Search

What Is Comprehensive Cyber-Resiliency? — Infrastructure Matters, Episode 4

What Is Comprehensive Cyber-Resiliency? — Infrastructure Matters, Episode 4

In this episode of the Infrastructure Matters Podcast, Camberley Bates and Krista Macomber discuss some news items below. They then highlight the need for a comprehensive approach to cyber resiliency that involves collaboration between various teams and continuous training to stay ahead of evolving cyber threats, and they touch on implications for technology and IT infrastructure.

Topics include:

  • Veeam receives DoDIN APL certification
  • IBM launches the FlashSystem 5045
  • Rubrik partners with Microsoft for Sentinel SIEM, Azure OpenAI integration
  • The Futurum Group’s upcoming participation in the Flash Memory Summit
  • Comprehensive cyber-resiliency
    • What exactly IS comprehensive cyber-resiliency?
    • General considerations and best practices from a technology standpoint, including touching on:
      • Data protection
      • Data management
      • Automation
    • The CISO perspective, based on a recent Futurum Group research study
    • End-user training

You can watch the video of our conversation below, and be sure to visit our YouTube Channel and subscribe so you don’t miss an episode.

Listen to the audio here:

Or grab the audio on your streaming platform of choice here:

 

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Transcript:

Camberley Bates: Hi, everyone. It’s Camberley Bates here at the Futurum Group, at Infrastructure Matters. And I’ve got here somebody that you guys already seen, Krista Macomber.

Krista Macomber: Hey, Camberley. How are you today?

Camberley Bates: I’m pretty good. It’s a great July. Hey, I wanted to cover some news and then we’re going to start talking about comprehensive cyber resiliency today.

July, news is a little bit lighter. Everybody’s on vacation, especially post-COVID here. I think we are actually, the United States might actually start acting like Europe and disappearing for a while. That would be amazing, wouldn’t it?

So, anyway, so what we’re going to do is cover some of the top news items, which is not a huge amount. But Krista, why don’t you kick us off?

Krista Macomber: Sure, sure. So a couple of things from my perspective. The first that actually just came over the wire this morning is that Veeam has officially received its certification for the US Department of Defense, in terms of being on its network-approved products list.

And this is interesting because we’ve really seen a strong effort from Veeam over the last couple of years to work closely in terms of meeting the requirements for the US Federal sector. We did see that due to the fact that Veeam did have some ties to Russia due to its founders over the last couple of years.

Again, Veeam has sort of gone through a little bit of restructuring, and launched actually a dedicated business unit designed to certify its code according to all of the security and privacy certifications that are required to work with the US Federal sector. So, just kind of good to see that, continuing down that positive momentum for Veeam, from that perspective.

Camberley Bates: Yeah. And this is actually pretty big thing with them. They established an entire division. I know you talked about a business unit, but really, they stood up an entire different group and did a huge amount of separation between the core corporate and the other environment, in order to overcome some of the historical systems that they had or impressions that they had.

So every time that they put another stake in the ground, it is a big, big deal for them to progress in this direction. And expect them to do well in the Fed market because they are very focused on it, with some really super high level and strong executives that they brought in, that were part of Federal Government in some way or another, in maybe the US military, etc.

So another one that just came over the wire, I mean, these are little announce, well actually that was a really big announcement. Another announcement that just came over the wires from IBM, and they released a new FlashSystem, a low end FlashSystem. And all I can say is that this stuff keeps getting better, and better, and better in terms of price performance. I think this thing is a little box that is 50, 45, $24,000 for potentially the entry position there.

And as you know, that entry market, as well as that mid-range, as IDC defines that, mid-range market has been just booming because it’s, quote, unquote, in many situations it’s good enough, or it’s actually better than enough. And in fact, what I think is really great about seeing the low end of IBM’s products is what they have in there for cybersecurity, which I know we’re going to talk about.

You’ve got a low end product that’s going into a small business environment. They’re getting attacked just as much as the big guys. In fact, they may be getting attacked even more so because they’ve got less skills to keep buttoned down things. And so, what you’re seeing is these good strong systems, like the Safeguarded Copy that they have, that gives them immutable encryption copies, multifactor authentication, which I think is normal for most people now. But also the two-person requirements or capabilities that you have for delete and copy and encryption.

So all of those are like, I don’t think we necessarily see that way on the low end. But in this situation, we are doing, so they’re bringing all that SVC richness into the low end area. And anything else you got that’s new?

