we got the ransomware it >>Makes Yeah, exactly. The the largest ransomware group out there, the KTI ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. >>Okay, so you guys have a lot of customers, they all kind of have the same this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >>Well, again, you, you've got to fully segregate that data. There are, and, and everything about how that data is stored and everything about how that data's created and accessed. There are ways to do that with other, you know, with other commercial products, you can take a, a, a standard product and put a number of layers of defense on top of it, or you can switch to the, the way Druva does things, which is a SAS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the, the, it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the, the way juva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work with us. You just log in and you get all of that. >>I guess how do, how do you break the laws of physics? I guess that's the question here. >>Well, when, because that's the other thing is that by storing the data in the cloud, we, we do, and I've said this a few times, that you get to break the laws of physics and the, the only way to do that is to, is time travel and what, that's what it, so yeah, so Druva has time travel. What, and this is a criticism by the way. I don't think this is our official position, but Yeah. But the, the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of what I mean by time travel in that you basically, you configure your dr your disaster recovery environment in, in DVA one time. And then we are pre restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go the, the data should already be restored. And that's the, i that's the way that you break the laws of physics is you break the laws of time. >>Well, I, everyone wants to know the next question, and this is the real big question, is, are you from the future? >>Yeah. Very much the future. >>What's it like in the future? Backup recovery as a restore, Is it air gaping? Everything? >>Yeah. It, it, it, Well it's a world where people don't have to worry about their backups. I I like to use the phrase, get outta the backup business. Just get into the ReSTOR business. I I, you know, I'm, I'm a grandfather now and I, and I love having a granddaughter and I often make the joke that if I don't, if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about >>Backups. Yeah. And what's great about your background is you've got a lot of historical perspective. You've seen that been in the ways of innovation now it's really is about the recovery and real time. So a lot of good stuff going on. And God think automated thingss gotta be rocking and rolling. >>Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to, you know, to, to break, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I, I wish that, I wish everybody had that ability. >>Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream front lines. Great stuff Chris, great to have you on, bring that perspective and thanks for the insight. Really >>Appreciate it. Always happy to talk about my favorite subject. >>All right, we'll be back in a moment. We'll have Steven Manley, the cto and on John Shva, the GM and VP of Product Manage will join me. You're watching the cube, the leader in high tech enterprise coverage. >>Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability, scans, patches and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released after an attack. Recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the DR A data resiliency cloud on your side. The DR A platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. >>Our software as a service model delivers 24 7 365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches and upgrades for you. DVA also makes zero trust security easy with builtin multifactor authentication, single sign-on and role-based access controls in the event of an attack. Druva helps you stop the spread of ransomware and quickly understand what went wrong. With builtin access insights and anomaly detection, then you can use industry first tools and services to automate the recovery of clean unencrypted data from the entire timeframe of the attack. Cyber attacks are a major threat, but you can make protection and recovery easy with dva. >>Welcome back everyone to the Cubes special presentation with DVA on why ransomware isn't your only problem. I'm John er, host of the Cube. Our next guest are Steven Manley, Chief Technology Officer of dva and I, John Trini VAs, who is the general manager and vice president of product management and Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic, the IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >>Great to be here John. >>So what's your thoughts on the survey's conclusion? I've obviously the resilience is huge. Ransomware is continues to thunder away at businesses and causes a lot of problems. Disruption, I mean just it's endless ransomware problems. What's your thoughts on the con conclusion? >>So I'll say the, the thing that pops out to me is, is on the one hand, everybody who sees the survey, who reads, it's gonna say, well that's obvious. Of course ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But, but I think when you dig deeper and there and there's a lot of subtleties to look into, but, but one of the things that, that I hear on a daily basis from the customers is it's because the problem keeps evolving. It, it's not as if the threat was a static thing to just be solved and you're done because the threat keeps evolving. It remains top of mind for everybody because it's so hard to keep up with with what's happening in terms of the attacks. >>And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping it away from all the tooling that needed to do. A lot of people are even still wondering when that happens next time, what do I even do? So clearly not very surprising. Clearly I think it's here to stay and I think as long as people don't retool for a modern era of data management, this is going to stay this >>Way. Yeah, I mean I hear this whole time and our cube conversations with practitioners, you know there, it's kind of like the security pro give me more tools, I'll buy anything that comes in the market. I'm desperate. There's definitely attention but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because you know, people claim that they have tools at fine points of, of recovery opportunities but they can't get there. So it seems to be that there's a confidence problem here in the market. What, how do you guys see that? Cuz I think this is where the rubber meets the road with ransomware cuz it's, it is a moving train, it's always changing but it doesn't seem as confidence. Can you guys talk about that? What's your reaction? >>Yeah, let me jump in first and Steven can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said could solve your problem, but they haven't had a chance to take a re-look from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities and which tooling set needs to lie? Where, where does the logic need to recite and what in Drew we are watching people do and people do it successfully, is that as they have adopted through our technology, which is ground up built for the cloud and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware. >>And then there's a whole plethora of ecosystem players that kind of combine to really really finish the story so to say, right? So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and tried to identify the right set of ecosystem to really bring together to solve it meaningfully. >>Steven, >>I was gonna say, I mean one, one of the, one of the really interesting things in the survey for me and, and, and for a moment, little more than a moment, it made me think was that the large number of respondents who said I've got a really efficient well run backup environment, who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well if your backup environment is so good, why do you have such low confidence? And, and, and I think that's the moment when we, we dug deeper and we realized, you know, if you've got a traditional architecture and let's face the dis base architecture's been around for almost two decades now in terms of dis based backup, you can have that tune to the help that can be running as efficiently, efficiently as you want it, but it was built before the ransomware attacks before, before all these cyber issues, you know, really start hitting companies. And so I have this really well run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying I'm doing the best I can, but as Angen pointed out, the architecture, the tooling isn't there to support what, what problems I need to solve today. Yeah, >>Great point. And so yeah, well that's a great point. Before we get into the customer side, I wanna get to in second, you know, I interviewed Jare, the the founder CEO many years ago, even before the pandemic. You mentioned modern, you guys have always had the cloud, which r this is huge. Now that you're past the pandemic, what is that modern cloud edge you guys have? Cuz that's a great point. A lot of stuff was built kind of Beckham recovery bolted on, not really kind of designed into the, the current state of the infrastructure and the cloud native application modern environment we're seeing. Right? Now's a huge issue >>I think. I think it's, it's to me there's, there's three things that come up over and over and over again as, as we talk to people in terms of, you know, being built in cloud, being cloud native, why is an advantage? The first one is, is security and ransomware. And, and, and we can go deeper, but the most obvious one that always comes up is every single backup you do with DVA is air gap offsite managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And you know this, this certainly plays into account as your, your business grows or in some cases as you shrink or repurpose workloads, you're only paying for what you use. >>But it also plays a a big role again when you start thinking of ransomware recoveries because we can scale your recovery in cloud on premises as much or as little as you want. And then I think the third one is we're seeing a basically things evolving new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SA service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting, you know, the customer doesn't have to say, Wow, I need it six months in the lab before I upgrade it and it's an 18 month, 24 month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >>That says on John, you know, you got the, the product side, you know, it's challenging job cuz you have so many customers asking for things probably on the roadmap you probably go hour for that one. But I wanna get your thoughts on what you're hearing and seeing from customers. You know, we just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated on the, probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing, what's the key customer need? How are you guys responding? >>Yeah, actually I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges because we see customers and help customers who are getting challenge by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in as rua is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate because this is just not about a piece of technology. >>On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on but innovating faster with faster, with less. And that has been this age old problem, do more with less. But in this, in this whole, they're like trying to innovate in the middle of the war so to say, right, the war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at a hundred miles per hour while they're just, you know, trying to live one day at a time. >>And unless they really develop this overall security operating model helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this kind of this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with now. Drew is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC two offering to protect EC two virtual machines back in aws and we are gonna be continuing to evolve that to further many services that public cloud software cuz our customers are really kind of consuming them at breakneck speed. >>So the new workloads, the new security capabilities. Love that. Good, good call out there. Steven, this still the issue of the disruption side of it, you guys have a guarantee there's a cost of ownership as you get more tools. Can you talk about that angle of it? Because this is, you got new workloads, you got the new security needs, what's the disruption impact? Cause you know, you won't avoid that. How much is it gonna cost you? And you guys have this guarantee, can you explain that? >>Yeah, absolutely. So, so Dr launched our 10 million data resiliency guarantee. And, and for us, you know, there were, there were really two key parts to this. The first obviously is 10 million means that, you know, again we're, we're we're willing to put our money where our mouth is and, and that's a big deal, right? That that, that we're willing to back this with the guarantee. But then the second part, and, and, and this is the part that I think reflects that, that sort of model that Angen was talking about, we, we sort of look at this and we say the goal of DVA is to do the job of protecting and securing your data for you so that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from, you know, your data's gonna be recoverable in the case of a ransomware attack. >>Okay, that's good. Of course for it to be recoverable, we're also guaranteeing, you know, your backup, your backup success rate. We're also guaranteeing the availability of the service. You know, we're, we're guaranteeing that the data that we're storing for you can't be compromised or leaked externally and you know, we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover 30 years from now, that data's gonna be recovered. So we wanted to really attack the end to end, you know, risks that, that, that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there and the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SAS vendor, we're doing the job for you so you're buying results as opposed to technology. >>That's great. Great point. Ransomware isn't the only problem that's the title of this presentation, but is a big one. People concerned about it. So great stuff. In the last five minutes guys, if you don't mind, I'd love to have you share what's on the horizon for dva. You mentioned the new workloads on John, you mentioned this new security hearing shift left DevOps is now the developer model, they're running it get data and security teams now stepping in and trying to be as vo high velocity as possible for the developers and enterprises. What's on the horizon, Ava? What trends is the company watching and how are you guys putting that together to stay ahead in the marketplace and the competition? >>Yeah, I think listening to our customers, what we realize is they need help with the public cloud. Number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first from before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which I think is very unique to thwa because only we can look at multiple tenants, multiple customers because we are a SAS vendor and look at insights and give them best practices and guidances and analytics that nobody else can give. >>There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need, what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are gonna build all the way from a feature level where we have things like recycle bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights and security and that's where my focus is to go and get those features delivered and Steven can add a few more things around services that Steven is looking to build in launch. >>Sure. So, so yeah, so, so John, I think one of the other areas that we see just an enormous groundswell of interest. So, so public cloud is important, but there are more and more organizations that are running hundreds if not thousands of SaaS applications and a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365 Google workspace, but we're also seeing a lot of interest in protecting Salesforce because if you think about it, you know, if you, if if someone you know deletes some really important records in Salesforce, that's, that's actually actually kind of the record of your business. And so, you know, we're looking at more and more SaaS application protection and, and really getting deep in that application awareness. It's not just about backup and recovery. When you look at something like, like a sales force or something like Microsoft 365, you do wanna look into sandboxing, you wanna, you wanna look into long term archival because again, this is the new record of the business, what used to be in your on premises databases that all lives in cloud and SaaS applications now. >>So that's a really big area of investment for us. The second one, just to echo what, what engine said is, you know, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them, will do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your, your data up more cleanly, you're gonna be a lot less worried and a lot less exposed from that attack happens. So we want to be able to again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline. We've got to deliver value to our customers, not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >>That's great stuff. Run John. >>And remember John, I think all this while keeping things really easy to consume consumer grade UI APIs and the, the really, the power of SaaS as a service simplicity to kind of continue on amongst kind of keeping these complex technologies together. >>Aj, that's a great call out. I was gonna mention ease of use is and self-service, big part of the developer and IT experience expected, it's the table stakes, love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But the end of the day automation, cross cloud protection and security to protect and recover. This is huge and this is big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of of the product. Thanks for coming on. Appreciate it. >>Thank you very much. >>Okay, there it is. You got the experts talking about under the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Ante will give you some closing thoughts on the subject here you're watching the cube, the leader in high tech enterprise coverage. >>As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The dr. A Data Resiliency Cloud is the only 100% SAS data resiliency platform that provides centralized, secure air gapped and immutable backup and recovery. With dva, your data is safe with multiple layers of protection and is ready for fast recovery from cyber attack, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds and your business critical SaaS applications. Druva is the only 100% SAS fender that can manage, govern, and protect data across multiple clouds and business critical SAS applications. It supports not just backup and recovery, but also data resiliency across high value use cases such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale storage optimization, data immutability and ransomware protection. The DVA data resiliency cloud your data always safe, always ready. Visit druva.com today to schedule a free demo. >>One of the big takeaways from today's program is that in the scramble to keep business flowing over the past two plus years, a lot of good technology practices have been put into place, but there's much more work to be done specifically because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher. Today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a systems' view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. You know, we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you gotta do is go to the cube.net and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching why Ransomware isn't your only problem Made possible by dva, a collaboration with IDC and presented by the Cube, your leader in enterprise and emerging tech coverage.

