Transcript of audio:

Devising an Offensive Cyber Resiliency Strategy

Published March 18, 2022

JOHN

Hello, and welcome to Insights Tech Talk. My name's John Dathan and I have the privilege to lead Insight Canada. We use this platform to be able to share with our clients industry expertise around specific subjects. And today I think it's going to be a fascinating discussion. I want to welcome our guest Jeffrey Denberg, who's the VP of sales for enterprise sales at Dell Canada. So welcome Jeffrey.

JEFFREY

Thanks John, appreciate you having me.

JOHN

It's great to have you here. What we decided to do today folks was to take a very broad topic but it's the hottest topic anywhere right now and that's the topic of security. And so we thought we would do today's talk about how does Dell think about security across the portfolio and really what's the role that you see Dell playing Jeffrey?

JEFFREY

Absolutely. So to hit on something you said this is the topic that should be the priority in everybody's agenda right now. I mean, cyber threats don't cause near thousands of dollars of loss anymore, it's in the trillions. In fact Accenture was forecasting about 5 trillion of global value at risk over the next five years. So it's quite an important problem that we're trying to solve. Attacks are virtually nonstop and the cause for attack tends to continue to increase. And there's this common misperception out there that certain or certain clients and verticals are kind of outside of this risk profile. The truth of the matter remains John, is that everybody is at risk here, right? Bad actors target businesses of all sizes and across all industries. So protecting your business starts with protecting the most important fuel of your business which is your data. And Dell Technologies offer cyber resiliency solutions that provide the highest level of protection, integrity, and confidentiality for again your most important data and critical business systems.

JOHN

And you're right data is... this is really what it's all about, right? I mean, people are trying to get... how do they how do they take advantage of the data that we're creating and whether it's identity theft ransomware. It all comes down to data and I know that Dell has really come up with some unique offerings around data and probably what's most important that's cyber recovery.

JEFFREY

Yes.

JOHN

Maybe, maybe you could explain that a little bit but mostly from a business perspective.

JEFFREY

Absolutely, so, cyber resiliency is a strategy. And in fact, if it is not in the top two or three priorities that tech leaders and CIOs have going into this year, they're missing out, right? Leading out analysts like Gartner and security experts have recognized that the modern threat of cyber attacks like ransomware require an evolution in thinking about how we build a more resilient organization and culture. It's not just about technology it's about the cultural ramifications and how you set your organization up for success. Not only in a defensive posture but in an offensive posture too, right? So with the impact of cyber attacks continuing to grow while cybersecurity remains strong it's clear that the defensive posture on primarily detecting and preventing attacks is really no longer viable. Again, you have to take that offensive posture. So Gartner is really saying that we need more of a balanced approach. One that focuses, excuse me on invest in building resilience with the organization but also planning for and being prepared for a breach. So the way we look at it is that cyber resiliency is a strategy that incorporates not only people process and technology but all of that into a holistic framework that protects an entire business organization. And it's through this lens, John that Dell Technologies is helping our customers enhance their cyber resiliency and secure their data and backup from ransomware and other cyber threats using our industry leading products like power, protect, cyber recovery and power scale cyber protection solutions. This is probably one of the most important areas of security focus that we are seeing from our customers today from an interest perspective, but it's also something that we are putting in the forefront of all of our discussions with customers as we look at helping to underpin and be the foundation for their ongoing digital transformations.

JOHN

Interesting. Now, do you think that clients know they need this or is this we we've got some work to do around education?

JEFFREY

I think, I mean, I talk to CIOs and directors of technology every day. And I think everyone thinks about security, I mean it is top of the agenda. But the issue is how fast can your organization actually respond if something happens? So we're good at kind of planning for what might happen but are we really good at executing on that? And again, as we said before, the attacks are virtually nonstop. I mean, you're not seeing or reading about I would say even half of them that are occurring of there right now, the cost for attack is increasing and it is really important that we get ahead of what is going on and what potentially could be a threat by taking again, more of that proactive approach. So we've seen companies make rapid technology changes during the pandemic. I mean, it has increased the amount of the loss in digital transformation by a factor of quite a bit as I'm sure you're seeing in your business too. But a lot of organizations are undergoing those rapid technology changes without considering the security implications. So what's happening is you're giving a lot more of an entry point in avenues for bad guys and people that want to do harm to your business, your data, your employees, because they have so many more entries into your organization. For example, we've seen a huge number in the increase of remote workers, sitting home think about all of the remote workers that are using their local ISP to connect that are having potentially their children and their family share that workstation which is not something we suggest but it happens a lot. You have so many different points of entry that could not be as guarded as it would in the past when you were in that fortress called a corporate office, right? So, the potential avenues for attack are increasing. as well there's a potential increase for insider threats too. So, really being important that you are being proactive and taking that proactive yet balanced approach to security overall is really what we recommend.

