>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angled media. >>Okay, welcome back. Everyone's keeps coverage here in San Francisco for RSA. Copper's 2020. I'm John Farrow, your host, you know, cybersecurity industry's changing and enterprises are now awake to the fact that is now a bigger picture around securing the enterprise cause it's not only the data center, it's cloud, it's the edge. A lot of great stuff. I've got a great guest here from Dell, EMC, Peter Garris, consultant cyber resilient solutions and services marketing, uh, Dell EMC. Great to see you. Thanks for to John. Good to see you again. So you know, I was joking with Dave Alante just this morning around the three ways of cloud, public cloud, hybrid cloud, multi-cloud. And we see obviously the progression hybrid cloud is where everyone spend most of their time. That's from ground to cloud on premises to cloud. Yep. So pretty much everyone knows around on premise is not going away, validated by all the big cloud players. >>But you've got to nail the equation down for on premises to the cloud, whether it's Amazon, Amazon, Azure, Azure, whatever, all those costs. But the multicloud will be a next generation wave that is an industry backdrop and it's very, very key. Plus AI and data are huge inputs into solving a lot of what is going to be new gaps, blind spots, whatever insecurity. So I guess, you know, Dell's has a history with huge client base, traditional enterprises transforming. You're in the middle of all this. So you've got, you know, the airplane at three to 30,000 feet. Yep. And the companies have to swap out their engines and reboot their teams and it's a huge task. What's going on with cyber and the enterprises? What are, what are some of the key things? Well, so I like to keep it pretty simple. I've been in this industry over 20 years and I've really consistently talked about data as the global currency, right. >>So it's beautifully simple. Whatever industry you're in, whatever size company you're in, enterprise or even now, small to medium businesses, their businesses are driven by data connectivity. That data availability of the data, integrity of the data and confidentiality of the data, and so the sort of the area of the world that I focus upon is protecting customers. Most valuable data assets now, whether those are on prem, in the cloud or in a variety of modalities, and ensuring that those assets are protected and isolated from the attack surface and then ability to recover those critical assets quickly so they can return resume business operations. That's really the area that I work in. Now, that data, as you pointed out, it could start on prem, it could live in multi-cloud, it can live in a hybrid environment. The key is really to to understand that not all data is created equally if you were to have a widespread cyber attack, really the key is to bring up those critical applications, systems and datasets first to return to business operations. >>Really challenging. You know, it's not funny. It's actually, I just, I run it, but it's, it's, it's, it's really kind of indicative of the society now is that EMC was bought by Dell storage and the idea of disruption was always been a storage concept. Yes, we want, we don't want a lot of disruption when we're doing things right. So not know whether it's backup and recovery or cyber ransomware, whatever it is, the idea of non-disruptive operations. Absolutely. A core tenant. Now that's obviously the same for cyber as you can tell. So I've got to ask you, what is your definition in view of cyber resilience because, well, that's what we're talking about here. Cyber resilience. What's your view on this? So when we started developing our cyber recovery solution about five years ago, we used, uh, the NIST cybersecurity framework, which is a very well known standard that defines really five pillars of how organizations can think about building a cyber resilience strategy. >>A cyber resilience strategy really encompasses everything from a perimeter threat detection and response all the way through incident response after an attack. And everything that happens in between protecting the data and recovering the data, right? And critical systems. So I think of cyber resilience is that holistic strategy of protecting an organization and its data from a cyber attack as great insight. I want to get your thoughts on how that translates into the ecosystem. Okay. Because there's an ecosystem around cyber resilience. Absolute, let's just say, and you may or may not be able to comment on this, but RSA was now being sold. Yeah, no, that's fair. That's going out of the Dell family. But you guys have, you know, obviously VMware and insecure words, but it's not just you guys. It's an ecosystem. It really is. Does Dell now without, with and without RSA fit into the ecosystem. >>So as I mentioned, cyber resilience is really thought of as a holistic strategy. RSA and, and other Dell assets like carbon black, um, fit in somewhere in that continuum. Right? So RSA is really more on threat detection and response, perimeter protection. The area of the business that I work on, data protection and cyber recovery really doesn't address the, um, prevention of attacks. We really start with the premise that preventing a cyber attack is not a hundred percent possible. If you believe that, then you need to look at protecting and recovering your assets. Right? And so whether it's RSA, whether it's carbon black, whether it's secure works, which is about cyber incident and response, we really work across those groups. It's, it's about technology processes and people. It's not any one thing. We also work outside of the Dell technologies umbrella. So we integrate, our cyber recovery solution is integrated with Unisys stealth. >>Uh, so there's an example of how we're expanding and extending the cyber recovery solution to bring in, you know, other industry standards. You know, it's interesting, I talked to a lot of people that come on the Q of history here at RSA. Sure. Everyone wants better technology, but this also has shipped back the best of breed because you one of the best new technologies. At the same time, you've gotta have proven solutions. So what are you guys selling? What is the best of breed from, uh, Dell? Yeah, you guys are delivering to customers. What are some of the areas? So I, I'm old EMC guy myself, right? And, and back from the days of disaster recovery and business continuity, right? More traditional data protection and backup. The reality is that the modern threats of cyber sec of cyber hackers, breaches, insider attacks, whatever you like, those traditional data protection strategies weren't built to address those types of threats. >>So along with transformation and modernization, we need to modernize our data protection. That's what cyber recovery is. It's a modern solution to the modern threat. And what it does is it augments your data or your, excuse me, your disaster recovery and your backup environment with a purpose built isolated air gap digital vault, which is built around our proven data domain and power protect DD platforms. Uh, that, you know, I've been around for over a decade. Um, but what we've done is added intelligence, uh, analytics. We've hardened