On this episode of the Six Five On the Road, Shira Rubioff is joined by HUB International’s Jeremy Embalabala and Cohesity’s Kit Beall for a conversation on redefining cybersecurity and data management in today’s rapidly evolving digital landscape.
Their discussion covers:
- The transformative role of HUB International in the global insurance and financial services sector, and an insight into Jeremy’s pivotal role.
- A deep dive into Cohesity’s mission to revolutionize data management and security to derive actionable insights.
- Jeremy’s perspective on the significant threats in cybersecurity and the strategic measures HUB International has adopted.
- Collaboration strategies between IT and Security Operations to confront rising cybersecurity challenges.
- The synergy between HUB International’s multicloud strategy and Cohesity’s innovative data protection solutions for enhanced cyber resilience.
Learn more at Cohesity.
Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.
Or listen to the audio here:
Disclaimer: The Six Five Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we ask that you do not treat us as such.
Transcript:
Shira Rubinoff: This is Shira Rubinoff, President of Cybersphere, a Futurum company on the road with Six Five Media here at RSA 2024. I’m joined by Jeremy Embalabala, CISO at HUB International. And Kit Beall, CRO Cohesity. Welcome gentlemen.
Kit Beall: Thank you.
Jeremy Embalabala: Thank you.
Shira Rubinoff: Can you please introduce yourselves to our audience? Tell them a little bit about what you both do for your organizations and Jeremy. I’ll start with you, please.
Jeremy Embalabala: Yeah, thanks, Shira. So, Jeremy Embalabala, CISO at HUB. We’re a leading private insurance broker based out of Chicago, and my responsibility encompasses traditional security as you think about it, security, operations, architecture and engineering, but also governance, risk and compliance.
Shira Rubinoff: Wonderful. Thank you. And Kit?
Kit Beall: Great to be here. I am the CRO at Cohesity, means I’m responsible for everything to do with revenue generation here at the company. I’ve been with Cohesity now just a little bit over a year and spent the last 30 years in tech sales. So really excited to be working now on the future of data protection and security and to have a great guest here.
Shira Rubinoff: Well, super important space and we’ve a lot to talk about today. So Jeremy, let’s start with you. So HUB International is a leading global insurance brokerage and financial service firm. Can you tell us a little bit about the scope of operations and your role at the organization?
Jeremy Embalabala: Yeah, so HUB has primarily a commercial insurance brokerage, we also have personal lines, everything from cyberassurance, DNO, ENO, employee benefits, specialty, MJ, wholesale. We’ve got kind of everything. We do a lot of acquisitions, so we have 60 to 70 acquisitions a year. So security program is very, very busy. But we’re primarily based in the US and Canada, but we have some international customers as well.
Shira Rubinoff: Wonderful. And Kit can you please share a little bit about Cohesity and its mission to secure and manage the world’s data while helping organizations unlock data insights?
Kit Beall: Absolutely. So we think of data as sort of like an iceberg. What you use every day is just the top of the iceberg you can see, but it’s underneath that really is, frankly in many ways, more powerful, more valuable to organizations. So Cohesity was built 10 years ago from the ground up to be a next generation secondary data management security company. We have built this all on the concept of hyperconvergence, such that we can deliver the best performance, the best speed, speed to recover, speed to restore. And the idea here is to really protect those crown jewels. The data that again, that Jeremy’s describing that runs this business. That’s how Cohesity is structured. That’s what we do. And now we’re adding additional security layers and going into the future, AI.
Shira Rubinoff: Super important. Data is king, and everybody knows that you really need to not just protect it, know where it sits, nor where it lies, who has access to it across the board. Super important. And Jeremy, the security landscape has changed remarkably in the last decade with more than 20 plus ransomware attacks every second. Jeremy is a CISO of a multi-billion dollar company. What are your top concerns when it comes to cybersecurity? And there’s certainly many of them. We talked to many CISOs and the list is a mile long, but what are your main concerns that you think about?
Jeremy Embalabala: Yeah, the number one concern for me is data protection. So being an insurance broker, we have what we like to call the trifecta-sensitive data. So we’ve got PII, PHI, and obviously we deal with PCI. So keeping our customers’ data safe is really important, not just for us, but for our customers and the companies we do business with. So that’s kind of forefront of mind and everything that we do really focuses around how do we keep that data safe. The second piece is around the shifts in the regulatory landscape.
So things are changing, the world’s changing very, very quickly. The threat landscape is changing, the risk landscape is changing, which it needs to, the regulations need to change to keep up with the realities of the world that we’re in. But how do we, as security professionals, ensure that we are able to rise to that level and how do we measure? And so it’s getting more and more important for us to be able to not just bring controls and bring a healthy security posture to an organization, but also represent that. So how do you measure that, communicate that to your other stakeholders, your customers, regulators, et cetera.
