(soft upbeat music) >> The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know. This had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cyber security strategies. And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President, Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time (indistinct) and chief technology officer at Druva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. Right now I'm going to toss it to Lisa Martin, another one of the hosts, for today's program. Lisa, over to you. (soft upbeat music) >> Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that ransomware that has everybody's attention. And it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also was accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, that we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it >> Inextricably linked. And it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience, for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomwares. The other thing about it is, it's really a lot like Whack-A-Mole. They attack us in one area, and we defend against it, so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded, "I don't think so, because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable the bad guys aren't going to just fade into the night without giving it a lot of fight." So I really think that ransomware is one of those things that is here for the long term, and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was in a worldwide study, it was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, is a little over 500 different individuals across the globe, in North America, select countries in Western Europe as well as several in Asia-Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attack successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't necessarily to be trusted. And so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared, and on the other hand, the results are absolutely horrible. Two thirds of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to... kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready, based on the information you have, and these people are smart people and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason a lot of these have been successful. So that was kind of the key finding to me in kind of the "aha" moment, really, in this whole thing, Lisa. >> That's a massive disconnect, with the vast majority saying, "We have a cyber recovery playbook," yet, nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience, as we said, this is a matter of this is going to happen, just a matter of when and how often? >> It is a matter, yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on-demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you had double the infrastructure if your financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on-demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have, and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >> So what do you think the big issue here is? Is it that these IT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know and until you get into a specific attack... there are so many different ways that organizations can be attacked. And in fact, from this research that we found, is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high probability of recovery, things like that, those are the kinds of things that organizations have to put into place, really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think, "We are prepared, we've got a playbook," yet so many are are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, "Hey guys, across every industry we are vulnerable, this is going to happen, we've got to make sure that we are truly resilient and proactive"? >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the the consequences of ransomware it's not just the ransom, it's the lost productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CISO, whoever it is, they're extremely concerned about this. And I can tell you they are fully engaged in addressing these issues within their organization. >> So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on premises aren't going away, so that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge, is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here, Phil. I wish we had more time. But I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. (gentle music)

>> The past 2 1/2 years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This we know. This had several ripple effects on CSO and CIO strategies that were highly visible at the Board of Directors' level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies, and more specifically, CIOs quickly realized that their business resilience strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to "Why Ransomware isn't Your Only Problem," a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today, we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President Phil Goodwin is here to share the highlights of the study and to summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically, and data protection, generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time CUBE alum and Chief Technology Officer at Druva, and Anjan is Vice President and General Manager of Product Management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. But right now I'm going to toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. (upbeat music) >> Bill Goodwin joins me next, the VP of Research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyberattacks massively increasing, the threat landscape changing so much. What is IDC seeing? >> You know, you really hit the top topic that we find from IT organizations as well as business organizations. And really, it's that digital resilience, that ransomware that has everybody's attention, and it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also has accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty, and this is relatively new for 2022, but within IDC we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to have the scale up or scale down on demand nature of cloud. So those are, in a nutshell, kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You can't have IT resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked, and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomers. The other thing about it is it's really a lot like Whac-A-Mole, you know. They attack us in one area and we defend against it so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that is here for the long term and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware? >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it was a little over 500 different individuals across the globe in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries there were 20 different industries represented, they're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, you know, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet, when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than 1/3 of organizations were able to fully recover their data without paying the ransom, and some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't necessarily to be trusted, and so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, wow. On the one hand, people think they're really, really prepared, and on the other hand, the results are absolutely horrible. You know, 2/3 of people having to pay the ransom. So you start to ask yourself, well, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing. You think you're ready, based on the information you have. And these people are smart people, and they're professionals, but oftentimes, you don't know what you don't know. And like I said, the bad guys are always dreaming up new ways to attack us. And so, I think, for that reason, a lot of these have been successful. So that was kind of the key finding to me and kind of the aha moment really in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly 1/2 being the victims of ransomware in the last three years, and then 1/2 of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen, just a matter of when and how often. >> It is a matter, yeah, as you said, it's not if, when, or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services, you know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more, in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You know, you can have on-demand resources. In the old days, when we had disaster recoveries where we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If you're financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts, and that extends the time to recover that they have and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here is? Is it that these IPT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. You don't know what you don't know, and until you get into a specific attack, you know, there are so many different ways that organizations can be attacked. And, in fact, from this research that we found is that, in many cases, data exfiltration exceeds data corruption by about 50%. But when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place, really as a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous. What do you recommend organizations do? You talked to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is going to happen. We've got to make sure that we are truly resilient and proactive? >> Yes, and in fact, what we found from this research is in more than 1/2 of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the lost productivity, it's the loss of revenue. It's the loss of customer faith and goodwill, and organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, you know, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing those issues within their organization. >> So all the way at the top, and critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen a big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable. But what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it, we're just cracking the surface here, Phil. I wish we had more time, but I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that, take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin, and you are watching theCUBE, the leader in live tech coverage. >> We live in a world of infinite data. Sprawling, dispersed, valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats, and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about, different deployments for workloads running on-premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four to five copies of the same data, increasing costs and risk, building to an incoherent mess of complications. Now, imagine a world free from these complexities. Welcome to the the Druva Data Resiliency Cloud, where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resilience. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. Through a true cloud experience built on Amazon Web Services, the Druva platform automates and manages critical daily tasks, giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly. With the Druva Data Resiliency Cloud, your data isn't just backed up, it's ready to be used 24/7 to meet compliance needs and to extract critical insights. You can archive data for long-term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. Druva is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500, costing up to 50% less than the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Druva makes it simple. (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE and the Druva special presentation of "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W Curtis Preston, Curtis Preston, as he's known in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at "Why Ransomware isn't Your Only Problem." Great to see you, thanks for coming on. >> Happy to be here. >> So we always see each other at events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I'd like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here in this survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately, they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit, successfully hit by ransomware, paid the ransom and/or lost data, and yet the same people that were surveyed, they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system, and so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know. "We're good, boss, we got this covered." >> Yeah, it's all good, it's all good. >> And the fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution, and so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, there was a huge percentage of people that said that they had, you know, a ransomware response, you know, and readiness program. And you look at that, and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program, which includes a number of things, right? There's the cyberattack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number, I think, just hurt me the most is that because, you talked about re-infections. The surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail. >> You're in business, you're a good customer >> Yeah, yeah, exactly. >> for ransomware. >> Yeah, so the fact that, you know, 60, what, 2/3 of the people that were attacked by ransomware paid the ransom. That one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back, and even the psychology of the practitioners was, you know, it's super important to get backup and recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change your tooling. So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things, starting with that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand, "You know, that's a good idea, Curtis, why don't you look into that?" Nobody wants to be- >> Where's that guy now? He doesn't work here anymore. Yeah, I hear where you coming from. >> Exactly. >> It's psychology (indistinct) >> Yeah, so there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of Active Directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if that production environment is compromised, now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't backup. So we got the ransomware." It makes sense. >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first, and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it, or you can switch to the way Druva does things, which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. It's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically, what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, because that's the other thing is that by storing the data in the cloud, and I've said this a few times, you get to break the laws of physics, and the only way to do that is time travel. (both laughing) So yes, so Druva has time travel. And this is a Curtisism, by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it, and that's kind of what I mean by time travel, in that you, basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics is you break the laws of time. >> (laughs) Well, all right, everyone wants to know the next question, and this is a real big question is, are you from the future? >> (laughs) Yeah. Very much the future. >> What's it like in the future, backup, recovery? How does it restore? Is it air gapping everything? >> Yeah, well, it's a world where people don't have to worry about their backups. I like to use the phrase get out of the backup business, just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter, and I often make the joke that if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah, and what's great about your background is you've got a lot of historical perspective. You've seen that, the waves of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on. And got to think automated, things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not, that our customers don't have to do all of those things that all of our competitors have to do to, you know, to break, to try to break the laws of physics, I've been fighting the laws of physics my entire career, to get the backup done in the first place, then to secure all the data, and to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> All right, we'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data, and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches, and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva Data Resiliency Cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software as a service model delivers 24/7/365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches, and upgrades for you. Druva also makes zero trust security easy with built-in multifactor authentication, single sign-on, and role-based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built-in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean, unencrypted data from the entire timeframe of the attack. Cyberattacks are a major threat, but you can make protection and recovery easy with Druva. (electronic music) (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE's special presentation with Druva on "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. Our next guests are Stephen Manley, Chief Technology Officer of Druva, and Anjan Srinivas, who is the General Manager and Vice President of Product Management at Druva. Gentlemen, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic. The IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Great to be here, John. >> So what's your thoughts on the survey's conclusion? Obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is, on the one hand, everybody who sees the survey and reads it is going to say, "Well, that's obvious." Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is, it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that they needed to do. A lot of people are even still wondering, when that happens next time, what do I even do? So clearly not very surprising. Clearly, I think it's here to stay, and I think as long as people don't retool for a modern era of data management, this is going to to stay this way. >> Yeah, I hear this all the time in our CUBE conversations with practitioners. It's kind of like the security pro, give me more tools, I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because, you know, people claim that they have tools at crime points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing, but it doesn't seem there's confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first, and Stephen can add to it. What happens is, I think this is a panic buying and they have accumulated this tooling now just because somebody said they could solve your problem, but they haven't had a chance to take a real look from a ground up perspective to see where are the bottlenecks? Where are the vulnerabilities? And which tooling set needs to lie where? Where does the logic need to reside? And what, in Druva, we are watching people do and people do it successfully, is that as they have adopted Druva technology, which is ground up built for the cloud, and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware, and then there's a whole plethora of ecosystem players that kind of combine to really finish the story, so to say, right? So I think this has been a panic buying situation. This is like, "Get me any help you can give me." And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva, and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> Yes, Stephen? >> I was going to say, I mean, one of the the really interesting things in the survey for me, and for a moment, a little more than a moment, it made me think was that the large number of respondents who said, "I've got a really efficient, well-run back environment," who, then, on basically the next question said, "And I have no confidence that I can recover from a ransomware attack." And you scratch your head and you think, "Well, if your backup environment is so good, why do you have such low confidence?" And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture, and let's face it, the disk-based architecture's been around for almost two decades now, in terms of disk-based backup, you can have that tuned to the hilt. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues, you know, really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, "I'm doing the best I can," but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so, yeah. >> Well, that's a great point. Before we get into the customer side I want to get to in second, you know, I interviewed Jaspreet, the founder and CEO many years ago, even before the pandemic, and you mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built kind of backup and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now. It's a huge issue. >> I think, to me there's three things that come up over and over and over again as we talk to people in terms of, you know, being built in cloud, being cloud native, why is it an advantage? The first one is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. The second advantage is the scalability. And you know, this certainly plays into account as your business grows, or, in some cases, as you shrink or repurpose workloads, you're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on premises as much or as little as you want. And then I think the third one is we're seeing, basically, things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is we're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, "Wow, I needed six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks, and it's backed by Druva to make sure it works. >> Anjan, you know, you got the product side, you know, it's a challenging job 'cause you have so many customers asking for things, probably on the roadmap, you probably can go an hour for that one, but I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated, probably on the feature requests, but also structurally as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think, after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in, as Druva, is that we are providing them the cloud operating model and a data protection operating model, combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate, because this is not just about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate in the middle of the war, so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour, while they're just trying to live one day at a time. And unless they really develop this overall security operating model, helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS, and we are going to be continuing to evolve that to further the many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So new workloads, new security capabilities. Love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? You got new workloads, you got the new security needs, what's the disruption impact? 'Cause you want to avoid that. How much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, you know, again, we're willing to put our money where our mouth is, and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say the goal of Druva is to do the job of protecting and securing your data for you so that you, as a customer, don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks, all with SLAs. So everything from your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally, and we're guaranteeing the long-term durability of the data so that if you backup with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there, and the only way for this to work is to have a service that can provide you SLAs across all of the risks, because that means, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. (laughs) People are concerned about it, so great stuff. In the last five minutes, guys, if you don't mind, I'd love to have you share what's on the horizon for Druva? You mentioned the new workloads, Anjan. You mentioned this new security. You're going to shift left. DevOps is now the developer model. They're running IT. Get data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace and the competition? >> Yeah, I think, listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first, from Druva, before they can start to get into much more advanced level of insights and analytics around that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which, I think, is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor, and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build, all the way from a feature level where we have things like (audio distorts) that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security, and that's where my focus is, to go and get those features delivered, and Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure, so, yeah, so John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications, and a lot of those SaaS applications have data. So there's the obvious things, like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because, if you think about it, if someone you know deletes some really important records in Salesforce, that's actually kind of the record of your business. And so, we're looking at more and more SaaS application protection, and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce, or something like Microsoft 365. You do want to look into sandboxing, you want to look into long-term archival, because this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks, because we're seeing across the globe. And then, of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because, let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud, and then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember, John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and then really the power of SaaS as a service, simplicity to kind of continue on, amongst kind of keeping these complex technologies together. >> Anjan, that's a great callout. I was going to mention ease of use and self-service. Big part of the developer and IT experience. Expected. It's the table stakes. Love the analytic angle, I think that brings the scale to the table, and faster time to value to get to learn best practices. But at the end of the day, automation, cross-cloud protection and security to protect and recover. This is huge, and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You have the experts talk about under the hood, the product, the value, the future of what's going on with Druva, and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva Data Resiliency Cloud is the only 100% SaaS data resiliency platform that provides centralized, secure, air gapped, and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyberattacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds, and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup and recovery, but also data resiliency across high value use cases, such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability, and ransomware protection. The Druva Data Resiliency Cloud, your data, always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past 2+ years, a lot of good technology practices have been put into place, but there's much more work to be done, specifically, because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a system's view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. Here we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net, and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching "Why Ransomware isn't Your Only Problem," made possible by Druva, in collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention, and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment. And, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered. Sometimes it's not. So you look at that and you go, Wow. On, on the one hand, people think they're really, really prepared, and on the other hand, the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue. It's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, It's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact, we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that, Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching the Cube, the leader in live tech coverage. >>We live in a world of infinite data, sprawling, dispersed valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about different deployments for workloads running on premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four of five copies of the same data, increasing costs and risk building to an incoherent mess of complications. Now imagine a world free from these complexities. Welcome to the dr. A data resiliency cloud where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resili. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. >>Through a true cloud experience built on Amazon web services, the DR A platform automates and manages critical daily tasks giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly with the dr A data resiliency cloud, your data isn't just backed up, it's ready to be used 24 7 to meet compliance needs and to extract critical insights. You can archive data for long term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. DVA is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500 costing up to 50% less in the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Dr. A makes it simple. >>Welcome back everyone to the cube and the drew of a special presentation of why ransomware isn't your only problem. I'm John Furrier, host of the Cube. We're here with w Curtis Preston. Curtis Preston, he known in the industry Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. >>Happy to be here. >>So we always see each other events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I to get your thoughts and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >>Yeah, I think it's the, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately they didn't. The, the, the, the data protection world has been this way for a while where there's this, this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit successfully, hit by ransomware, paid the ransom and, and, and or lost data. And yet the same people that were surveyed, they had to high degrees of confidence in their backup system. And I, you know, I, I could, I could probably go on for an hour as to the various reasons why that would be the case, but I, I think that this long running problem that as long as I've been associated with backups, which you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And, and people often just, they, they, they don't wanna have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh, the backup system's great, because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >>It's funny, you know, we're good boss, we got this covered. Good, >>It's all good, it's all good, >>You know, and the fingers crossed, right? So again, this is the reality and, and, and as it becomes backup and recovery, which we've talked about many times on the cube, certainly we have with you before, but now with ransomware also, the other thing is people get ransomware hit multiple times. So it's not, not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution. And so let's get into that. You know, you have had hands on backup experience. What are the points that surprised you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >>Well, I would say that the, the, the one part in the survey that surprised me the most was people that had a huge, you know, that there, there was a huge percentage of people that said that they had a, a, a, you know, a a a ransomware response, you know, in readiness program. And you look at that and you, how could you be, you know, that high percentage of people be comfortable with their ransomware readiness program and a, you know, which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so your, you believe that your company was ready for that, and then you go, and I, I think it was 67% of the people in the survey paid the ransom, which as, as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most is that because you, you talked about re infections, the surest way to guarantee that you get rein attacked and reinfected is to pay the ransom. This goes back all the way ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail and >>You're in business, you're a good customer arr for ransomware. >>Yeah. So the, the fact that, you know, 60 what two thirds of the people that were attacked by ransomware paid the ransom. That one statistic just, just hurt my heart. >>Yeah. And I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, it's super important to get back in recovery and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, the arr joking, but there's recurring revenue for the, for the bad guys if they know you're paying up and if you're stupid enough not to change, you're tooling, right? So, so again, it works both ways. So I gotta ask you, why do you think so many are unable to successfully respond after an attack? Is it because they know it's coming? I mean, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding and successfully to this? >>I I think it's a, it's a litany of thing starting with the, that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if, if you're the one that raises their hand, you know what, that's a good idea, Curtis, why don't you look into that? Right. Nobody, nobody wants to be, Where's >>That guy now? He doesn't work here anymore. Yeah, but I I I hear where you come from exactly. Psychology. >>Yeah. So there, there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They, they, they become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate for from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if you, if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then you've, if, if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I, and I just don't think that people are thinking about that. Yeah. You know, and they're using the same backup techniques that they've used for many, many years. >>So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, Hey, we'll just take out the backup first so they can backup. So we got the ransomware it >>Makes Yeah, exactly. The the largest ransomware group out there, the KTI ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. >>Okay, so you guys have a lot of customers, they all kind of have the same this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >>Well, again, you, you've got to fully segregate that data. There are, and, and everything about how that data is stored and everything about how that data's created and accessed. There are ways to do that with other, you know, with other commercial products, you can take a, a, a standard product and put a number of layers of defense on top of it, or you can switch to the, the way Druva does things, which is a SAS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the, the, it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the, the way juva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work with us. You just log in and you get all of that. >>I guess how do, how do you break the laws of physics? I guess that's the question here. >>Well, when, because that's the other thing is that by storing the data in the cloud, we, we do, and I've said this a few times, that you get to break the laws of physics and the, the only way to do that is to, is time travel and what, that's what it, so yeah, so Druva has time travel. What, and this is a criticism by the way. I don't think this is our official position, but Yeah. But the, the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of what I mean by time travel in that you basically, you configure your dr your disaster recovery environment in, in DVA one time. And then we are pre restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go the, the data should already be restored. And that's the, i that's the way that you break the laws of physics is you break the laws of time. >>Well, I, everyone wants to know the next question, and this is the real big question, is, are you from the future? >>Yeah. Very much the future. >>What's it like in the future? Backup recovery as a restore, Is it air gaping? Everything? >>Yeah. It, it, it, Well it's a world where people don't have to worry about their backups. I I like to use the phrase, get outta the backup business. Just get into the ReSTOR business. I I, you know, I'm, I'm a grandfather now and I, and I love having a granddaughter and I often make the joke that if I don't, if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about >>Backups. Yeah. And what's great about your background is you've got a lot of historical perspective. You've seen that been in the ways of innovation now it's really is about the recovery and real time. So a lot of good stuff going on. And God think automated thingss gotta be rocking and rolling. >>Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to, you know, to, to break, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I, I wish that, I wish everybody had that ability. >>Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream front lines. Great stuff Chris, great to have you on, bring that perspective and thanks for the insight. Really >>Appreciate it. Always happy to talk about my favorite subject. >>All right, we'll be back in a moment. We'll have Steven Manley, the cto and on John Shva, the GM and VP of Product Manage will join me. You're watching the cube, the leader in high tech enterprise coverage. >>Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability, scans, patches and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released after an attack. Recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the DR A data resiliency cloud on your side. The DR A platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. >>Our software as a service model delivers 24 7 365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches and upgrades for you. DVA also makes zero trust security easy with builtin multifactor authentication, single sign-on and role-based access controls in the event of an attack. Druva helps you stop the spread of ransomware and quickly understand what went wrong. With builtin access insights and anomaly detection, then you can use industry first tools and services to automate the recovery of clean unencrypted data from the entire timeframe of the attack. Cyber attacks are a major threat, but you can make protection and recovery easy with dva. >>Welcome back everyone to the Cubes special presentation with DVA on why ransomware isn't your only problem. I'm John er, host of the Cube. Our next guest are Steven Manley, Chief Technology Officer of dva and I, John Trini VAs, who is the general manager and vice president of product management and Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic, the IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >>Great to be here John. >>So what's your thoughts on the survey's conclusion? I've obviously the resilience is huge. Ransomware is continues to thunder away at businesses and causes a lot of problems. Disruption, I mean just it's endless ransomware problems. What's your thoughts on the con conclusion? >>So I'll say the, the thing that pops out to me is, is on the one hand, everybody who sees the survey, who reads, it's gonna say, well that's obvious. Of course ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But, but I think when you dig deeper and there and there's a lot of subtleties to look into, but, but one of the things that, that I hear on a daily basis from the customers is it's because the problem keeps evolving. It, it's not as if the threat was a static thing to just be solved and you're done because the threat keeps evolving. It remains top of mind for everybody because it's so hard to keep up with with what's happening in terms of the attacks. >>And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping it away from all the tooling that needed to do. A lot of people are even still wondering when that happens next time, what do I even do? So clearly not very surprising. Clearly I think it's here to stay and I think as long as people don't retool for a modern era of data management, this is going to stay this >>Way. Yeah, I mean I hear this whole time and our cube conversations with practitioners, you know there, it's kind of like the security pro give me more tools, I'll buy anything that comes in the market. I'm desperate. There's definitely attention but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because you know, people claim that they have tools at fine points of, of recovery opportunities but they can't get there. So it seems to be that there's a confidence problem here in the market. What, how do you guys see that? Cuz I think this is where the rubber meets the road with ransomware cuz it's, it is a moving train, it's always changing but it doesn't seem as confidence. Can you guys talk about that? What's your reaction? >>Yeah, let me jump in first and Steven can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said could solve your problem, but they haven't had a chance to take a re-look from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities and which tooling set needs to lie? Where, where does the logic need to recite and what in Drew we are watching people do and people do it successfully, is that as they have adopted through our technology, which is ground up built for the cloud and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware. >>And then there's a whole plethora of ecosystem players that kind of combine to really really finish the story so to say, right? So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and tried to identify the right set of ecosystem to really bring together to solve it meaningfully. >>Steven, >>I was gonna say, I mean one, one of the, one of the really interesting things in the survey for me and, and, and for a moment, little more than a moment, it made me think was that the large number of respondents who said I've got a really efficient well run backup environment, who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well if your backup environment is so good, why do you have such low confidence? And, and, and I think that's the moment when we, we dug deeper and we realized, you know, if you've got a traditional architecture and let's face the dis base architecture's been around for almost two decades now in terms of dis based backup, you can have that tune to the help that can be running as efficiently, efficiently as you want it, but it was built before the ransomware attacks before, before all these cyber issues, you know, really start hitting companies. And so I have this really well run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying I'm doing the best I can, but as Angen pointed out, the architecture, the tooling isn't there to support what, what problems I need to solve today. Yeah, >>Great point. And so yeah, well that's a great point. Before we get into the customer side, I wanna get to in second, you know, I interviewed Jare, the the founder CEO many years ago, even before the pandemic. You mentioned modern, you guys have always had the cloud, which r this is huge. Now that you're past the pandemic, what is that modern cloud edge you guys have? Cuz that's a great point. A lot of stuff was built kind of Beckham recovery bolted on, not really kind of designed into the, the current state of the infrastructure and the cloud native application modern environment we're seeing. Right? Now's a huge issue >>I think. I think it's, it's to me there's, there's three things that come up over and over and over again as, as we talk to people in terms of, you know, being built in cloud, being cloud native, why is an advantage? The first one is, is security and ransomware. And, and, and we can go deeper, but the most obvious one that always comes up is every single backup you do with DVA is air gap offsite managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And you know this, this certainly plays into account as your, your business grows or in some cases as you shrink or repurpose workloads, you're only paying for what you use. >>But it also plays a a big role again when you start thinking of ransomware recoveries because we can scale your recovery in cloud on premises as much or as little as you want. And then I think the third one is we're seeing a basically things evolving new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SA service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting, you know, the customer doesn't have to say, Wow, I need it six months in the lab before I upgrade it and it's an 18 month, 24 month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >>That says on John, you know, you got the, the product side, you know, it's challenging job cuz you have so many customers asking for things probably on the roadmap you probably go hour for that one. But I wanna get your thoughts on what you're hearing and seeing from customers. You know, we just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated on the, probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing, what's the key customer need? How are you guys responding? >>Yeah, actually I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges because we see customers and help customers who are getting challenge by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in as rua is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate because this is just not about a piece of technology. >>On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on but innovating faster with faster, with less. And that has been this age old problem, do more with less. But in this, in this whole, they're like trying to innovate in the middle of the war so to say, right, the war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at a hundred miles per hour while they're just, you know, trying to live one day at a time. >>And unless they really develop this overall security operating model helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this kind of this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with now. Drew is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC two offering to protect EC two virtual machines back in aws and we are gonna be continuing to evolve that to further many services that public cloud software cuz our customers are really kind of consuming them at breakneck speed. >>So the new workloads, the new security capabilities. Love that. Good, good call out there. Steven, this still the issue of the disruption side of it, you guys have a guarantee there's a cost of ownership as you get more tools. Can you talk about that angle of it? Because this is, you got new workloads, you got the new security needs, what's the disruption impact? Cause you know, you won't avoid that. How much is it gonna cost you? And you guys have this guarantee, can you explain that? >>Yeah, absolutely. So, so Dr launched our 10 million data resiliency guarantee. And, and for us, you know, there were, there were really two key parts to this. The first obviously is 10 million means that, you know, again we're, we're we're willing to put our money where our mouth is and, and that's a big deal, right? That that, that we're willing to back this with the guarantee. But then the second part, and, and, and this is the part that I think reflects that, that sort of model that Angen was talking about, we, we sort of look at this and we say the goal of DVA is to do the job of protecting and securing your data for you so that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from, you know, your data's gonna be recoverable in the case of a ransomware attack. >>Okay, that's good. Of course for it to be recoverable, we're also guaranteeing, you know, your backup, your backup success rate. We're also guaranteeing the availability of the service. You know, we're, we're guaranteeing that the data that we're storing for you can't be compromised or leaked externally and you know, we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover 30 years from now, that data's gonna be recovered. So we wanted to really attack the end to end, you know, risks that, that, that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there and the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SAS vendor, we're doing the job for you so you're buying results as opposed to technology. >>That's great. Great point. Ransomware isn't the only problem that's the title of this presentation, but is a big one. People concerned about it. So great stuff. In the last five minutes guys, if you don't mind, I'd love to have you share what's on the horizon for dva. You mentioned the new workloads on John, you mentioned this new security hearing shift left DevOps is now the developer model, they're running it get data and security teams now stepping in and trying to be as vo high velocity as possible for the developers and enterprises. What's on the horizon, Ava? What trends is the company watching and how are you guys putting that together to stay ahead in the marketplace and the competition? >>Yeah, I think listening to our customers, what we realize is they need help with the public cloud. Number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first from before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which I think is very unique to thwa because only we can look at multiple tenants, multiple customers because we are a SAS vendor and look at insights and give them best practices and guidances and analytics that nobody else can give. >>There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need, what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are gonna build all the way from a feature level where we have things like recycle bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights and security and that's where my focus is to go and get those features delivered and Steven can add a few more things around services that Steven is looking to build in launch. >>Sure. So, so yeah, so, so John, I think one of the other areas that we see just an enormous groundswell of interest. So, so public cloud is important, but there are more and more organizations that are running hundreds if not thousands of SaaS applications and a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365 Google workspace, but we're also seeing a lot of interest in protecting Salesforce because if you think about it, you know, if you, if if someone you know deletes some really important records in Salesforce, that's, that's actually actually kind of the record of your business. And so, you know, we're looking at more and more SaaS application protection and, and really getting deep in that application awareness. It's not just about backup and recovery. When you look at something like, like a sales force or something like Microsoft 365, you do wanna look into sandboxing, you wanna, you wanna look into long term archival because again, this is the new record of the business, what used to be in your on premises databases that all lives in cloud and SaaS applications now. >>So that's a really big area of investment for us. The second one, just to echo what, what engine said is, you know, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them, will do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your, your data up more cleanly, you're gonna be a lot less worried and a lot less exposed from that attack happens. So we want to be able to again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline. We've got to deliver value to our customers, not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >>That's great stuff. Run John. >>And remember John, I think all this while keeping things really easy to consume consumer grade UI APIs and the, the really, the power of SaaS as a service simplicity to kind of continue on amongst kind of keeping these complex technologies together. >>Aj, that's a great call out. I was gonna mention ease of use is and self-service, big part of the developer and IT experience expected, it's the table stakes, love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But the end of the day automation, cross cloud protection and security to protect and recover. This is huge and this is big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of of the product. Thanks for coming on. Appreciate it. >>Thank you very much. >>Okay, there it is. You got the experts talking about under the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Ante will give you some closing thoughts on the subject here you're watching the cube, the leader in high tech enterprise coverage. >>As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The dr. A Data Resiliency Cloud is the only 100% SAS data resiliency platform that provides centralized, secure air gapped and immutable backup and recovery. With dva, your data is safe with multiple layers of protection and is ready for fast recovery from cyber attack, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds and your business critical SaaS applications. Druva is the only 100% SAS fender that can manage, govern, and protect data across multiple clouds and business critical SAS applications. It supports not just backup and recovery, but also data resiliency across high value use cases such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale storage optimization, data immutability and ransomware protection. The DVA data resiliency cloud your data always safe, always ready. Visit druva.com today to schedule a free demo. >>One of the big takeaways from today's program is that in the scramble to keep business flowing over the past two plus years, a lot of good technology practices have been put into place, but there's much more work to be done specifically because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher. Today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a systems' view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. You know, we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you gotta do is go to the cube.net and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching why Ransomware isn't your only problem Made possible by dva, a collaboration with IDC and presented by the Cube, your leader in enterprise and emerging tech coverage.

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva, and Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment and, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered, sometimes it's not. So you look at that and you go, Wow. On, on the one hand people think they're really, really prepared and on the other hand the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue, it's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that. Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching The Cube, the leader in live tech coverage.

(upbeat music) >> Hey everyone, Lisa Martin for theCUBE here. Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape, as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations, as well as business organizations, and really it's that digital resilience, that ransomware that has everybody's attention. And it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC, we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is what we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient. And to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization. Whether it's through digital transformation, or whether it's simply data availability, whatever it might happen to be, digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company These days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably? Or is data resilience to find as something a little bit different? >> Well, sometimes, yeah, that we do get caught using them when one as the other, but data resilience is really a part of digital resilience if you think about the data itself and the context of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked. And it's becoming a corporate initiative. But there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it. And they really avoided confronting that. Nowadays, so many people have been hit by it, that stigma has gone. And so really it is becoming more of a community kind of effort, as people try to defend against these ransomwares. The other thing about it is it's really a lot like Whac-A-Mole. They attack us in one area and we defend against it, so they attack us in another area and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "One of these days, we're going to get pretty well defended against ransomware, and it's going to go away." And I responded, "I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities." And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a lot of fight. So I really think that ransomware is one of those things that is here for the long-term, and something that we we have to address and have to get proactive about. >> You mentioned some stats there. And recently, IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things, let's talk a little bit about the demographics of the survey, and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it's a little over 500 different individuals across the globe, in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, BPO of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high, or very high degree of confidence in their recovery tools, and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a 1/3 of organizations were able to fully recover their data without paying the ransom. And some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't aren't necessarily to be trusted. And so the software that they provide, sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared. And on the other hand, the results are absolutely horrible. 2/3 of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson, "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready based on the information you have. And these people are smart people, and they're professionals. But oftentimes, you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me, and kind of the aha moment, really, in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly half being the victims of ransomware in the last three years. And then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen. Just a matter of when and how often. >> It is a matter. Yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud, where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on demand resources. And in the old days when we had disaster recoveries, where there we had two different data centers and the failover and so forth, you have double the infrastructure. If your financial services, it might even be triple the infrastructure. It's very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly, what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place, to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit. And all of a sudden, they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have. And it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here? Is it that these IT practitioners over 500 that you surveyed across 20 industries, as a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know. And until you get into a specific attack, there are so many different ways that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice, things like encryption, immutability, things like that that organizations can put into place. Certainly, air gaps, having a solid backup foundation to where data is, you have a high probability recovery, things like that. Those are the kinds of things that organizations have to put into place, really, is a baseline to assure that they can recover as fast as possible, and not lose data in the event of our ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities, and as the threat landscape just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners? But does this go all the way up to the board level in terms of, " Hey guys across every industry, we are vulnerable. This is going to happen. We've got to make sure that we are truly resilient and proactive." >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the loss productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing these issues within their organization. >> So all the way at the top, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned, ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved? To the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on-premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and and to be able to take that cloud-centric perspective and apply it on-premises, as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Druva sponsored IDC white paper, fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> I'm, Lisa Martin. You're watching theCUBE, the leader in live tech coverage. (upbeat music)

