>> Announcer: Live from San Francisco, it's theCUBE covering RSA Conference 2020 San Francisco, brought to you by SiliconANGLE Media. >> Okay, welcome back, everyone, to CUBE's coverage here in San Francisco at RSA Conference 2020. I'm John Furrier, your host. You know, cybersecurity industry's changing. Enterprises are now awake to the fact that it's now a bigger picture around securing the enterprise, 'cause it's not only the data center. It's cloud, it's the edge, a lot of great stuff. We've got a great guest here from Dell EMC. Peter Gerr's a consultant, cyber resilience solutions and services marketing at Dell EMC. Great to see you. >> You too, John. >> Thanks for coming on. >> Good to see you again, thank you. >> So, you know, I was joking with Dave Volante just this morning around the three waves of cloud, public cloud, hybrid cloud, multicloud. And we see obviously the progression. Hybrid cloud is where everyone spends most of their time. That's from ground to cloud, on-premises to cloud. So pretty much everyone knows-- >> Peter: On-ramp, kind of. >> That on-prem is not going away. Validated by all the big cloud players. but you got to nail the equation down for on-premises to the cloud, whether it's, I'm Amazon-Amazon, Azure-Azure, whatever, all those clouds. But the multicloud will be a next generation wave. That as an industry backdrop is very, very key. Plus AI and data are huge inputs into solving a lot of what is going to be new gaps, blind spots, whatever insecurity. So I got to, you know, Dell has a history with huge client base, traditional enterprises transforming. You're in the middle of all this, so you got the airplane at 30,000 feet and the companies have to swap out their engines and reboot their teams, and it's a huge task. What's going on with cyber and the enterprises? What are some of the key things? >> Well, so I like to keep it pretty simple. I've been in this industry over 20 years and I've really consistently talked about data as the global currency, right? So it's beautifully simple. Whatever industry you're in, whatever size company you're in, enterprise or even now small to medium businesses, their businesses are driven by data. Connectivity to that data, availability of the data, integrity of the data, and confidentiality of the data. And so sort of the area of the world that I focus upon is protecting customers' most valuable data assets, now, whether those are on-prem, in the cloud, or in a variety of modalities, and ensuring that those assets are protected and isolated from the attack surface, and then ability to recover those critical assets quickly so they can resume business operations. That's really the area that I work in. Now, that data, as you pointed out, it could start on-prem. It could live in multicloud. It can live in a hybrid environment. The key is really to understand that not all data is created equally. If you were to have a widespread cyber attack, really the key is to bring up those critical applications systems and data sets first to return to business operations. >> Yeah, it's funny-- >> Peter: It's really challenging >> You know, it's not funny, it's actually just ironic, but it's really kind of indicative of the society now is that EMC was bought by Dell Storage and the idea of disruption has always been a storage concept. We don't want a lot of disruption when we're doing things, right? >> Peter: None, we can't, yeah. >> So whether it's backup and recovery or cyber ransomware, whatever it is, the idea of non-disruptive operations-- >> Absolutely. >> Has been a core tenant. Now, that's obviously the same for cyber, as you can tell. So I got to ask you, what is your definition and view of cyber resilience? Because, well, that's what we're talking about here, cyber resilience. What's your view on that? >> So when we started developing our cyber recovery solution about five years ago, we used the NIST cybersecurity framework, which is a very well-known standard that defines really five pillars of how organizations can think about building a cyber resilience strategy. A cyber resilience strategy really encompasses everything from perimeter threat detection and response all the way through incident response after an attack and everything that happens in between, protecting the data and recovering the data, right? And critical systems. So I think of cyber resilience as that holistic strategy of protecting an organization and its data from a cyber attack. >> That's great insight. I want to get your thoughts on how that translates into the ecosystem, because this is an ecosystem around cyber resilience. >> Peter: Absolutely. >> And let's just say, and you may or may not be able to comment on this, but RSA is now being sold. >> Peter: Yeah, no, that's fair. >> So that's going out of the Dell family. But you guys have obviously VMware and Secureworks. But it's not just you guys. It's an ecosystem. >> It really is. >> How