(upbeat music) >> Hi everybody, we're here in downtown Seattle covering AWS storage day. My name is Dave Vellante with the Cube, and we're really excited. We're going to talk about rethinking data protection in the 2020s. I'm here with Nancy Wong, who is the general manager of AWS backup, and Satish Lakshmanan, the director of storage business development at AWS. Folks, welcome. Good to see you again. So let's talk about the evolution of data protection. You've got three major disruptors going on. There's obviously the data explosion. We talk about that all the time, but there's cloud has changed the way people are thinking about data protection and now you've got cyber. What's AWS's point of view on all this. >> Great question, Dave. You know, in my role as the global head of storage business development and solution architecture for storage, I have the privilege of working with customers all around the globe, in every geography and every segment. And we recently talked to thousands of customers and we did a survey for about 5,000 customers. And many of them told us that they expect to see a ransomware attack once every 11 seconds. So it's top of mind for almost every customer so much so that if you remember earlier this year, the white house issued an executive order, you know, making the nation aware of across public and private sector about cybersecurity and the need for, for, for us to be prepared. Customers as a result, largely think of not only ransomware protection, but also recovery. And they have largely allocated budgets across every geography to make sure that they're well protected. And in the, in the event of an attack, they can recover from it. That's where Nancy's, you know, data protection services and backup services come into play. And maybe she'll add a few comments about how she approaches it from a technology perspective. >> Yeah, sure. Thanks, Satish yeah, as a general manager of AWS backup and our data protection services, it's really my team and my charter to help our customers centralize, automate, and also protect themselves from attacks like ransomware. Right? And so for example, you know, across our many services today we offer AWS backup as a secondary data collection and management across our many AWS regions and also across the aid of many AWS accounts that a single customer must manage, right. And if you recall having multiple copies of your data exist in backups is a core part of any customers ransomware protection strategy. And lastly, I just want to say something that we just launched recently called AWS backup audit manager also helps you operationalize and monitor your backups against any ransomware attack. >> So, the adversary, obviously, as we know, was well-equipped and they're quite sophisticated. And anybody who has inside access can become a ransomware attacker because of things like ransomware as a service. So, what are you specifically doing to address ransomware? >> Yeah. So, in talking to several thousand of our customers, what we have learned is customers are typically vulnerable in one or more of three scenarios, right? The first scenario is when they're not technically ready. What that means is either their software patches are not up to date, or they have too many manual processes that really prevent them from being prepared for defending against an attack. The second is typically around a lack of awareness. These are situations where IT administrators leveraging cloud-based services are recognizing that, or not recognizing per se, that they're easy to instances, Lambda instances have public access and same applies to S3 buckets. And the third is lack of governance and governance based practices. The way we are educating our customers training in enabling them and empowering them, because it's a shared security model, is really through our well-architected framework. That's the way we shared best practices that we have learned across all our customers, across our industries. And we enable it and empower them to not only identify areas of vulnerability, but also be able to recover in the event of an attack. Nancy. >> Yeah, and to add to that right, our team, and now my team and I, for example, watch every ransomware incident and because it really informs the way that we plan our product roadmap and deliver features that help our customers protect, detect, and also recover from ransomware. So there's an ebook out there, suggest you go check it out, of securing your cloud environment against ransomware attacks. And aside from the technical maintenance suggestions that Satish provided, as well as the security awareness suggestions, there's really two things that I usually tell customers who come to me with ransomware questions. Which is one, right, don't rely on the good will of your ransomware attacker to restore your data. Because I mean, just studies show over 90% of ransom payers actually don't successfully recover all of their data because, hey, what if they don't give you the full decryption utility? Or what if your backups are not restorable? Right? So, rather than relying on that good will, make sure that you have a plan in place where you can recover from backups in case you get ransomed. Right? And two, is make sure that in addition to just taking backups, which obviously, you know, as a GM of AWS backup, I would highly recommend you do, right. Is make sure that those backups are actually restorable, right? Do game day testing, make sure that it's configured properly