Shira Rubinoff: Certainly, and it’s also not just changing, it’s expanding, that much quicker than really anything we’ve seen in a very long time in our security areas. And Jeremy, how are you breaking down the barriers between traditional IT and SecOps, and what new challenges does that create, bringing these two teams together and certainly in the area of security and organization, bringing teams together is not that simple.
Jeremy Embalabala: Yeah, that’s a great question, Shira. So if you think about, you go back in time and you talk about technology organizations in general. There was this concept of ownership and you had either security owned a product or a solution or IT owned a product or solution, or the business maybe owned a solution. And that’s kind of changed in the world we’re in today, it’s necessary for us to share responsibility. Processes are no longer owned by one team or one silo. Solutions, product relationships, vendor relationships are no longer just owned by one team. So it’s very important for us to define what the organization needs, what is best for HUB, what is best for us, and work together to figure out how we can make that a reality.
Shira Rubinoff: You hit the nail on the head with one of the biggest problems organizations deal with because when you talk about ownership, it’s a lot of, “Well, that’s your responsibility. It’s not something I deal with.” And then companies have a lot of friction. So when you’re able to bring those together and able to incentivize the different groups together in a way that makes them work, in a way that’s fluid for the organization, it’s better security, but also better within the organization. So that was exactly well said there.
Jeremy Embalabala: Yeah, people talk about the shared responsibility model as the term that was coined for the cloud. I think about that as an internal technology organization, shared responsibility for organization and for our customers with our technology platforms.
Shira Rubinoff: Certainly, certainly. And Kit did the concerns Jeremy shared resonate with and what you’re hearing from your customers, because obviously we’d like to talk to our customers because the feedback is what makes us better. So I’d love to hear your thoughts around that.
Kit Beall: I love this concept of the trifecta of the sensitive data. And I think we hear this a lot from customers all around the world, candidly. And it’s whether you’re talking about a nationwide restaurant chain, all the way on up to the world’s largest insurers and banks, everyone is concerned about making sure that you have a strategy to protect and secure the data. It could be employee data, it could be customer data. It really runs the gambit. And I think the challenge we’re seeing right now is that the bad actors, the cyber criminals are getting smarter and they know now it’s not just to go after that primary data, they go after the backups as well.
Shira Rubinoff: That’s correct.
Kit Beall: And so as we think about how to continue to evolve the way that we protect and secure this data, first of all, we have to listen to our customers every day because they tend to be pushing us in ways that we might not have thought of on our own.
Shira Rubinoff: They’re on the front line.
Kit Beall: They’re on the front line, and they see the attacks in many cases well before the world knows about them generally. But I think equally, I think we’re at a place now where we have to innovate faster. Again, you talk about the cloud delivered model, IT is pushing all of us, and we want to make sure our customers have a competitive advantage because they can be confident that their data’s protected and secured the right way. And they can go take measured business risks in terms of trying new things, again with that confidence that their core data is protected.
Shira Rubinoff: Well, that’s super important, and I think a lot of organizations are starting to realize that the feedback is just as critical as the move forward to really listen, so they can hone in on what needs to be tweaked or fixed or just moving together forward as a team is quite critical. And Jeremy, more and more ones are adopting multi-cloud strategies, both for cyber resiliency and for optimal performance. So how does Cohesity help HUB reach its goals for multi-cloud strategy and ensure comprehensive data protection? How are they helping you?
Jeremy Embalabala: Yeah, so HUB’s multi-cloud. I think in today’s day and age for a large enterprise, you need to be multi-cloud. You need that resilience and that flexibility. And for us, Cohesity is our core backup solution across those clouds and across on-prem. And I think about backup and data protection. Most of these solutions that are out there, legacy solutions, are focused on a different use case. You’re thinking about traditional recovery, you’re thinking about flood or tornado or fire, and they’re not really positioned well for the reality of today, which the most likely case is going to be maybe a ransomware incident or some sort of cyber incident.
And so for us, Cohesity made a lot of sense as being part of our strategy with this kind of approach to immutable data in the cloud, in a cloud that’s not part of our production cloud. It’s managed by Cohesity. And so to us, that was really the differentiator why we ended up going down the path with Cohesity to be part of our data backup strategy.
Shira Rubinoff: Well, that certainly makes sense with what you’re dealing with in real world scenarios. And I think a lot of organizations think there’s a one size fits all, but you really hold on to the reasons why. And I think organizations need to take note of that and realize what the areas are that they need to fix and find the right solutions for the organizations that make sense. And Kit, artificial intelligence is automating and optimizing businesses’ processes across the globe. As Cohesity recently shared exciting news about AI powered enterprise search, which allows their customers to gain insights and value from their data. Can you share a little bit about this and obviously gaining insights and value to the data, like data is king, you do everything with the data. So please share with us about what you’re doing for your audience.