>>Hey everyone. Welcome back to the cubes day two coverage of VMware Explorer, 22 from San Francisco. Lisa Martin, back here with you with Dave Nicholson, we have a couple of guests from VMware. Joining us, please. Welcome Jay Workman, senior director, cloud partner, and alliances marketing, and Jeff Thompson, VP cloud provider sales at VMware guys. It's great to have you on the program. >>Ah, good to be here. Thanks for having us on. >>We're gonna be talking about a really interesting topic. Sovereign cloud. What is sovereign cloud? Jeff? Why is it important, but fundamentally, what is >>It? Yeah, well, we were just talking a second ago. Aren't we? And it's not about royalty. So yeah, data sovereignty is really becoming super important. It's about the regulation and control of data. So lots of countries now are being very careful and advising companies around where to place data and the jurisdictional controls mandate that personal data or otherwise has to be secured. We ask, we have to have access controls around it and privacy controls around it. So data sovereign clouds are clouds that have been built by our cloud providers in, in, in VMware that specifically satisfy the requirements of those jurisdictions and regulated industries. So we've built a, a little program around that. We launched it about a year ago and continuing to add cloud providers to that. >>Yeah, and I, I think it's also important just to build on what Jeff said is, is who can access that data is becoming increasingly important data is, is almost in it's. It is becoming a bit of a currency. There's a lot of value in data and securing that data is, is becoming over the years increasingly important. So it's, it's not like we built a problem or we created a solution for problem that didn't exist. It's gotten it's, it's been a problem for a while. It's getting exponentially bigger data is expanding and growing exponentially, and it's becoming increasingly important for organizations and companies to realize where my data sits, who can access it, what types of data needs to go and what type of clouds. And it's very, very aligned with multi-cloud because some data can sit in a, in a public cloud, which is fine, but some data needs to be secure. It needs to be resident within country. And so this is, this is what we're addressing through our partners. >>Yeah, I, yeah, I was just gonna add to that. I think there's a classification there there's data residency, and then there's data sovereignty. So residency is just about where is the data, which country is it in sovereignty is around who can access that data. And that's the critical aspect of, of data sovereignty who's got control and access to that data. And how do we make sure that all the controls are in place to make sure that only the right people can get access to that data? Yeah. >>So let's, let's sort of build from the ground up an example, and let's use Western Europe as an example, just because state to state in the United States, although California is about to adopt European standards for privacy in a, in a unique, in a unique, unique way, pick a country in, in Europe, I'm a service provider. I have an offering and that offering includes a stack of hardware and I'm running what we frequently refer to as the STDC or software defined data center stack. So I've got NEX and I've got vs N and I've got vSphere and I'm running and I have a cloud and you have all of the operational tools around that, and you can spin up VMs and render under applications there. And here we are within the borders of this country, what makes it a sovereign cloud at that? So at that point, is that a sovereign cloud or? >>No, not yet. Not it's close. I mean, you nailed, >>What's >>A secret sauce. You nailed the technology underpinning. So we've got 4,500 plus cloud provider partners around the world. Less than 10% of those partners are running the full STDC stack, which we've branded as VMware cloud verified. So the technology underpinning from our perspective is the starting point. Okay. For sovereignty. So they, they, they need that right. Technology. Okay. >>Verified is required for sovereign. Yes. >>Okay. Cloud verified is the required technology stack for sovereign. So they've got vSphere vs. A NSX in there. Okay. A lot of these partners are also offering a multitenant cloud with VMware cloud director on top of that, which is great. That's the starting point. But then we've, we've set a list of standards above and beyond that, in addition to the technology, they've gotta meet certain jurisdiction requirements, certain local compliance requirements and certifications. They've gotta be able to address the data re data residency requirements of their particular jurisdiction. So it's going above and beyond. But to your point, it does vary by country. >>Okay. So, so in this hypothetical example, this is this country. You a stand, I love it. When people talk about Stan, people talk about EMIA and you know, I, I love AMEA food. Isn't AIAN food. One. There's no such thing as a European until you have an Italian, a Britain, a German yep. In Florida arguing about how our beer and our coffee is terrible. Right. Right. Then they're all European. They go home and they don't like each other. Yeah. So, but let's just pretend that there's a thing called Europe. So this, so there's this, so we've got a border, we know residency, right. Because it physically is here. Yep. But what are the things in terms of sovereignty? So you're talking about a lot of kind of certification and validation, making sure that, that everything maps to those existing rules. So is, this is, this is a lot of this administrative and I mean, administrative in the, in the sort of state administrative terminology, >>I I'm let's build on your example. Yeah. So we were talking about food and obviously we know the best food in the world comes from England. >>Of course it does. Yeah. I, no doubt. I agree. I Don not get that. I do. I do do agree. Yeah. >>So UK cloud, fantastic partner for us. Okay. Whether they're one of our first sovereign cloud providers in the program. So UK cloud, they satisfied the requirements with the local UK government. They built out their cloud verified. They built out a stack specifically that enables them to satisfy the requirements of being a sovereign cloud provider. They have local data centers inside the UK. The data from the local government is placed into those data centers. And it's managed by UK people on UK soil so that they know the privacy, they know the security aspects, the compliance, all of that wrapped up on top of a secure SDDC platform. Okay. Satisfies the requirements of the UK government, that they are managing that data in a sovereign way that, that, that aligns to the jurisdictional control that they expect from a company like UK cloud. Well, >>I think to build on that, a UK cloud is an example of certain employees at UK, UK cloud will have certain levels of clearance from the UK government who can access and work on certain databases that are stored within UK cloud. So they're, they're addressing it from multiple fronts, not just with their hardware, software data center framework, but actually at the individual compliance level and individual security clearance level as to who can go in and work on that data. And it's not just a governmental, it's not a public sector thing. I mean, any highly regulated industry, healthcare, financial services, they're all gonna need this type of data protection and data sovereignty. >>Can this work in a hyperscaler? So you've got you, have, you have VMC AVS, right? GC V C >>O >>CVAs O CVS. Thank you. Can it be, can, can a sovereign cloud be created on top of physical infrastructure that is in one of those hyperscalers, >>From our perspective, it's not truly sovereign. If, if it's a United States based company operating in Germany, operating in the UK and a local customer or organization in Germany, or the UK wants to deploy workloads in that cloud, we wouldn't classify that as totally sovereign. Okay. Because by virtue of the cloud act in the United States, that gives the us government rights to request or potentially view some of that data. Yeah. Because it's, it's coming out of a us based operator data center sitting on foreign soil so that the us government has some overreach into that. And some of that data may actually be stored. Some of the metadata may reside back in the us and the customer may not know. So certain workloads would be ideally suited for that. But for something that needs to be truly sovereign and local data residency, that it wouldn't be a good fit. I think that >>Perspectives key thing, going back to residency versus sovereignty. Yeah. It can be, let's go to our UK example. It can be on a hyperscaler in the UK now it's resident in the UK, but some of the metadata, the profiling information could be accessible by the entity in the United States. For example, there now it's not sovereign anymore. So that's the key difference between a, what we view as a pro you know, a pure sovereign cloud play and then maybe a hyperscaler that's got more residency than sovereignty. >>Yeah. We talk a lot about partnerships. This seems to be a unique opportunity for a certain segment of partners yeah. To give that really is an opportunity for them to have a line of business established. That's unique from some of the hyperscale cloud providers. Yeah. Where, where sort of the, the modesty of your size might be an advantage if you're in a local. Yes. You're in Italy and you are a service provider. There sounds like a great fit, >>That's it? Yeah. You've always had the, the beauty of our program. We have 4,500 cloud providers and obviously not, all of them are able to provide a data, a sovereign cloud. We have 20 in the program today in, in the country. You you'd expect them to be in, you know, the UK, Italy, Italy, France, Germany, over in Asia Pacific. We have in Australia and New Zealand, Japan, and, and we have Canada and Latin America to, to dovetail, you know, the United States. But those are the people that have had these long term relationships with the local governments, with these regulated industries and providing those services for many, many years. It's just that now data sovereignty has become more important. And they're able to go that extra mile and say, Hey, we've been doing this pretty much, you know, for decades, but now we're gonna put a wrap and some branding around it and do these extra checks because we absolutely know that we can provide the sovereignty that's required. >>And that's been one of the beautiful things about the entire initiative is we're actually, we're learning a lot from our partners in these countries to Jeff's point have been doing this. They've been long time, VMware partners they've been doing sovereignty. And so collectively together, we're able to really establish a pretty robust framework from, from our perspective, what does data sovereignty mean? Why does it matter? And then that's gonna help us work with the customers, help them decide which workloads need to go and which type of cloud. And it dovetails very, very nicely into a multi-cloud that's a reality. So some of those workloads can sit in the public sector and the hyperscalers and some of 'em need to be sovereign. Yeah. So it's, it's a great solution for our customers >>When you're in customer conversations, especially as, you know, data sovereign to be is becomes a global problem. Where, who are you talking to? Are you talking to CIOs? Are you talking to chief data officers? I imagine this is a pretty senior level conversation. >>Yeah. I it's, I think it's all of the above. Really. It depends. Who's managing the data. What type of customer is it? What vertical market are they in? What compliance regulations are they are they beholden to as a, as an enterprise, depending on which country they're in and do they have a need for a public cloud, they may already be all localized, you know? So it really depends, but it, it could be any of those. It's generally I think a fair, fairly senior level conversation. And it's, it's, it's, it's consultancy, it's us understanding what their needs are working with our partners and figuring out what's the best solution for them. >>And I think going back to, they've probably having those conversations for a long time already. Yeah. Because they probably have had workloads in there for years, maybe even decades. It's just that now sovereignty has become, you know, a more popular, you know, requirements to satisfy. And so they've gone going back to, they've gone the extra mile with those as the trusted advisor with those people. They've all been working with for many, many years to do that work. >>And what sort of any examples you mentioned some of the highly regulated industries, healthcare, financial services, any customer come to mind that you think really articulates the value of what VMware's delivering through its service through its cloud provider program. That makes the obvious why VMware an obvious answer? >>Wow. I, I, I get there's, there's so many it's, it's actually, it's each of our different cloud providers. They bring their win wise to us. And we just have, we have a great library now of assets that are on our sovereign cloud website of those win wires. So it's many industries, many, many countries. So you can really pick, pick your, your choice. There. That's >>A good problem >>To have, >>To the example of UK cloud they're, they're really focused on the UK government. So some of them aren't gonna be referenced. Well, we may have indication of a major financial services company in Australia has deployed with AU cloud, one of our partners. So we we've also got some semi blind references like that. And, and to some degree, a lot of these are maintained as fairly private wins and whatnot for obvious security reasons, but, and we're building it and building that library up, >>You mentioned the number 4,500, a couple of times, you, you referencing VMware cloud provider partners or correct program partners. So VCP P yes. So 45, 4500 is the, kind of, is the, is the number, you know, >>That's the number >>Globally of our okay. >>Partners that are offering a commercial cloud service based at a minimum with vSphere and they're. And many of 'em have many more of our technologies. And we've got little under 10% of those that have the cloud verified designation that are running that full STDC, stack >>Somebody, somebody Talli up, all of that. And the argument has been made that, that rep that, that would mean that VMware cloud. And although some of it's on IAS from hyperscale cloud providers. Sure. But that, that rep, that means that VMware has the third or fourth largest cloud on the planet already right now. >>Right. Yep. >>Which is kind of interesting because yeah. If you go back to when, what 2016 or so when VMC was at least baned about yeah. Is that right? A lot of people were skeptical. I was skeptical very long history with VMware at the time. And I was skeptical. I I'm thinking, nah, it's not gonna work. Yeah. This is desperation. Sorry, pat. I love you. But it's desperation. Right. AWS, their attitude is in this transaction. Sure. Send us some customers we'll them. Yeah. Right. I very, very cynical about it. Completely proved me wrong. Obviously. Where did it go? Went from AWS to Azure to right. Yeah. To GCP, to Oracle, >>Oracle, Alibaba, >>Alibaba. Yep. Globally. >>We've got IBM. Yep. Right. >>Yeah. So along the way, it would be easy to look at that trajectory and say, okay, wow, hyperscale cloud. Yeah. Everything's consolidating great. There's gonna be five or six or 10 of these players. And that's it. And everybody else is out in the cold. Yeah. But it turns out that long tail, if you look at the chart of who the largest VCP P partners are, that long tail of the smaller ones seem to be carving out specialized yes. Niches where you can imagine now, at some point in the future, you sum up this long tail and it becomes larger than maybe one of the hyperscale cloud providers. Right. I don't think a lot of people predicted that. I think, I think people predicted the demise of VMware and frankly, a lot of people in the VMware ecosystem, just like they predicted the demise of the mainframe. Sure. The storage area network fill in the blank. I >>Mean, Jeff and I we've oh yeah. We've been on the, Jeff's been a little longer than I have, but we've been working together for 10 plus years on this. And we've, we've heard that many times. Yeah. Yeah. Our, our ecosystem has grown over the years. We've seen some consolidation, some M and a activity, but we're, we're not even actively recruiting partners and it's growing, we're focused on helping our partners gain more, share internally, gain, more share at wallet, but we're still getting organic growth in the program. Really. So it, it shows, I think that there is value in what we can offer them as a platform to build a cloud on. >>Yeah. What's been interesting is there's there's growth and there's some transition as well. Right? So there's been traditional cloud providers. Who've built a cloud in their data center, some sovereign, some not. And then there's other partners that are adopting VCP P because of our SA. So we've either converted some technology from product into SA or we've built net new SA or we've acquired companies that have been SA only. And now we have a bigger portfolio that service providers, cloud providers, managed service providers are all interested in. So you get resellers channel partners. Who've historically been doing ELAs and reselling to end customers. They're transitioning their business into doing recurring revenue and the only game in town where you really wanna do recurring revenues, VCP P. So our ecosystem is both growing because our cloud providers with their data center are doing more with our customers. And then we're adding more managed service providers because of our SA portfolio. And that, that, that combo, that one, two punch is creating a much bigger VCP P ecosystem overall. >>Yeah. >>Impressive. >>Do you think we have a better idea of what sovereign cloud means? Yes. I think we do. >>It's not Royal. >>It's all about royalty, >>All royalty. What are some of the things Jeff, as we look on the horizon, obviously seven to 10,000 people here at, at VMwares where people really excited to be back. They want to hear it from VMware. They wanna hear from its partner ecosystem, the community. What are some of the things that you think are on the horizon where sovereign cloud is concerned that are really opportunities yeah. For businesses to get it right. >>Yeah. We're in the early days of this, I think there's still a whole bunch of rules, regulatory laws that have not been defined yet. So I think there's gonna be some more learning. There's gonna be some top down guidance like Gaia X in Europe. That's the way that they're defining who gets access and control over what data and what's in. And what's out of that. So we're gonna get more of these Gaia X type things happening around the world, and they're all gonna be slightly different. Everyone's gonna have to understand what they are, how to interpret and then build something around them. So we need to stay on top of that, myself and Jay, to make sure that we've got the right cloud providers in the right space to capitalize on that, build out the sovereign cloud program over time and make sure that what they're building to support aligns with these different requirements that are out there across different countries. So it's an evolving landscape. That's >>Yeah. And one of the things too, we're also doing from a product perspective to better enable partners to, to address these sovereign cloud workloads is where we have, we have gaps maybe in our portfolio is we're partner partnering with some of our ISVs, like a, Konic like a Forex vem. So we can give our partners object storage or ransomware protection to add on to their sovereign cloud service, all accessible through our cloud director consult. So we're, we're enhancing the program that way. And to Jeff's point earlier, we've got 20 partners today. We're hoping to double that by the end of our fiscal year and, and just take a very methodical approach to growth of the program. >>Sounds great guys, early innings though. Thank you so much for joining Dave and me talking about what software and cloud is describing it to us, and also talking about the difference between that data residency and all the, all of the challenges and the, in the landscape that customers are facing. They can go turn to VMware and its ecosystem for that help. We appreciate your insights and your time. Guys. Thank >>You >>For >>Having us. Our >>Pleasure. Appreciate it >>For our guests and Dave Nicholson. I'm Lisa Martin. You've been watching the cube. This is the end of day, two coverage of VMware Explorer, 2022. Have a great rest of your day. We'll see you tomorrow.

>>And welcome back to the cubes coverage of a, of us. Reinforc here in Boston, Massachusetts. I'm John furrier. We're here for a great interview on the next generation topic of state of industrial security. We have two great guests, Tim Jefferson, senior vice president data network and application security at Barracuda. And Cenon Aron vice president of zero trust engineering at Barracuda. Gentlemen. Thanks for coming on the queue. Talk about industrial security. >>Yeah, thanks for having us. >>So one of the, one of the big things that's going on, obviously you got zero trust. You've got trusted, trusted software supply chain challenges. You've got hardware mattering more than ever. You've got software driving everything, and all this is talking about industrial, you know, critical infrastructure. We saw the oil pipeline had a hack and ransomware attack, and that's just constant barrage of threats in the industrial area. And all the data is pointing to that. This area is gonna be fast growth machine learning's kicking in automation is coming in. You see a huge topic, huge growth trend. What is the big story going on here? >>Yeah, I think at a high level, you know, we did a survey and saw that, you know, over 95% of the organizations are experiencing, you know, security challenges in this space. So, you know, the blast radius in the, of the, the interface that this creates so many different devices and things and objects that are getting network connected now create a huge challenge for security teams to kind of get their arms around that. >>Yeah. And I can add that, you know, majority of these incidents that, that these organizations suffer lead to significant downtime, right? And we're talking about operational technology here, you know, lives depend on, on these technologies, right? Our, our wellbeing everyday wellbeing depend on those. So, so that is a key driver of initiatives and projects to secure industrial IOT and operational technologies in, in these businesses. >>Well, it's great to have both of you guys on, you know, Tim, you know, you had a background at AWS and sit on your startup, founder, soldier, coming to Barracuda, both very experienced, seeing the ways before in this industry. And I'd like to, if you don't mind talk about three areas, remote access, which we've seen in huge demand with, with the pandemic and the out, coming out with the hybrid and certainly industrial, that's a big part of it. And then secondly, that the trend of clear commitment from enterprises to have in a public cloud component, and then finally the secure access edge, you know, with SAS business models, securing these things, these are the three hot areas let's go into the first one, remote access. Why is this important? It seems that this is the top priority for having immediate attention on what's the big challenge here? Is it the most unsecure? Is it the most important? What, why is this relevant? >>So now I'll let you jump in there. >>Yeah, sure. Happy to. I mean, if you think about it, especially now, we've been through a, a pandemic shelter in place cycle for almost two years. It, it becomes essentially a business continuity matter, right? You do need remote access. We also seen a tremendous shift in hiring the best talent, wherever they are, right. Onboarding them and bringing the talent into, into, into, into businesses that have maybe a lot more distributed environments than traditionally. So you have to account for remote access in every part of everyday life, including industrial technologies, you need remote support, right? You need vendors that might be overseas providing you, you know, guidance and support for these technologies. So remote support is every part of life. Whether you work from home, you work on your, on the go, or you are getting support from a vendor that happens to be in Germany, you know, teleporting into your environment in Hawaii. You know, all these things are essentially critical parts of everyday life. Now >>Talk about ZT and a zero trust network access is a, this is a major component for companies. Obviously, you know, it's a position taking trust and verifies. One other approach, zero trust is saying, Hey, I don't trust you. Take us through why that's important. Why is zero trust network access important in this area? >>Yeah. I mean, I could say that traditionally remote access, if you think about infancy of the internet in the nineties, right? It was all about encryption in, in transit, right? You were all about internet was vastly clear text, right? We didn't have even SSL TLS, widely distributed and, and available. So when VPNs first came out, it was more about preventing sniffing, clear tech clear text information from, from, from the network, right? It was more about securing the, the transport, but now that kind of created a, a big security control gap, which implicitly trusted user users, once they are teleported into a remote network, right? That's the essence of having a remote access session you're brought from wherever you are into an internal network. They implicitly trust you that simply breakdown over time because you are able to compromise end points relatively easily using browser exploits. >>You know, so, so for supply chain issues, water hole attacks, and leverage the existing VPN tunnels to laterally move into the organization from within the network, you literally move in further and further and further down, you know, down the network, right? So the VPN needed a, a significant innovation. It was meant to be securing packets and transit. It was all about an encryption layer, but it had an implicit trust problem with zero trust. We turn it into an explicit trust problem, right? Explicit trust concept, ideally. Right? So you are, who