Krista Macomber: Yeah. Yeah. I have. I had one other which actually came through late last week, and that was Rubrik has partnered with Microsoft Sentinel, which is a security information and events management tool, as well as Azure’s OpenAI, generative AI capability. The use cases primarily are going to be to accelerate the ability to recover from a ransomware attack, and really kind of, again, speed that incidence response, if you will, by using the generative AI.

And I thought this did warrant maybe a minute or two of discussion because we are starting to get some questions about it. I think, in general, as an industry, we’re hearing a lot of hype around generative AI. And I think there’s a lot of questions and buzz around how might we be able to apply generative AI collectively as an industry to maybe do our jobs a little bit more effectively. Especially from the standpoint of IT operations, where there is this skills gap that we see really being a pervasive challenge that IT teams are trying to overcome.

So when we think about cyber resiliency, which I know is the topic of what we’re going to dive into in a minute or two, this becomes important because the ability to really reduce that business downtime, by responding more quickly to attacks, is important. I think that’s one potentially interesting use case for generative AI.

I think we do need to be careful because it’s still, of course, very early days. So I think the applications of the technology are still very much being defined and sorted out, if you will. And of course, we also do need to be careful regarding data privacy, and really being aware of what data we’re providing these AI tools with access. That, of course, becomes important.

So again, just something that I wanted to bring up because we are getting some questions about it. And I think it’s going to be interesting to continue to track, as the technology applications themselves mature, and really those use cases as well.

Camberley Bates: Yeah. Yeah. So that brings us into, actually, I had one other thing that I want to bring up. Actually, this is an advertisement so you can turn me off if you really want to. Flash Memory Summit. I’m on the executive committee that plans for Flash Memory Summit, that is hosted in Santa Clara, the 8th through the 10th in August. Registration is now open. You can find it at flashmemorysummit.com and register there.

One of the cool things I’ve been doing for, I don’t know, we’re going on eight years for this, is the SuperWomen in Flash. We started doing the SuperWomen in Flash with Flash Memory Summit because, frankly, there are like 10% of the people that attend that environment have been women. And I know there are some really incredibly strong women out there that have, and we’re also thinking, one of the things we looked at is saying we’re not getting our fair share of the people that could come and do all the engineering work in that. So we’ve been doing, our mission has been to raise the level and visibility of women in the industry, in hopes of attracting even more into the industry, which is pretty cool. So it spans everything from the folks like Western Digital, Samsung, Kioxia, and Micron and Intel, to all the big vendors like Dell and IBM, etc., that bring products to market.

We have a, last thing I’ll say is, we have two big things that we do at the event. One is we have a big leadership award, a SuperWoman Flash Leadership Award. We haven’t announced it yet, and that will be later this month. And the second one is we have something called a peer exchange, if you want to call it speed dating kind of thing, that we have a happy hour event. Everybody is welcome. The idea is to get to exchange ideas around the industry, around careers, around the business, the business, and meet new people. So that is SuperWoman in Flash Leadership Award and SuperWomen Flash Peer Exchange. So, that’s my advertisement.

Okay, back to our regular meeting.

Krista Macomber: Nope, all good. Hey, I love it. I know I’ll be there. I’ll be actually doing a panel on data protection and ransomware resiliency. So I think the work that you’re doing, Camberley, around the SuperWoman of Flash, I think, obviously as a woman in the industry, is very exciting. And I think it’s also very interesting to see just the broad range of topics, because I think data protection and cyber resiliency maybe aren’t typical topics that we would associate with Flash. But I think it really just goes to show how pervasive the topics are that are going to be covered. So it’ll be, I think, a good event as always.

Camberley Bates: Absolutely. Absolutely. And our sponsors for the event are Kioxia and Micron this year, so I want to give a call-out to them and say thank you very, very much for doing this. We really do appreciate it.

So with that, let’s go to our major topic here, which is comprehensive cyber resiliency. I’m looking at my notes down here, folks, so that’s what I’m doing. I should hold them up and read out.

So it’s comprehensive cyber resiliency, and what we want to talk about, I know everybody gets pounded so much about all this stuff, that’s on top of mind. If you’re not talking generative AI, you’re talking ransomware. So I’m getting tired of listening to myself about this. But we don’t seem, we’re not getting ahead of it. And in fact, the generative AI is making it even worse, or better, depending upon which side of the fence you’re doing it and how you’re using this stuff. So we want to talk about not just your typical 3-2-1 stuff, but what are the new edge things that are going on that are addressing this area?

So I’m going to start out, first of all, saying that, and this kind of goes back to the announcement that IBM had, which is they already had those offerings on their 5000 series before, but that emphasis of saying comprehensive cyber resiliency starts with all the web security, all the network security. It goes into the work about how do we button down the data so people can’t get into the data to begin with where it’s sitting already.