does Dell now without, with and without RSA, fit into the ecosystem? >> So as I mentioned, cyber resilience is really thought of as a holistic strategy. RSA and other Dell assets like Carbon Black fit in somewhere in that continuum, right? So RSA is really more on threat detection and response, perimeter protection. The area of the business that I work on, data protection and cyber recovery, really doesn't address the prevention of attacks. We really start with the premise that preventing a cyber attack is not 100% possible. If you believe that, then you need to look at protecting and recovering your assets, right? And so whether it's RSA, whether it's Carbon Black, whether it's Secureworks, which is about cyber incident and response, we really work across those groups. It's about technology, processes, and people. It's not any one thing. We also work outside of the Dell technologies umbrella. So we integrate, our cyber recovery solution is integrated with Unisys Stealth. So there's an example of how we're expanding and extending the cyber recovery solution to bring in other industry standards. >> You know, it's interesting. I talk to a lot of people, like, I'm on theCube here at RSA. Everyone wants better technology, but there's also a shift back to best-of-breed, 'cause you want to have the best new technology, but at the same time, you got to have proven solutions. >> Peter: That's the key. >> So what are you guys selling, what is the best-of-breed from Dell that you guys are delivering to customers? What are some of the areas? >> So I'm old EMC guy myself, right? And back from the days of disaster recovery and business continuity, right? More traditional data protection and backup. The reality is that the modern threats of cyber hackers, breaches, insider attacks, whatever you like, those traditional data protection strategies weren't built to address those types of threats. So along with transformation and modernization, we need to modernize our data protection. That's what cyber recovery is. It's a modern solution to the modern threat. And what it does is it augments your data, excuse me, your disaster recovery and your backup environment with a purpose-built isolated air gap digital vault which is built around our proven Data Domain and PowerProtect DD platforms that have been around for over a decade. But what we've done is added intelligence, analytics, we've hardened that system, and we isolate it so customers can protect really their most valuable assets in that kind of a vault. >> So one of things I've been doing some research on and digging into is cyber resilience, which you just talked about, cyber security, which is the industry trend, and you're getting at cyber recovery, okay? >> Peter: Correct. >> Can you talk about some examples of how this all threads together? What are some real recent wins or examples? >> Sure, sure. So think of cyber recovery as a purpose-built digital vault to secure your most valuable assets. Let me give you an example. One of our customers is a global paint manufacturer, okay? And when we worked with them to try to decide what of their apps and data sets should go into this cyber recovery vault, we said, "What is the most critical intellectual property "that you have?" So in their case, and, you know, some customers might say my Oracle financials or my Office 365 environment. For this customer it was their proprietary paint matching system. So they generate $80 to $100 million every day based upon this proprietary paint matching system which they've developed and which they use every day to run their business. If that application, if those algorithms were destroyed, contaminated, or posted on the public internet somewhere, that would fundamentally change that company. So that's really what we're talking about. We're working with customers to help them identify their most critical assets, data, systems, applications, and isolate those from the threat vector. >> Obviously all verticals are impacted by cyber security. >> Every vertical is data-driven, that's right. >> And so obviously the low-hanging fruit, are they the normal suspects, financial services? Is there a particular one that's hotter than, obviously financial services has got fraud and all that stuff on it, but is that still number one, or-- >> So I think there's two sides to the coin. One, if you look at the traditional enterprise environments, absolutely financial services and healthcare 'cause they're both heavily regulated, therefore that data has very high value and is a very attractive target to the would-be hackers. If you look on the other end of the spectrum, though, the small to medium businesses that all rely on the internet for their business to run, they're the ones that are most susceptible because they don't have the budgets, the infrastructure, or the expertise to protect themselves from a sophisticated hacker. So we work across all verticals. Obviously