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva, and Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment and, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered, sometimes it's not. So you look at that and you go, Wow. On, on the one hand people think they're really, really prepared and on the other hand the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue, it's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that. Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching The Cube, the leader in live tech coverage.

(upbeat music) >> TheCUBE presents UiPath Forward 5. Brought to you by UiPath. >> Hello and welcome back to TheCUBE's coverage of UiPath Forward 5. We're here in Las Vegas at the Venetian Convention Center. This is day two. We're wrapping up Dave Nicholson and Dave Vellante. This is the fourth time theCUBE has been at UiPath Forward. And we've seen the transformation of the company from, essentially, what was a really interesting and easy to adopt point product to now one through acquisitions, IPO, has made a number of enhancements to its platform. David Cardenas is here. Deputy Director of Operations for County of Los Angeles, the Department of Public Health. David, good to see you. Thanks for coming on theCUBE. >> Thanks for having me on guys. Appreciate it. >> So what is your role? What does it have to do with automation? >> So I had been, actually started off in the IT space within the public health. Had served as a CIO previously, but now been moving into broader operations. And I basically manage all of the back office operations for the department, HR, IT, finance, all that. >> So you've had a wild ride in the last couple of years. >> Yeah, I think, like I've been talking earlier, it's just been, the last two years have just been horrendous. It's been a really difficult experience for us. >> Yeah, and I mean, the scars are there, and maybe permanently. But it also had major effects on organizations, on operations that, again, seem to be permanent. How would you describe the situation in your organization? >> So I think it, the urgency that came along with the pandemic response, kind of required us to look at things, you know, differently. We had to be, realize we had to be a lot more nimble than when we were and try to figure out how to enhance our operations. But really look at the core of what we're doing and figure out how it is to be more efficient. So I think we've kind of seen it as an opportunity to really examine ourselves a little bit more deeply and see what things we need to do to kind of, to fix our operations and get things on a better path. >> You know, I think a lot of organizations we talked to say that. But I want to understand how you handle this is, you didn't have time to sit back in the middle of the pandemic. >> Yeah. >> And then as you exit, what I call the isolation economy, people are so burned out, you know? So how do you deal with that organizational trauma? Say, okay now, let's sit back and think about this. Do people, are they eager to do so? Do they have the appetite for it? What's that dynamic like? >> So I think certainly there's a level of exhaustion inside the organization. I can't say that there isn't because it's just been, you know, two years of 24/7/365 kind of work. And that's tough on any organization. But I think what we realize is that there's, you know, we need to move into action quickly 'cause we don't know what's going to come next, right? And we're expecting that this is just a sign of what's to come and that we're just at the start of that stage of, we're just going to see a lot more outbreaks, we're going to see a lot more conditions kind of hitting us. And if we're not prepared for that, we're not going to be able to respond for the, and preserve the health and safety of our citizens, right? So I think we're taking a very active, like, look at these opportunities and see what we've done and say how do we now make the changes that we made in response to the pandemic permanent so that the next time this comes at us, we won't have to be struggling the way that we were to try to figure things out because we'll have such a better foundation in place to be able to move things forward. >> I mean, I've never served in the military, but I imagine that when you're in the military, you're always prepared for some kind of, you know, in your world, code red, right? >> Yeah. >> So it's like this code red culture. And that seems to have carried through, right? People are, you know, constantly aware that, wow. We got caught off guard and we don't want that to happen again. Because that was a big part of the trauma was just the unknown- >> Right. >> and the lack of preparedness. So thinking about technology and its role in helping you to prepare for that type of uncertainty. Can you describe how you're applying technology to prepare for the next unknown? >> So I think, so that first part of what you said, I think the difficulty we've always had in the public health side is that there's the, generally the approach to healthcare is very reactionary, right? Your first interface with the healthcare system is, "I'm going to go see my doctor; I'm going to go to the hospital." The work that we do in public health is to try to do everything we can to keep you out of that, right? So it's broad-based messaging, social media now is going to put us out there. But also, to be able to surveil disease in a different way. And so the holy grail for us in healthcare has always been, at least on the public health side, has been to try to see how can we tap in more actively that when you go see the doctor or when you go to the hospital, how can I get access to that information very, very quickly so that I know, and can see, and surveil my entire county in my jurisdiction and know, oh, there's an outbreak of disease happening in this section of the county. We're 10 million people with, you know, hundreds of square miles inside of LA. There are places where we can see very, you know, specific targets that we know we have to hit. But the data's a little stale and we find out several months after. We need to figure out a way to do that more actively. Technology's going to be our path to be able to capture that information more actively and come up on something a little bit, so we can track things faster and be able to respond more quickly. So that's our focus for all our technology implementations, automation like UiPath has offered us and other things, is around how to gather that information more quickly and put that into action so we can do quick interventions. >> People have notoriously short memories. Please tell me (chuckles) any of the friction that you may have experienced in years past before the pandemic. That those friction points where people are thinking, "Eh, what are the odds?" >> Yeah. "Eh, I've got finite budget, I think I'm going to spend it on this thing over here." Do you, are you able to still ride sort of the wave of mind share at this point when putting programs together for the future? >> So whatever friction was there during the pandemic wiped away. I mean, we had amazing collaboration with the medical provider community, our hospital partners. The healthcare system in LA was working very closely with us to make sure that we were responding. And there is that wave that we are trying to make sure that we use this as an opportunity to kind of ride it so that we can implement all the things that we want. 'Cause we don't know how long that's going to last us. The last time that I saw anything this large was after the anthrax attacks and the bioterrorism attacks that we had after 9/11. >> How interesting. >> Public health was really in lens at that point. And we had a huge infusion of funding, a lot of support from stakeholders, both politically and within the healthcare system. And we were able to make some large steps in movement at that point. This feels the same but in a larger scale because now it touched every part of the infrastructure. And we saw how society really had to react to what was going on in a different way than anyone has ever prepared for. And so now is we think is a time where we know that people are making more investments. And our success is going to be their success in the longterm. >> And you have to know that expectations are now set- >> Extremely high. >> at a completely different level, right? >> Yes, absolutely. >> There is no, "Oh, we don't have enough PPE." >> Correct. >> Right? >> David: Correct. >> The the expectation level is, hey, you should have learned from all of- >> We should have it; we can deliver it, We'll have it at the ready when we need to provide it. Yes, absolutely. >> Okay, so I sort of mentioned, we're, David cubed on theCUBE (all laughing). So three Daves. You spoke today at the conference? >> Actually I'm speaking later actually in the session in an hour or so. >> Oh Okay. My understanding is that you've got this concept of putting humans at the center of the automation. What does that mean? Why is that important? Help us understand that. >> So I think what we found in the crisis is that the high demand for information was something we hadn't seen before, right? We're one of the largest media markets in the United States. And what we really had trouble with is trying to figure out how to serve the residents, to provide them the information that we needed to provide to them. And so what we had traditionally done is press releases, you know, just general marketing campaigns, billboards, trying to send our message out. And when you're talking about a pandemic where on a daily basis, hour-by-hour people wanted to know what was going on in their local communities. Like, we had to change the way that we focused on. So we started thinking about, what is the information that the residents of our county need? And how can we set up an infrastructure to sustain the feeding of that? Because if we can provide more information, people will make their own personal decisions around their personal risk, their personal safety measures they need to take, and do so more actively. More so than, you know, one of us going on camera to say, "This is what you should do." They can look for themselves and look at the data that's in front of them and be able to make those choices for themselves, right? And so we needed to make sure that everything that we were doing wasn't built around feeding it to our political stakeholders, which are important stakeholders. We needed to make sure that they're aware and are messaging out, and our leadership are aware. But it's what could we give the public to be able to make them have access to information that we were collecting on an every single day basis to be able to make the decisions for their lives. And so the automation was key to that. We were at the beginning of the pandemic just had tons and tons of resources that we were throwing at the problem that was, our systems were slow, we didn't have good ability to move data back and forth between our systems, and we needed a stop-gap solution to really fill that need and be able to make the data cycles to meet the data cycles. We had basically every day had to deliver reports and analytics and dashboards by like 10 o'clock in the morning because we knew that the 12 an hour and the five-hour news cycles were going to hit and the press were going to then take those and message out. And the public started to kind of come in at that same time and look at 10 and 11 o'clock and 12 o'clock. >> Yeah. >> We could see it from how many hits were hitting our website, looking for that information. So when we failed and had a cycle where that data cycle didn't work and we couldn't deliver, the public would let us know, the press would let us know, the stakeholders would let us know. We had never experienced anything like that before, right. Where people had like this voracious appetite for the information. So we needed to have a very bulletproof process to make sure that every single 24 hours we were delivering that data, making it available at the ready. >> Software robots enabled that. >> Exactly. >> Okay. And so how were you able to implement that so quickly within such a traumatic environment? >> So I think, I guess necessity is always the mother of invention. It kind of drove us to go real quickly to look at what we had. We had data entry operations set up where we had dozens and dozens of people whose sole job in life on a 24-hour cycle was to receive medical reports that we we're getting, interview data that's coming from our case interviews, hospitalization data that was coming in through all these different channels. And it was all coming in in various forms. And they were entering that into our systems of record. And that's what we were using, extracts from that system of record, what was using to generate the data analyses in our systems and our dashboards. And so we couldn't rely on those after a while because the data was coming in at such high volume. There wasn't enough data entry staff to be able to fit the need, right? And so we needed to replace those humans and take them out of that data entry cycle, pop in the bots. And so what we started to look at is, let's pick off the, where it is that that data entry cycle starts and see what we could do to kind of replace that cycle. And we started off with a very discreet workload that was focused on some of our case interview data that was being turned into PDFs that somebody was using to enter into our systems. And we said, "Well before you do that," since we can't import into the systems 'cause it wasn't working, the import utilities weren't working. We got 'em into simple Excel spreadsheets, mapped those to the fields in our systems and let the bots do that over and over again. And we just started off with that one-use case and just tuned it and went cycle after cycle. The bots just got better and better to the point where we had almost like 95% success rates on each submission of data transactions that we did every day. >> Okay, and you applied that automation, I don't know, how many bots was it roughly? >> We're now at like 30; we started with about five. >> Okay, oh, interesting. So you started with five and you applied 'em to this specific use case to handle the velocity and volume of data- >> Correct. >> that was coming in. But that's obviously dynamic and it's changed. >> Absolutely. >> I presume it's shifted to other areas now. So how did you take what you learned there and then apply it to other use cases in other parts of the organization? >> So, fortunately for us, the process that was being used to capture the information to generate the dashboards and the analyses for the case interview data, which is what we started with- >> Yeah. >> Was essentially being used the same for the hospitalization data that we were getting and for tracking deaths as they were coming in as well. And so the bots essentially were just, we just took one process, take the same bots, copy them over essentially, and had them follow the very same process. We didn't try to introduce any different workflow than what was being done for the first one so we could replicate quickly. So I think it was lucky for us a lot- >> Dave V.: I was going to say, was that luck or by design? >> It was the same people doing the same analyses, right? So in the end they were thinking about how to be efficient themselves. So they kind of had coalesced around a similar process. And so it was kind of like fortunate, but it was by design in terms of how they- >> Dave V.: It was logical to them. >> Logical to them to make it. >> Interesting. >> So for us to be able to insert the bots became pretty easy on the front end. It's just now as we're trying to now expand to other areas that were now encountering like unique processes that we just can't replicate that quickly. We're having to like now dig into. >> So how are you handling that? First of all, how are you determining which processes? Is it sort of process driven? Is it data driven? How do you determine that? >> So obviously right now the focus still is COVID. So the the priorities scale that we've set internally for analyzing those opportunities really is centered around, you know, which things are really going to help our pandemic response, right? We're expecting another surge that's going to happen probably in the next couple of weeks. That'll probably take us through December. Hopefully, at that point, things start to calm down. But that means high-data volume again; these same process. So we're looking at optimizing the processes that we have, what can we do to make those cycles better, faster, you know, what else can we add? The data teams haven't stopped to try to figure out how else can they turn out new data reports, new data analysis, to give us a different perspective on the new variants and the new different outbreaks and hotspots that are popping up. And so we also have to kind of keep up with where they're going on these data dashboards. So they're adding more data into these reports so we know we have to optimize that. And then there's these kind of tangential work. So for example, COVID brought about, unfortunately, a lot of domestic violence reports. And so we have a lot of domestic violence agencies that we work with and that we have interactions with and to monitor their work, we have certain processes. So that's kind of like COVID-adjacent. But it's because it's such a very critical task, we're looking at how we can kind of help in those processes and areas. Same thing in like in our substance abuse area. We have substance use disorder treatment services that we provide. And we're delivering those at a higher rate because COVID kind of created more of a crisis than we would've liked. And so that's how we're prioritizing. It's really about what is the social need, what does the community need, and how can we put the technology work in those areas? >> So how do you envision the future of automation in your organization and the future of your organization? What does that look like? Paint a picture for us. >> So I'm hoping that it really does, you know, so we're going to take everything that's COVID related in the disease control areas, both in terms of our laboratory operations, in terms of our clinic operations, the way we respond, vaccination campaigns, things of that nature. And we're going to look at it to see what can efficiencies can we do there because it's a natural outgrowth of everything we've done on COVID up to this point. So, you know, it's almost like it's as simple as you're just replicating it with another disease. The disease might have different characteristics, but the work process that we follow is very similar. It's not like we're going to change everything and do something completely different for a respiratory condition as we would for some other type of foodborne condition or something else that might happen. So we certainly see very easy opportunities to just to grow out what we've already done in terms of the processes is to do that. So that's wave one, is really focus on that grow out. The second piece I think is to look at these kind of other general kind of community-based type of operations and