do you say you are? And you are authorized to access only to things that you need to access to get the work done. >>So you're talking about granular levels versus the one time database look up you're in >>That's right. >>Tim, talk about the OT it side of this equation of industrial, because it, you know, is IP based, networking, OT have been purpose built, you know, maybe some proprietary technology yeah. That connects to the internet internet, but it's mainly been secure. Those have come together over the years and now with no perimeter security, how is this world evolving? Because there's gonna be more cloud there, be more machine learning, more hybrid on premise, that's going on almost a reset if you will. I mean, is it a reset? What's the, what's the situation. >>Yeah. I think, you know, in typical human behavior, you know, there's a lot of over rotation going on. You know, historically a lot of security controls are all concentrated in a data center. You know, a lot of enterprises had very large sophisticated well-established security stacks in a data center. And as those applications kind of broke down and, and got rearchitected for the cloud, they got more modular, they got more distributed that centralized security stack became an anti pattern. So now this kind of over rotation, Hey, let's take this stack and, and put it up in the cloud. You know, so there's lots of names for this secure access, service edge, you know, secure service edge. But in the end, you know, you're taking your controls and, and migrating them into the cloud. And, you know, I think ultimately this creates a great opportunity to embrace some of security, best practices that were difficult to do in some of the legacy architectures, which is being able to push your controls as far out to the edge as possible. >>And the interesting thing about OT and OT now is just how far out the edge is, right? So instead of being, you know, historically it was the branch or user edge, remote access edge, you know, Syon mentioned that you, you have technologies that can VPN or bring those identities into those networks, but now you have all these things, you know, partners, devices. So it's the thing, edge device edge, the user edge. So a lot more fidelity and awareness around who users are. Cause in parallel, a lot of the IDP and I IBM's platforms have really matured. So marrying those concepts of this, this lot of maturity around identity management yeah. With device in and behavior management into a common security framework is really exciting. But of course it's very nascent. So people are, it's a difficult time getting your arms around >>That. It's funny. We were joking about the edge. We just watching the web telescope photos come in the deep space, the deep edge. So the edge is continuing to be pushed out. Totally see that. And in fact, you know, one of the things we're gonna, we're gonna talk about this survey that you guys had done by an independent firm has a lot of great data. I want to unpack that, but one of the things that was mentioned in there, and I'll get, I wanna get your both reaction to this is that virtually all organizations are committing to the public cloud. Okay. I think it was like 96% or so was the stat. And if you combine in that, the fact that the edge is expanding, the cloud model is evolving at the edge. So for instance, a building, there's a lot behind it. You know, how far does it go? So we don't and, and what is the topology because the topology seem to change too. So there's this growth and change where we need cloud operations, DevOps at, at the edge and the security, but it's changing. It's not pure cloud, but it's cloud. It has to be compatible. What's your reaction to that, Tim? I mean, this is, this is a big part of the growth of industrial. >>Yeah. I think, you know, if you think about, there's kind of two exciting developments that I would think of, you know, obviously there's this increase to the surface area, the tax surface areas, people realize, you know, it's not just laptops and devices and, and people that you're trying to secure, but now they're, you know, refrigerators and, you know, robots and manufacturing floors that, you know, could be compromised, have their firmware updated or, you know, be ransomware. So this a huge kind of increase in surface area. But a lot of those, you know, industrial devices, weren't built around the concept with network security. So kind of bolting on, on thinking through how can you secure who and what ultimately has access to those, to those devices and things. And where is the control framework? So to your point, the control framework now is typically migrated now into public cloud. >>These are custom applications, highly distributed, highly available, very modular. And then, you know, so how do you, you know, collect the telemetry or control information from these things. And then, you know, it creates secure connections back into these, these control applications, which again, are now migrated to public cloud. So you have this challenge, you know, how do you secure? We were talking about this last time we discussed, right. So how do you secure the infrastructure that I've, I've built in deploying now, this control application and in public cloud, and then connect in with this, this physical presence that I have with these, you know, industrial devices and taking telemetry and control information from those devices and bringing it back into the management. And this kind marries again, back into the remote axis that Sunan was mentioning now with this increase awareness around the efficacy of ransomware, we are, you know, we're definitely seeing attackers going after the management frameworks, which become very vulnerable, you know, and they're, they're typically just unprotected web applications. So once you get control of the management framework, regardless of where it's hosted, you can start moving laterally and, and causing some damage. >>Yeah. That seems to be the common thread. So no talk about, what's your reaction to that because, you know, zero trust, if it's evolving and changing, you, you gotta have zero trust you. I didn't even know it's out there and then it gets connected. How do you solve that problem? Cuz you know, there's a lot of surface area that's evolving all the OT stuff and the new, it, what's the, what's the perspective and posture that the clients your clients are having and customers. Well, >>I, I think they're having this conversation about further mobilizing identity, right? We did start with, you know, user identity that become kind of the first foundational building block for any kind of zero trust implementation. You work with, you know, some sort of SSO identity provider, you get your, you sync with your user directories, you have a single social truth for all your users. >>You authenticate them through an identity provider. However that didn't quite cut it for industrial OT and OT environments. So you see like we have the concept of hardware machines, machine identities now become an important construct, right? The, the legacy notion of being able to put controls and, and, and, and rules based on network constructs doesn't really scale anymore. Right? So you need to have this concept of another abstraction layer of identity that belongs to a service that belongs to an application that belongs to a user that belongs to a piece of hardware. Right. And then you can, yeah. And then you can build a lot more, of course, scalable controls that basically understand the, the trust relation between these identities and enforce that rather than trying to say this internal network can talk to this other internal network through a, through a network circuit. No, those things are really, are not scalable in this new distributed landscape that we live in today. So identity is basically going to operationalize zero trust and a lot more secure access going forward. >>And that's why we're seeing the sassy growth. Right. That's a main piece of it. Is that what you, what you're seeing too? I mean, that seems to be the, the approach >>I think like >>Go >>Ahead to, yeah. I think like, you know, sassy to me is really about, you know, migrating and moving your security infrastructure to the cloud edge, you know, as we talked to the cloud, you know, and then, you know, do you funnel all ingress and egress traffic through this, you know, which is potentially an anti pattern, right? You don't wanna create, you know, some brittle constraint around who and what has access. So again, a security best practices, instead of doing all your enforcement in one place, you can distribute and push your controls out as far to the edge. So a lot of SASI now is really around centralizing policy management, which is the big be one of the big benefits is instead of having all these separate management plans, which always difficult to be very federated policy, right? You can consolidate your policy and then decide mechanism wise how you're gonna instrument those controls at the edge. >>So I think that's the, the real promise of, of the, the sassy movement and the, I think the other big piece, which you kind of touched on earlier is around analytics, right? So it creates an opportunity to collect a whole bunch of telemetry from devices and things, behavior consumption, which is, which is a big, common, best practice around once you have SA based tools that you can instrument in a lot of visibility and how users and devices are behaving in being operated. And to Syon point, you can marry that in with their identity. Yeah. Right. And then you can start building models around what normal behavior is and, you know, with very fine grain control, you can, you know, these types of analytics can discover things that humans just can't discover, you know, anomalous behavior, any kind of indicators are compromised. And those can be, you know, dynamic policy blockers. >>And I think sun's point about what he was talking about, talks about the, the perimeters no longer secure. So you gotta go to the new way to do that. Totally, totally relevant. I love that point. Let me ask you guys a question on the, on the macro, if you don't mind, how concerned are you guys on the current threat landscape in the geopolitical situation in terms of the impact on industrial IOT in this area? >>So I'll let you go first. Yeah. >>I mean, it's, it's definitely significantly concerning, especially if now with the new sanctions, there's at least two more countries being, you know, let's say restricted to participate in the global economic, you know, Mar marketplace, right? So if you look at North Korea as a pattern, since they've been isolated, they've been sanctioned for a long time. They actually double down on rents somewhere to even fund state operations. Right? So now that you have, you know, BES be San Russia being heavily sanctioned due to due to their due, due to their activities, we can envision more increase in ransomware and, you know, sponsoring state activities through illegal gains, through compromising, you know, pipelines and, you know, industrial, you know, op operations and, and seeking large payouts. So, so I think the more they will, they're ized they're pushed out from the, from the global marketplace. There will be a lot more aggression towards critical infrastructure. >>Oh yeah. I think it's gonna ignite more action off the books, so to speak as we've seen. Yeah. We've >>Seen, you know, another point there is, you know, Barracuda also runs a, a backup, you know, product. We do a, a purpose built backup appliance and a cloud to cloud backup. And, you know, we've been running this service for over a decade. And historically the, the amount of ransomware escalations that we got were very slow, you know, is whenever we had a significant one, helping our customers recover from them, you know, you know, once a month, but over the last 18 months, this is routine now for us, this is something we deal with on a daily basis. And it's becoming very common. You know, it's, it's been a well established, you know, easily monetized route to market for the bad guys. And, and it's being very common now for people to compromise management planes, you know, they use account takeover. And the first thing they're doing is, is breaking into management planes, looking at control frameworks. And then first thing they'll do is delete, you know, of course the backups, which this sort of highlights the vulnerability that we try to talk to our customers about, you know, and this affects industrial too, is the first thing you have to do is among other things, is, is protect your management planes. Yeah. And putting really fine grain mechanisms like zero trust is, is a great, >>Yeah. How, how good is backup, Tim, if you gets deleted first is like no backup. There it is. So, yeah. Yeah. Air gaping. >>I mean, obviously that's kinda a best practice when you're bad guys, like go in and delete all the backups. So, >>And all the air gaps get in control of everything. Let me ask you about the, the survey pointed out that there's a lot of security incidents happening. You guys pointed that out and discussed a little bit of it. We also talked about in the survey, you know, the threat vectors and the threat landscape, the common ones, ransomware was one of them. The area that I liked, what that was interesting was the, the area that talked about how organizations are investing in security and particularly around this, can you guys share your thoughts on how you see the, the market, your customers and, and the industry investing? What are they investing in? What stage are they in when it comes to IOT and OT, industrial IOT and OT security, do they do audits? Are they too busy? I mean, what's the state of their investment thesis progress of, of, of how they're investing in industrial IOT? >>Yeah. Our, our view is, you know, we have a next generation product line. We call, you know, our next, our cloud chain firewalls. And we have a form factor that sports industrial use cases we call secure connectors. So it's interesting that if you, what we learned from that business is a tremendous amount of bespoke efforts at this point, which is sort of indicative of a, of a nascent market still, which is related to another piece of information I thought was really interested in the survey that I think it was 93% of the, the participants, the enterprises had a failed OT initiative, you know, that, you know, people tried to do these things and didn't get off the ground. And then once we see build, you know, strong momentum, you know, like we have a, a large luxury car manufacturer that uses our secure connectors on the, on the robots, on the floor. >>So well established manufacturing environments, you know, building very sophisticated control frameworks and, and security controls. And, but again, a very bespoke effort, you know, they have very specific set of controls and specific set of use cases around it. So it kind of reminds me of the late nineties, early two thousands of people trying to figure out, you know, networking and the blast radi and networking and, and customers, and now, and a lot of SI are, are invested in this building, you know, fast growing practices around helping their customers build more robust controls in, in helping them manage those environments. So, yeah, I, I think that the market is still fairly nascent >>From what we seeing, right. But there are some encouraging, you know, data that shows that at least helpful of the organizations are actively pursuing. There's an initiative in place for OT and a, you know, industrial IOT security projects in place, right. They're dedicating time and resources and budget for this. And, and in, in regards to industries, verticals and, and geographies oil and gas, you know, is, is ahead of the curve more than 50% responded to have the project completed, which I guess colonial pipeline was the, you know, the call to arms that, that, that was the big, big, you know, industrial, I guess, incident that triggered a lot of these projects to be accelerating and, and, you know, coming to the finish line as far as geographies go DACA, which is Germany, Austria, Switzerland, and of course, north America, which happens to be the industrial powerhouses of, of the world. Well, APAC, you know, also included, but they're a bit behind the curve, which is, you know, that part is a bit concerning, but encouragingly, you know, Western Europe and north America is ahead of these, you know, projects. A lot of them are near completion or, or they're in the middle of some sort of an, you know, industrial IOT security project right >>Now. I'm glad you brought the colonial pipeline one and, and oil and gas was the catalyst. Again, a lot of, Hey, scared that better than, than me kinda attitude, better invest. So I gotta ask you that, that supports Tim's point about the management plane. And I believe on that hack or ransomware, it wasn't actually control of the pipeline. It was control over the management billing, and then they shut down the pipeline cuz they were afraid it was gonna move over. So it wasn't actually the critical infrastructure itself to your point, Tim. >>Yeah. It's hardly over the critical infrastructure, by the way, you always go through the management plane, right. It's such an easier lying effort to compromise because it runs on an endpoint it's standard endpoint. Right? All this control software will, will be easier to get to rather than the industrial hardware itself. >>Yeah. It's it's, it's interesting. Just don't make a control software at the endpoint, put it zero trust. So down that was a great point. Oh guys. So really appreciate the time and the insight and, and the white paper's called NETEC it's on the Barracuda. Netex industrial security in 2022. It's on the barracuda.com website Barracuda network guys. So let's talk about the read force event hasn't been around for a while cuz of the pandemic we're back in person what's changed in 2019 a ton it's like security years is not dog years anymore. It's probably dog times too. Right. So, so a lot's gone on where are we right now as an industry relative to the security cybersecurity. Could you guys summarize kind of the, the high order bit on where we are today in 2022 versus 2019? >>Yeah, I think, you know, if you look at the awareness around how to secure infrastructure in applications that are built in public cloud in AWS, it's, you know, exponentially better than it was. I think I remember when you and I met in 2018 at one of these conferences, you know, there were still a lot of concerns, whether, you know, IAS was safe, you know, and I think the amount of innovation that's gone on and then the amount of education and awareness around how to consume, you know, public cloud resources is amazing. And you know, I think that's facilitated a lot of the fast growth we've seen, you know, the consistent, fast growth that we've seen across all these platforms >>Say that what's your reaction to the, >>I think the shared responsibility model is well understood, you know, and, and, and, and we can see a lot more implementation around, you know, CSBM, you know, continuously auditing the configurations in these cloud environments become a, a standard table stake, you know, investment from every stage of any business, right? Whether from early state startups, all the way to, you know, public companies. So I think it's very well understood and, and the, and the investment has been steady and robust when it comes to cloud security. We've been busy, you know, you know, helping our customers and AWS Azure environments and, and others. So I, I think it's well understood. And, and, and we are on a very optimistic note actually in a good place when it comes to public cloud. >>Yeah. A lot of great momentum, a lot of scale and data act out there. People sharing data, shared responsibility. Tim is in, thank you for sharing your insights here in this cube segment coverage of reinforce here in Boston. Appreciate it. >>All right. Thanks for having >>Us. Thank you. >>Okay, everyone. Thanks for watching the we're here at the reinforced conference. AWS, Amazon web services reinforced. It's a security focused conference. I'm John furier host of the cube. We'd right back with more coverage after the short break.

(upbeat music) >> Hi, I'm Joe Rodriguez, Managing Director of Financial Services at Cloudera. Welcome to the Fight Fraud with Data session. At Cloudera we believe that fighting fraud begins with data. So financial services is Cloudera's largest industry vertical. We have approximately 425 global financial services customers, which consists of 82 out of a hundred of the largest global banks of which we have 27 that are globally systemic banks. Four out of the five top stock exchanges, eight out of the top 10 wealth management firms and all four of the top credit card networks. So as you can see, most financial services institutions utilize Cloudera for data analytics and machine learning. We also have over 20 central banks and a dozen or so financial regulators. So it's an incredible footprint which gives Cloudera lots of insight into the many innovations that our customers are coming up with. Criminals can steal thousands of dollars before a fraudulent transaction is detected. So the cost to purchase your account data is well worth the price to fraudsters. According to Experian, credit and a debit card account information sells on the dark web for a mere $5 with the CVV number and up to $110 if it comes with all the bank information, including your name, social security number, date of birth, complete account numbers, and other personal data. Our customers have several key data and analytics challenges when it comes to fighting financial crime. The volume of data that they need to deal with is huge and growing exponentially. All this data needs to be evaluated in real time. There are new sources of streaming data that need to be integrated with existing legacy data sources. This includes biometrics data and enhanced authentication video surveillance, call center data, and of course all that needs to be integrated with existing legacy data sources. There is an analytics Arms Race between the banks and the criminals, and the criminal networks never stop innovating. They also have to deal with disjointed security and governance. Security and governance policies are often set per data source or application requiring redundant work across workloads. And they have to deal with siloed environments. The specialized nature of platforms and people results in disparate data sources and data management processes. This duplicates efforts and divides the business risk and crime teams, limiting collaboration opportunities between them. CDP enhances financial crime solutions to be holistic by eliminating data gaps between siloed solutions, with an enterprise data approach, advanced data analytics and machine learning. By deploying an enterprise wide data platform, you reduce siloed divisions between business risk and crime teams and enable better collaboration through industrialized machine learning, you tighten up the loop between detection and new fraud patterns. Cloudera provides the data platform on which a best of breed applications can run and leverage integrated machine learning. Cloudera stands rather than replaces your existing fraud modeling applications. So Oracle, SAS, Actimize, to name a few, integrate with an enterprise data hub to scale the data, increase speed and flexibility and improve efficacy of your entire fraud system. It also centralizes the fraud workload on data that can be used for other use cases in applications like Enhanced KYC and Customer 360 for example. I just wanted to highlight a couple of our partners in financial crime prevention, Simudyne and Quantexa. So Simudyne provides fraud simulation using agent-based modeling machine learning techniques to generate synthetic transaction data. This data simulates potential fraud scenarios in a cost-effective GDPR-compliant virtual environment to significantly improve financial crime detection systems. Simudyne identifies future fraud topologies for millions of simulations that can be used to dynamically train new machine learning algorithms for enhanced identification. And Quantexa connects the dots within your data using dynamic entity resolution, and advanced network analytics to create context around your customers. This enables you to see the bigger picture and automatically assesses potential criminal behavior. Now let's go over some of our customers and how they're using Cloudera. First, we'll talk about United Overseas Bank or UOB. UOB is a leading full service bank in Asia with a network of more than 500 offices in 19 countries and territories, in Asia Pacific, Western Europe and North America. UOB built a modern data platform on Cloudera that gives it the flexibility and speed to develop new AI and machine learning solutions and to create a data-driven enterprise. UOB set up it's big data analytics center in 2017. It was Singapore's first centralized big data unit within a bank to deepen the bank's data analytic capabilities and to use data insights to enhance the bank's performance. Essential to this work was implementing a platform that could cost efficiently bring together data from dozens of separate systems and incorporate a range of unstructured data, including voice and text. Using Cloudera CDP and machine learning, UOB gained a richer understanding of its customer preferences to help make their banking experience simpler, safer, and more reliable. Working with Cloudera, UOB has a big data platform that gives business staff and data scientists, faster access to relevant and quality data for self-service analytics, machine learning and emerging artificial intelligence solutions. With new self-service analytics and machine learning driven insights, UOB has realized improvements in digital banking, asset management, compliance, AML, and more. Advanced AML detection capabilities, help analysts detect suspicious transactions either based on hidden relationships of shell companies and high risk individuals with Cloudera and machine learning technologies, UOB was able to enhance AML detection and reduce the time to identify new links from months to three weeks. Next, let's speak about MasterCard. So MasterCard's principle business is to process payments between banks and merchants and the credit issuing banks and credit unions of the purchasers who use the MasterCard brand debit and credit cards to make purchases. MasterCard chose Cloudera Enterprise for fraud detection and to optimize their DW infrastructure, delivering deep insights and best practices and big data security and compliance. Next, let's speak about Bank Rakyat in Indonesia or BRI. BRI is one of the largest and oldest banks in Indonesia and engages in the provision of general banking services. It's headquartered in Jakarta, Indonesia. BRI is well-known for its focus on microfinancing initiatives and serves over 75 million customers through its more than 11,000 offices and rural service outposts. BRI required better insight to understand customer activity and identify fraudulent transactions. The bank needed a solid foundation that allowed it to leverage the power of advanced analytics, artificial intelligence, and machine learning to gain better understanding of customers and the market. BRI used Cloudera Enterprise data platform to build an agile and reliable, predictive augmented intelligence solution to enhance its credit scoring system. And to address the rising concern around data security from regulators and customers, BRI developed a real-time fraud detection service powered by Cloudera and Kafka, BRI's data scientists developed a machine learning model for fraud detection by creating a behavioral scoring model based on customer savings, loan transactions, deposits, payroll and other financial real-time data. This led to improvements in its fraud detection and credit scoring capabilities, as well as the development of a new digital microfinancing product. With the enablement of real-time fraud detection, BRI was able to reduce the rate of fraud by 40%. It improved relationship manager productivity by two and a half fold. It improved the credit scoring system to cut down on micro-financing loan processing times from two weeks to two days to now two minutes. So fraud prevention is a good area to start with data focus if you haven't already. It offers a quick return on investment and it's a focused area that's not too entrenched across the company. To learn more about fraud prevention, go to www.cloudera.com, and you should schedule a meeting with Cloudera to learn even more. And with that, thank you for listening and thank you for your time. (upbeat music)