And then it builds into the entire area of where we’re going, in terms of how do we recover when somebody, we have a breach, because, you know, it’s not if, it’s just when, is what everybody is experiencing right now. So it’s really super important that we see that.

I pulled some of our data. Well, actually, I’ll stop there and let you comment on it first, Krista. And then we’ll go into other topics.

Krista Macomber: Sure, thank you. So I think, Camberley, we’re very much on the same page. My thinking is that it really is that layered approach that we like to talk about. So, unfortunately, there isn’t a single SKU that we can buy for cyber resiliency. Although, of course, I think the vendors would love that. And of course, I think it would make the job of your IT practitioner easier at the end of the day.

But it really does incorporate, as some of these areas that you were alluding to, Camberley, so some of our best practices that we’ve always had around data protection, like that 3-2-1 rule, like increasing the encryption and immutability, those access control capabilities you were talking about, MFA from the standpoint of IBM. But also, as you were alluding to, Camberley, looking at the networking layers, some of these next generation firewalls, for example.

But also, I would submit even a little bit further up the stack as well, looking at tools like antivirus capabilities, intrusion detection, to really not only try to button up the infrastructure but also have earlier and as real-time detection as possible when an attack occurs, to be able to clamp that down, if you will, as quickly as possible. So very much on the same page there.

Camberley Bates: Okay. I pulled out one of the studies that was done by Randy Kerns and Dave Raffo on our staff. They worked on a, what I would call, a CISO study, looking at trends and directions with them and their involvement with the data protection side.

And a couple of things that I pulled out, 77% of the CISO says it would take them a day to recover. Meaning, and that goes into 27% saying that we are well into day two or three, and then once you get into day two and three, you’re really impacting the business at that site. So maybe that 77% seems to me pretty high in terms of saying, “Oh, yeah. I can do this in a day.” But I believe that’s primarily because they’re thinking that they have got the protection that they need in place.

They noted two big things that they needed to improve. One is to identify the known good copy. At best, they’re guessing. And so, maybe you can talk about some of the tools we’re seeing, finding the known good copy for recovery. The other one was most of all of them were investing in forensics. I don’t have the specific number in front of me, but it was a fairly high number in terms of the forensics and the data management piece of it. So that is the next buildup that they’re doing. And this is not necessarily coming from us talking to the data protection IT guys. This is coming from the CISO who isn’t getting involved with some of these decisions.

So, let’s take that first one maybe on what you’re looking in terms of known good copy, and being able to find that thing.

Krista Macomber: Yeah. Yeah. I think that’s a great place to start because I think we do hear from two perspectives. Number one, it is a big challenge when recovering from ransomware. And number two, it’s one of the unique attributes, I would say, of ransomware when we compare recovering from ransomware to recovering from one of your more, quote, unquote, typical disasters like a natural disaster, an earthquake or something like that.

And that is, when we do have one of these more traditional disasters, we tend to know when did the incident occur. We tend to have a pretty strong sense of what was impacted in terms of systems, in terms of applications or data. And that, at the outset, really helps us to narrow down where we need to focus in terms of our recovery efforts. And it really helps to guide what we are going to see in terms of service levels for data loss and time to recovery.

But with ransomware, especially it’s been probably a couple of years now that we’ve really seen these, quote, unquote, what we call sleeper attacks, that are designed to penetrate the back environment, lie dormant for a period of time, and then be activated to start encrypting and doing other types of malicious behavior. So that becomes challenging because we don’t necessarily know when exactly the point of impact, if you will, was. And it becomes important to be able to identify which data copy was the last known good. And also, I know I’m jumping a little bit, but you mentioned forensics, Camberley, but also to be able to kind of identify what was the blast radius of the attack and what exactly was impacted within the environment.

So in terms of some of the tools, we do see typically that kind of anomaly detection and behavioral activity is going to be utilized to kind of signal maybe the point in time in which an attack is at least triggered. Because we can, for example, begin to see some of that encryption activity or begin to see anomalous behavior from users, maybe accessing a large amounts of files or things of that nature. Excuse me. So that’s one tool that we do see.

And another capability that we do see is the ability to scan the environment against things like known vulnerabilities, but also known ransomware signatures, for example, to be able to identify the scope of the attack and really narrow down maybe when the malware was introduced into the environment, and maybe what it was triggered. So those are a couple of things that at least that I’m seeing in my conversations.

Camberley Bates: Yeah. And so, the other one that I was talking about is the data management side of it. And that is especially important and now that many companies are in this very much so hybrid environment, where I may have some of my systems are on-prem, some of my systems are in different cloud placements, and actually knowing where the files are, who owns the file, it’s all that metadata information that I want to know to identify where my information is. And then also, all the critical information in terms of any privacy data, any kind of exposure, those kind of things.