see what operations we can do there to kind of implement some improvements there. And then I'm certainly in my new role of, in Deputy Director of Operation, I'm a CIO before. Now that I'm in this operations role, I have access to the full administrative apparatus for the department. And believe me, there's enough to keep me busy there. (Dave V. Laughing) And so that's going to be kind of my third prong is to kind of look at the implement there. >> Awesome. Go ahead, Dave. >> Yeah, so, this is going to be taking a step back, kind of a higher level view. If we could direct the same level of rigor and attention towards some other thing that we've directed towards COVID, if you could snap your fingers and make that happen, what would that thing be in the arena of public health in LA County in particular, or if you want California, United States. What is something that you feel maybe needs more attention that it's getting right now? >> So I think I touched on it a little bit earlier, but I think it's the thing we've been always been trying to get to is how to really become just very intentional about how we share data more actively, right? I don't have to know everything about you, but there are certain things I care about when you go to the doctor for that doctor and that physician to tell me. Our physicians, our healthcare system as you know, is always under a lot of pressure. Doctors don't have the time to sit down and write a form out for me and tell me everything that's going on. During COVID they did because they were, they cared about their patients so much and knew, I need to know what's going on at every single moment. And if I don't tell you what's going on in my office, you'll never know and can't tell us what's going on in the community. So they had a vested interest in telling us. But on a normal day-to-day, they don't have the time for that. I got to replace that. We got to make sure that when we get to, not me only, but everyone in this public health community has to be focused and working with our healthcare partners to automate the dissemination and the distribution of information so that I have the information at my fingers, that I can then tell you, "Here's what's going on in your local community," down to your neighborhood, down to your zip code, your census tracked, down to your neighbors' homes. We'll be able to tell you, "This is your risk. Here are the things that are going on. This is what you have to watch out for." And the more that we can be more that focused and laser-focused on meeting that goal, we will be able to do our job more effectively. >> And you can do that while preserving people's privacy. >> Privacy, absolutely. >> Yeah, absolutely. But if people are informed then they can make their own decisions. >> Correct. >> And they're not frustrated at the systems. David, we got to wrap. >> Sure. >> But maybe you can help us. What's your impression of the, first of all, is this your first Forward? You've been to others? >> This is my first time. >> Okay. >> My first time. >> What's your sort of takeaway when you go back to the office or home and people say, "Hey, how was the show? What, what'd you learn?" What are you going to say? >> Well, from just seeing all the partners here and kind of seeing all the different events I've been able to go to and the sessions there's, you don't know many times I've gone to and say, "We've got to be doing that." And so there's certainly these opportunities for, you know, more AI, more automation opportunities that we have not, we just haven't even touched on really. I think that we really need to do that. I have to be able to, as a public institution at some point our budgets get capped. We only have so much that we're going to receive. Even riding this wave, there's only so much we're going to be able to get. So we have to be very efficient and use our resources more. There's a lot more that we can do with AI, a lot more with the tools that we saw, some of the work product that are coming out at this conference that we think we can directly apply to kind of take the humans out of that, their traditional roles, get them doing higher level work so I can get the most out of them and have this other more mundane type of work, just have the systems just do it. I don't need anybody doing that necessarily, that work. I need to be able to leverage them for other higher level capabilities. >> Well thank you for that. Thanks for coming on theCUBE and really appreciate. Dave- >> It's been great talking to you guys, thank you. >> Dave, you know, I love software shows because the business impact is so enormous and I especially love cool software shows. You know, this first of all, the venue. 3,500 people here. Very cool venue. I like the fact that it's not like booth in your face, booth competition. I mean I love VMware, VMworld, VMware Explore. But it's like, "My booth is bigger than your booth." This is really nice and clean, and it's all about the experience. >> A lot of steak, not as much sizzle. >> Yeah, definitely. >> A lot of steak. >> And the customer content at the UiPath events is always outstanding. But we are entering a new era for UiPath, and we're talking. We heard a lot about the Enterprise platform. You know, the big thing is this company's been in this quarterly shock-lock since last April when it went public. And it hasn't all been pretty. And so new co-CEO comes in, they've got, you know, resetting priorities around financials, go to market, they've got to have profitable growth. So watching that that closely. But also product innovation so the co-CEOs will be able to split that up, split their duties up. Daniel Dines the product visionary, product guru. Rob Enslin, you know- making the operations work. >> Operations execution business, yeah. >> We heard that Carl Eschenbach did the introduction. Carl's a major operator, wanted that DNA into the company. 'Cause they got to keep product innovation. And I want to, I want to see R&D spending, stay relatively high. >> Product innovation, but under the heading of platform. And that's the key thing is just not being that tool set. The positioning has been, I think, accurate that, you know, over history, we started with these RPA tools and now we've moved into business process automation and now we're moving into new frontiers where, where truly, AI and ML are being leveraged. I love the re-infer story about going in and using natural national (chuckles) national, natural language processing. I can't even say it, to go through messaging. That's sort of a next-level of intelligence to be able to automate things that couldn't be automated before. So that whole platform story is key. And they seem to have made a pretty good case for their journey into platform as far as I'm concerned. >> Well, yeah, to me again. So it's always about the customers, want to come to an event like this, you listen to what they say in the keynotes and then you listen to what the customers say. And there's a very strong alignment in the UiPath community between, you know, the marketing and the actual implementation. You know, marketing's always going to be ahead. But, we saw this a couple of years ago with platform. And now we're seeing it, you know, throughout the customer base, 10,000+ customers. I think this company could have, you know, easily double, tripled, maybe even 10x that. All right, we got to wrap. Dave Nicholson, thank you. Two weeks in a row. Good job. And let's see. Check out siliconangle.com for all the news. Check out thecube.net; wikibon.com has the research. We'll be on the road as usual. theCUBE, you can follow us. UiPath Forward 5, Dave Vellante for Dave Nicholson. We're out and we'll see you next time. Thanks for watching. (gentle music)

(upbeat music) >> Hey everyone, Lisa Martin for theCUBE here. Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape, as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations, as well as business organizations, and really it's that digital resilience, that ransomware that has everybody's attention. And it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC, we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is what we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient. And to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization. Whether it's through digital transformation, or whether it's simply data availability, whatever it might happen to be, digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company These days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably? Or is data resilience to find as something a little bit different? >> Well, sometimes, yeah, that we do get caught using them when one as the other, but data resilience is really a part of digital resilience if you think about the data itself and the context of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked. And it's becoming a corporate initiative. But there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it. And they really avoided confronting that. Nowadays, so many people have been hit by it, that stigma has gone. And so really it is becoming more of a community kind of effort, as people try to defend against these ransomwares. The other thing about it is it's really a lot like Whac-A-Mole. They attack us in one area and we defend against it, so they attack us in another area and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "One of these days, we're going to get pretty well defended against ransomware, and it's going to go away." And I responded, "I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities." And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a lot of fight. So I really think that ransomware is one of those things that is here for the long-term, and something that we we have to address and have to get proactive about. >> You mentioned some stats there. And recently, IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things, let's talk a little bit about the demographics of the survey, and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it's a little over 500 different individuals across the globe, in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, BPO of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high, or very high degree of confidence in their recovery tools, and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a 1/3 of organizations were able to fully recover their data without paying the ransom. And some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't aren't necessarily to be trusted. And so the software that they provide, sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared. And on the other hand, the results are absolutely horrible. 2/3 of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson, "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready based on the information you have. And these people are smart people, and they're professionals. But oftentimes, you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me, and kind of the aha moment, really, in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly half being the victims of ransomware in the last three years. And then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen. Just a matter of when and how often. >> It is a matter. Yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud, where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on demand resources. And in the old days when we had disaster recoveries, where there we had two different data centers and the failover and so forth, you have double the infrastructure. If your financial services, it might even be triple the infrastructure. It's very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly, what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place, to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit. And all of a sudden, they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have. And it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here? Is it that these IT practitioners over 500 that you surveyed across 20 industries, as a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know. And until you get into a specific attack, there are so many different ways that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice, things like encryption, immutability, things like that that organizations can put into place. Certainly, air gaps, having a solid backup foundation to where data is, you have a high probability recovery, things like that. Those are the kinds of things that organizations have to put into place, really, is a baseline to assure that they can recover as fast as possible, and not lose data in the event of our ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities, and as the threat landscape just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners? But does this go all the way up to the board level in terms of, " Hey guys across every industry, we are vulnerable. This is going to happen. We've got to make sure that we are truly resilient and proactive." >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the loss productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing these issues within their organization. >> So all the way at the top, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned, ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved? To the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on-premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and and to be able to take that cloud-centric perspective and apply it on-premises, as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Druva sponsored IDC white paper, fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> I'm, Lisa Martin. You're watching theCUBE, the leader in live tech coverage. (upbeat music)

>>Hey everyone. Welcome to the cubes presentation of the AWS startup showcase. This is season two, episode four of our ongoing series that features exciting startups within the AWS ecosystem. This episode's theme, cybersecurity protect and detect against threats. I'm your host, Lisa Martin, and I'm pleased to welcome back. One of our alumni chase joins me the principal strategist at jump cloud chase. It's great to have you back on the >>Perfect Michael, thank you so much for having me again, >>Tell the audience just a little quick refresher on jump cloud, open directory platform. We just give them that little bit of context. >>You bet. So jump cloud provides an open directory platform and what we mean by that is we help manage all of your employees, identities, the devices that they operate on, and then all the access that they need in order to get their work done in a modern it environment. >>So from a target, a market segment perspective, this is really targeted at small medium enterprise SMEs managed security providers. MSPs, talk to me a little bit about that and some of the what's in it for me, for those folks. >>Yeah, absolutely. And when we are thinking about specifically within that market, so small, medium enterprises and the it, or the managed service providers that help support those organizations, there's a lot of different technologies that you use in order to make sure that you have a secure organization. And within that group specifically, there's a lot less of a luxury right of an enterprise budget or kind of all these different personnel that you might have available to you. And it's really kind of down to maybe one team or just a couple folks or just one person wearing a lot of different hats. And so we've designed the open directory platform to help accommodate for a lot of those different pieces where we're bringing in multiple different types of technologies from identity access management, device management and MDM, MFA access through single sign on all of those different pieces and more that help kind of come into one platform. >>So not only do you have all the technology there at your disposable, but also all the visibility and analytics of folks that are getting in and just trying to get their job done. But now all of those pieces are, are consolidated into one platform and it really helps support a lot of those organizations, right? And keep in mind, you know, small, medium businesses are the most common businesses, not everyone's coming in from an enterprise. And so here we're able to layer on levels of security and making sure that you have best practices, no matter what size you're operating in. >>So consolidating it management, securing employees, access to a variety of it. Resources is really kind of in a nutshell. >>Absolutely. And just making sure that you're combining that combination of securely accessing all the things that you need, but also making sure that from an end user perspective, it's really easy and you have all those things kind of built in from the get go. >>So how are SSEs and MSPs leveraging jump cloud right now? What are some of the outcomes that you are helping them to achieve? Anything stand out to you? >>I think there's a couple different areas that we help support organizations. One is you can think about just the whole employee life cycle. So when, when someone joins an organization from onboarding, you know, where does that identity come from? How can we make sure that they're productive, you know, effective human beings as they come into it, but then the whole life cycle, as they're accessing or changing resources within their role, all the way to the end, where they might be leaving the organization and we can securely off board that person. And so that whole flow that you might have from an organization standpoint is one aspect. Another area is as companies continue to grow, they might be going after, you know, maybe audits, level compliance, other pieces that might help them grow. And there's a lot of layers that you need to think about or different types of technologies and processes to have those certifications and credentials. >>And so we help support those organizations again, by consolidating all those different technologies into one spot. It makes it a lot easier for people to get up to par in how they think that their security standards should be set within an organization. And finally too, I'd say just ease of mind. There's a lot of pieces when you're thinking about, you know, where people might be coming in from how do I get visibility into all those different aspects? And when you have all that under one roof, it adds a lot of, I'd say, you know, less mental stress in terms of one, how all those technologies should be working together effectively, also securely, but then also making sure that you have time in the day to tackle big projects and let some of the, let's say, run rate security out of the way. >>Yeah. That's really important to be able to assign resources that are able to make the biggest impact across the organization, moving things off the plate that are not necessary or more mundane twice a year. I understand jump cloud does a survey with SMEs where you really are aimed at understanding kind of where they are in the market today, their concerns, trends, challenges, budgets. Then I saw you just published results from a survey in June of 2022. Talk to me a little bit about the demographics of the survey, who, who are you