that system and we isolate it. Uh, so customers can protect really the most valuable assets in that kind of evolved. So one of the things I've been doing some research on and digging into is cyber resilience, which you just talked about cybersecurity, which is the industry trend and you're getting at cyber recovery. Okay. Can you talk about some examples of how this all threads together? >>What are some real recent examples? Sure. So think of cyber recovery as a purpose-built digital vault to secure your most valuable assets. Let me give you an example. One of our customers, is it a global paint manufacturer? Okay. And when we work with them to try to decide what of their apps and datasets should go into this cyber recovery vault, it said, what is the most critical intellectual property that you have? So in their Kenyan, Oh, some customers might say my Oracle financials or my office three 65 environment. For this customer it was their proprietary paint matching system. So they generate 80 to $100 million every day based upon this proprietary paint matching system, which they've developed and which they use every day to run their business. If that application, if those algorithms were destroyed, contaminated or you know, posted on the public internet somewhere, that would fundamentally change that company. >>So that's really what we're talking about. We're working with customers to help them identify their most critical assets, data systems, applications, and isolate those from the threat vector. Obviously all verticals are impacted by cyber security. Every vertical is data-driven. That's true. Obviously the low hanging fruit, are they below the normal suspects financial services? Is there, is there a particular one that's harder than having financial services got fraud and all that stuff on it, but yeah, that's still number one or so. I think there's two sides to the coin. One, if you look at the traditional enterprise environments, absolutely financial services in healthcare because they're both heavily regulated, uh, therefore that data has very high value and is a very attractive target to the Woodby hackers. If you look on the other end of the spectrum though, the small to medium businesses that all rely on the internet for their business to run, uh, they're the ones that are most susceptible because they don't have the budgets, the infrastructure or the expertise to protect themselves from a sophisticated hacker. >>Um, so we, you know, we work across all verticals. Obviously the government is also very susceptible to cyber threats, but it's every industry, any business that's data-driven. I mean, everyone's been breached so many times and no one even knows how many times. Uh, I gotta ask you about, um, um, some cool trends we're reporting on here. Sure. Homomorphic encryption is getting a lot of traction here because financial services in healthcare homomorphic homomorphic yeah. Okay. Did I say that right? Oh, it's the first time I've ever heard that term, John. I, it's encryption at end use. So you have data at rest, data in flight and data and use encryption. When you're doing all, you're protecting all your transactional data. Ah, so it's focusing with discovery. Intel's promoting it. Uh, we just covered a startup that's doing that as well. That's new, that's new for me, but allows for more use cases, but data and use, not just motion static. >>Yeah. That's opening up these other things. But it brings up the why, why that's important. And the reason is, is that financial services and healthcare, because they're regulated. Yes. Have systems that were built many moons ago or generations. Absolutely. So there was not these problems that you mentioned earlier that were built for that, but now you need more data. AI needs sharing of data sharing is a huge deal. Real time share real time. Right. And I think that's where the homomorphic encryption comes in. That's exactly right. So you mentioned that, so these industries, how can they maintain their existing operations and then get more data share? Do you have any insight into how you see that? Because that's one of those areas that's becoming like, okay, HIPAA, we know why that was built, but it's also restrictive. Yeah. How do you maintain the purity of a process if your infrastructure is, is old? >>That is, that is a challenge. Healthcare especially because, I mean, if I'm, if I'm, uh, you know, running a health system, every dollar that I have should really go into improving patient care, not necessarily into my it infrastructure, but the more that every industry moves towards a real time data-driven model for, for how we give care. Right? Yeah. Um, the more that, uh, companies need to realize that data drives their business, they need to do everything they can to protect it and also ensure that they can recover it when and if a cyber attack happens. Well, I really appreciate the insight and it's going to be great to see Dell technologies world coming up. We'll dig into a lot of that stuff while we're here on talking to us about some of this financial service in banking. I want to get your thoughts, I've been hearing this term sheltered Harbor. >>Yeah. Being kicked around. What does that about? What does that mean? Sheltered Harbor? You're right, I think you'll hear a lot more about it. So sheltered Harbor, uh, was, uh, is it isn't financial industries group and it's also a set of, uh, best practices and specifications. And really the, the purpose of sheltered Harbor is to protect consumer and financial institutions data, uh, and public confidence in the U S financial system. So the, the, the use cases, this, you can imagine that a, a bank having a cyber attack and B being unable to produce transactions could cause problems for customers of that bank. But the, just like we were talking about the interconnectedness of the banking system means that one financial institution failing because of a cyber attack, it could trigger a cascade and a panic and a run on the U S financial banks. And therefore the global financial system sheltered Harbor was developed to really protect public confidence in the financial system by ensuring that banks, brokerages, credit unions are protecting their customer data, their account records, their most valuable assets from cyber attack and that they can recover them and resume banking operations quick. >>So this is an industry group. It's an industry build group. Sheltered Harbor is a U S financial, uh, industry group. Uh, it's a nonprofit. You can, you can learn more about it. It's sheltered harbor.org. Uh, the interesting thing for Dell technologies is we're actually the first member of the sheltered Harbor solution provider program and we'll be announcing that shortly. In fact this week and we'll have a cyber recovery for sheltered Harbor solution in the market very shortly. Cyber resilience. Great topic, and you know, it just goes to show storage has never gone away. The basic concepts of it, recovery, continuous operations, not disruptive operations. Yeah, cloud scale changes the game. It's all about the data. All about the data. Still sites, RSA coverage here, cube day, two of three days of coverage. I'm John furrier here on the ground floor in Moscone in San Francisco. Thanks for watching.