So those are the other things they’re looking at investing in. And I’ve talked about this before, but we’ve talked about data management and that sort of thing for many, many years. I mean, decades. It goes back. It’s now taking a new life because there’s a different kind of impact of understanding.

In the past, data management, we did it because we would actually be able to clean out our closet some and have more space if you go that route. But this is needing this in order to do any kind of recoverability or identify where the exposures are. So as soon as there’s a hit, you’re going to have all these people surrounding you. The pressure is on, guys. And you’re not necessarily helping, is probably the phrase that comes to mind when that happens.

But it is an exposure from the C-Suite potentially, because of not just the penalties, but the actual respectability of the company in terms of how they’ve been taking care of their customers and the data that the customers gives them, and such. And you may want to talk a little bit about what you’re seeing coming out from the data management capabilities, and what kind of things we’re seeing the customers implement.

Krista Macomber: Sure, sure. So one common trend that we’ve been seeing over the last couple of years is that a lot of what we might consider to be a typical data protection vendor are evolving down this route of, quote, unquote, data management, and in particular, are having this focus, as you’re mentioning, Camberley, on ransomware and cyber resiliency, and also kind of data governance and the ability to, as you mentioned, identify that sensitive data.

And this is because what we do see is that data protection vendors typically are building a very robust catalog of the data that is under protection. So they have metadata, and they can use that to be able to, for example, identify where personal identifiable information, like a social security number for example, is being stored. And the ability to not only classify that, but to be able to locate it, search for it, and in the event of a ransomware attack, be able to identify if it was impacted.

So that really does become valuable. And as you’re mentioning, to be able to more quickly get the critical business services back online because then we can prioritize addressing the crown jewels, if you will, of the business, in terms of the most important data. But also, from the standpoint of, as you’re mentioning, avoiding fallout, potentially in terms of brand reputation and loyalty with customers, to be able to really hone in on where the sensitive data was and hopefully give some assurance to customers that their sensitive data was not impacted, or that there is going to be a resolution.

So, again, it really kind of stems down to that data classification, data searching. Those are a couple of things that we’re seeing from that standpoint.

Camberley Bates: So those are two of the topics I want to bring up on comprehensive cyber resiliency. Resiliency, I’m saying, not just security. Resiliency. What else do you want to bring up on this topic?

Krista Macomber: Sure. And I think we could honestly probably do a whole series of podcasts on this topic because I think there’s just so many different avenues that are all very important. We’re actually internally doing an exercise where we are identifying the key capabilities for cyber resiliency, and we’re attempting to assign a weeding to them in terms of the relative importance, to be able to ultimately score certain products according to their efficacy for cyber resiliency.
And I’m struggling with the waiting part of it because I’m looking at this list and seeing they’re all important, and how do I choose, right? But I think a couple things, building on our conversation.

Camberley Bates: Maybe we do the Maslow’s, you know. Pyramid on this first piece. I don’t care how you’re doing on the rest of this stuff.

Krista Macomber: Exactly, right? Exactly. Yep. Yeah, it’s going to be interesting to see, I think, what we end up bringing to the table.

But maybe a couple of things I would bring up, one being the ability to test both disaster recovery and incident response capabilities. So Camberley, you brought up a great point in terms of the pressure from the C-Suite on IT teams to be able to recover as quickly as possible, to be able to communicate as quickly as possible what the potential damage was. And with ransomware, like we’ve been talking about, that can be a very difficult challenge because it’s not clear at the outset how it has spread, what the specific attack vectors were, and again, really what was impacted.

But the more that those processes can be vetted, and vetted at scale upfront, is going to be important and allow teams to react and respond more quickly. And that goes really beyond, when we think about disaster recovery, in my mind at least, that tends to be fairly technically-oriented. It tends to be pretty much grounded in the ability, for example, to replicate from one data center to another, and simply fail over operations.

But really, when we start to talk about instant response, that’s where people in broader teams come into the equation. And so, I think that’s an important part of this as well, because it is going to involve your IT team, your cybersecurity team as well, for example. There’s going to need to be collaboration there. So everyone needs to be on the same page in terms of what their particular roles are.

So, I think it goes down to not only making sure that the technology is going to work, and is going to work as efficiently as possible, maybe we have some automation in there to be able to respond more quickly and streamline out some of those more manual operations, but also making sure that teams are very much on the same page in terms of being able to respond to that common goal. I think that’s definitely one thing that I would bring up.