talking to within SMEs? And then we can kind of crack open some of those really interesting findings that came out this year. >>Yeah. So we love to get a pulse check of what's happening within the industry, but specifically within that small, medium size, if you will. And so for that survey that we ran, we talked to 400 different roles, kind of that touch it from security. So from vice president of the CCSO all the way down to it, admins and anyone else in between, and we're really looking at organizations that had about 500 employees or less, cuz there's a lot of information out there, especially from the enterprise of, you know, Hey, here's best practices. Here's all the things that you can do. But for smaller organizations, it's not as clear cut or you have less of an understanding of what your peers might be going through or kind of what their concerns are. And so when we're running that survey, that's one thing that we like to keep in mind is it's really meant for organizations at that size because there's, there's some commonalities that you start to see in suss out. >>And it's not to say that those aren't the same concerns that the enterprise folks have as well, because a lot of the things that will come out, you know, they are security based say, Hey, what's top of mind, or what's kind of keeping you up at night. There were some clear indicators and especially well from kind of, as we do this survey, you know, every six months or kind of even year over year, you start to see some trends that are emerging. And so a, a lot of the big ones are, you know, ransomware software, vulnerability and network security. Those are kind of the top three aspects when we're looking at, Hey, what are specifics that are keeping you up? And those are easy to say because ransomware is obviously in the news. Even this week, there are three different organizations just kind of pick out. >>So brussel who does dental manufacturing, they had ransomware in trust, which is another cybersecurity organization. They were breached. But then also Fremont county here in Colorado as a government organization, all three of those were hit by ransomware. And you might not say, Hey, there's, you know, they're all kind of random and they're not put together, but under the hood really it's a lot of the same different technologies that are powering, how people get access into things. Do they have the right levels of credentials? Are there conditions set within that type of access, especially if it's privilege. And so you start to consolidate and bubble down all those different things that can lead up to those concerns. And then even on the software vulnerability side, Mac release, two different vulnerabilities this week. And so now it quickly becomes, okay, great. How can I make sure that my employees are using not only a secure device, but a secure device, that's up to date because it's a dynamic field as all of these things coming through. >>And these are a lot of the gotchas that can keep, you know, small, medium enterprises up at night because if something happens a security event like that, it could be a, you know, a career ending event, but also a company ending event. When you think about that. And so that becomes a really high level of importance because no one wants to see their name in the news, but it also takes a lot of different steps in order to create the layers that are necessary in order to achieve, you know, really solid round stand on for organization to do that. And so that's where we like to come in and help and making sure that a lot of those layers are actually easier to implement than you thought. And it's not this huge project, but you're doing it in a way that's conscious and also not really getting the way of kind of battling users or making sure that their experience is a nightmare as well in order to achieve these goals that you have as an organization, >>You bring up ransomware, it's become a household term that I think probably every generation alive right now in some form or fashion understands what it is to a, to some degree it's now security threats in general. Now no longer if we get hit, it's a matter of one. You gave three great examples of SMEs that were hit recently and organizations. We wouldn't think really them everybody's vulnerable. You talked about the different, you know, some of the, the concerns, software, vulnerable vulnerability, exploits, the use of unsecured networks, people, and this is so common using the same password across applications that SSEs and enterprises too are dealing with. They have to be able to lean on MSPs, for example, in the SME space to say, help us with these obvious vulnerabilities, we need to make sure that our employees are productive. They're working together. We can onboard and offboard people in a secure way. How did this survey uncover how SMEs are leaning more on MSPs to help solve some of those risks that you've talked about? >>I think one of the more interesting trends that we've seen is just the ability and the ramp for organizations to lean on managed service providers. You saw a lot of this during kind of the, the beginning of the pandemic or kind of this really shift to remote work where people kind of have this mentality of, okay, it might be a cost center and, and will have, but it it's always felt this importance to making sure that people are on site. They understand their culture. They understand the, the ways that the organization works. However, now, a lot more organizations are stepping back and saying, well, if I can't see anyone in the office or if there's only half or maybe 10% that are showing up, you know, are there other economies of scale almost that I can get from leveraging a managed service provider bringing in other expertise, right? >>And so it might be valuable to say, Hey, it's not only just managing my organization, but five others. And so now you can start to see and kind of lean on best practices that they've evolved over time. And I think one of the more interesting stats is we see that, you know, almost nine out of 10 organizations that we surveyed are either leveraging an MSP or have considered it. And one of those things that's actually pulling them back or some organizations say, Hey, I've looked at it, but I'm not quite ready to commit to outsourcing this section of my organization that, or kind of bringing in someone to manage it fully alongside with me almost in a co-managed type of environment is a third of 'em say, Hey, I, I don't know how secure the MSPs are themselves. How do they think about their own internal practices? >>And what does that look like? Because again, you, you're thinking about handing over the crown jewels over to someone and say, Hey, here's some of our, our most vulnerable or critical assets that we need to have secured and, and making sure that that's part of the organization. And so it's a, it's an honest conversation that a lot of owners have with MSPs and say, look, are, are you up to snuff, right? Because if something happens, sure, I might have one person to go after, or you might have SLAs that I can, I can go. But it still means me as an organization has been targeted. What does that look like in our types of relationship? And so a lot of the partners that we have on the jump outside, it's a very common conversation that they have with our clients and saying, walking them through and say, Hey, here's our, our security plan. >>Here's how we approach that. Here's all the different tools that we have at, at our disposal that are working alongside jump cloud in order to make sure that not only do you have good posture, I'd say good areas where the organization is set up for success, where you're thinking about not sharing passwords or there's password complexity, or there's other technologies like single sign on that, help reduce that. But in addition to what type of network scanning do you have available? What type of antivirus do you leverage? What are all the other pieces that create that holistic security structure? And so sometimes it's a lot easier for MSPs to deliver that and package it up instead of having, you know, an overburdened it, admin said, great, this is another project that I have to go through and think about and look at pricing and kind of other those components, because it helps speed up. I'd say your time to being more secure. And that's a really real conversation for organizations as they think about planning, as they think about budgets and what impact that might have on organization, making sure that employees can get work done. But we're also thinking about in a very secure mindset within the organization. >>That's so critical as we talked about every or every organization of every size in every industry is vulnerable. There's just no weight getting around it. These days. You talked about an interesting stat, about 90% of the SME surveyed some written we're yes, we're relying on MSV, but we still worry about security. Talk to me from the jump cloud, AWS perspective. How do you help though? That's cause that's a big number, the 90% of SMEs that are still concerned about security, how do you help them dial that down? >>I think it's really understanding, you know, you mentioned AWS, so what are the critical access and what are those points that look like that we need to get a handle on? And how can we make that easier? Cause I think one of the pieces that will often come at and say, Hey, we really wanna make this approach work. We really wanna make sure that when you, when you wake up and you need to get into Q and a environments or, or production or whatever, that might be, that it's a seamless experience, but we as an organization have visibility into what's going on and Hey, if you're getting promoted or your role is changing, we wanna make sure that those attributes or kind of those pieces that are associated to you and your identity are changing with it. And so making sure that there's this dynamic motion available to folks, as they start thinking about, you know, where a majority of their IP lives, it's no longer in some server closet and yes, it might still be on a, on a manufacturing floor, but it's those components that become the most critical for organizations you've heard, I'd say, you know, certainly within the last five years and probably even goes further back where a lot of traditional organizations say, Hey, we're a software company now we're, you know, kind of insert for innovation, making sure we can do that. >>And I think a lot of organizations are still going through that transition, but right behind it and what's coming next. And certainly a lot of organizations start to say, not only are we a software company, but we're a security company. And with that, that comes the mindset. Not only of here's how we tactically get into the things that we need to do our job, but the why behind it. And I think that's one of the elements that might be missing or is certainly one of, I know that we have a lie attainment kind of take that approach of, yes, we're gonna be implementing, we need to have your device passion updated because there's vulnerabilities. But for everyone else kind of on the end user side, it's like, well, okay, well why, why do we need to do that? And so by having that security first type of mentality, that allows everyone to be on the same page, play on the same team and making sure that when, you know, those requests are coming in both back and forth between end users and its security team, anyone else that might be involved within that process, you all understand that say, Hey, it's not, you know, it, it's not my job. >>It's everyone's job, right? We're all in this together because that's some of the parts where it can start to fall down too. You might have a team that has the best practices and in, you know, in intentions, but if the implementation and the follow through isn't bought in from everyone, then you're also playing against the speed of the organization to adopt it. And that's really the timeline that you're battling, especially when you're thinking about ransomware or someone who already might be in it is how can we help mitigate a lot of those different pieces. So by combining all those different elements into a thought process, into a mentality of being a security first organization, that's really kind of helps within the ripple effect all the way down into, you know, the critical resources like AWS. >>It has to be a holistic view. There's really no other choice these days. And it also has to be done in a timely fashion. What did, as we wrap up kind of talking about the survey here, what were some of the trends, the future trends it uncovered as we are still in a remote and distributed work environment. It probably always will be. We've seen challenges and everyone's mental health in terms of, of strapped resources. What did the survey uncover as to what these folks saw as future trends? >>So I'd say there's a, there's a couple, there there's a lot, but we'll break it down and say, I'd say three core trends that you saw across every organization that we talked to, including our own base of over 180,000 organizations that rely on gem cloud is, Hey, security is number one, right? And we we've talked to that about at length device management is another extension of that. I'm sorry, making sure that, Hey, this is the only piece of hardware I have from the company in front of me. I wanna make sure that I can manage secure it, make sure it's patched as well as we kind of operate in this dynamic and environment, making sure that we're resilient as an organization. And then I'd say finally, as those pieces start to evolve, there's still some organizations that are how trying to understand kind of truly manage what does hybrid and remote and kind of what does that look like for me as an organization? >>Cause I think we're now out of this panic mode and now organizations are now setting up. Okay, what are some of the long term structures as I think about that, and you hear a lot about too, from other organizations that are mandating folks to come back or okay. Maybe it's just a couple days a week or all of those decisions have impacts on the it organization. So that is very alive and well, I'd say one of the other pieces you mentioned mental health is that we are starting to understand a little bit more, you know, kind of who's behind the computer. Who's, who's behind the keyboard. What does the impact have for them? Because in this type of work environment as well, you know, it's still challenging to find really good talent. And so you might be strapped for resources. You might be the only person that's trying to implement these processes or the security protocol, or trying to help get us up into a good compliance posture, all of those different pieces kind of on it. >>And so you can start to think about man, how do I, how do I make progress? And I think that's one of the other pieces that is really important for folks kind of from that perspective is, you know, always understand that you're making progress, even though the, the tickets might be coming at you and you, there's never ending in sight. All those steps that you take for an organization are critically important. And so, and it's not always just a people answer cuz you might, might not be in the position to say, Hey, we need an extra five hands on this in order to make it done. It might have to be more of a conversation of, Hey, here are the pieces that we need to automate. Here are the business processes that we really need to think about in order to have a fundamental impact on what we can do. >>And then you can come back and say, great. And if we have this, it might actually look like one and a half people. You can't really hire a half person, but you come into those types of mentality with a really solid argument of here's what we need to have in order to make this happen. And I think too, getting that type of buy-in again, making sure, Hey, we are a security company after all, we're all in this together that allows everyone to kind of help pitch in because if you don't have that piece, then you know, everything can feel much more burdensome, right? And the level of burnout increases the, the level of mental health in general, across the teams that are acting as supporting functions for an organization, start to get burnout. And it might not always be as Hey, as important as, as revenue or Hey, we're getting this marketing campaign out, but it's this underwriting thing in terms of really, truly important infrastructure that the company needs to think about. >>And when you can involve all of those different pieces, then people feel like they can make a positive impact. They feel more empowered. They have, you know, emojis attached to tickets and say, Hey, it was so great to help you out today. And a lot of those I'd say interpersonal connections that you might be missing in a remote only type of world in organization. And so bringing all those little tidbits back into, you know, how to, how to be a good person, how to be a good human and how to make sure that there's some personality involved with it. And it's not just this ongoing process. I think there's a little bit of give and take, but that's one other thing that we've surfaced is really just understanding a better picture of who's implementing all these amazing things around the world. >>That's so important. There's so many different levers to the pull here where becoming a security company is concerned. Where can folks go to one chase, get the surveying two, some final thoughts. What, where can folks go to actually test out jump drive? >>Yeah, absolutely >>Jump out. Excuse me. >>So within everything that we talked about, some from various different technologies from identity management, device management, SSO, MFA, and many, many more. So you can go to jumpcloud.com, create a free organization. It's free up to 10 users, 10 devices. So even for really small organizations, even if you're a startup, we can help leverage enterprise grade security technology for you to implement as well as more detailed on the reports. And so if you wanna get a better sense of kind of how we look at the world types of information that we can bring back and making sure that you're learning from your peers and how to implement and put your best foot forward within the organization, we always have a ton of amazing resources and content that really looks at, you know, who's doing the work. Why are they doing the work? And how is that work impactful within multiple different organizations and not only just the organizations themselves, but those that are supporting it like managed service providers of the world. >>Got it. Awesome. Chase. Thank you so much for joining me on this episode of the AWS startup showcase, talking to us about what jump cloud is uncovered with respect to the concerns that SMEs have, how MSPs are helping, how jump cloud is also a facilitator of really helping to organizations to become security organizations. We appreciate your time. >>Absolutely. Thank you so much for having me again. >>Our pleasure. We wanna you for watching. Keep it right here on the, for more action. The, is your leader in live coverage?