>>Uh, hi, I'm Joe Rodriguez, managing director of financial services at Cloudera. Uh, welcome to the fight fraud with a data session, uh, at Cloudera, we believe that fighting fraud with, uh, uh, begins with data. Um, so financial services is Cloudera's largest industry vertical. We have approximately 425 global financial services customers, uh, which consists of 82 out of a hundred of the largest global banks of which we have 27 that are globally systemic banks, uh, four out of the five top, uh, stock exchanges, uh, eight out of the top 10 wealth management firms and all four of the top credit card networks. So as you can see most financial services institutions, uh, utilize Cloudera for data analytics and machine learning, uh, we also have over 20 central banks and a dozen or so financial regulators. So it's an incredible footprint which gives Cloudera lots of insight into the many innovations, uh, that our customers are coming up with. Uh, criminals can steal thousands of dollars before a fraudulent transaction is detected. So the cost of, uh, to purchase a, your account data is well worth the price to fraudsters. Uh, according to Experian credit and debit card account information sells on the dark web for a mere $5 with the CVV number and up to $110. If it comes with all the bank information, including your name, social security number, date of birth, uh, complete account numbers and, and other personal data. >>Um, our customers have several key data and analytics challenges when it comes to fighting financial crime. The volume of data that they need to deal with is, is huge and growing exponentially. Uh, all this data needs to be evaluated in real time. Uh, there is, uh, there are new sources of, of streaming data that need to be integrated with existing, uh, legacy data sources. This includes, um, biometrics data and enhanced, uh, authentication, uh, video surveillance call center data. And of course all that needs to be integrated with existing legacy data sources. Um, there is an analytics arms race between the banks and the criminals and the criminal networks never stop innovating. They also we'll have to deal with, uh, disjointed security and governance, security and governance policies are often set per data source, uh, or application requiring redundant work, work across workloads. And, and they have to deal with siloed environments, um, the specialized nature of platforms and people results in disparate data sources and data management processes, uh, this duplicates efforts and, uh, divides the, the business risk and crime teams, limiting collaboration opportunities between CDP enhances financial crime solutions, uh, to be holistic by eliminating data gaps between siloed solutions with, uh, an enterprise data approach, uh, advanced, uh, data analytics and machine learning, uh, by deploying an enterprise wide data platform, you reduce siloed divisions between business risk and crime teams and enable better collaboration through industrialized machine learning. >>Uh, you tighten up the loop between, uh, detection and new fraud patterns. Cloudera provides the data platform on which a best of breed applications can run and leverage integrated machine learning cloud Derrick stands rather than replaces your existing fraud modeling applications. So Oracle SAS Actimize to, to name a few, uh, integrate with an enterprise data hub to scale the data increased speed and flexibility and improve efficacy of your entire fraud system. It also centralizes the fraud workload on data that can be used for other use cases in applications like enhanced KYC and a customer 360 4 example. >>I just, I wanted to highlight a couple of our partners in financial crime prevention, uh, semi dine, and Quintex, uh, uh, so send me nine provides fraud simulation using agent-based modeling, uh, machine learning techniques, uh, to generate synthetic transaction data. This data simulates potential fraud scenarios in a cost-effective, uh, GDPR compliant, virtual environment, significantly improved financial crime detection systems, semi dine identifies future fraud topologies, uh, from millions of, of simulations that can be used to dynamically train, uh, new machine learning algorithms for enhanced fraud identification and context, um, uh, connects the dots within your data, using dynamic entity resolution, and advanced network analytics to create context around your customers. Um, this enables you to see the bigger picture and automatically assesses potential criminal beads behavior. >>Now let's go some of our, uh, customers, uh, and how they're using cloud caldera. Uh, first we'll talk about, uh, United overseas bank, or you will be, um, you'll be, is a leading full service bank in, uh, in Asia. It, uh, with, uh, a network of more than 500 offices in, in 19 countries and territories in Asia, Pacific, Western Europe and north America UA, um, UOB built a modern data platform on Cloudera that gives it the flexibility and speed to develop new AI and machine learning solutions and to create a data-driven enterprise. Um, you'll be set up, uh, set up it's big data analytics center in 2017. Uh, it was Singapore's first centralized big data unit, uh, within a bank to deepen the bank's data analytic capabilities and to use data insights to enhance, uh, the banks, uh, uh, performance essential to this work was implementing a platform that could cost efficiently, bring together data from dozens of separate systems and incorporate a range of unstructured data, including, uh, voice and text, um, using Cloudera CDP and machine learning. >>UOB gained a richer understanding of its customer preferences, uh, to help make their, their banking experience simpler, safer, and more reliable. Working with Cloudera UOB has a big data platform that gives business staff and data scientists faster access to relevant and quality data for, for self-service analytics, machine learning and, uh, emerging artificial intelligence solutions. Um, with new self-service analytics and machine learning driven insights, you'll be, uh, has realized improvements in, in digital banking, asset management, compliance, AML, and more, uh, advanced AML detection capabilities, help analysts detect suspicious transactions either based on hidden relationships of shell companies and, uh, high risk individuals, uh, with, uh, Cloudera and machine learning, uh, technologies. You you'll be, uh, was able to enhance AML detection and reduce the time to identify new links from months 2, 3, 3 weeks. >>Excellent mass let's speak about MasterCard. So MasterCard's principle businesses to process payments between banks and merchants and the credit issuing banks and credit unions of the purchasers who use the MasterCard brand debit and credit cards to make purchases MasterCard chose Cloudera enterprise for fraud detection, and to optimize their DW infrastructure, delivering deepens insights and best practices in big data security and compliance. Uh, next let's speak about, uh, bank Rakka yet, uh, in Indonesia or Bri. Um, it, VRI is one of the largest and oldest banks in Indonesia and engages in the provision of general banking services. Uh, it's headquartered in Jakarta Indonesia. Uh, Bri is well known for its focus on financing initiatives and serves over 75 million customers through it's more than 11,000 offices and rural service outposts. Uh, Bri required better insight to understand customer activity and identify fraudulent transactions. Uh, the bank needed a solid foundation that allowed it to leverage the power of advanced analytics, artificial intelligence, and machine learning to gain better understanding of customers and the market. >>Uh, Bri used, uh, Cloudera enterprise data platform to build an agile and reliable, predictive augmented intelligence solution, uh, to enhance its credit scoring system and to address the rising concern around data security from regulators, uh, and customers, uh, Bri developed a real-time fraud detection service, uh, powered by Cloudera and Kafka. Uh, Bri's data scientists developed a machine learning model for fraud detection by creating a behavioral scoring model based on customer savings, uh, loan transactions, deposits, payroll and other financial, um, uh, real-time time data. Uh, this led to improvements in its fraud detection and credit scoring capabilities, as well as the development of a, of a new digital microfinancing product, uh, with the enablement of real-time fraud detection, VRI was able to reduce the rate of fraud by 40%. Uh, it improved, uh, relationship manager productivity by two and a half fold. Uh, it improved the credit score scoring system to cut down on micro-financing loan processing times from two weeks to two days to now two minutes. So fraud prevention is a good area to start with a data focus. If you haven't already, it offers a quick return on investment, uh, and it's a focused area. That's not too entrenched across the company, uh, to learn more about fraud prevention, uh, go to kroger.com and to schedule, and you should schedule a meeting with Cloudera, uh, to learn even more. Uh, and with that, thank you for listening and thank you for your time. >>Welcome to the customer. Obsession begins with data session. Uh, thank you for, for attending. Um, at Cloudera, we believe that a custom session begins with, uh, with, with data, um, and, uh, you know, financial services is Cloudera is largest industry vertical. We have approximately 425 global financial services customers, uh, which consists of 82 out of a hundred of the largest global banks of which we have 27 that are globally systemic banks, uh, four out of the five top stock exchanges, eight out of the 10 top wealth management firms and all four of the top credit card networks. Uh, so as you can see most financial services institutions utilize Cloudera for data analytics and machine learning. Uh, we also have over 20 central banks and it doesn't or so financial regulators. So it's an incredible footprint, which glimpse Cloudera, lots of insight into the many innovations that our customers are coming up with. >>Customers have grown more independent and demanding. Uh, they want the ability to perform many functions on their own and, uh, be able to do it. Uh, he do them on their mobile devices, uh, in a recent Accenture study, more than 50% of customers, uh, are focused on, uh, improving their customer experience through more personalized offers and advice. The study found that 75% of people are actually willing to share their data for better personalized offers and more efficient and intuitive services to get it better, better understanding of your customers, use all the data available to develop a complete view of your customer and, uh, and better serve them. Uh, this also breaks down, uh, costly silos, uh, shares data in, in accordance with privacy laws and assists with regulatory advice. It's so different organizations are going to be at different points in their data analytics and AI journey. >>Uh, there are several degrees of streaming and batch data, both structured and unstructured. Uh, you need a platform that can handle both, uh, with common, with a common governance layer, um, near real time. And, uh, real-time sources help make data more relevant. So if you look at this graphic, looking at it from left to right, uh, normal streaming and batch data comes from core banking and, uh, and lending operations data in pretty much a structured format as financial institutions start to evolve. Uh, they start to ingest near real-time streaming data that comes not only from customers, but also from, from newsfeeds for example, and they start to capture more behavioral data that they can use to evolve their models, uh, and customer experience. Uh, ultimately they start to ingest more real time streaming data, not only, um, standard, uh, sources like market and transaction data, but also alternative sources such as social media and connected sources, such as wearable devices, uh, giving them more, more data, better data, uh, to extract intelligence and drive personalized actions based on data in real time at the right time, um, and use machine learning and AI, uh, to drive anomaly detection and protect and predict, uh, present potential outcomes. >>So this is another way to look at it. Um, this slide shows the progression of the big data journey as it relates to a customer experience example, um, the dark blue represents, um, visibility or understanding your customer. So we have a data warehouse and are starting to develop some analytics, uh, to know your customer and start to provide a better customer 360 experience. Uh, the medium blue area, uh, is a customer centric or where we learn, uh, the customer's behavior. Uh, at this point we're improving our analytics, uh, gathering more customer centric information to perform, uh, some more exploratory, uh, data sciences. And we can start to do things like cross sell or upsell based on the customer's behavior, which should improve, uh, customer retention. The light blue area is, uh, is proactive customer inter interactions, or where we now have the ability, uh, to predict customers needs and wants and improve our interaction with the customer, uh, using applied machine learning and, and AI, uh, the Cloudera data platform, um, you know, business use cases require enabling, uh, the end-to-end journey, which we referred to as the data life cycle, uh, what the data life cycle, what is the data life cycle that our customers want, uh, to take their data through, to enable the end to end data journey. >>If you ask our customers, they want different types of analytics, uh, for their diverse user bases to help them implement their, their, their use cases while managed by a centralized security and governance later layer. Uh, in other words, um, the data life cycle to them provides multifunction analytics, uh, at each stage, uh, within the data journey, uh, that, uh, integrated and centralized, uh, security, uh, and governance, for example, uh, enterprise data consists of real time and transactional type type data. Examples include, uh, click stream data, web logs, um, machine generated, data chat bots, um, call center interactions, uh, transactions, uh, within legacy applications, market data, et cetera. We need to manage, uh, that data life cycle, uh, to provide real enterprise data insights, uh, for use cases around enhanced them, personalized customer experience, um, customer journey analytics next best action, uh, sentiment and churn analytics market, uh, campaign optimization, uh, mortgage, uh, processing optimization and so on. >>Um, we bring a diverse set of data then, um, and then enrich it with other data about our customers and products, uh, provide reports and dashboards such as customer 360 and use predictions from machine models to provide, uh, business decisions and, and offers of, uh, different products and services to customers and maintain customer satisfaction, um, by using, um, sentiment and churn analytics. These examples show that, um, the whole data life cycle is involved, um, and, uh, is in continuous fashion in order to meet these types of use cases, uh, using a single cohesive platform that can be, uh, that can be served by CDP, uh, the data, the Cloudera data platform. >>Okay. Uh, let's talk about, uh, some of the experiences, uh, from our customers. Uh, first we'll talk about Bunco suntan there. Um, is a major global bank headquartered in Spain, uh, with, uh, major operations and subsidiaries all over Europe and north and, and south America. Uh, one of its subsidiaries, something there UK wanted to revolutionize the customer experience with the use of real time data and, uh, in app analytics, uh, for mobile users, however, like many financial institutions send them there had a, he had a, had a large number of legacy data warehouses spread across many business use, and it's within consistent data and different ways of calculating the same metrics, uh, leading to different results. As a result, the company couldn't get the comprehensive customer insights it needed. And, uh, and business staff often worked on multiple versions of the truth. Sometime there worked with Cloudera to improve a single data platform that could support all its workloads, including self-service analytics, uh, operational analytics and data science processes, processing processing, 10 million transactions daily or 30,000 transactions per second at peak times. >>And, uh, bringing together really, uh, nearly two to two petabytes of data. The platform provides unprecedented, uh, customer insight and business value across the organization, uh, over 80 cents. And there has realized impressive, uh, benefits spanning, uh, new revenues, cost savings and risk reductions, including creating analytics for, for corporate customers with near real-time shopping behavior, um, and, and helping identify 7,000 new corporate, uh, customer prospects, uh, reducing capital expenditures by, uh, 3.2 million annually and decreasing operating expenses by, uh, 650,000, um, enabling marketing to realize, uh, 2.4 million in annual savings on, on cash, on commercial transactions, um, and protecting 3.7 million customers from financial crime impacts through 95, new proactive control alerts, improving risk and capital calculations to reduce the amount of money. It must set aside, uh, as part of a, as part of risk mandates. Uh, for example, in one instance, the risk team was able to release a $5.2 million that it had withheld for non-performing credit card loans by properly identifying healthy accounts miscategorized as high risk next, uh, let's uh, talk about, uh, Rabobank. >>Um, Rabobank is one of the largest banks in the Netherlands, uh, with approximately 8.3 million customers. Uh, it was founded by farmers in the late 19th century and specializes in agricultural financing and sustainability oriented banking, uh, in order to help its customers become more self-sufficient and, uh, improve their financial situations such as debt settlement, uh, rebel bank needed to access, uh, to a varied mix of high quality, accurate, and timely customer data, the talent, uh, to provide this insight, however, was the ability to execute sophisticated and timely data analytics at scale Rabobank was also faced with the challenge of, uh, shortening time to market. Uh, it needed easier access to customer data sets to ensure that they were using and receiving the right financial support at the right time with, with, uh, data quality and speed of processing. Um, highlighted as two vital areas of improvement, Rabobank was looking to incorporate, um, or create new data in an environment that would not only allow the organization to create a centralized repository of high quality data, but also allow them to stream and, uh, conduct data analytics on the fly, uh, to create actionable insights and deliver a strong customer experience bank level Cloudera due to its ability to cope with heavy pressures on data processing and its capability of ingesting large quantities of real time streaming data. >>They were able to quickly create a new data lake that allowed for faster queries of both historical and real time data to analyze customer loan repayment patterns, uh, to up to the minute transaction records, um, Robert bank and, and its customers could now immediately access, uh, the valuable data needed to help them understand, um, the status of their financial situation in this enabled, uh, rebel bank to spot financial disasters before they happened, enabling them to gain deep and timely insights into which customers were at risk of defaulting on loans. Um, having established the foundation of a modern data architecture Rabobank is now able to run sophisticated machine learning algorithms and, uh, financial models, uh, to help customers manage, um, financial, uh, obligations, um, including, uh, long repayments and are able to generate accurate, uh, current real liquidity. I refuse, uh, next, uh, let's uh, speak about, um, uh, OVO. >>Uh, so OVO is the leading digital payment rewards and financial services platform in Indonesia, and is present in 115 million devices across the company across the country. Excuse me. Um, as the volume of, of products within Obos ecosystem increases, the ability to ensure marketing effectiveness is critical to avoid unnecessary waste of time and resources, unlike competitors, uh, banks, w which use traditional mass marketing, uh, to reach customers over, oh, decided to embark on a, on a bold new approach to connect with customers via, uh, ultra personalized marketing, uh, using the Cloudera stack. The team at OVO were able to implement a change point detection algorithm, uh, to discover customer life stage changes. This allowed OVO, uh, to, uh, build a segmentation model of one, uh, the contextual offer engine Bill's recommendation algorithms on top of the product, uh, including collaborative and context-based filters, uh, to detect changes in consumer consumption patterns. >>As a result, OVO has achieved a 15% increase in revenue, thanks to this, to this project, um, significant time savings through automation and eliminating the chance of human error and have reduced engineers workloads by, by 30%. Uh, next let's talk about, uh, bank Bri, uh, bank Bri is one of the largest and oldest, uh, banks in Indonesia, um, engaging in, in general banking services, uh, for its customers. Uh, they are headquartered in, in Jakarta Indonesia, uh, PR is a well-known, uh, for its, uh, focused on micro-financing initiative initiatives and serves over 75 million customers through more than 11,000 offices and rural outposts, um, Bri needed to gain better understanding of their customers and market, uh, to improve the efficiency of its operations, uh, reduce losses from non-performing loans and address the rising concern around data security from regulators and consumers, uh, through enhanced fraud detection. This would require the ability to analyze the vast amounts of, uh, historical financial data and use those insights, uh, to enhance operations and, uh, deliver better service. >>Um, Bri used Cloudera's enterprise data platform to build an agile and reliable, uh, predictive augmented intelligence solution. Uh, Bri was now able to analyze 124 years worth of historical financial data and use those insights to enhance its operations and deliver better services. Um, they were able to, uh, enhance their credit scoring system, um, the solution analyzes customer transaction data, and predicts the probability of a customer defaulting on, on payments. Um, the following month, it also alerts Bri's loan officers, um, to at-risk customers, prompting them to take the necessary action to reduce the likelihood of the net profit lost, uh, this resulted in improved credit, improved credit scoring system, uh, that cut down the approval of micro financing loans, uh, from two weeks to two days to, to two minutes and, uh, enhanced fraud detection. >>All right. Uh, this example shows a tabular representation, uh, the evolution of a customer retention use case, um, the evolution of data and analytics, uh, journey that, uh, that for that use case, uh, from aware, uh, text flirtation, uh, to optimization, to being transformative, uh, with every level, uh, data sources increase. And, uh, for the most part, uh, are, are less, less standard, more dynamic and less structured, but always adding more value, more insights into the customer, uh, allowing us to continuously improve our analytics, increase the velocity of the data we ingest, uh, from, from batch, uh, to, uh, near real time, uh, to real-time streaming, uh, the volume of data we ingest continually increases and we progress, uh, the value of the data on our customers, uh, is continuously improving, allowing us to interact more proactively and more efficiently. And, and with that, um, I would, uh, you know, ask you to consider and assess if you are using all the, uh, the data available to understand, uh, and service your customers, and to learn more about, about this, um, you know, visit cloudera.com and schedule a meeting with Cloudera to learn more. And with that, thank you for your time. And thank you for listening.

>> Narrator: From around the globe, it's "theCUBE" with digital coverage of Smart Data Marketplaces brought to you by Io-Tahoe. >> We're back. We're talking about smart data and have been for several weeks now. Really it's all about injecting intelligence and automation into the data life cycle of the data pipeline. And today we're drilling into Smart Data Marketplaces, really trying to get to that self-serve, unified, trusted, secured, and compliant data models. And this is not trivial. And with me to talk about some of the nuances involved in actually getting there with folks that have experienced doing that. They'd send a series of digital evangelist with Tata Consultancy Services, TCS. And Ajay Vohora is back, he's the CEO of Io-Tahoe. Guys, great to see you, thanks so much for coming on. >> Good to see you, Dave. >> Hey Dave. >> Ajay, let's start with you. Let's set up the sort of smart data concept. What's that all about? What's your perspective? >> Yeah, so I mean, our way of thinking about this is you you've got data, it has latent value, and it's really about discovering what the properties of that data. Does it have value? Can you put that data to work? And the way we go about that with algorithms and machine learning, to generate signals in that data identified patterns, that means we can start to discover how can we apply that data to down stream? What value can we unlock for a customer and business? >> Well, so you've been on this, I mean, really like a laser, why? I mean, why this issue? Did you see a gap in the marketplace in terms of talking to customers and maybe you can help us understand the origin? >> Yeah, I think that the gap has always been there. They've been, it's become more apparent over recent times with big data. So the ability to manually work with volumes of data in petabytes is prohibitively complex and expensive. So you need the different routes, you need different set of tools and methods to do that. Metadata are data that you can understand about data. That's what we at Io-Tahoe focus on, discovering and generating that metadata. That ready, that analogy to automate those data ops processes. So the gap David, is being felt by a business owner prizes and all sectors, healthcare, telecoms, and putting that data to work. >> So Ved, Let's talk a little bit about your role. You work with a lot of customers. I see you as an individual in a company who's really trying to transform what is a very challenging industry. That's sort of ripe for transformation, but maybe you could give us your perspective on this, what kind of signals you're looking for from the data pipeline and we'll get into how you are helping transform healthcare? >> Thanks, David. You know I think this year has been one of those years where we've all realized about this idea of unknown unknowns, where something comes around the corner that you're completely not expecting. And that's really hard to plan for obviously. And I think what we need is the ability to find early signals and be able to act on things as soon as you can. Sometimes, and you know, the COVID-19 scenario of course, is hopefully once in a generation thing, but most businesses struggle with the idea that they may have the data there in their systems, but they still don't know which bit of that is really valuable and what are the signals they should be watching for. And I think the interesting thing here is the ability for us to extract from a massive data, the most critical and important signals. And I think that's where we want to focus on. >> And so, talk a little bit about healthcare in particular and sort of your role there, and maybe at a high level. How Tata and your eco-system are helping transform healthcare? >> So if you look at healthcare, you've got the bit where people need active intervention from a medical professional. And then you've got this larger body of people, typically elderly people who aren't unwell, but they have frailties. They have underlying conditions and they're very vulnerable, especially in the world that we're in now in the post-COVID-19 scenario. And what we were trying to look at is how do we keep people who are elderly, frail and vulnerable? How can we keep them safe in their own homes rather than moving to care homes, where there has been an incredibly high level of infection for things like COVID-19. So the world works better if you can keep people safe in their own homes, if you can see the slide we've got. We're also talking about a world where care is expensive. In most Western countries, especially in Western Europe, the number of elderly people is increasing as a percentage of the population, quite significantly, and resources just are not keeping up. We don't have enough people. We don't have enough funding to look after them effectively. And the care industry that used to do that job has been struggling of late. So it's kind of a perfect storm for the need for technology intervention there. And in that space, what we're saying is the data signal that we want to receive are exactly what as a relative, or a son or daughter you might want from a parent to say, "Everything's okay. "We know that today's been just like every other day "there are no anomalies in your daily living." If you could get the signals that might tell us that something's wrong, something not quite right. We don't need very complex diagnostics. We