the government is also very susceptible to cyber threats. But it's every industry, any business that's data-driven. I mean, everyone's been breached so many times, no one even knows how many times. I got to ask you about some cool trends we're reporting on here. Homomorphic encryption is getting a lot of traction here because financial services and healthcare are two-- >> Peter: Homomorphic? >> Homomorphic, yeah. Did I say that right? >> It's the first time I've ever heard that term, John. >> It's encryption at in use. So you have data at rest, data in flight, and data in use. So it's encryption when you're doing all your, protecting all your transactional data. So it's full implementation with Discovery. Intel's promoting it. We discovered a startup that's doing that, as well. >> Peter: Yeah, that's new for me, yeah. >> But it allows for more use cases. But data in use, not just motion, or in-flight, whatever they call it. >> Peter: I get it, yeah, static. >> So that's opening up these other thing. But it brings up the why, why that's important, and the reason is that financial services and healthcare, because they're regulated, have systems that were built many moons ago or generations ago. >> Absolutely. >> So there was none of these problems that you were mentioning earlier, like, they weren't built for that. >> Correct. >> But now you need more data. AI needs sharing of data. Sharing is a huge deal. >> Real-time sharing, too, right? >> Real-time sharing. >> And I think that's where the homomorphic encryption comes in. >> That's exactly right. So you mentioned that. So these industries, how can they maintain their existing operations and then get more data sharing? Do you have any insight into how you see that? Because that's one of those areas that's becoming like, okay, HIPAA, we know why that was built, but it's also restrictive. How do you maintain the purity of a process-- >> If your infrastructure is old? That is a challenge, healthcare especially, because, I mean, if I'm running a health system, every dollar that I have should really go into improving patient care, not necessarily into my IT infrastructure. But the more that every industry moves towards a real-time data-driven model for how we give care, right, the more that companies need to realize that data drives their business. They need to do everything they can to protect it and also ensure that they can recover it when and if a cyber attack happens. >> Well, I really appreciate the insight, and it's going to be great to see Dell Technologies World coming up. We'll dig into a lot of that stuff. While we're here and talking us about some of these financial services, banking, I want to get your thoughts. I've been hearing this term Sheltered Harbor being kicked around. What is that about? What does that mean? >> Sheltered Harbor, you're right, I think you'll hear a lot more about it. So Sheltered Harbor is a financial industries group and it's also a set of best practices and specifications. And really, the purpose of Sheltered Harbor is to protect consumer and financial institutions' data and public confidence in the US financial system. So the use case is this. You can imagine that a bank having a cyber attack and being unable to produce transactions could cause problems for customers of that bank. But just like we were talking about, the interconnectedness of the banking system means that one financial institution failing because of a cyber attack, it could trigger a cascade and a panic and a run on the US financial banks and therefore the global financial system. Sheltered Harbor was developed to really protect public confidence in the financial system by ensuring that banks, brokerages, credit unions are protecting their customer data, their account records, their most valuable assets from cyber attack, and that they can recover them and resume banking operations quickly. >> So this is an industry group? >> It's an industry group. >> Or is it a Dell group or-- >> No, Sheltered Harbor is a US financial industry group. It's a non-profit. You can learn more about it at shelteredharbor.org. The interesting thing for Dell Technologies is we're actually the first member of the Sheltered Harbor solution provider program, and we'll be announcing that shortly, in fact, this week, and we'll have a cyber recovery for Sheltered Harbor solution in the market very shortly. >> Cyber resilience, great topic, and you know, it just goes to show storage is never going away. The basic concepts of IT, recovery, continuous operations, non-disruptive operations. Cloud scale changes the game. >> Peter: It's all about the data. >> It's all about the data. >> Still, yes, sir. >> Thanks for coming on and sharing your insights. >> Thank you, John. >> RSA coverage here, CUBE, day two of three days of coverage. I'm John Furrier here on the ground floor in Moscone in San Francisco. Thanks for watching (electronic music)