>>the Cube presents H P E discovered 2022. Brought to you by H P E. >>Hi, buddy Dave Balon and Jon Ferrier Wrapping up the cubes. Coverage of day two, hp Discover 2022. We're live from Las Vegas. Vishal Lall is here. He's the senior vice president and general manager for HP ES Green Lake Cloud Services Solutions. Michelle, good to see you again. >>Likewise. David, good to see you. It was about a year ago that we met here. Or maybe nine months >>ago. That's right. Uh, September of last year. A new role >>for you. Is that right? I was starting that new role when I last met you. Yeah, but it's been nine months. Three quarters? What have you learned so far? I mean, it's been quite a right, right? I mean, when I was starting off, I had, you know, about three priorities we've executed on on all of them. So, I mean, if you remember back then they we talked about, you know, improving a cloud experience. We talked about data and analytics being a focus area and then building on the marketplace. I think you heard a lot of that over the last couple of days here. Right? So we've enhanced our cloud experience. We added a private cloud, which was the big announcement yesterday or day before yesterday that Antonio made so that's been I mean, we've been testing that with customers. Great feedback so far. Right? And we're super excited about that. And, uh, you know, uh, down there, the test drive section people are testing that. So we're getting really, really good feedback. Really good acceptance from customers on the data and Analytics side. We you know, we launched the S three connector. We also had the analytics platform. And then we launched data fabric as a service a couple of days ago, right, which is kind of like back into that hybrid world. And then on the marketplace side, we've added a tonne of partners going deep with them about 80 plus partners now different SVS. So again, I think, uh, great. I think we've accomplished a lot over the last three quarters or so lot more to be done. Though >>the marketplace is really interesting to us because it's a hallmark of cloud. You've got to have a market price. Talk about how that's evolving and what your vision is for market. Yes, >>you're exactly right. I mean, having a broad marketplace provides a full for the platform, right? It's a chicken and egg. You need both. You need a good platform on which a good marketplace can set, but the vice versa as well. And what we're doing two things there, Right? One Is we expanding coverage of the marketplace. So we're adding more SVS into the marketplace. But at the same time, we're adding more capabilities into the marketplace. So, for example, we just demoed earlier today quickly deploy capabilities, right? So we have an I S p in the marketplace, they're tested. They are, uh, the work with the solution. But now you can you can collect to deploy directly on our infrastructure over time, the lad, commerce capabilities, licencing capabilities, etcetera. But again, we are super excited about that capability because I think it's important from a customer perspective. >>I want to ask you about that, because that's again the marketplace will be the ultimate arbiter of value creation, ecosystem and marketplace. Go hand in hand. What's your vision for what a successful ecosystem looks like? What's your expectation now that Green Lake is up and running. I stay up and running, but like we've been following the announcement, it just gets better. It's up to the right. So we're anticipating an ecosystem surge. Yeah. What are you expecting? And what's your vision for? How the ecosystem is going to develop out? Yeah. I >>mean, I've been meeting with a lot of our partners over the last couple of days, and you're right, right? I mean, I think of them in three or four buckets right there. I s V s and the I S P is coming to two forms right there. Bigger solutions, right? I think of being Nutanix, right, Home wall, big, bigger solutions. And then they are smaller software packages. I think Mom would think about open source, right? So again, one of them is targeted to developers, the other to the I t. Tops. But that's kind of one bucket, right? I s P s, uh, the second is around the channel partners who take this to market and they're asking us, Hey, this is fantastic. Help us understand how we can help you take this to market. And I think the other bucket system indicators right. I met with a few today and they're all excited about. They're like, Hey, we have some tooling. We have the manage services capabilities. How can we take your cloud? Because they build great practise around extent around. Sorry. Aws around? Uh, sure. So they're like, how can we build a similar practise around Green Lake? So again, those are the big buckets. I would say. Yeah, >>that's a great answer. Great commentary. I want to just follow up on that real quick. You don't mind? So a couple things we're seeing observing I want to get your reaction to is with a i machine learning. And the promise of that vertical specialisation is creating unique opportunities on with these platforms. And the other one is the rise of the managed service provider because expertise are hard to come by. You want kubernetes? Good luck finding talent. So managed services seem to be exploding. How does that fit into the buckets? Or is it all three buckets or you guys enable that? How do you see that coming? And then the vertical piece? >>A really good question. What we're doing is through our software, we're trying to abstract a lot of the complexity of take communities, right? So we are actually off. We have actually automated a whole bunch of communities functionality in our software, and then we provide managed services around it with very little. I would say human labour associated with it is is software manage? But at the same time we are. What we are trying to do is make sure that we enable that same functionality to our partners. So a lot of it is software automation, but then they can wrap their services around it, and that way we can scale the business right. So again, our first principle is automated as much as we can to software right abstract complexity and then as needed, uh, at the Manus Services. >>So you get some functionality for HP to have it and then encourage the ecosystem to fill it in or replicated >>or replicated, right? I mean, I don't think it's either or it should be both right. We can provide many services or we should have our our partners provide manage services. That's how we scale the business. We are the end of the day. We are product and product company, right, and it can manifest itself and services. That discussion was consumed, but it's still I p based. So >>let's quantify, you know, some of that momentum. I think the last time you call your over $800 million now in a are are you gotta You're growing at triple digits. Uh, you got a big backlog. Forget the exact number. Uh, give us a I >>mean, the momentum is fantastic Day. Right. So we have about $7 billion in total contract value, Right? Significant. We have 1600 customers now. Unique customers are running Green Lake. We have, um, your triple dip growth year over year. So the last quarter, we had 100% growth year over year. So again, fantastic momentum. I mean, the other couple, like one other metric I would like to talk about is the, um the stickiness factor associated tension in our retention, right? As renewal's is running in, like, high nineties, right? So if you think about it, that's a reflection of the value proposition of, like, >>that's that's kind of on a unit basis, if you will. That's the number >>on the revenue basis on >>revenue basis. Okay? >>And the 1600 customers. He's talking about the size and actually big numbers. Must be large companies that are. They're >>both right. So I'll give you some examples, right? So I mean, there are large companies. They come from different industries. Different geography is we're seeing, like, the momentum across every single geo, every single industry. I mean, just to take some examples. BMW, for example. Uh, I mean, they're running the entire electrical electric car fleet data collection on data fabric on Green Lake, right? Texas Children's Health on the on the healthcare side. Right On the public sector side, I was with with Carl Hunt yesterday. He's the CEO of County of Essex, New Jersey. So they are running the entire operations on Green Lake. So just if you look at it, Barclays the financial sector, right? I mean, they're running 100,000 workloads of three legs. So if you just look at the scale large companies, small companies, public sector in India, we have Steel Authority of India, which is the largest steel producer there. So, you know, we're seeing it across multiple industries. Multiple geography is great. Great uptake. >>Yeah. We were talking yesterday on our wrap up kind of dissecting through the news. I want to ask you the question that we were riffing on and see if we can get some clarity on it. If I'm a customer, CI or C so or buyer HP have been working with you or your team for for years. What's the value proposition? Finish this sentence. I work with HPV because blank because green like, brings new value proposition. What is that? Fill in that blank for >>me. So I mean, as we, uh, talked with us speaking with customers, customers are looking at alternatives at all times, right? Sometimes there's other providers on premises, sometimes as public cloud. And, uh, as we look at it, uh, I mean, we have value propositions across both. Right. So from a public cloud perspective, some of the challenges that our customers cr around latency around, uh, post predictability, right? That variability cost is really kind of like a challenge. It's around compliance, right? Uh, things of that nature is not open systems, right? I mean, sometimes, you know, they feel locked into a cloud provider, especially when they're using proprietary services. So those are some of the things that we have solved for them as compared to kind of like, you know, the other on premises vendors. I would say the marketplace that we spoke about earlier is huge differentiator. We have this huge marketplace. Now that's developing. Uh, we have high levels of automation that we have built, right, which is, uh, you know, which tells you about the TCO that we can drive for the customers. What? The other thing that is really cool that be introduced in the public in the private cloud is fungible itty across infrastructure. Right? So basically on the same infrastructure you can run. Um, virtual machines, containers, bare metals, any application he wants, you can decommission and commission the infrastructure on the fly. So what it does, is it no matter where it is? Uh, on premises, right? Yeah, earlier. I mean, if you think about it, the infrastructure was dedicated for a certain application. Now we're basically we have basically made it compose herbal, right? And that way, what? Really? Uh, that doesnt increases utilisation so you can get increased utilisation. High automation. What drives lower tco. So you've got a >>horizontal basically platform now that handle a variety of work and >>and these were close. Can sit anywhere to your point, right? I mean, we could have a four node workload out in a manufacturing setting multiple racks in a data centre, and it's all run by the same cloud prints, same software train. So it's really extensive. >>And you can call on the resources that you need for that particular workload. >>Exactly what you need them exactly. Right. >>Excellent. Give you the last word kind of takeaways from Discover. And where when we talk, when we sit down and talk next year, it's about where do you want to be? >>I mean, you know, I think, as you probably saw from discovered, this is, like, very different. Antonio did a live demo of our product, right? Uh, visual school, right? I mean, we haven't done that in a while, so I mean, you started. It >>didn't die like Bill Gates and demos. No, >>no, no, no. I think, uh, so I think you'll see more of that from us. I mean, I'm focused on three things, right? I'm focused on the cloud experience we spoke about. So what we are doing now is making sure that we increase the time for that, uh, make it very, you know, um, attractive to different industries to certifications like HIPAA, etcetera. So that's kind of one focus. So I just drive harder at that adoption of that of the private out, right across different industries and different customer segments. The second is more on the data and analytics I spoke about. You will have more and more analytic capabilities that you'll see, um, building upon data fabric as a service. And this is a marketplace. So that's like it's very specific is the three focus areas were driving hard. All right, we'll be watching >>number two. Instrumentation is really keen >>in the marketplace to I mean, you mentioned Mongo. Some other data platforms that we're going to see here. That's going to be, I think. Critical for Monetisation on the on on Green Lake. Absolutely. Uh, Michelle, thanks so much for coming back in the Cube. >>Thank you. Thanks for coming. All >>right, keep it right. There will be John, and I'll be back up to wrap up the day with a couple of heavies from I d. C. You're watching the cube. Mhm. Mm mm. Mhm.