just need to know something's not quite right, that my dad hasn't woken up as has always at seven o'clock, but till nine o'clock there's no movement. Maybe he's a bit unwell. It's that kind of signal that if we can generate, can make a dramatic difference to how we can look out for these people, whether through professional carers or through family members. So what we're looking to do is to sensor-enable homes of vulnerable people so that those data signals can come through to us in a curated manner, in a way that protects privacy and security of the individual, but gives the right people, which is carers or chosen family members the access to the signals, which is alerts that might tell you there was too much movement at night, or the front door was been left open, things like that that would give you a reason to call him and check. Everybody has spoken to in this always has an example of an uncle or a relative or parent that they've looked after. And all they're looking for is a signal. Even stories like my father's neighbor calls me when he doesn't open his curtain by 11 o'clock, that actually, if you think about it is a data signal that something might be all right. And I think what we're trying to do with technology is create those kinds of data signals because ultimately, the healthcare system works much better if you can prevent rather than cure. So every dollar that you put into prevention saves maybe $3 to $5 downstream. The economic summit also are working our favor. >> And those signals give family members the confidence to act. Ajay, it is interesting to hear what Ved was talking about in terms of the unknowns, because when you think about the early days of the computer industry, there were a lot of knowns, the processes were known. It was like the technology was the big mystery. Now, I feel like it's flipped. We've certainly seen that with COVID. The technology is actually quite well understood and quite mature and reliable. One of the examples is automated data discovery, which is something that you guys have been been focused on at Io-Tahoe. Why is automated data discovery such an important component of a smart data life cycle? >> Yeah. I mean, if we look David at the schematic and this one moves from left to right where right at the outset with that latent data, the value is late because you don't know. Does it have? Can it be applied? Can that data be put to work or not? And the objective really is about driving some form of exchange or monetization of data. If you think about it in insurance or healthcare, you've got lots of different parties, providers, payers, patients, everybody's looking to make some kind of an exchange of information. The difficulty is in all of those organizations, that data sits within its own system. So data discovery, if we drill into the focus itself that, it's about understanding which data has value, classifying that data so that it can be applied and being able to tag it so that it can then be put to use it's the real enabler for DataOps. >> So maybe talk a little bit more about this. We're trying to get to self-service. It's something that we hear a lot about. You mentioned putting data to work. It seems to me that if the business can have access to that data and serve themselves, that's the way to put data to work. Do you have thoughts on that? >> Yeah, I mean, thinking back in terms of what IT and the IT function in a business could provide, there have been limitations around infrastructure, around scaling, around compute. Now that we're in an economy that is digital driven by API's your infrastructure, your data, your business rules, your intelligence, your models, all of those on the back of an API. So the options become limitless. How you can drive value and exchange that data. What that allows us to do is to be more creative, if we can understand what data has value for what use case. >> Ved, Let's talk a little bit about the US healthcare system. It's a good use case. I was recently at a chief data officer conference and listening to the CDO of Johns Hopkins, talk about the multiple different formats that they had to ingest to create that COVID map. They even had some PDFs, they had different definitions, and that's sort of underscored to me, the state of the US healthcare industry. I'm not as familiar with the UK and Europe generally, but I am familiar with the US healthcare system and the diversity that's there, the duplication of information and the like, maybe you could sort of summarize your perspectives and give us kind of the before and your vision of the after, if you will? >> The use of course, is particularly large and complex system. We all know that. We also know, I think there is some research that suggests that in the US the per-capita spend on healthcare is among the highest in the world. I think it's like 70%, and that compares to what just under 9%, which is going to be European, typical European figure. So it's almost double of that, but the outcomes are still vastly poor. When Ajay and I were talking earlier, I think we believe that there is a concept of a data friction. When you've got multiple players in an eco-system, trying to provide a single service as a patient, you're receiving a single health care service. There are probably a dozen up to 20 different organizations that have to collaborate to make sure you get that top of the line health care service. That kind of investment deserves. And what prevents it from happening very often is what we would call data friction, which is the ability to effectively share data. Something as simple as a healthcare record, which says, "This is Dave, this is Ved, this is Ajay." And when we go to hospital for anything, whatever happens, that healthcare record can capture all the information and tie to us as an individual. And if you go to a different hospital, then that record will follow you. This is how you would expect that to be implemented, but I think we're still on that journey. There are lots and lots of challenges. I've seen anecdotal data around people who suffered because they weren't carrying a card when they went into hospital, because that card has the critical elements of data, but in today's world, should you need to carry a piece of paper or can the entire thing be a digital data flow that can easily be, can certainly navigate through lack of paper and those kinds of things. So the vision that I think we need to be looking at is an effective data exchange or marketplace back with a kind of a backbone model where people agree and sign off a data standard, where each individual's data is always tied to the individual. So if you were to move States, if you would move providers, change insurance companies, none of that would impact your medical history, your data, and the ability to have the other care and medical professionals to access the data at the point of need and at the point of healthcare delivery. So I think that's the vision we're looking at, but as you rightly you said that there are enormous number of challenges, partly because of the history, of healthcare, I think it was technology enablement of healthcare started early. So there's a lot of legacy as well. So we shouldn't trivialize the challenges that the industry faces, but that I think is the way we want to go. >> Well, privacy is obviously a huge one, and a lot of the processes are built around non-digital processes and what you're describing as a flip for digital first. I mean, as a consumer, as a patient, I want an app for that. So I can see my own data. I can see price, price transparency, give access to people that I think need it. And that is a daunting task, isn't it? >> Absolutely. And I think the implicit idea and what you just said, which is very powerful is also on the app you want to control. >> Yes. >> And sometimes you want to be able to change access on data at that point. Right now, I'm at the hospital. I would like to access my data. And when I walk away or maybe three days later, I want to revoke that access. It's that level of control. And absolutely, it is by no means a trivial problem, but I think that's where you need the data automation tools. If you try to do any of this manually, we'd be here for another decade trying to solve this, but that's where tools like Io-Tahoe come in because to do this, a lot of the heavy lifting behind the scenes has to be automated. There has to be a machine churning that and presenting the simpler options. And I know you were talking about it just a little while ago Ajay. I was reminded of the example of a McDonald's or a Coke, because the sales store idea that you can go in and you can do your own ordering off a menu, or you can go in and select five different flavors from a Coke machine and choose your own particular blend of Coke. It's a very trivial example, but I think that's the word we want to get to with access of data as well. If it was that simple for consumers, for enterprise, business people, for doctors, then that's where we ultimately want to be able to arrive. But of course, to make something very simple for the end-user, somebody has to solve for complexity behind the scenes. >> So Ajay, it seems to me Ajay there're two major outcomes here. One is of course, the most important I guess, is patient outcomes, and the other is cost. I mean, they talked about the cost issues, we all, US especially understand the concerns about rising costs of healthcare. My question is this, how does a Smart Data Marketplace fit into achieving those two very important outcomes? >> When we think about how automation is enabling that, where we've got different data formats, the manual tasks are involved, duplication of information. The administrative overhead of that alone and the work, the rework, and the cycles of work that generates. That's really what we're trying to help with data is to eliminate that wasted effort. And with that wasted effort comes time and money to employ people to work through those siloed systems. So getting to the point where there is an exchange in a marketplace just as they would be for banking or insurance is really about automating the classification of data to make it available to a system that can pick it up through an API and to run a machine learning model and to manage a workflow, a process. >> Right, so you mentioned backing insurance, you're right. I mean, we've actually come a long way and just in terms of, know the customer and applying that to know the patient would be very powerful. I'm interested in what you guys are doing together, just in terms of your vision. Are you going to market together, kind of what you're seeing in terms of promoting or enabling this self-service, self-care. Maybe you could talk a little bit about Io-Tahoe and Tata, the intersection at the customer? >> Sure. I think we've been very impressed with the TCS vision of 4.0, how the re-imagining traditional industries, whether it's insurance, banking, healthcare, and bringing together automation, agile processes, robotics, AI, and once those enablers, technology may have brought together to re-imagine how those services can be delivered digitally. All of those are dependent on data. So we see that there's a really good fit here to enable understanding the legacy, the historic situation that has built up over time in an organization, a business and to help shine a light on what's meaningful in that to migrate to the cloud or to drive a digital twin, data science project. >> Ved, anything you can add to that? >> Sure. I mean, we do take the business 4.0 model quite seriously in terms of a lens with which you look at any industry, and what I talked about in healthcare was an example of that. And for us business 4.0, means a few very specific things. The technology that we use in today's verse should be agile, automated, intelligent, and cloud-based. These have become kind of hygiene factors now. On top of that, the businesses we build should be mass customized. They should be risk embracing. They should engage ecosystems, and they should strive for exponential value, not 10% growth year on year, but doubling, tripling every three, four years, because that's the competition that most businesses are facing today. And within that, the Tata group itself, is an extremely purpose-driven business. We really believe that we exist to serve communities, not just one specific set, i.e. shareholders, but the broader community in which we live and work. And I think this framework also allows us to apply that to things like healthcare, to education and to a whole vast range of areas where, everybody has a vision of using data science or doing really clever stuff at the gradients. But what becomes clear is, to do any of that, the first thing you need is a foundational piece. And as a foundation isn't right, then no matter how much you invest in the data science tools you won't get the answers you want. And the work we're doing with the Io-Tahoe really, for me, is particularly exciting because it sorts out that foundational piece. And at the end of it, to make all of this, again, I will repeat that, to make it simple and easy to use for the end user, whoever that is. And I realized that I'm probably the first person who's used fast food as a shining example for healthcare in this discussion, but you can make a lot of different examples. And today, if you press a button and start a car, that's simplicity, but someone has solved for that. And that's what we want to do with data as well. >> Yeah, that makes a lot of sense to me. We talk a lot about digital transformation and a digital business, and I would observe that a digital business puts data at the core. And you can certainly be the best example. There is, of course, Google is an all digital business, but take a company like Amazon, Who's got obviously a massive physical component to its business. Data is at the core. And that's exactly my takeaway from this discussion. Both of you are talking about putting data at the core, simplifying it, making sure that it's compliant, and healthcare it's taking longer, 'cause it's such a high risk industry, but it's clearly happening, COVID I guess, was an accelerant. Guys, Ajay, I'll start with you. Any final thoughts that you want to leave the audience with? _ Yeah, we're really pleased to be working with TCS. We've been able to explore how we're able to put dates to work in a range of different industries. Ved has mentioned healthcare, telecoms, banking and insurance are others. And the same impact they speak to whenever we see the exciting digital transformations that are being planned, being able to accelerate those, unlock the value from data is where we're having a purpose. And it's good that we can help patients in the healthcare sector, consumers in banking realize a better experience through having a more joined up marketplace with their data. >> Ved, you know what excites me about this conversation is that, as a patient or as a consumer, if I'm helping loved ones, I can go to the web and I can search, and I can find a myriad of possibilities. What you're envisioning here is really personalizing that with real time data. And that to me is a game changer. Your final thoughts? >> Thanks, David. I absolutely agree with you that the idea of data centricity and simplicity are absolutely forefront, but I think if we were to design an organization today, you might design it very differently to how most companies today are structured. And maybe Google and Amazon are probably better examples of that because you almost have to think of a business as having a data engine room at its core. A lot of businesses are trying to get to that stage, whereas what we call digital natives, are people who have started life with that premise. So I absolutely agree with you on that, but extending that a little bit. If you think of most industries as eco-systems that have to collaborate, then you've got multiple organizations who will also have to exchange data to achieve some shared outcomes. Whether you look at supply chains of automobile manufacturers or insurance companies or healthcares we've been talking about. So I think that's the next level of change we want to be able to make, which is to be able to do this at scale across organizations at industry level or in population scheme for healthcare. >> Yeah, Thank you for that. Go ahead Ajay. >> David that's where it comes back to again, the origination where we've come from in big data. The volume of data combined with the specificity of individualizing, personalizing a service around an individual amongst that massive data from different providers is where is exciting, that we're able to have an impact. >> Well, and you know Ajay, I'm glad you brought that up because in the early days of big data, there were only a handful of companies, the biggest financial institutions. Obviously, the internet giants who had all these engineers that were able to take advantage of it. But with companies like Io-Tahoe and others, and the investments that the industry has made in terms of providing the tools and simplifying that, especially with machine intelligence and AI and machine learning, these are becoming embedded into the tooling so that everybody can have access to them, small, medium, and large companies. That's really, to me, the exciting part of this new era that we're entering. >> Yeah, and we have placed those, take it down to the level of not-for-profits and smaller businesses that want to innovate and leapfrog into, to growing their digital delivery of their service. >> And I know a lot of time, but Ved, what you were saying about TCS's responsibility to society, I think is really, really important. Large companies like yours, I believe, and you clearly do as well, have a responsibility to society more than just a profit. And I think, Big Tech it's a better app in a lot of cases, but so thank you for that and thank you gentlemen for this great discussion. I really appreciate it. >> Thanks David. >> Thank you. >> All right, keep it right there. I'll be right back right after this short break. This is Dave Vellante for theCUBE. (calm music)

>> Narrator: From around the globe, it's "theCUBE" with digital coverage of Smart Data Marketplaces brought to you by Io-Tahoe. >> We're back. We're talking about smart data and have been for several weeks now. Really it's all about injecting intelligence and automation into the data life cycle of the data pipeline. And today we're drilling into Smart Data Marketplaces, really trying to get to that self-serve, unified, trusted, secured, and compliant data models. And this is not trivial. And with me to talk about some of the nuances involved in actually getting there with folks that have experienced doing that. They'd send a series of digital evangelist with Tata Consultancy Services, TCS. And Ajay Vohora is back, he's the CEO of Io-Tahoe. Guys, great to see you, thanks so much for coming on. >> Good to see you, Dave. >> Hey Dave. >> Ajay, let's start with you. Let's set up the sort of smart data concept. What's that all about? What's your perspective? >> Yeah, so I mean, our way of thinking about this is you you've got data, it has latent value, and it's really about discovering what the properties of that data. Does it have value? Can you put that data to work? And the way we go about that with algorithms and machine learning, to generate signals in that data identified patterns, that means we can start to discover how can we apply that data to down stream? What value can we unlock for a customer and business? >> Well, so you've been on this, I mean, really like a laser, why? I mean, why this issue? Did you see a gap in the marketplace in terms of talking to customers and maybe you can help us understand the origin? >> Yeah, I think that the gap has always been there. They've been, it's become more apparent over recent times with big data. So the ability to manually work with volumes of data in petabytes is prohibitively complex and expensive. So you need the different routes, you need different set of tools and methods to do that. Metadata are data that you can understand about data. That's what we at Io-Tahoe focus on, discovering and generating that metadata. That ready, that analogy to automate those data ops processes. So the gap David, is being felt by a business owner prizes and all sectors, healthcare, telecoms, and putting that data to work. >> So Ved, Let's talk a little bit about your role. You work with a lot of customers. I see you as an individual in a company who's really trying to transform what is a very challenging industry. That's sort of ripe for transformation, but maybe you could give us your perspective on this, what kind of signals you're looking for from the data pipeline and we'll get into how you are helping transform healthcare? >> Thanks, David. You know I think this year has been one of those years where we've all realized about this idea of unknown unknowns, where something comes around the corner that you're completely not expecting. And that's really hard to plan for obviously. And I think what we need is the ability to find early signals and be able to act on things as soon as you can. Sometimes, and you know, the COVID-19 scenario of course, is hopefully once in a generation thing, but most businesses struggle with the idea that they may have the data there in their systems, but they still don't know which bit of that is really valuable and what are the signals they should be watching for. And I think the interesting thing here is the ability for us to extract from a massive data, the most critical and important signals. And I think that's where we want to focus on. >> And so, talk a little bit about healthcare in particular and sort of your role there, and maybe at a high level. How Tata and your eco-system are helping transform healthcare? >> So if you look at healthcare, you've got the bit where people need active intervention from a medical professional. And then you've got this larger body of people, typically elderly people who aren't unwell, but they have frailties. They have underlying conditions and they're very vulnerable, especially in the world that we're in now in the post-COVID-19 scenario. And what we were trying to look at is how do we keep people who are elderly, frail and vulnerable? How can we keep them safe in their own homes rather than moving to care homes, where there has been an incredibly high level of infection for things like COVID-19. So the world works better if you can keep people safe in their own homes, if you can see the slide we've got. We're also talking about a world where care is expensive. In most Western countries, especially in Western Europe, the number of elderly people is increasing as a percentage of the population, quite significantly, and resources just are not keeping up. We don't have enough people. We don't have enough funding to look after them effectively. And the care industry that used to do that job has been struggling of late. So it's kind of a perfect storm for the need for technology intervention there. And in that space, what we're saying is the data signal that we want to receive are exactly what as a relative, or a son or daughter you might want from a parent to say, "Everything's okay. "We know that today's been just like every other day "there are no anomalies in your daily living." If you could get the signals that might tell us that something's wrong, something not quite right. We don't need very complex diagnostics. We just need to know something's not quite right, that my dad hasn't woken up as has always at seven o'clock, but till nine o'clock there's no movement. Maybe he's a bit unwell. It's that kind of signal that if we can generate, can make a dramatic difference to how we can look out for these people, whether through professional carers or through family members. So what we're looking to do is to sensor-enable homes of vulnerable people so that those data signals can come through to us in a curated manner, in a way that protects privacy and security of the individual, but gives the right people, which is carers or chosen family members the access to the signals, which is alerts that might tell you there was too much movement at night, or the front door was been left open, things like that that would give you a reason to call him and check. Everybody has spoken to in this always has an example of an uncle or a relative or parent that they've looked after. And all they're looking for is a signal. Even stories like my father's neighbor calls me when he doesn't open his curtain by 11 o'clock, that actually, if you think about it is a data signal that something might be all right. And I think what we're trying to do with technology is create those kinds of data signals because ultimately, the healthcare system works much better if you can prevent rather than cure. So every dollar that you put into prevention saves maybe $3 to $5 downstream. The economic summit also are working our favor. >> And those signals give family members the confidence to act. Ajay, it is interesting to hear what Ved was talking about in terms of the unknowns, because when you think about the early days of the computer industry, there were a lot of knowns, the processes were known. It was like the technology was the big mystery. Now, I feel like it's flipped. We've certainly seen that with COVID. The technology is actually quite well understood and quite mature and reliable. One of the examples is automated data discovery, which is something that you guys have been been focused on at Io-Tahoe. Why is automated data discovery such an important component of a smart data life cycle? >> Yeah. I mean, if we look David at the schematic and this one moves from left to right where right at the outset with that latent data, the value is late because you don't know. Does it have? Can it be applied? Can that data be put to work or not? And the objective really is about driving some form of exchange or monetization of data. If you think about it in insurance or healthcare, you've got lots of different parties, providers, payers, patients, everybody's looking to make some kind of an exchange of information. The difficulty is in all of those organizations, that data sits within its own system. So data discovery, if we drill into the focus itself that, it's about understanding which data has value, classifying that data so that it can be applied and being able to tag it so that it can then be put to use it's the real enabler for that per day drops. >> So maybe talk a little bit more about this. We're trying to get to self-service. It's something that we hear a lot about. You mentioned putting data to work. It seems to me that if the business can have access to that data and serve themselves, that's the way to put data to work. Do you have thoughts on that? >> Yeah, I mean, thinking back in terms of what IT and the IT function in a business could provide, there have been limitations around infrastructure, around scaling, around compute. Now that we're in an economy that is digital driven by API's your infrastructure, your data, your business rules, your intelligence, your models, all of those on the back of an API. So the options become limitless. How you can drive value and exchange that data. What that allows us to do is to be more creative, if we can understand what data has value for what use case. >> Ved, Let's talk a little bit about the US healthcare system. It's a good use case. I was recently at a chief data officer conference and listening to the CDO of Johns Hopkins, talk about the multiple different formats that they had to ingest to create that COVID map. They even had some PDFs, they had different definitions, and that's sort of underscored to me, the state of the US healthcare industry. I'm not as familiar with the UK and Europe generally, but I am familiar with the US healthcare system and the diversity that's there, the duplication of information and the like, maybe you could sort of summarize your perspectives and give us kind of the before and your vision of the after, if you will? >> The use of course, is particularly large and complex system. We all know that. We also know, I think there is some research that suggests that in the US the per-capita spend on healthcare is among the highest in the world. I think it's like 70%, and that compares to what just under 9%, which is going to be European, typical European figure. So it's almost double of that, but the outcomes are still vastly poor. When Ajay and I were talking earlier, I think we believe that there is a concept of a data friction. When you've got multiple players in an eco-system, trying to provide a single service as a patient, you're receiving a single health care service. There are probably a dozen up to 20 different organizations that have to collaborate to make sure you get that top of the line health care service. That kind of investment deserves. And what prevents it from happening very often is what we would call data friction, which is the ability to effectively share data. Something as simple as a healthcare record, which says, "This is Dave, this is Ved, this is