because you'd be surprised at the, just the number and the sheer percentage of customers who when, let's say the attack happens, actually find that they don't have a good set of data to recover their businesses from. >> I believe it. Backup is, one thing as they say, recovery is everything. So you've got the AWS well-architected framework. How does that fit in, along with the AWS data protection services into this whole ransomware discussion? >> Yeah, absolutely. You know, the AWS wall architected framework actually has four design approaches that I usually share with customers that are very relevant to the ransomware conversation. And one is, you know, anticipate where that ransomware attack may come from. Right? And two, make sure that you write down your approaches whereby you can solve for that ransomware attack, right? Three, just like I advocate my teams and customers to do, right. Then look back on what you've written down as your approach and reflect back on what are the best practices or lessons learned that you can gain from that exercise. And make sure as part four, is you consistently plan game days where you can go through these various scenario tests or ransomware game day attacks. And lastly, just as a best practice is ransomware recovery and protection isn't just the role of IT Professionals like us, right. It's really important to also include HR, professional, legal professionals. Frankly, anyone in a business who might come and be compromised by ransomware attack, and make sure that they're involved in your response. And so Satish, I'd love to hear as well, how you communicate to customers and what best practices you offer them. >> Yeah, thanks Nancy. I think in addition to the fantastic points you made, Nancy, Dave, the well architected framework has been built on eight to 10 years worth of customer engagements across all segments and verticals. And essentially it's a set of shared best practices, tools, training, and methodology that we, you know, exchange with customers in order to help them be more prepared to fight ransomware attacks and be able to recover from them. Recently, there've been some enhancements made where we have put industry or use case specific lenses to the well architected framework. For example, for customers looking to build IOT applications, customers who are trying to use server less and Lambda functions, customers who may be within the financial services or healthcare life sciences, where to go, looking to understand best practices from other people who've implemented, you know, some of the technologies that Nancy talked about. In addition, as I talked about earlier, training and enablement is extremely critical to make sure that if companies don't have the skillset, we are basically giving them the skillset to be able to defend. So we do a lot of hands-on labs. Lastly, the well architected framework tool has been integrated into the console, and it gives customers who are essentially managing the workloads, the ability to look at access permissions, ability to look at what risks they have through malware and ransomware detection techniques. Machine learning capability is built into all the services that are native to AWS that allow them to then react to them. If companies don't have the skills, we have a vast network of partners who can help them basically implement the right technologies. And they can always reach out to our technical account manager for additional information as well. >> I love the best practice discussion. For customers, it's a journey. I mean, CSOs tell us their one problem is lack of talent and so they need help. So, last question is what can people expect from AWS? You're the experts. In particular, how you can help them recover from ransomware? >> Yeah, and that conversation is ever evolving, right? As hackers get more sophisticated then clearly we have to get more sophisticated as well. And so one of our mental models that we often share with customers is defense in depth, right? So if you consider all of the layers, including all of the constructs that exist natively on AWS, right? The first layer is through identity access management constructs. So building a trust radius around your workloads, around your applications, whereby you can deny permissions or access permissions to individuals who are not authorized to access your mission critical applications, right. Then beyond that first layer of defense, the second layer should be automated monitoring or observability. For example, if individuals were to penetrate within your security perimeter, and often times I, you know, that could be done through a delayed response where it gives your CSO or your security operations team, the ability to react to such a unauthorized access, for example. And so the third line of defense is if someone were to penetrate both first layer, as well as the second layer, is actually through backups. And this is where it goes back to what I was mentioning earlier is make sure that your backups are ready and able to be restored and have the RTO and SLA guarantees that help your business remain functional even after an attack. >> Excellent. Guys, we got to go. I love that, zero trust layer defenses, got to have the observability in the analytics and then the last resort RTO, and of course, RPO. Guys, thanks so much, really appreciate your insights. >> Good to see you. >> Thank you for watching. Keep it right there for more great content from AWS storage day. (upbeat music)