>>from the bellagio Hotel >>in Las Vegas. >>It's the >>cube covering >>Ui Path forward. >>Four brought to >>you by Ui Path. >>Welcome back to Las Vegas. The cube is here. We've been here for two days covering Ui Path Forward for lisa martin here with David Monty. We've talked about automation and many industries. Now this segment is going to focus on automation and healthcare. We've got two guests joining us Jim Petrosea Cto of Blue Cross, Blue Shield and Gadget. Dhaliwal. The global C. I. O. Industry lead at you. I pass guys welcome to the program. Thank you. So let's start unpacking from the CTO level and the ceo level the agenda for automation. Jim let's start with you. What does that look like >>for us. It's actually pretty strategic and part of as we think about digital and what digital transformation means, it actually plays a pretty key role. Um There are a lot of processes that can be very manual within a big organization like Blue cross and Blue shield and to be able to streamline that and take away kind of what I would call the mundane work. Right? The the you know, going through a spreadsheet and then typing it into the screen, there are a lot of processes like that that are legacy. But what if you could take that away um and actually create a better work experience for the people that work there right? And and focus on higher value type uh type things and it's really key. And it really It goes down to our our business folks right? There are a lot of things we can drive with automation. We started a program um in 2019. Um that's been quite successful. We now have 250 box, we measure what we call annualized efficiency gains. So how much efficiency are we getting by these bots? So the bots are doing um this repetitive work that people would do. Um And what we're finding is, you know, we've got about $11 million in any wise efficiency gain through the process and we're just getting started. Um But we're all we're not stopping there too though, we're enabling citizen developers. So we're saying, hey business, if you want to automate, you know, parts of your job, we're gonna help you do that. So we've got about 60 people that were training. Um We run bad Ethan's where they come together and they actually create bots uh And it's really really creating some some impact and buzz in our business >>anywhere from your lens, where does automation fit within the C. I. O. S. Agenda? And how do you work together in unison with the C. T. O. To help roll this out across the enterprise? >>Yeah, no, definitely. And in fact as a part of introduction, I can actually share that. How I'm wearing a Ceo had within your path since I'm just joining join path and I'm actually now helping a client ceos in their automation strategy but I was a deputy ceo in my prior role at L. A. County where actually I ran the automation strategy. So if we look at from our organization perspective B complex as L. A County which is such a Federated organization. From a Ceo perspective, the way we look at the strategy is it's always driven by the business goals of the city or a county and we typically drive into three different areas. One is how we can transform our operational processes so that we can save the tax dollars. It's all about doing more with the less dollars. And then second is about how we can transform our residents experience because end of the day it is all about how we can improve the quality of life for our residents. So we've got 10 million people for L. A. County, the largest populous county in us. So it was an uphill task to serve that such a diverse population need and that the third area is about how to transform the new business models because as we are moving away from a government centric approach to the residents centric approach, you really need to come up with a new digital solutions. And Ceo is in the center of all these three elements when you look at it. So it's a very appear to us to keep keep improving your efficiency and then at a time keep adding the new digital solutions and that's where automation strategy is kind of a horizontal strategy which enables all these components. So what I hear from >>that is alignment with the business. Yeah. Right. Change management. Absolutely. That's like really fundamental and then see IOS this this agent of transformation uh you can see or she has a horizontal purview across the organization now now jim the cto role is the automation at blue cross blue shield lead by you or you there to make sure the technology plugs into your enterprise architecture. What's your shoulder? >>You know? Uh my my role is really to drive uh what I'll call technology enabled business change. Right. So I actually uh started our our automation journey uh at hc sc and I did that by partnering with our business. Um There was actually a lot of buzz around automation and there were actually some small pockets of it, none of it was enterprise scale. Um Right. And we really wanted to go big in this and and working with the business sponsors, they saw value in it. Um and we've you know, we've generated um a lot of uh efficiency, better quality of work because of it but but I very closely had a partner with our business, we have a committee that is lead of business folks that I facilitate. So I view my role as an enabler, um we have to communicate the change management pieces is huge. Uh the education just having a common vernacular on what is automation mean, Right, because everybody interpreted it differently um and then being able to do it at an enterprise scale is quite challenging. Um You know, I I really enjoyed um one of the key notes, I don't know if you had a chance to see shankar by Duncan from the hidden brain, right? But he talked a lot about the brain aspect and how do you get people to change? And and that's a large part of it. There's a lot about technology, but there's really a lot about being a change agent um and and really working very closely with your business, >>how does one measure? I'm hearing a lot time saved. Our saved. How does one measure that and quantify the dollar impact, which by the way, I'm on record as saying the soft dollars are way bigger. And but when you're talking to the, you know, the bottom line CFO and it's all about, you know, the cash flow, whatever is, how do you measure that? >>I can take it. So we, what we do is as we define these use cases right? We we go through an actual structure product process where we we gather them. Um we then rate them and we actually prioritize them based on those that are going to have the greatest impact. Um and we can tell based on, you know, what is the manual effort today. So we understand there are X number of people that do this X number of days and we think this body can take that some load off of them. Right? Um So we we go in with the business case. Um And then the Ui Path platform actually allows us to measure well, how much is that pot running? Right. So we can actually sit there and say, well we wanted that thing to run 10 hours a day and it did and it's generated this kind of efficiency because otherwise the human would have had to do that work. >>So the business case is kind of redeploying >>human. It really is is really maximizing human capital and make and and you know really using because the bots do repetitive stuff really well. They don't do higher level thinking and and we don't view it as replacing people, we view it as augmenting and actually making them more efficient and more effective at what, how do you get the dollars out of that? Well, a couple of ways. Right. And so one of the things we've we've done is we we create and measure the efficiency our business users and financed by the way is one of our bigger ones. And the CFO is one of the sponsors of the program, um can decide how to reinvest it in a lot of cases it is actually cost avoidance as we grow, literally being able to grow without adding staff. I mean that's very measurable. Um in some cases it is actually taking, you know cost out um in in certain cases, but a lot of times that's just through attrition, right? You don't back fill positions, you let it happen naturally. Um and and then there's just things that happen to your business that you have to respond to give you a great example, state of texas, um passes what's the equivalent of the no surprise attack. But they did it there before the federal government did it. Um but it requires a lot of processes to be put in place, because now you have providers and payers having to deal with disputes, right? It actually generates a boatload of work. And we thought there might be, you know, 5000 of these in the first year, where there were 21,000 in the first year. And so far this year we're doubling that amount, right. We were able to use automation to respond to that without having to add a bunch of stuff. If we had to add staff for that, it would have literally been, you know, maybe hundreds of people, right? And but now, you know, there's, you can clearly put a value on it and it's millions of dollars a year, that we would have otherwise had to expect. >>The reason I'm harping on this lease is because I've been through a lot of cycles, as you know, and after the dot com boom, the the cost avoidance meant not writing the check to the software company, right? And that's what nick Carr wrote this, i. T matter. And then, and then, you know, post the financial crisis, we've entered uh a decade plus of awareness on the impact of technology. And I wonder if it's, I think this, I think this the cycle is changing I think. And I wonder if you have an opinion here where people, I think organizations are going to look at Technology completely different than they did like in the early 2000s when it was just easy to cut. >>No, I think the other point I will add to it. I agree with the gym. So we typically look at our away but it doesn't always have to be the cost. Right? If you look from the outcomes of the value, there are other measures also right? If you look at the how automation was able to help in the Covid generate. It was never about costs at that time. It was about a human lives. So you always may not be able to quantify it what you look at. Okay. What how are we maximizing the value or what kind of situations where we are and where we may not even have a human power to do that work. And we are running against the time. It could be the compliance needs. I'll give example of our covid use case which was pretty big success uh within L. A. County we deployed bots for the covid contact tracing program. So we were actually interviewing all the people who were testing positive so that we actually can keep track of them and then bring back that data within our HR so that our criminologists actually can look at the trends and see how we are doing as a county as compared to other counties and nationally. And we were in the peak, we were interviewing about 5000 people a day And we had to process that data manually into our nature and we deployed 15 members to do that. And they were doing like about 600 interviews a day. So every day we had a backlog of 2500 interviews. So it is not about a cost saving or a dollar value here because nobody planned for these unplanned events and now we don't have a time and money to find more data entry operators and parts were able to actually clear up all the backlog. So the value which we were able to bring it is way beyond the cost element. >>I I believe that 100% and I've been fighting this battle for a long time and it's easier to fight now because we're in this economic cycle even despite the pandemic, but I think it can be quantified. I honestly believe it can be tied to the income statement or in the case of a public sector, it could be tied to the budget and the mission how that budget supports the mission of the company. But I really believe it. And and I've always said that those soft factors are dwarf the cost savings, but sometimes, you know, sometimes the CFO doesn't listen, you know, because he or she has to cut. I think automation could change that >>for public sector. We look at how we can do more about it. So it's because we don't look at bottom line, it's about the tax dollars, we have limited dollars, but how we can maximize the value which we are giving to residents, it is not about a profit for us. We look at the different lens when it comes to the commercial >>Side, it's similar for us. So as a as a health care pair, because we're a mutual right? Our members and we have 17 million of them are really the folks that own the company and we're very purpose driven. Our our purpose is to do everything in our power to stand by members in sickness and in health. So how do you get the highest quality, cost effective health care for them? So if automation allows you to be more effective and actually keep that cost down, that means you can cover more people and provide higher quality care to our members. So that's really the driver for mission driven, >>I was gonna ask you as a member as one of your 17 million members, what are some of the ways in which automation is benefiting me? >>Um you know, a number of different ways. First off, you know, um it lowers our administrative costs, right? So that means we can actually lower our rights as as we go out and and and work with folks? That's probably the the the the bottom line impact, but we're also automating processes uh to to make it easier for the member. Right? Uh the example I used earlier was the equivalent of no surprises. Right. How do we take the member out of the middle of this dispute between, you know, out of network providers and the payer and just make it go away. Right, and we take care of it. Um but that that creates potentially administrative burden on our side, but we want to keep their costs down and we do it efficiently using it. So there's a number of use cases that we've we've done across, you know, different parts of our business. We automate a lot of our customer service, right? When you call um there's bots in the background that are helping that that agent do their job. And what that means is you're on the show, you're on the phone a lot shorter of a period of time. And that agent can be more concise and more accurate in answering your question. >>So your employee experience is dramatically improved, as is the member experience? >>Yes, they go hand in hand. They do go hand, unhappy members means unhappy employees, 100% >>mentioned scale before, you said you can't scale in this particular, the departmental pockets. Talk about scale a little bit. I'm curious as to how important cloud is to scale. Is it not matter. Can you scale without cloud? What are the other dimensions of scale? >>Well, you know, especially with my CTO had, we're we're pushing very heavily to cloud. We view ourselves as a cloud first. We want to do things in a cloud versus our own data centers, partially because of the scale that it gives us. But because we're healthcare, we have to do it very securely. So. We are very meticulous about guarding our data, how we encrypt information um, not only in our data center but in the cloud and controlling the keys and having all the controls in place. You know, the C. So and I are probably the best friends right now in the company because we have to do it together and you have to take that that security mind set up front. Right cloud first. Put security first with it. Um, so we're moving what we can to the cloud because we think it's just going to give us better scale as we grow and better economics overall, >>Any thoughts on that? I think a similar thoughts but if we look from L. A. county because of the sheer volume itself because the data which we are talking about. We had 40 departments within the county. Each department is serving a different business purpose for the resident beit voting or B justice or being social services and all and the amount of data which we are generating for 10 million residents and the amount of duplicate asi which it comes out because it's a very government centering model. You have a different systems and they may not be talking to each other. The amount of diplomacy and identity delicacy which we are creating and as we are enabling the interoperability between these functions to give us seamless experience keeping security in mind so fully agree on that because the end of the day we have to ensure that customer guarantee but it's a sheer volume that as and when we are adding these data sets and the patient's data as well as the residents data and now we have started adding a machine data because we have deployed so many IOT solutions so the data which is coming from those machines, the logs and all its exponential so that's where the scale comes into picture and how we can ensure that we are future ready for the upscale which we need and that's where cloud ability definitely helps a lot. >>What do you mean by future ready? >>So if you look at from a future smart city or a smart community perspective, imagine when machines are everywhere machines and IOT solutions are deployed, beat even healthcare, your bad information, you're even patient information, everything is interconnected and amount of data which is getting generated in that your automobile they're going to start talking to entertainment or we have to potentially track a single resident might be going same person going to the justice or maybe same person might be having a mental health issues, A same person might be looking for a social services, how we're going to connect those dots and what all systems they are touching. So all that interconnections needs to happen. So that exponential increase of data is a future readiness, which I'm talking about. Are we future ready from a technology perspective? Are we future ready from the other ecosystem perspective and how and how we're gonna manage those situations? Uh, so those are the things which we >>look at it and it's a it's a multiplier to, right? We all have this influx of information and you need to figure out what to do with it. Right. This is where artificial intelligence, machine learning is so important. But you also have interoperability standards that are coming. So now we're we have this massive data that each of our organizations have. But now you have interoperability which is a good thing for the member saying now I need to be able to share that data. Yeah, I wanted to ask you about >>that because a lot of changes in health care, um, are meaningful use. You have to show that to get paid but the standards weren't mature. Right? And so now that's changing what role does automation play in facilitating those standards. >>So, you know, we're big, big supporters of the fire standard that's out there um to in order to be able to support the standards and and create a P. I. S. And and pull together the information. What what will happen sometimes in the background is there's actually um artificial intelligence, machine learning models that create algorithms right? The output of that though often has to be active. Now a person can do something with that information or a vodka. Right? So when you start taking the ideal of artificial intelligence and now you have a robotic process that can use that to pull together the information and assimilated in a way to make it higher quality. But now it's available. It's kind of in the background. You don't see it but it's there helping. >>What are some of the things that you see? I know we're out of time but I just have a couple more questions. Some of the things that you see here we are you I path forward for we're in person. This is a bold company that's growing very quickly. Some of the announcements that were made, what are what are some of your reaction to that? And how do you see it helping move blue crush blue shield forward even >>faster. Well you know a lot of the announcements in terms of some of the features that that they've added around their robotics processing are great right? The fact that they're in the cloud and and some of the capabilities and and and better ability to to support that the process mining is key. Right. In order for abouts to be effective, you have to understand your process and you just don't want to necessarily automate the bad practices. Right? So you want to take a look at those processes to figure out how you can automate things smartly. Um and some of their capabilities around that are very interesting. We're going to explore that quite a bit but but I think they're the ambition here is beyond robotics. Right. It's actually creating um you know, applications that actually are using bots in the background which is very intriguing and has a lot of potential potentially to drive even more digital transformation. This can really affect all of our workers and allow us to take digital solutions out to the market a lot faster >>and to see what was going to ask you, you are here for four weeks at UI Path, you got to meet a lot of your colleagues, which is great. But what about this company attracted you to leave your former role and come over here to the technology vendor side. >>Well, I think I was able to achieve the similar role within L. A. County, able to establish the automation practice and achieve the maturity, able to stand up things and I feel that this is the same practitioner activity which I can actually take it back to the other clients ceos because of one thing which I really like about your hypothesis. RP is just a small component of it. I really want to change that mindset that we have to start looking ui path as an end to end full automation enterprise solution and it is not only the business automation, it's the idea automation and it's a plus combination and whether we are developing a new industry solutions with our partners to help the different industry segments and we actually helping Ceo in the center of it because Ceo is the one who is driving the automation, enabling the business automation and actually managing the automation ceo and the governess. So CEO is in left and center of it and my role is to ensure that I actually help those Ceos to make successful and get that maturity and you will path as a platform is giving that ability of length and breath and that's what is really fascinating me and I'm really looking forward that how that spectrum is changing that we are getting matured in a process mining area and how we are expanding our horizons to look at the whole automation suit, not just the R. P. Product and that's something which I'm really looking forward and seeing that how we're going to continue expanding other magic quadrants and we're actually going to give the seamless experience so the client doesn't have to worry about okay for this, I have to pick this and further, I have to pick something else >>that's seamless experience is absolutely table stakes these days. Guys, we're out of time. But thank you so much for joining. David me, talking about automation and health care. Your recommendations for best practices, how to go about doing that and and the change management piece. That's a critical piece. We appreciate your time. >>Thanks for having. Thank >>you. Our pleasure for day Volonte. I'm lisa martin live in las Vegas. The cubes coverage of you a path forward for continues next. Mhm. Mhm mm.