Ajay." And when we go to hospital for anything, whatever happens, that healthcare record can capture all the information and tie to us as an individual. And if you go to a different hospital, then that record will follow you. This is how you would expect that to be implemented, but I think we're still on that journey. There are lots and lots of challenges. I've seen anecdotal data around people who suffered because they weren't carrying a card when they went into hospital, because that card has the critical elements of data, but in today's world, should you need to carry a piece of paper or can the entire thing be a digital data flow that can easily be, can certainly navigate through lack of paper and those kinds of things. So the vision that I think we need to be looking at is an effective data exchange or marketplace back with a kind of a backbone model where people agree and sign off a data standard, where each individual's data is always tied to the individual. So if you were to move States, if you would move providers, change insurance companies, none of that would impact your medical history, your data, and the ability to have the other care and medical professionals to access the data at the point of need and at the point of healthcare delivery. So I think that's the vision we're looking at, but as you rightly you said that there are enormous number of challenges, partly because of the history, of healthcare, I think it was technology enablement of healthcare started early. So there's a lot of legacy as well. So we shouldn't trivialize the challenges that the industry faces, but that I think is the way we want to go. >> Well, privacy is obviously a huge one, and a lot of the processes are built around non-digital processes and what you're describing as a flip for digital first. I mean, as a consumer, as a patient, I want an app for that. So I can see my own data. I can see price, price transparency, give access to people that I think need it. And that is a daunting task, isn't it? >> Absolutely. And I think the implicit idea and what you just said, which is very powerful is also on the app you want to control. >> Yes. >> And sometimes you want to be able to change access on data at that point. Right now, I'm at the hospital. I would like to access my data. And when I walk away or maybe three days later, I want to revoke that access. It's that level of control. And absolutely, it is by no means a trivial problem, but I think that's where you need the data automation tools. If you try to do any of this manually, we'd be here for another decade trying to solve this, but that's where tools like Io-Tahoe come in because to do this, a lot of the heavy lifting behind the scenes has to be automated. There has to be a machine churning that and presenting the simpler options. And I know you were talking about it just a little while ago Ajay. I was reminded of the example of a McDonald's or a Coke, because the sales store idea that you can go in and you can do your own ordering off a menu, or you can go in and select five different flavors from a Coke machine and choose your own particular blend of Coke. It's a very trivial example, but I think that's the word we want to get to with access of data as well. If it was that simple for consumers, for enterprise, business people, for doctors, then that's where we ultimately want to be able to arrive. But of course, to make something very simple for the end-user, somebody has to solve for complexity behind the scenes. >> So Ajay, it seems to me Ajay there're two major outcomes here. One is of course, the most important I guess, is patient outcomes, and the other is cost. I mean, they talked about the cost issues, we all, US especially understand the concerns about rising costs of healthcare. My question is this, how does a Smart Data Marketplace fit into achieving those two very important outcomes? >> When we think about how automation is enabling that, where we've got different data formats, the manual tasks are involved, duplication of information. The administrative overhead of that alone and the work, the rework, and the cycles of work that generates. That's really what we're trying to help with data is to eliminate that wasted effort. And with that wasted effort comes time and money to employ people to work through those siloed systems. So getting to the point where there is an exchange in a marketplace just as they would be for banking or insurance is really about automating the classification of data to make it available to a system that can pick it up through an API and to run a machine learning model and to manage a workflow, a process. >> Right, so you mentioned backing insurance, you're right. I mean, we've actually come a long way and just in terms of, know the customer and applying that to know the patient would be very powerful. I'm interested in what you guys are doing together, just in terms of your vision. Are you going to market together, kind of what you're seeing in terms of promoting or enabling this self-service, self-care. Maybe you could talk a little bit about Io-Tahoe and Tata, the intersection at the customer? >> Sure. I think we've been very impressed with the TCS vision of 4.0, how the re-imagining traditional industries, whether it's insurance, banking, healthcare, and bringing together automation, agile processes, robotics, AI, and once those enablers, technology may have brought together to re-imagine how those services can be delivered digitally. All of those are dependent on data. So we see that there's a really good fit here to enable understanding the legacy, the historic situation that has built up over time in an organization, a business and to help shine a light on what's meaningful in that to migrate to the cloud or to drive a digital twin, data science project. >> Ved, anything you can add to that? >> Sure. I mean, we do take the business 4.0 model quite seriously in terms of a lens with which you look at any industry, and what I talked about in healthcare was an example of that. And for us business 4.0, means a few very specific things. The technology that we use in today's verse should be agile, automated, intelligent, and cloud-based. These have become kind of hygiene factors now. On top of that, the businesses we build should be mass customized. They should be risk embracing. They should engage ecosystems, and they should strive for exponential value, not 10% growth year on year, but doubling, tripling every three, four years, because that's the competition that most businesses are facing today. And within that, the Tata group itself, is an extremely purpose-driven business. We really believe that we exist to serve communities, not just one specific set, i.e. shareholders, but the broader community in which we live and work. And I think this framework also allows us to apply that to things like healthcare, to education and to a whole vast range of areas where, everybody has a vision of using data science or doing really clever stuff at the gradients. But what becomes clear is, to do any of that, the first thing you need is a foundational piece. And as a foundation isn't right, then no matter how much you invest in the data science tools you won't get the answers you want. And the work we're doing with the Io-Tahoe really, for me, is particularly exciting because it sorts out that foundational piece. And at the end of it, to make all of this, again, I will repeat that, to make it simple and easy to use for the end user, whoever that is. And I realized that I'm probably the first person who's used fast food as a shining example for healthcare in this discussion, but you can make a lot of different examples. And today, if you press a button and start a car, that's simplicity, but someone has solved for that. And that's what we want to do with data as well. >> Yeah, that makes a lot of sense to me. We talk a lot about digital transformation and a digital business, and I would observe that a digital business puts data at the core. And you can certainly be the best example. There is, of course, Google is an all digital business, but take a company like Amazon, Who's got obviously a massive physical component to its business. Data is at the core. And that's exactly my takeaway from this discussion. Both of you are talking about putting data at the core, simplifying it, making sure that it's compliant, and healthcare it's taking longer, 'cause it's such a high risk industry, but it's clearly happening, COVID I guess, was an accelerant. Guys, Ajay, I'll start with you. Any final thoughts that you want to leave the audience with? _ Yeah, we're really pleased to be working with TCS. We've been able to explore how we're able to put dates to work in a range of different industries. Ved has mentioned healthcare, telecoms, banking and insurance are others. And the same impact they speak to whenever we see the exciting digital transformations that are being planned, being able to accelerate those, unlock the value from data is where we're having a purpose. And it's good that we can help patients in the healthcare sector, consumers in banking realize a better experience through having a more joined up marketplace with their data. >> Ved, you know what excites me about this conversation is that, as a patient or as a consumer, if I'm helping loved ones, I can go to the web and I can search, and I can find a myriad of possibilities. What you're envisioning here is really personalizing that with real time data. And that to me is a game changer. Your final thoughts? >> Thanks, David. I absolutely agree with you that the idea of data centricity and simplicity are absolutely forefront, but I think if we were to design an organization today, you might design it very differently to how most companies today are structured. And maybe Google and Amazon are probably better examples of that because you almost have to think of a business as having a data engine room at its core. A lot of businesses are trying to get to that stage, whereas what we call digital natives, are people who have started life with that premise. So I absolutely agree with you on that, but extending that a little bit. If you think of most industries as eco-systems that have to collaborate, then you've got multiple organizations who will also have to exchange data to achieve some shared outcomes. Whether you look at supply chains of automobile manufacturers or insurance companies or healthcares we've been talking about. So I think that's the next level of change we want to be able to make, which is to be able to do this at scale across organizations at industry level or in population scheme for healthcare. >> Yeah, Thank you for that. Go ahead Ajay. >> David that's where it comes back to again, the origination where we've come from in big data. The volume of data combined with the specificity of individualizing, personalizing a service around an individual amongst that massive data from different providers is where is exciting, that we're able to have an impact. >> Well, and you know Ajay, I'm glad you brought that up because in the early days of big data, there were only a handful of companies, the biggest financial institutions. Obviously, the internet giants who had all these engineers that were able to take advantage of it. But with companies like Io-Tahoe and others, and the investments that the industry has made in terms of providing the tools and simplifying that, especially with machine intelligence and AI and machine learning, these are becoming embedded into the tooling so that everybody can have access to them, small, medium, and large companies. That's really, to me, the exciting part of this new era that we're entering. >> Yeah, and we have placed those, take it down to the level of not-for-profits and smaller businesses that want to innovate and leapfrog into, to growing their digital delivery of their service. >> And I know a lot of time, but Ved, what you were saying about TCS's responsibility to society, I think is really, really important. Large companies like yours, I believe, and you clearly do as well, have a responsibility to society more than just a profit. And I think, Big Tech it's a better app in a lot of cases, but so thank you for that and thank you gentlemen for this great discussion. I really appreciate it. >> Thanks David. >> Thank you. >> All right, keep it right there. I'll be right back right after this short break. This is Dave Vellante for theCUBE. (calm music)

>>Ply from Barcelona, Spain pits the cube covering Cisco live 2020 Ratu by Cisco and its ecosystem partners. >>Hey, welcome back live to Cisco live in 2020 in Barcelona. We're in Europe, Barcelona. I'm John Ferrara, Dave Alante. We've got a great guest here and the whole theme of the show is not about the infrastructure is about the applications and the applications being powered by an infrastructure powered by Cisco. We've got a great guest, senior vice president, general manager, team collaboration, Shri Travaasa of Cisco. You run all the big products, WebEx on steroids, new announcements. You had a really killer announcements, the pack booth. We'll get into that. Welcome to the cube. Thanks for coming. Thank you for having me. What's the quick news? You're on stage giving the keynote quickly share the news. We can get into it. So we are obviously >>coming out with a set of updates to our great portfolio. We reach out to about 300 million users across the enterprise today who use us for all the way from meetings to team collaboration to calling to powering meeting rooms. So in a sense, what we have as a products that, uh, is either in the meeting room or on the desktop or on a mobile phone. So any one of those methods and mechanisms. And in the past couple of years we've seen massive adoption of video, uh, whether it'd be on the mobile phone, whether it be in your desktop or in a meeting room itself. >>So video is the key. You had an announcement with Mike, uh, Microsoft teams explain that because don't they? Don't they compete with you? >>Yes, we, we, so the best way to describe it as is it's compatibility and competition. So it's competitive to compete, um, for the sake of our end users. So end user choice pretty much drives, uh, the types of integrations we do these days. You can't leave it to an it organization to do that integration. You've got to make sure these products work. So we integrate quite a bit with our competitors, spar, Slack, Microsoft teams, zoom. We do integrate with all of those guys. And the Microsoft teams integration, um, is prefaced on providing the best real time media experience into the Microsoft ecosystem. So if a customer is using office three 65 for document collaboration and chooses us for real time collaboration, they get >>the best experience comes from. So this has been a sleepy space for awhile and then all of a sudden you've mentioned Slack, zoom comes out, big IPOs, high valuations, Microsoft kind of transitioning and gets, it's based to to teams. There's a lot of excitement all of a sudden. And I was thinking in the last year out, geez, I wonder if Cisco is asleep at the wheel, but today you had all these announcements, so obviously not asleep at the wheel. Describe what you see going on in the space and what excites you from a standpoint of what you've just announced. So I think >>over the past two years, rightfully so, there's been a ton of movement in this space and I think it's driven by, it's, it's important to talk about why it's driven by globalization of the workforce. So that globalization of the workforce has, has, has, has gotten caught steam in the past few years and you pretty much see folks being employed across the globe. Whoever has the skill gets employed in a sentence. And what we see within the confines of WebEx is an increase in user engagement. So the same user is using WebEx a lot more and we wonder why we're seeing basically cross time zone meetings go up and team collaboration as we know it is no longer across the table. It's actually across time zones, across geographies, across language boundaries. So you're seeing that happen and the power of team collaboration is not just bringing people together, it's the data in heading to within the conversation becomes the new currency. >>It's the new frontier. And you can do a whole bunch of analytics on that. You can provide information on that. You can basically bring what I would call uninterrupted work streams in the myths, which is, you know, how do you take a conversation, take a part of a set of action items out of it and basically take it all the way so that there's automation, there's least amount of transmission loss and transmission loss in a sense. So that's, that's what's causing, um, this, this industry to wake up because it's a productivity gain in knowledge worker population. >>I don't know why it's off the charts on these systems, you know, low denominator and it's so easy to justify. I mean to me this is the biggest way that people are kind of talking about, but not really specifically addressing it. And to me, I always like to look at the startup world because the startup world is ultimately the Canary in the coal mine. Cody cloud native was before cloud hit, the startups were in there wipe clean sheet of paper, all cloud. Now that's mainstream. I had a conversation with Mitchell, the founder of Hashi Corp and we were talking about the concept of virtual first. And his startup was all virtual. They didn't have an office, they could afford one, but their teams were remote. This is the new dynamic that works. And so I believe that this is going to be an enterprise requirement because this has been validated. >>You seeing people work virtually, development teams, marketing to any team, they're remote, they're at home. So this is a trend. This is real. And designing a product for virtual first versus saying, Oh, if your virtual uses Proctor was designed for this, this is really where it's coming to in my opinion. How are you guys addressing that? Because in that video is not easy. Totally not. You guys been doing video Cisco for a lot them. I know from the cable companies to make a deep packet inspection and managing packets, QoS and mean policy basis, the perfect storm for making video work better. So explain the whole virtual first and the video. Start by sharing a small little secret. I run this business and yet I'm a remote worker. Cisco's based in San, I live in Seattle. >>I live in a small town called mamasan. I'm, I'm a perfect example of who we are. It's all the. So without a doubt, what has also spurred this is the bandwidth to trust the globe, not just in the U S uh, I find that, you know, parts of Asia have very good connectivity. If you go into Korea, Singapore, it's just fantastic, right? If you go into the Western Europe, Scandinavian countries, it's just fabulous. So I think the, the fact of the matter is you, the act of working together across the table and the act of these collaboration tools bringing people together need to be the same. That's pretty much where we are all headed. We're all trying to achieve that Nirvana, making sure there's no dissonance when you bring people across video that's key. That requires not only the ability to see and hear people, but to be able to whiteboard, to be able to have a very rich and immersive conversation on biblical creation so that, you know, using like stickies on a whiteboard for example, how well can you do it? >>So those are the types of things that we are headed towards. Uh, and I w I would pretty much say you guys said it in your question. You have to design for a remote worker for a virtual work environment, which basically is all about optimizing for team collaboration and optimizing for information that's consistent across different communication types. Whether you pick up the phone, whether you are on a meeting in a persistent chat, all that transcription should look and feel the same. This is the convergence really of networking and software because software is where the action is, but the network controls the routes. So, you know, give you an example, we were doing a live broadcast in our studio in Palo Alto had Ken Jennings on from jeopardy and it was, I was so excited. It was a good interview. We had multiple guests on about AI and you know, and he was kind of our celebrity guests and he had terrible bandwidth with his house. >>I don't know, maybe his kids were playing games on it or he was downloading some Netflix, who knows, but he had a horrible visual. We couldn't control that. This is where the network optimization comes in. What are you guys doing there? You guys run the networks, you guys have access to some of the routes and looking for, you know, best route, best quality. So I think without a doubt, you know, the, your lowest common denominator leg in your network kind of decides the quality per se. Uh, but we, we continue to do things like a compression of bits on the wire so that you need the smallest amount of pipe. But at the end of the day for high Raz video, you still need a decent amount of bandwidth. And what ends up happening is it's not just bandwidth, it's uh, you know, understanding what kind of packet loss profile you have on that network. >>So what we are doing across nearly nearly every vendor today is figuring out how we can optimize for these Laci networks. So if you're talking to any collaboration engineer, um, the first interview question will inadvertently be, tell me your experience on Laci networks. What have you done, how many patents do you have? You know, that's kind of the, the discussion per se. So I think without a doubt the advent of 5g and its expansion will lead to Ken Jennings potentially having a much better experience. Right. Can you auto scale, not auto scale, but auto detect? Yes. That cause that's something that could be automated. And we, we automatically, we call it graceful degradation. So we start with aspiring for the 10 ADP. Then we'll bring it down to seven 2360 and no video. And that happens automatically and we let the end user know you're having a network blip and hence, uh, we have, we are degrading it or today's product. Yes. >>So years ago when you, there's video conferencing, you just have to show 15 minutes beforehand just to make sure everybody get on. Okay. So simplicity is another big adoption theme, whether it's one push phone calling or call me or whatever it is. At the same time, you've got to add functionality. You've had a transcription, you've had a translation, you've got the split screen. And when I stand up, the camera follows me. So are those counterpoints simplicity and functionality, how do you integrate those together? >>I think the, the, all of this is done in the quest to simplicity, right? Um, one of the key things we've done across the Cisco WebEx portfolio, we've been known as the stodgy characters. Um, you know guys who don't move fast, which is exactly the opposite, to be honest with you. We worked on making sure we get rid of, I'm going to use the word here, nerd knobs in the product optimized for the simple in a meeting, there are three things that matter. Three big use cases, scheduling, joining in, meeting quality. Those are the only three things matter. The rest doesn't matter, right? So if you look at our devices, if you look at everything, we have this consistent green button that shows up everywhere. Whether you bring up outlook, whether you bring up an iPhone calendar, whether you bring up a desktop in one of our devices, all of those things will have this consistent green bar. We don't, we never want the end user to miss it. See it hit it. It'll show up at the right time. Basically shows up between six minutes and the 40 minute Mark before the meeting. >>And by that in meeting quality, you mean the experience overall, how hard it is to share something or >>actually can you see that person? Can you hear that person, you know, things of that sort of, right. You know, how do you avoid echos in a meeting? Like, what if I turn on both audio multiple times in a particular echo, right. As I mentioned in our last interview, Sri about um, uh, the previous guests around, they want API APIs cause it was like API APIs. It's kind of a trend towards a thin, I won't say thin client cause that's some kind of an old, old word. But um, more efficient source code on the client side, not bloated >>software in the sense of having all these bells and whistles. I mean, I mean at some point you're going to use, right? It could be an advanced version. Maybe you have a tiered thing, but at the base set, how do you create software in this modern error so that you can have really fast software managing front end with the powerful backend. You think about, Hey Siri, you know, there's the front end, there's a back end. So you starting to see this kind of decoupling. How do you guys look at that as it changed the development thesis? Is that something that you guys are thinking about? What's your take on all that? >>Yeah, without a doubt. Right? So we, we, we constantly optimize media is a very different workload than for example, a commanding tool. Right? Yeah. Uh, and I don't mean to trivialize city or any other assistant media is hard when you're doing video. The app needs to have some intelligence to be able to disintegrate audio and video streams and content sharing, right? So these apps tend to have a bigger footprint on the desktop, on the mobile phone than other traditional apps. So there is a constant quest for that additional bit of optimization to reduce, you know, substantially reduce the juice you use out of the laptop. Uh, and with laptops becoming more and more powerful, mobile phones becoming more and more, more powerful, we are only able to bring more, more into that big tree. >>Yes. And the rich media is only getting more and more robust with video. Look at the gaming world. My kids got their rig set up, multiple monitors. I mean, it's a lifestyle experience, consumption of video. It's all, it put more pressure on you guys. It's hard. We know we do it. How, what's the, in your mind, what's your guiding principle for future innovation? Whether you're hiring, designing around video, what do you guys chasing that Nirvana? What is it? Is it the software, the hardware? It's a chips. >>I think it's a combination of them, right? If you look at Cisco, our inherent differentiation is we know, we know how to do software. We know a thing or two about networks. I mean no hardware. How do you bring these three together and there's a four to dimension, I'm going to call it quad. And it's security. You can't ignore security. You know, it's, it's something that you have to intrinsically think about. It's not a check by check box after you don't want somebody peeping Toms in their meeting. For example, everybody is simply >>back in the cams. Jeff Bezos has got hacked on video on his WhatsApp embedded malware. So are all kinds of weird things that come through. You don't know. >>I think it's, it's the amalgamation of all of these things. How do you maximize every single element of the pipe? Um, so we are working with, for example, our own DNA center methods and mechanisms by which we're saying based on our workload, how do we optimize the next look for our workload. When we find an issue within let's say WebEx, how do we automatically self heal the network? That is basically where we are headed. So we want to make sure we are constantly stack up and down the stairs, down the stack. And the other, you know you've talked about simplicity of use case. I'll give you an example. What we're doing with our devices now as it has face recognition, we don't store any, any images in the cloud. So as soon as you walk into a meeting room, we've got an IOT sensor that it recognizes your face. >>It says, Hey, let me pull up your meetings. It starts to track who all have joined your meeting. And then let's assume you forget to join the meeting. It wakes up and it says, would you like to join the meeting? Two of two of your colleagues have joined so you don't even have to hit the button. It is germaphobe friendly. So you don't have to touch. It binds you in basic automation. So that level of automation is coming in. So you're talking about the future. The future is about simplicity. That spans generations. So you're pretty much worn the human to come back and for the tech to fade away in the back of them. If you don't want them to be reliant on this app that you have to learn, right, it should be discernible, relatable, easy to use. >>Works like the movies in history. You're a rock star. I'm great to have you. In fact, now we know you live in Seattle. We're going to have you in our studio remotely and we're gonna make sure that bandwidth and that video is of highest quality., the SVP, senior vice president, general manager of the collaboration group of Cisco. Big part of the future of Cisco. This group is going to be really driving some of those network benefits. The applications are big part of the focus, changing the business models, business outcomes. This is the conversation is the cube coverage from Barcelona. We'll be right back after this short break.