Camberley Bates: Yeah. Yeah. It’s definitely a team effort when we’re getting into the cyber resiliency kind of thing. And I’m going to swing that back to the last piece that we talked about, or one of the areas we started talking about, was the generative AI and the creativity that’s coming from the dark web, and where that’s going to go.

I mean, I know that the concept of being able to impersonate somebody, both video, voice, as well as email. So if you can imagine you getting a email from your boss saying, “I am in the middle of this. I really need you to send me this.” And it looks like it’s coming from the person, that looks like it’s there, et cetera. And somebody, I wouldn’t say it’s a normal thing not to judge what maybe a boss says or something along those line, or even if it’s two layers up or something, to respond to that.

But questioning emails that are slightly emergency-based, I would say. Any emergency email probably needs to be looked at and understood. Is this really coming from the appropriate source? And we’re also seeing emails that are coming, that they’re using generative AI to use your language to get better at expressing information, in terms of the tone. The area where you’re coming from, in terms of those emails. So the phishing capabilities, which is the number one violator, in terms of clickbait, will get better.

And so, I would imagine that, I’m hoping that the enterprises are going back through another retraining, yet another retraining of the staff, and a reminder that they’re getting better and smarter. And as much as we may be using generative AI, they’re going to just do it the same way. So we’ve always known that with technology.

Krista Macomber: It’s a very great point. And you raised the point, Camberley, that phishing is sort of the number one method that these attackers are getting entrance. And it’s true. And I think we’ve been talking over the last few years regarding just the ongoing importance of end user training. But you bring up a great point in terms of it really does need to be continuously evolved.

And I think we might typically go into this training with a mindset that once we complete a particular training, it’s kind of done, it’s taken care of, and we know what we need to know. But that’s not necessarily true. It does need to be revisited because these attacks are evolving. Especially generative AI, as you mentioned, is just going to kind of accelerate that. So I do think it’s an important topic to cover, for sure.

Camberley Bates: Yeah. Well, that’s almost 30 minutes for us this time around. So it’s amazing what we talked about in that timeframe. Going to thank everyone for tuning in. Please follow us. You’ll find us, of course, on futurumgroup.com, as well as up in YouTube.

And Steve Dickens is on vacation today. We don’t know where he is at.

Krista Macomber: I saw him post from the beach.

Camberley Bates: He’s on the beach? Okay. So, he’s on the beach. But anyway, he’ll be back probably another couple weeks. So we will check you then. Thank you very much for tuning in.

Other insights from The Futurum Group:

Searching for That Good Restore Point

Cybersecurity is Everyone’s Job

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.

Camberley brings over 25 years of executive experience leading sales and marketing teams at Fortune 500 firms. Before joining The Futurum Group, she led the Evaluator Group, an information technology analyst firm as Managing Director.

Her career has spanned all elements of sales and marketing including a 360-degree view of addressing challenges and delivering solutions was achieved from crossing the boundary of sales and channel engagement with large enterprise vendors and her own 100-person IT services firm.

Camberley has provided Global 250 startups with go-to-market strategies, creating a new market category “MAID” as Vice President of Marketing at COPAN and led a worldwide marketing team including channels as a VP at VERITAS. At GE Access, a $2B distribution company, she served as VP of a new division and succeeded in growing the company from $14 to $500 million and built a successful 100-person IT services firm. Camberley began her career at IBM in sales and management.

She holds a Bachelor of Science in International Business from California State University – Long Beach and executive certificates from Wellesley and Wharton School of Business.

SHARE:

Latest Insights:

Six Five's Diana Blass heads to Dell Tech World, for a journey inside The Dell AI Factory, where AI-innovation has transformed nearly every industry vertical.
Company’s Strength Across Clouds Delivers Record Quarterly Revenue
Keith Kirkpatrick and Daniel Newman with The Futurum Group, cover Adobe’s Q2 FY2024 earnings, and the products, segments, and approaches that have propelled the company to a record quarterly revenue figure.
Steven Dickens, VP and Practice Leader, discusses Broadcom's Q2 2024 performance, driven by strategic investments in AI and the successful integration of VMware.
Oracle, Microsoft, and OpenAI Collaborate to Extend Microsoft Azure AI Platform to OCI to Ensure OpenAI Can Scale Fast-growing Massive LLM Training Demands
The Futurum Group’s Ron Westfall and Steven Dickens explore why the collaboration with OpenAI to extend the Microsoft Azure AI platform to OCI validates that Oracle Gen2 AI infrastructure, underscored by RDMA-fueled innovation, can support and scale the most demanding LLM/GenAI workloads with immediacy.