>>Welcome back to the cubes coverage of AWS public sector summit live in Washington D. C. A face to face event were on the ground here is to keep coverage. I'm john Kerry, your hosts got two great guests. Both cuba alumni Shannon Kellogg VP of public policy for the Americas and john would ceo tell us congratulations on some announcement on stage and congressional john being a public company. Last time I saw you in person, you are private. Now your I. P. O. Congratulations >>totally virtually didn't meet one investor, lawyer, accountant or banker in person. It's all done over zoom. What's amazing. >>We'll go back to that and a great great to see you had great props here earlier. You guys got some good stuff going on in the policy side, a core max on stage talking about this Virginia deal. Give us the update. >>Yeah. Hey thanks john, it's great to be back. I always like to be on the cube. Uh, so we made an announcement today regarding our economic impact study, uh, for the commonwealth of Virginia. And this is around the amazon web services business and our presence in Virginia or a WS as we all, uh, call, uh, amazon web services. And um, basically the data that we released today shows over the last decade the magnitude of investment that we're making and I think reflects just the overall investments that are going into Virginia in the data center industry of which john and I have been very involved with over the years. But the numbers are quite um, uh, >>just clever. This is not part of the whole H. 20. H. Q. Or whatever they call HQ >>To HQ two. It's so Virginia Amazon is investing uh in Virginia as part of our HQ two initiative. And so Arlington Virginia will be the second headquarters in the U. S. In addition to that, AWS has been in Virginia for now many years, investing in both data center infrastructure and also other corporate facilities where we house AWS employees uh in other parts of Virginia, particularly out in what's known as the dullest technology corridor. But our data centers are actually spread throughout three counties in Fairfax County, Loudoun County in Prince William County. >>So this is the maxim now. So it wasn't anything any kind of course this is Virginia impact. What was, what did he what did he announce? What did he say? >>Yeah. So there were a few things that we highlighted in this economic impact study. One is that over the last decade, if you can believe it, we've invested $35 billion 2020 alone. The AWS investment in construction and these data centers. uh it was actually $1.3 billion 2020. And this has created over 13,500 jobs in the Commonwealth of Virginia. So it's a really great story of investment and job creation and many people don't know John in this Sort of came through in your question too about HQ two, But aws itself has over 8000 employees in Virginia today. Uh, and so we've had this very significant presence for a number of years now in Virginia over the last, you know, 15 years has become really the cloud capital of the country, if not the world. Uh, and you see all this data center infrastructure that's going in there, >>John What's your take on this? You've been very active in the county there. Um, you've been a legend in the area and tech, you've seen this many years, you've been doing so I think the longest running company doing cyber my 31st year, 31st year. So you've been on the ground. What does this all mean to you? >>Well, you know, it goes way back to, it was roughly 2005 when I served on the Economic Development Commission, Loudon County as the chairman. And at the time we were the fastest-growing county in America in Loudon County. But our residential real property taxes were going up stratospherically because when you look at it, every dollar real property tax that came into residential, we lose $2 because we had to fund schools and police and fire departments and so forth. And we realized for every dollar of commercial real property tax that came in, We made $97 in profit, but only 13% of the money that was coming into the county was coming in commercially. So a small group got together from within the county to try and figure out what were the assets that we had to offer to companies like Amazon and we realized we had a lot of land, we had water and then we had, you know this enormous amount of dark fiber, unused fibre optic. And so basically the county made it appealing to companies like amazon to come out to Loudon County and other places in northern Virginia and the rest is history. If you look today, we're Loudon County is Loudon County generates a couple $100 million surplus every year. It's real property taxes have come down in in real dollars and the percentage of revenue that comes from commercials like 33 34%. That's really largely driven by the data center ecosystem that my friend over here Shannon was talking. So >>the formula basically is look at the assets resources available that may align with the kind of commercial entities that good. How's their domicile there >>that could benefit. >>So what about power? Because the data centers need power, fiber fiber is great. The main, the main >>power you can build power but the main point is is water for cooling. So I think I think we had an abundance of water which allowed us to build power sources and allowed companies like amazon to build their own power sources. So I think it was really a sort of a uh uh better what do they say? Better lucky than good. So we had a bunch of assets come together that helps. Made us, made us pretty lucky as a, as a region. >>Thanks area too. >>It is nice and >>john, it's really interesting because the vision that john Wood and several of his colleagues had on that economic development board has truly come through and it was reaffirmed in the numbers that we released this week. Um, aws paid $220 million 2020 alone for our data centers in those three counties, including loud >>so amazon's contribution to >>The county. $220 million 2020 alone. And that actually makes up 20% of overall property tax revenues in these counties in 2020. So, you know, the vision that they had 15 years ago, 15, 16 years ago has really come true today. And that's just reaffirmed in these numbers. >>I mean, he's for the amazon. So I'll ask you the question. I mean, there's a lot of like for misinformation going around around corporate reputation. This is clearly an example of the corporation contributing to the, to the society. >>No, no doubt. And you think >>About it like that's some good numbers, 20 million, 30 >>$5 million dollar capital investment. You know, 10, it's, what is it? 8000 9000 >>Jobs. jobs, a W. S. jobs in the Commonwealth alone. >>And then you look at the economic impact on each of those counties financially. It really benefits everybody at the end of the day. >>It's good infrastructure across the board. How do you replicate that? Not everyone's an amazon though. So how do you take the formula? What's your take on best practice? How does this rollout? And that's the amazon will continue to grow, but that, you know, this one company, is there a lesson here for the rest of us? >>I think I think all the data center companies in the cloud companies out there see value in this region. That's why so much of the internet traffic comes through northern Virginia. I mean it's I've heard 70%, I've heard much higher than that too. So I think everybody realizes this is a strategic asset at a national level. But I think the main point to bring out is that every state across America should be thinking about investments from companies like amazon. There are, there are really significant benefits that helps the entire community. So it helps build schools, police departments, fire departments, etcetera, >>jobs opportunities. What's the what's the vision though? Beyond data center gets solar sustainability. >>We do. We have actually a number of renewable energy projects, which I want to talk about. But just one other quick on the data center industry. So I also serve on the data center coalition which is a national organization of data center and cloud providers. And we look at uh states all over this country were very active in multiple states and we work with governors and state governments as they put together different frameworks and policies to incent investment in their states and Virginia is doing it right. Virginia has historically been very forward looking, very forward thinking and how they're trying to attract these data center investments. They have the right uh tax incentives in place. Um and then you know, back to your point about renewable energy over the last several years, Virginia is also really made some statutory changes and other policy changes to drive forward renewable energy in Virginia. Six years ago this week, john I was in a coma at county in Virginia, which is the eastern shore. It's a very rural area where we helped build our first solar farm amazon solar farm in Virginia in 2015 is when we made this announcement with the governor six years ago this week, it was 88 megawatts, which basically at the time quadruple the virginias solar output in one project. So since that first project we at Amazon have gone from building that one facility, quadrupling at the time, the solar output in Virginia to now we're by the end of 2023 going to be 1430 MW of solar power in Virginia with 15 projects which is the equivalent of enough power to actually Enough electricity to power 225,000 households, which is the equivalent of Prince William county Virginia. So just to give you the scale of what we're doing here in Virginia on renewable energy. >>So to me, I mean this comes down to not to put my opinion out there because I never hold back on the cube. It's a posture, we >>count on that. It's a >>posture issue of how people approach business. I mean it's the two schools of thought on the extreme true business. The government pays for everything or business friendly. So this is called, this is a modern story about friendly business kind of collaborative posture. >>Yeah, it's putting money to very specific use which has a very specific return in this case. It's for everybody that lives in the northern Virginia region benefits everybody. >>And these policies have not just attracted companies like amazon and data center building builders and renewable energy investments. These policies are also leading to rapid growth in the cybersecurity industry in Virginia as well. You know john founded his company decades ago and you have all of these cybersecurity companies now located in Virginia. Many of them are partners like >>that. I know john and I both have contributed heavily to a lot of the systems in place in America here. So congratulations on that. But I got to ask you guys, well I got you for the last minute or two cybersecurity has become the big issue. I mean there's a lot of these policies all over the place. But cyber is super critical right now. I mean, where's the red line Shannon? Where's you know, things are happening? You guys bring security to the table, businesses are out there fending for themselves. There's no militia. Where's the, where's the, where's the support for the commercial businesses. People are nervous >>so you want to try it? >>Well, I'm happy to take the first shot because this is and then we'll leave john with the last word because he is the true cyber expert. But I had the privilege of hosting a panel this morning with the director of the cybersecurity and Infrastructure Security agency at the department, Homeland Security, Jenness easterly and the agency is relatively new and she laid out a number of initiatives that the DHS organization that she runs is working on with industry and so they're leaning in their partnering with industry and a number of areas including, you know, making sure that we have the right information sharing framework and tools in place, so the government and, and we in industry can act on information that we get in real time, making sure that we're investing for the future and the workforce development and cyber skills, but also as we enter national cybersecurity month, making sure that we're all doing our part in cyber security awareness and training, for example, one of the things that are amazon ceo Andy Jassy recently announced as he was participating in a White house summit, the president biden hosted in late august was that we were going to at amazon make a tool that we've developed for information and security awareness for our employees free, available to the public. And in addition to that we announced that we were going to provide free uh strong authentication tokens for AWS customers as part of that announcement going into national cybersecurity months. So what I like about what this administration is doing is they're reaching out there looking for ways to work with industry bringing us together in these summits but also looking for actionable things that we can do together to make a difference. >>So my, my perspective echoing on some of Shannon's points are really the following. Uh the key in general is automation and there are three components to automation that are important in today's environment. One is cyber hygiene and education is a piece of that. The second is around mis attribution meaning if the bad guy can't see you, you can't be hacked. And the third one is really more or less around what's called attribution, meaning I can figure out actually who the bad guy is and then report that bad guys actions to the appropriate law enforcement and military types and then they take it from there >>unless he's not attributed either. So >>well over the basic point is we can't as industry hat back, it's illegal, but what we can do is provide the tools and methods necessary to our government counterparts at that point about information sharing, where they can take the actions necessary and try and find those bad guys. >>I just feel like we're not moving fast enough. Businesses should be able to hack back. In my opinion. I'm a hawk on this one item. So like I believe that because if people dropped on our shores with troops, the government will protect us. >>So your your point is directly taken when cyber command was formed uh before that as airlines seeing space physical domains, each of those physical domains have about 100 and $50 billion they spend per year when cyber command was formed, it was spending less than Jpmorgan chase to defend the nation. So, you know, we do have a ways to go. I do agree with you that there needs to be more uh flexibility given the industry to help help with the fight. You know, in this case. Andy Jassy has offered a couple of tools which are, I think really good strong tokens training those >>are all really good. >>We've been working with amazon for a long time, you know, ever since, uh, really, ever since the CIA embrace the cloud, which was sort of the shot heard around the world for cloud computing. We do the security compliance automation for that air gap region for amazon as well as other aspects >>were all needs more. Tell us faster, keep cranking up that software because tell you right now people are getting hit >>and people are getting scared. You know, the colonial pipeline hack that affected everybody started going wait a minute, I can't get gas. >>But again in this area of the line and jenny easterly said this this morning here at the summit is that this truly has to be about industry working with government, making sure that we're working together, you know, government has a role, but so does the private sector and I've been working cyber issues for a long time to and you know, kind of seeing where we are this year in this recent cyber summit that the president held, I really see just a tremendous commitment coming from the private sector to be an effective partner in securing the nation this >>full circle to our original conversation around the Virginia data that you guys are looking at the Loudon County amazon contribution. The success former is really commercial public sector. I mean, the government has to recognize that technology is now lingua franca for all things everything society >>well. And one quick thing here that segues into the fact that Virginia is the cloud center of the nation. Um uh the president issued a cybersecurity executive order earlier this year that really emphasizes the migration of federal systems into cloud in the modernization that jOHN has worked on, johN had a group called the Alliance for Digital Innovation and they're very active in the I. T. Modernization world and we remember as well. Um but you know, the federal government is really emphasizing this, this migration to cloud and that was reiterated in that cybersecurity executive order >>from the, well we'll definitely get you guys back on the show, we're gonna say something. >>Just all I'd say about about the executive order is that I think one of the main reasons why the president thought was important is that the legacy systems that are out there are mainly written on kobol. There aren't a lot of kids graduating with degrees in COBOL. So COBOL was designed in 1955. I think so I think it's very imperative that we move has made these workloads as we can, >>they teach it anymore. >>They don't. So from a security point of view, the amount of threats and vulnerabilities are through the >>roof awesome. Well john I want to get you on the show our next cyber security event. You have you come into a fireside chat and unpack all the awesome stuff that you're doing. But also the challenges. Yes. And there are many, you have to keep up the good work on the policy. I still say we got to remove that red line and identified new rules of engagement relative to what's on our sovereign virtual land. So a whole nother Ballgame, thanks so much for coming. I appreciate it. Thank you appreciate it. Okay, cute coverage here at eight of public sector seven Washington john ferrier. Thanks for watching. Mhm. Mhm.