>> From Cambridge Massachusetts, it's the CUBE, covering MIT Chief Data Officer and Information Quality Symposium 2019. Brought to you by silicon angle media. >> Welcome back to Cambridge Massachusetts everybody you're watching the cube. The leader in live tech coverage. The cubes two day coverage of MIT's CDOIQ. The chief data officer information quality event. Thirteenth year we started here in 2013. I'm Dave Vallante with my co-host Paul Gillin. Veda Bawo. Bowo. Bawo. Sorry Veda Bawo is here. Did I get that right? >> That's close enough. >> The director of data governance at Raymond James and Althea Davis the former chief data officer of ING bank challengers and growth markets. Ladies welcome to the cube thanks so much for coming on. >> Thank you. >> Thank you. >> Hi Vita, talk about your role at Raymond James. Relatively new role for you? >> It is a relatively new role. So I recently left fifth third bank as their managing director of data governance and I've moved on to Raymond James in sunny Florida. And I am now the director of data governance for Raymond James. So it's a global financial services company they do asset wealth management, investment banking, retail banking. So I'm excited, I'm very excited about it. >> So we've been talking all day and actually several years about how the chief data officer role kind of emerged from the back office of the data governance. >> Mmm >> And the information quality and now its come you know front and center. And actually we've seen a full circle because now it's all about data quality again. So Althea as the former CDO right is that a fair assessment that it sort of came out of the ashes of the back room. >> Yeah, I mean its definitely a fair assessment. That's where we got started. That's how we got our budgets that's how we got our teams. However, now we have to serve many masters. We have to deal with all of the privacy, we have to deal with the multiple compliancies. We have to deal with the data operations and we have to deal with all of the new, sexy emerging technologies. So to do AI and data science you need a lot of data. You need data rich. You need it to be knowledge management, you need it to be information management. And it needs to be intelligent. So we need to actually raise the bar on what we do and at the same time get the credibility from our sea sweet peers. >> Well I think we no longer have the. We don't have the luxury of being just a cost center anymore . >> No. >> Right, we have to generate revenue. So it's about data monetization. It's about partnering with our businesses to make sure that we're helping to drive strategy and deliver results for the broader organization. >> So you got to hit the bottom line. >> Yeah. >> Either raise revenue or cut costs >> Yeah absolutely >> You know directly that can be tangibly monetized. >> Exactly keep them out of jail. Right. Save money >> That too. >> Save money, make money. (inaudible laughter) keep them out of jail. >> Like both CDO's you do not study for this career path because it didn't exist a few years ago. So talk about your backgrounds and how you came to come into this role Veda. >> Yeah absolutely so you know you talked about you know data kind of starting in the bowels of the back office. So I am that person right. So I am an accountant by training. So I am the person who is non legally entity controllership by book journal entries I've closed the books. I've done regulatory reporting so I know what it feels like to have to deal with dirty data every single month end, every single quarter end right. And I know the pain of having to cleanse it and having to deal with our business partners and having experienced that gave me the passion to want to do better. Right so I want to influence my partners upstream to do better as well as to take away some of the pain points that my teams experiencing over and over again it really was groundhog day. So that really made me feel passionate about going into the data discipline. Right and so you know the benefit is great it's not an easy journey but yeah out of accounting finance and that kind of back office operational support was boring right. A data evangelist and some passionate were about it. >> Which made sense because you have to have quality. >> Absolutely. >> Consistency. You have to have so called single version of the truth. >> Absolutely because you look regularly there's light for the financial reports to be accurate. All the time. (laughter) >> Exactly >> How about you? >> I came at it from a totally different angle. I was a marketeer so I was a business manager, a marketeer I was working with the big retail brands you know the Nikes and the Levi's strauss's of the world. So I came to it from a value chain perspective from marketing you know from rolling out retail chains across Europe. And I went from there as a line management position and all the pains of the different types of data we needed and then did quite a bit of consulting with some of the big consultancies accenture. And then rolled more into the data migration so dealing with those huge change projects and having teams from all of the world. And knowing the pains what all of the guys didn't want to work on. I got it all on my plate. But it put me in position to be a really solid chief data officer. >> Somebody it was called like data chicks or something like that (laughter) and I snuck in I was like the lone >> Data chicks >> I was like the lone data dude >> You can be a data chick. It's okay no judgement here. >> And so one of the things that one of the CDO's said there. She was a woman obviously. And she said you know I think that and the stat was there was a higher proportion of women as CDO's than there were across tech which is like I don't know fifty seventeen percent. And she's positive that the reason was because it's like a thankless job that nobody wants and so I just wonder as woman CDO your thoughts on that is that true. >> Well first of all we're the newest to the table right so you're the new kid on the block it doesn't matter if you're man or woman you're the new kid on the block so you know the CFO's got the four thousand year history behind him or her. The CIO or CTO they've got the fifty, sixty year up on us. So we're new. So you have to calve out your space and I do think that a lot of women by nature like to take on things big. To do things that other people don't want to do. So I can see how women kind of fell into that. But, at the same time you know data it's an asset and it is the newest asset. And it's definitely misunderstood. So I do think that you know women you know we kind of fell into it but it was actually something that happened good for women because there's a big future in data. >> Well let's just be realistic right. Woman have unique skillset. I may be a little bias but we have a unique skillset. We're able to solve problems creatively. Right there's no one size fits all solution for data. There's no accounting pronouncement that tells me how to handle and manage my data. Right I have to kind of figure it out as I go along and pivot when something doesn't work. I think that's something that is very natural to women. >> Yeah. >> I think that contributes to us kind of taking on these roles. >> Can I just do a little survey here (laughter) We hear that the chief data officer of function is defined differently at different organizations. Now you both are in financial services. You both have a chief data function. Are you doing the same thing? (laughter) >> Absolutely not! (laughter) >> You know this is data by design. I mean I'm getting lucky I've had teams that go the whole gammon right so. From the compliancy side through to the data operations through to all of the like I said the exotics, sexy you know emerging technologies stuff with the data scientists. So I've had the whole thing. I've also had my last position at ING bank I had to you know lead a team of chief data officers across three different continents Australia, Asia and also Eastern and Western Europe. So it's totally different than you know maybe another company that they've only got to chief data officer working on data quality and data governance. >> So again another challenge of being the new kid on the block right. Defining roles and responsibilities. There's no one globally, universally accepted definition of what a chief data officer should do. >> Right >> Right is data science in or out are analytics in or out. Right. >> Security sometimes. >> Security right sometimes privacy is it or out. Do you have operational responsibilities or are you truly just a second line governance function right? There's a mixed bag out there in the industry. I don't know that we have one answer that we know for sure is true. But I do know for sure is that data is not an IT function. >> Well okay. That's really important. >> It's not an IT asset. >> Yeah. >> I want to say that it's not an IT asset. It is an information asset or a data asset which is a different asset than an IT asset or a financial asset or a human asset. >> But and that's the other big change is that fifteen. Ten to fifteen years ago data was assumed to be a liability right. >> Mmm. >> Federal rules set up a civil procedure we got to get rid of the data or you know we're going to get sued. Number one and number two is that data because it's digital you know people say data is the new oil. I always say it's not. It's more important than oil. >> It's like blood. >> Oil you can only use in one use case. Data you can reuse over and over again. >> Reuse, reuse perpetual. It goes on and on and on. And every time you reuse it the value increases. So I would agree with you it is not the new oil. It is much bigger than that and it needs to I mean I know from some of my colleagues in the profession. We talk about borrowing from other more mature disciplines to make data management, information management and knowledge management much more robust and be much more professional. We also need to be more professional about it as the data leaders. >> So when you're a little panel today. One of the things that you guys addressed is what keeps the CDO up at night. >> Yes >> I presume it's data. (laughter) >> No, no, no. >> It's our payers that don't get it. (laughter) >> That's what keeps us up at night. >> Its the sponsors that keep us up at night. (laughter) So what was that discussion like? >> So yeah I mean it was a lively discussion. Um, great attendance at the panel so we appreciate everyone who came out and supported. >> Full house. >> Definitely a full house. Great reviews so far. >> Yep. >> Okay, so the thing that definitely keeps folks up at night and I'm going to start with my standard one which is quality. Right you can have all of the fancy tools, right you can have a million data scientists but if the quality is not good or sufficient. Then you're no where. So quality is fundamentally the thing that the CDO has to always pay attention to. And there's no magic you know pill or magic right potion that's going to make the quality right. It's something that the entire organization has a rally around. And it's not a one thing done right it has to be a sustainable approach to making sure the quality is good enough so that you can actually reap the benefits or derive the value right from your data. >> Absolutely and I would say you know following on from the quality and I consider that trustworthiness of the data. I would say as a chief data officer you're coming to the table. You're coming to the executive table you need to bring it all so you need to be impactful. You need to be absolutely relevant to your peers. You also need to be able to make their teams in a position to act. So it needs to be actionable. And if you don't have all of that combination with the trustworthiness you're dead in the water. So it is a hard act and that's why there is a high attrition for chief data officers. You know it's a hard job. But I think it's very much worthwhile because this particular asset this new asset we haven't been able to even scratch the surface of what it could mean for us a society and for commercial organizations or government organizations. >> To your point it's not a technology problem when Mark Ramsay who was surveying the audience this morning. He said you know why have we had so many failures and the first hand that went up said. It's because of relations with the database. >> And I wanted to say it's not a technology problem. >> It's a hearts, minds and haves >> Absolutely. Absolutely. You couldn't make an impact to your data landscape without changing your technology. >> You said at the outset how important it is for you to show a bottom line impact. >> Right >> What's one project you've worked on or that you've led in your tenure that did that. >> If we're talking about for example I can't say specifics but if we're looking at one of institutions I worked at in an insurance firm and we looked at the customer journey. So we worked with some of the different departments that traditionally did not get access to data for them to be able to be effective at their jobs. But they wanted to do in marketing was create actually new products to make you know increase the wallet from the existing customers other things they wanted to do was for example, when there were problems with the customers instead of customer you know leaving you know the journey they were able to bring them back in by getting access to the data. So we either gave them insight like you know looking back to make sure that things didn't happen wrong the next time or we helped them giving them information so they could develop new products so this is all about going to market. So that's absolutely bottom line. It's not just all cost efficiency and products to begin . >> Yeah pipeline. (laughter) >> And that's really valid but you know. >> Absolutely so I'll give you one example where the data organization partnered with our data scientists. To try to figure out the best location for various branches. For that particular institution. And it was taking right trillions of data points right about current footprint as well as other information about geographic information that was out there publicly available. Taking that and using the analytics to figure out okay where should we have our branches, our ATM's etc... and then conslidating the footprint or expanding where appropriate. So that is bottom line impact for sure. >> I remember in the early part of the two thousands I remember reading a Harvard business review article about gut feel trumps data every time. But that's an example where no way. >> Nope. >> You could never do better with the gut than that example that you just gave. >> Absolutely. >> Veda. I want to ask you a question. I don't know if you've heard Mark Ramsays talk this morning but he sort of. He sort of declared that data governance was over. >> Mmm. >> And as the director of data governance >> Never! >> I wondered if you would disagree with that. >> Never! >> Look. >> Were you surprised? >> It's just like saying that I should stop brushing my teeth. Right I always will have to maintain a certain level of data hygiene. And I don't think that employees and executives and organizations have reached a level of maturity where I can trust them to maintain that level of hygiene independently. And therefore I need a governance function. I need to check to make sure you brush your teeth in the morning and in the evening. Right and I need you to go for your annual exam to make sure you don't have any cavities that weren't detected. Right so I think that there's still a role for governance to play. It will evolve over time for sure. Right as you know the landscape changes but I think there's still a role right for like governance. >> And that wasn't my takeaway part. I think he said that basically enterprise data warehouse fail massive data management fail. The single data model failed so we punted to governance and that's not going to solve the enterprise data problem. >> I think it's a one leg in the stool. It's one leg in the stool. ` >> Yeah I think I would really sum it up as a monolithic data storage approach failed. Like that. And then our attention went to data governance but that's not going to solve it either. Look, data management is about twelve different data capabilties it's a discipline so we give the title data governance but it means multiple things. And I think that if we're more educated and we have more confidence on what we're doing on those different areas. Plus information and knowledge management then we're way ahead of the game. I mean knowledge graphs and semantics. That puts companies you know at the top of that you know corporate inequality gap that we're looking at right now. Where you know companies are you know five and thousand times more valuable then their competition and the gap is just going to get bigger considering if some of those companies at the bottom of the gap are you know just keep on doing the same thing. >> I agree I was just trying to get you worked up. (laughter) >> Well you did. >> It's going to be a different kind of show. >> But that point you're making. Microsoft, Apple, Amazon and Google, Facebook. Top five companies in terms of market cap. And they're all data companies. They surpass all the financial services, all the energy companies, all the manufacturers. >> And Alibaba same thing. >> Oh yeah. >> They're doing the same thing. >> They're coming right up there. With four or five hundred billion. >> They're all doing the knowledge approach. They're doing all of this stuff and that's a much more comprehensive approach to looking at it as a full spectrum and if we keep on in the financial industry or any industry keep on just kind of looking at little bits and pieces. It's not going to work. It's a lot of talk but there's no action. >> We are losing right. I know that Fintechs are right fringing upon are territory. Right if Amazon can provide a credit card or lend you money or extend you credit. They're now functioning as a traditional bank would. If we're not paying attention to them as real competitors. We've lost the battle. >> That's a really important point you're making because it's all digital now. >> Absolutely. >> You used to be you'd never see companies traverse industries and now you see it Apple pay and Amazon and healthcare. >> Yeah. >> And government organizations teaming up with corporations and individuals. Everything is free flowing so that means the knowledge and the data and the information also needs to flow freely but it needs to be managed. >> Now you're into a whole realm of privacy and security. >> And regulations right. Regulations for the non right traditional banks. So we're doing banking transactions. >> Do you think traditional banks will lose control over the payment systems? >> If they don't move with the time they will. If they don't. I mean it's not something that's going to happen tomorrow but you know there is a category of bank called Challenger banks so there's a reason. You know even within their own niche there's a group of banks. >> I mean not even just payments right. Think about cash transactions like if I do money transfer am I going to my traditional bank to do it or am I going to cashapp. >> I think it's interesting particularly in the retail banking business where you know one banking app looks pretty much like other and people don't go to branches anymore and so that brand affinity that used to exist is harder and harder to maintain and I wonder what role does data play in reestablishing that connection. >> Well for me right I get really excited and sometimes annoyed when I can open up my app for my bank and I can see the pie chart of my spending. They're using my data to inform me about my behaviors sometimes a good story, sometimes a bad story. But they're using it to inform me. That's making me more loyal to that particular institution right so I can also link all of my financial accounts in that one institutions app and I can see a full list of all of my credit cards, all of my loans, all of my investments in one stop shopping. That's making me go to their app more often versus the other options that are out there. So I think we can use the data in order to endear the customer source but we have to be smart about it. >> That's the accountant in you. I just refuse to not look. (laughter) >> You can afford to not look. I can't. >> Thank you. >> Thanks for riling us up. >> Alright thank you for watching everybody we'll be right back with our next guest right after this short break. You're watching the cube from MIT in Boston, Cambridge. Right back. (atmospheric music)

>> live from Las Vegas. It's the Cube covering magenta. Imagine twenty nineteen. Brought to you by Adobe. >> Hey, welcome back to the Cube. Lisa Martin at Imagine, twenty nineteen from the Wynn Las Vegas. It's happy hour here, but I really wish I had a Coke. I don't have one. But I do have a gentleman from Coca Cola, please doing me and welcoming a couple of guests to the Cube. We have Enrique no great day. The director of Direct to Consumer for Coca Cola Mexico. Enrique, Thank you for joining us. >> Thanks, Lisa. Nice to meet you. >> And we have from forty for Raghu Kerala managing partner. Welcome to >> the Cube. You nailed the name. There you go. Talk >> to >> that interview. I did my best. All right, so here we are in imagine, twenty nineteen with about thirty, five hundred or so people. This show is one that has a tremendous amount of energy. It's like you gave everybody a cook when they walked in the door. Didn't really need it, But we've heard a tremendous amount of positivity people very excited for being able to leverage the power of data to deliver really impactful experiences and as consumers of any product. We want a brand to know us. We want them to help us make our lives better. Before we dig into that with Coca Cola, argue, let's start with you. Forty four is one of magenta owes partners. Give us a little bit of a history there on what you guys do, together with the Gento and four customers like Coca Cola, Mexico. >> Thank you, Lisa, and thank you for inviting us here today. Well, when we put together forty four, we ask yourself some questions like, How do we aspire to be great? And one of the things was to surround ourselves with great partners and adobes definitely been a great partner for us, because what we want to do is bring tea to our customers. A not just a sight but an experience for their consumers. They can live on and grow and invest in a platform. And what we found with Adobe and the Magenta Commerce cloud was a way that we could start building something in an array, tours greatness by using data and insights to build upon our knowledge. And luckily, way found a great partner in Coca Cola that we could aspire to be great together to the end. Consumer e commerce is still in this early days, and what we wanted to say is that a great brand could start and start looking at e commerce in a way to improve their customers. Lives be available in moments that of need and moments of want. And that's something we started doing with North America about four years ago and brought that to Western Europe. And now Lat Ham in the last year has been a great experience partnering with you. >> CocaCola is a brand that everybody knows globally. It's one of those almost feel good brands, right? I mean, you just can't help but get a smile on your face when somebody asked If you want a cup full, of course, who would say no to that? Give me a little lemon twist and I'm very happy, but something that you guys are doing together with Coca Cola. Mexico was really inspirational, and it's really helping to transform and improve people's lives. And we could talk to us about the program that you're building with forty four and how it's actually making giving people access to things that they don't just want that they actually need, like, quality of life, type of sure products. >> So thanks. Thanks a lot, Lisa, for the invitations. So first of all, you know, we have a big challenge, because way No, we have a great brand way, actually have a lot of brands, and that's the challenge. So how can we create this? The solution where we can access people to this? Never. It's for life. So it's not only Coke way have a lot of different products, and Wei have in Mexico is that it's, ah, project that we are calling Coca Cola. It's Coke at home on what we do there is. We are providing the consumers a subscription model where we are enabling the access to multiple beverage products any time on everywhere. So that's that's That's the ambition we have we launched last year in the city of Monterrey. It's It's our first city. We are planning to scale this business into the whole country and probably Latin America. First on, why not probably the states on some foreseeable future. >> So this is more than on demand. I live in Silicon Valley, where we're pretty, you know, we have high expectations and I want to order something, whether it's on door dash or through Google expressed our Amazon that I wanted to show up within an hour. But that's, you know, I might be lazy, that I don't actually want to get in my car and driver walk somewhere. But what you're talking about this is this is not just I want Coca Cola products on demand. This is actually reaching people that really have a strong and need for this type of service. Talk to us about that human interaction and what you guys are really enabling there for your consumers. >> Sure, so So, yeah, United. So the thing is, what we see, the big opportunity here is way. Want to be closer to our consumers? We went to understand them. We want to to hear from them, to receive feedback directly back the way we are used to working Coca Cola in the past one hundred and thirty three years that that's a history of cardiac alights way have the customers that interact with consumers, and then we get some information from the consumers. We've been great doing marketing campaigns, you know. But right now the challenge that we're facing is we want to have direct feedback from them. So we're creating this eco system where we are getting feedback. We're getting knowledge from them, and we know exactly what what's their their needs. The pain points, their suffering, Andi the way what we can solve them and probably eventually some future products. But we can create for them with the specific necessities that they have. So that's what we're creating there. That's a big thing. >> And so we're gonna talk to us about the opportunity to work with a brand like Coca Cola that's been around for over one hundred thirty years, talk about transformation and be able to enable them to really kind of not just delight customers. But there's an emotional connection that people >> have this products. So we always say, like ideally done way can add value from the state of desire to the state of consumption, and in between is a transaction. It's fulfillment, its operations and perhaps unique to most clients of, um, Magenta and Adobe. Coca Cola in Mexico owns a full relationship, and it's a full branded piece from creating that desire in your heart in your mind in your taste buds, but then owning that all the way through the delivery trucks and the people delivering it to your door. And that's something that a CPD firm just actually, I'm not sure of any other CPV firm does in the US or in Mexico at this point. And but then what is the excellence mean? We haven't untidy of excellence of what Coke means to us, the nostalgia and what it means today. But that also raises the high bar because we're not allowed to not be excellent at any other touch point of the brand. But definitely it's fun, right? It's a challenge, you know, making money online. That's the easy part, Being really proud of what you're doing online. That's kind of what makes you go to work every day. >> Being relevant for consumers is what, yeah, >> being relevant? Absolutely, especially because there's a lot of choice with most products and services that are available to us as consumers these days. And if you think of you know, we've been talking a lot at this event about the customer experience and customer experience management, and how can Adobe Inn Magenta enable their customers to use data to understand what delivering what my customer wants to improve. Whether it's, you know, we talked to HP Inc this morning allowing me to order a new PC or printed or ink and have it delivered specifically exactly the way that I wanted to. Whether it's, you know, getting a Coca Cola. I want whoever I'm interacting with to give you a seamless experience. But use the data that you're collecting about me to make my life better. Make my life easier, more seamless. Frictionless. How are you guys at forty for helping Enrique and team utilize that data too crude to really enhance this consumer experience and maybe even create more brand loyalty? Yeah, it's >> interesting. I think data is a tool, but then your hypothesis, where you go from has to be endemic to the brand and for Coca Cola. On the internal, we think of it as a portfolio portfolio of different products in different needs states from hydration to enjoyment from special moments to everyday moments. But then that allows you to start thinking, How do I be part relevant part of more moments and then you could say, Where does data fit into that and now I can understand how there's a new moments being made because people's lives change and the youth always find different ways in different ways of living in different way from being. How can we be relevant to them through our throughout all of that, from the moment you wake up in what you need state is there to special moment of happiness, and they have a company that has products that could live up to. All of that is great and you know you need a portfolio. But you also need to being desire and wanted need all together in one thing, because one person has all of that and one company came, fulfill it if you think about it from a idea of moment. But then what data? Khun, Due to bring those to life >> so soon being relevant, continuing to be relevant is challenging. It's going to require you to really look at trends across a spectrum of, say, consumer behaviors. Enrique, what are some of the trends that you guys are seeing with this project that you've launched in Mexico, and how were you going to be using those trends to expand this globally? >> Sure, Yeah, So? So first of all, as you, as you know, probably e commerce in Mexico is is quite a small right now. So the thing is, it's growing in, you know, very aggressive rates on DH. It happens the same in the rest of Latin America countries. So what What other retailers are looking at is they want to create this this big business right now because they know that in the future it's going to be the competitive advantage for them. So So I think that's something that not many sippy jeez are looking at. There's a lot off are things that must happen inside the companies to enable this on DH. In my experience, the most challenging things and it's not a trend, but it's it's a challenge that we face us as a big city. Gee, Cos is how can we change the culture inside the company? Because this is the main barrier we have. We face when we see and I I'm going to give you the example of Mexico when we see the digital sales of the beverage in Mexico, it comes about two point five percent of the total sales that we have so its its really small if you compare it to the rest of the retail. So whenever we go to the to the rest of the corporation and the rest of the building in Mexico, we say that we want in best, and we want to do there's there's a lot of barriers, you know on the challenge, the main challenge that we face right now. The's companies that want to go direct ical Sumer is this is happen. We changed the mindset, change the culture, and I think that's the most relevant. It's no trend, but it's It's the most relevant challenge that we're facing right now, >> a big challenge because not just for for every convict, but a company with the history that Coca Cola has to be able to start leveraging that data to start to change mindsets and ship cultures. Where are you guys on that journey? And how is your partnership with forty four may be a facilitator of that cultural change? >> Yeah, sure, So it's to be really honest. We're we're beginning this journey way have some countries that are ahead of us. We have some examples in China, For example, curriculum, China's great things cortical in North America is doing very big things in Mexico and Latin America. We're starting the journey on the thing. What we realized is that we need to get together with people that know of this matter. Way are really good at marketing. We're really good at a commercial approach. Operational approach ware not the best at the commerce, but we. That's why we are partnering with guys that no one, we're partnering with platforms like Adobe Magenta, too. To achieve this, that's that's the thing, right? >> Yeah, >> Rookie will finish with you. What are some of the things that you have seen and heard at? Imagine twenty nineteen from a technology innovation perspective that give you the confidence that adobe in Magenta Technologies are going to be able to deliver, what it is that Enrique and his team need to make that barrier change internal evaporate. Yeah, >> I mean, I think when you think of technology right now, even within adobes, it's what the combination of different products that adobe has and how they're going to come together. So the roadmap is a critical piece of it. I think there's been a great announcement of Sensei's coming in and being part of the core offering to make each interaction a little smarter, but also really see the payoff and save what's the real need that trying to be solved, then back that into the products that you see to cut between the different between a press release and a road map? And I think when you come to a summit like this, you hear things from Adobe. But then you also hear the reactions from the customers. And if you hear those both at the same time, you find that great thing in the middle >> of >> what's actionable. And I think if you think of only customer opinions or the what the platform says individually, I think they're less relevant than finding that really time reaction to trends and say, Honestly, sometimes you're drowning in technology and you wantto move the business forward and react to that weak sales that month's numbers. But then you say, Well, let me take a step back and look at the road map or vice versa, and I think everybody's in different stages of where they're going. So until you get that wisdom from everybody else, anyone announcement might be might take you off course. But then you start saying other people are in my boat. Other people are filling my opportunity, sent my sense of opportunity, and other people are feeling my sense of pain. And it's great to see a community come together. It's five thousand people that all want to accomplish something different things, but they want to accomplish success. Whatever. However, they personally define it. >> And it is to your point. It's a very, very strong community here. But we thank you both so much for taking the time to share with us what you guys are doing together with Coca Cola run that everybody knows and loves. So I say we go get a cookie cola and wrap this segment. What do you think you're all right? >> Moment is coming. >> Fantastic. You're watching the Cube. I'm Lisa Martin from Imagine, twenty nineteen from the Wynn Las Vegas. Thanks for watching