Kit Beall: Well, there are two pieces of this. One is similar to what Jeremy just said. The legacy approach to data backups was you’d make a copy, you’d put it away for a rainy day, that flood, fire, earthquake, and it would just sit there and hopefully you never have to use it. Our view has always been, if you have this very fresh current copy of your production data, you can do a lot more with it. So now as we start to think about, okay, you’ve got something, you’ve got an asset, you put it to work, rather than just sit there and consume space, power and cooling in your data center, we think that’s a very powerful concept.
But what we’ve been able to do is to then build on that with a modern RAG solution, Retrieval, Augmented and Generated search, and be able to actually enable our customers, in particular with unstructured data, which I’m sure you have a lot of unstructured data, to be able to actually go ask questions and do the things that you could pay analysts or data scientists to go and do, but they would take hours, days, weeks to do these things. Now you can do it with a quick UI, text-based UI, ask the questions of your data. We say have a conversation with your data actually.
Shira Rubinoff: It’s making your data work for you. And the best case scenario, because that gives more insight, it makes the data more valuable and also gives the company more to work with and knowledge, which I think is quite critical. And Jeremy, how is HUB incorporating or looking to incorporate artificial intelligence?
Jeremy Embalabala: Yeah, I think there’s a lot of buzz around AI right now. I saw a panel yesterday, and I won’t try to quote the exact stats, that quoted a survey that talked about executives that were pulled on adoption of AI or the desire to adopt AI. And it was somewhere in the 50% ballpark. And then the same questions were asked to the technology owners, the implementers, and it was in the 10% range. So there’s this gap between businesses and the leadership standpoint and having an appetite to consume AI and bring AI as part of the business.
But the reality is use cases aren’t really defined yet universally, and there’s still a gap to go. I think from a security perspective, AI has been something that’s been around for a while, and has baked into a lot of the products, a lot of the solutions that we as practitioners use. And I think that with the new wave on LLMs, and it really has power to stitch things together in a way that we hadn’t had before. And so I’m excited about the innovation that it can bring to the security operations forefront and being able to allow security analysts to triage threats and make decisions, smarter decisions, much, much faster with less objectivity. So I think to me, that’s the most exciting area for me personally and where we’re focused on from a security perspective.
Shira Rubinoff: No, that’s wonderful. And I know AI is certainly moving at warp speed, but it’s still in its infancy and we’ve yet to see where we’re going with that, both from an attack vector and also from a defense mechanism. So that’s certainly very important. And Jeremy, what are your long-term goals for building out HUB International’s BCDR strategy, and how do you see Cohesity assisting with this in the future as you move forward within your organization?
Jeremy Embalabala: Yeah, so to me, I talked a little bit about the shared responsibility internally. We talked about how the threats have changed and data protection isn’t just about the physical natural disasters anymore. So to me, it’s continuing to invest in our incident response capabilities, our integrated planning with our technology and business partners. So they’ll really have kind of end-to-end thinking and planning around data protection and Cohesity is a core capability for us, but we want to continue to mature our capabilities, continue to invest and develop that integrated end-to-end thinking around data protection.
Shira Rubinoff: Well, that’s wonderful. It seems like this partnership is a one plus one equals three, and I always like to ask my guests to give our audience just maybe a little bit of a cybersecurity tip, something you personally think that people should really think about when you think about being secure, whether being within your organization or personally, something to be secure about in cybersecurity. And Kit, I’ll start with you.
Kit Beall: Sure. I would actually build on something that Jeremy said a moment ago, which is physical diversity. If you have all of your assets in one place, no matter what, there could be an earthquake, a fiber cut, a fire, whatever it happens to be, make sure you have the physical diversity in your cybersecurity strategy to make sure that not only can you protect yourself, but you can recover quickly if you need to.
Shira Rubinoff: Very smart and very true. And Jeremy, how about yourself?
Jeremy Embalabala: Yeah, to me it’s thinking outside the box. This industry is fairly young compared to other industries, and there’s a lot of innovation and a lot of new things that are being developed. And just because we did something the same way we did it 10, 15 years ago doesn’t mean that’s how we have to do it going forward. So we need to think outside the box and be willing to take different approaches and take some risks in solving some of these challenges.
Shira Rubinoff: Thank you very much, and thank you Jeremy, and thank you Kit for joining us here today. This is Shira Rubinoff, for Six Five Media. Thank you all for joining us.
Author Information
Acclaimed cybersecurity researcher and advisor, Shira is a global keynote speaker and presenter, and expert media commentator. She joined The Futurum Group in February 2024 as President, Cybersphere.