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomena that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke at it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

>> Narrator: From theCUBES studios in Palo Alto in Boston connecting with thought leaders all around the world. This is theCUBE conversation. >> Hello and welcome to the 2021 AWS global public sector partner awards. I'm your host Natalie Erlich. Today we're going to highlight the most valuable valuable Amazon connect appointment. And we are now joined by Steve Careful, adult social care expert PA consulting group and Graham Allen, the director of adults health and care at Hampshire county council. Welcome gentlemen to today's session. >> Thank you Natalie >> I love you Natalie. >> Well by now we are really familiar the call to shelter in place and how it especially affected the most vulnerable of people. Give us some experience or some insight on your experience with that, especially in light of some of the technology that was deployed. Let's start with you, Graham. >> Yeah, Thank you. So just by way of context, Hampshire county council is one of the largest areas of local government in England. So we have a population of 1.4 million people. And when a lockdown was imposed by the national government of England in the 23rd of March 2020. Shortly thereafter the evidence in terms of vulnerabilities around COVID-19 strongly identified that people with a range of clinical conditions were most vulnerable and needed to shield and self issolate. And for the size of our population, we quickly were advised that roughly some 30,000 people in the initial carts because of political vulnerabilities needed to sheild and receive a variety of support shortly after that through the summer of 2020 that number increased some 50,000. And then by January of this year that number further increased based on the scientific and medical evidence to 83,000 people in total. So that represented a huge challenge for us in terms of offering support, being able to make sure that not only practical tasks related to obtaining shopping food and so on and so forth, but also medications but also the real risks of self isolation. Many of the people that we were needing to support when here the two known to us as a social care provider. They were being advised through clinical medical evidence needs and many of those people lived alone. So the real risk of self isolation not seeing anyone potentially for an extended period of time and the risks of their wellbeing was something very significant to us. So we needed very rapidly to develop a solution in terms of making contact, being able to offer that support. >> Yeah and I'd love it now to get your take Steve on how PA consulting group helped deliver on that call on that need. >> True so we have an existing relationship with Graham and the council, we've been working together for number of years, delivering care technology solutions to service users around the county. We were obviously aware there was a major issue as COVID and lockdown began. So we sat down with Graham and his colleagues to ask what we could do to help. We used our relationship with AWS and our knowledge of the connect platform to suggest a mechanism for making outbound calls really at scale. And that was the beginning of the process. We were very quickly in a position where we were able to actually get that service running live. In fact, we had a working prototype within four days and a live service in seven days. And from that point on of those many thousands of people that Graham's alluded to, we were calling up to two and a half thousand a day to ask them did they need any help? Were they okay? If they did need help, If they responded yes, to those, to that question we were then able to put them through to a conventional call handler in our call center where a conversation could take place about what their needs were. And as Graham said, in many cases that was people who couldn't get out to get food shopping, people who were running short of clinical medical supplies, people who needed actually some interesting things pet care came up quite often people who couldn't leave the house home and look after their dog, they just needed some help locally. So we had to integrate with local voluntary services to get those those kinds of results and support delivered to them across the whole of Hampshire and ultimately throughout the whole of the COVID experience. So coming right up until March of this year. >> Right well, as the COVID pandemic progressed and, you know evolved in different stages, you know, with variants and a variety of different issues that came up over the last year or so, you know how did the technology develop how did the relationship develop and, you know tell us about that process that you had with each other. >> So the base service remained very consistent that different points in the year, when there were different issues that may be needed to be communicated to to the service users we were calling we would change and update the script. We would improve the logistics of the service make it simpler for colleagues in the council to get the data into the system, to make the calls. And basically we did that through a constant series of meetings checkpoint, staying in touch and really treating this as a very collaborative exercise. So I don't think for all of us COVID was a constant stream of surprises. Nobody could really predict what was going to happen in a week or a month. So we just have to all stay on our toes keep in touch and be flexible. And I think that's where our preferred way of working and that of AWS and the Hampshire team we were working with we really were able to do something that was special and I'm very fleet of foot and responsive to needs. >> Right and I'd also love to get Graham's insight on this as well. What of results have you seen, you know do you have any statistics on the impact that it made on people? Did you receive any qualitative feedback from the people that use the service? >> Yeah, no, absolutely. We did. And one of the things we were very conscious of from day one was using a system which may have been unfamiliar to people when the first instance in terms of receiving calls, the fact that we were able to use human voice within the call technology, I think really, really assisted. We also did a huge amount of work within a Hampshire county council. Clearly in terms of the work we do day in, day out we're well-known to our local population. We have a huge range of different responsibilities ranging from maintenance of the roads through to the provision of local services, like libraries and so on and so forth, and also social care support. So we were able to use all of that to cover last. And Steve has said through working very collaboratively together with a trusted brand Hampshire county council working with new technology. And the feedback that we received was both very much data-driven in real time, in terms of successful calls and also those going through to call handlers and then the outcomes being delivered through those call handlers to live services out and about around the county but also that qualitative impact that we had. So across Hampshire county council we have some 76 elected members believe me they were very active. They were very interested in the work that we were doing in supporting our most vulnerable residents. And they were receiving literally dozens of phone calls as a thank you by way of congratulating. But as I say, thanking us and our partners PA at district council partners and also the voluntary community sector in terms of the very real support that was being offered to residents. So we had a very fully resolved picture of precisely what was happening literally minute by minute on a live dashboard. In terms of outgoing calls calls going through the call handlers and then successful call completion in terms of the outcomes that were being delivered on the ground around the County of Hampshire. So a phenomenally successful approach well appreciated and well, I think applauded by all those receiving calls. >> Terrific insight. Well, Steve, I'd love to hear from you more about the technology and how you put the focus on the patient on the person really made it more people focused and you know, obviously that's so critical in such a time of need. >> Yeah, you're absolutely right, Natalie. We, I think what we were able to do because I myself and my immediate team have worked with Hampshire and other local authorities on the social care side for so long. We understood the need to be very person focused. I think sometimes with technology, it comes in with it with a particular way of operating that isn't necessarily sensitive to the audience. And we knew we had to get this right from day one. So Graham's already mentioned the use of human voice invoicing the bulk call. that was very, very important. We selected a voice actress who had a very reassuring clear tone recognizing that many of the individuals we were calling would have been would have been older people maybe a little hard of hearing. We needed to have the volume in the call simple things like this were very important. One of the of the debates I remember having very early on was the choice as to whether the response that somebody would give to the question, do you need this? Or that could be by pressing a digital on the phone. We understood that again, because potentially of frailty maybe a little lack of dexterity amongst some of the people we'd be calling that might be a bit awkward for them to take the phone away from their face and find the button and press the button in time. So we pursued the idea of an oral response. So if you want this say, yes if you don't want it to say no and those kinds of small choices around how the technology was deployed I think made a really big difference in terms of of acceptance and adoption and success in the way the service run. >> Terrific. Well Graham I'd like to shift it to you. Could you give us some insight on the lessons that you learned as a result of this pandemic and also trying to move quickly to help people in your community? >> Yeah, I think the lessons in some of the lessons that we've, again learned through our response to the pandemic, are lessons that to a degree have traveled with us over a number of years in terms of the way that we've used technology over a period, working with PA, which is be outcome focused. It's sometimes very easy to get caught up in a brilliant new piece of technology. But as Steve has just said, if it's not meeting the need if we're not thinking about that human perspective and thinking about the humanity and the outcomes that we're seeking to deliver then to some degree it's going to fail And this might certainly did not fail in any way shape or form because of the thoughtfulness that was brought forward. I think what we learned from it is how we can apply that as we go forward to the kinds of work that we do. So, as I've already said we've got a large population, 1.4 million people. We are moving from some really quite traditional ways of responding to that population, accelerated through our response to COVID through using AI technologies. Thinking about how we embed that more generally would a service offer not only in terms of supporting people with social care needs but that interface between ourselves and colleagues within the health sector, the NHS to make sure that we're thinking about outcomes and becoming much more intuitive in terms of how we can engage with our population. It's also, I think about thinking across wider sectors in terms of meeting people's needs. One of the, I think probably unrealized things pre COVID was the using virtual platforms of various kinds of actually increased engagement with people. We always thought in very traditional ways in order to properly support our population we must go out and meet them face to face. What COVID has taught us is actually for many people the virtual world connecting online, having a variety of different technologies made available to support them in their daily living is something that they've absolutely welcomed and actually feel much safer through being able to do the access is much more instant. You're not waiting for somebody to call. You're able to engage with a trusted partner, you know face-to-face over a virtual platform and get an answer more or less then and there. So I think there's a whole range of opportunities that we've learned, some of which we're already embedding into our usual practice. If I can describe anything over the last 15 months as usual but we're taking it forward and we hope to expand upon that at scale and at pace. >> Yeah, that's a really excellent point about the rise of hybrid care, both in the virtual and physical world. What can we expect to see now, moving forward like to shift over to our other guests, you know, what do you see next for technology as a result of the pandemic? >> Well, there's certainly been an uptake in the extent to which people are comfortable using these technologies. And again, if you think about the kind of target group that Graham and his colleagues in the social care world are dealing with these are often older people people with perhaps mobility issues, people with access issues when it comes to getting into their GP or getting into hospital services. The ability for those services to go out to them and interact with them in a much more immediate way in a way that isn't as intrusive. It isn't as time consuming. It doesn't involve leaving the house and finding a ways on public transport to get to see a person who you're going to see for five minutes in a unfamiliar building. I think that that in a sense COVID has accelerated the acceptance that that's actually pretty good for some people. It won't suit everybody and it doesn't work in every context, but I think where it's really worked well and works is a great example of that. Is in triaging and prioritizing. Ultimately the kinds of resources Graham's talked about the people need to access the GPs and the nurses and the care professionals are in short supply. Demand will outstrip will outstrip supply. therefore being able to triage and prioritize in that first interaction, using a technology ruse enables you to ensure you're focusing your efforts on those who've got the most urgent or the greatest need. So it's a kind of win all around. I think there's definitely been a sea change and it's hard to see hard to see people going back just as the debate about, will everybody eventually go back to offices, having spent a working at home? You know, I think the answer is invariably going to be no, some will but many won't. And it's the same with technology. Some will continue to interact through a technology channel. They won't go back to the face-to-face option that they had previously. >> Terrific. Well, thank you both very much. Steve Careful PA consulting group and Graham Allen Hampshire county council really appreciate your, your insights on how this important technology helped people who were suffering in the midst of the pandemic. Thank you. >> Steve: You're welcome. >> Graham: Thank you. >> Well, that's all for this session. Thank you so much for watching. (upbeat music)