JOHN

Yeah, it's interesting I joke, but it's not really a joke 'cause through the pandemic, Insight Canada went from six offices to 600 effectively.

JEFFREY

Yeah, absolutely.

JOHN

And so you think of what you've just described the layers of complexity of managing that because every single environment is different.

JEFFREY

Absolutely, preparation is key.

JOHN

So is that when you're talking with the CIOs and CSOS and and another senior folks in your client base, is that the starting point in terms of where they need to begin to take their journey in a different direction, is that the conversations that you're having?

JEFFREY

There is, there is. And again, if I look at security from a transformative application and for a strategy that has somewhat pivoted since the beginning of the pandemic, which then has in engendered so many points of entry and so many new points of violation that we've been discussing, it's really about protecting all of those endpoint. And so the three things that we talk about are number ensuring that we're planning dynamic case scenario, right? Either in your own network or elsewhere technology risk tends to be dynamic, right? It's not static and we need to learn from the events that do take place. And one thing that we will say when we talk about products even though this is more on the business side, is that cyber vaulting and the ability to protect your data through a vault is so important that there is not one customer, one vertical one industry that does not need a vault. Everybody needs a cyber vault. And it's an easy way to provide that immutability around your data, that full protection that gives you that air gap between business, your data your most important assets and what the bad perpetrators are trying to do. Second thing is, this is more on the cultural side. John is to prepare non-technical leaders for organizational aspect of technology events. How is it going to impact the overall organization? How is it going to impact the culture? This isn't just an IT problem, this is a complete business problem. And so when an event unfortunately takes place, everybody from the CEO to the CFO, to HR, to legal, to IT, to supply chain, need to know what they're role is, need to understand that role and need to get into execution mode quickly. It's just like having a fire warden on your floor, when that bell goes off you have to know what the next step is. And the third thing that we do is to organize and build external partnerships, right? This is a crowded space. Security is, and our posture is that security isn't an after thought, it's not a separate product, it's not a separate solution. It's a rapper that goes around everything you do from an architectural perspective. So technology partnerships with organizations like Dell can help customers ensure that they have the right technology and relationships in place based on acumen and knowhow that will then help you quickly recover from a successful attack.

JOHN

Yeah, interesting. One of the things that I've sort of followed through my career when we when we make large changes, people seem to forget a few things along the way and they have to kind of be reminded. And I think you and I have been dealing with hybrid IT for some time now. And the part that worries me is the part that's out of sight like I think that the thought process you just talked about of security being woven through everything exists for a lot of the on-prem piece but I worry about what's in the cloud or what's in between the two locations.

JEFFREY

Absolutely, absolutely. And I mean, the cloud players should be an important part of your overall multi-cloud strategy obviously but also an important consideration for your security posture too because they can't offer that level of protection. What is interesting here is that Dell has ways that we can actually help customers retire the commitments that they make of the cloud providers by protecting or using the products that protect their environment and running them in the cloud which is something we do across our entire portfolio. I mean, this is something that we've been at for a for a long time, we've deployed thousands of cyber recovery vault solutions worldwide in all types of customer environments. These solutions can be deployed on prem through a managed service in the cloud. And Dell has been delivering again immutable storage solutions to the marketplace for well over a decade, right? So when you look at what your security posture should be not to go down into the width it's really to make sure that you you've got a vaulting solution that's got isolation, right? Separation of the physical and logical data, immutability which is preserving that original integrity of the data so the concept of rolling back kind of goes away and then intelligence. And this is what I love about it, is that we use intelligence in every other part of our business to predict buying trends, to manage our sales force, our supply chain, et cetera, et cetera. But why are we not using it to predict when bad actors are going to be trying to do something in our environments? So using our advanced machine learning analytics, we can definitely help organizations identify threats earlier and clean data earlier for a faster time to recover.

JOHN

Yeah, terrific. Well, unfortunately we could talk about this for a long, long time there's so many (mumbles). The intent today was to talk a little bit at a business level to clients about what we collectively at Insight and Dell are thinking around security. We're very proud of our partnership with you, we look forward to talking more to our clients about the solutions and I'm personally going to do a little bit deeper dive in understanding the vault process cause' that's... you've really highlighted that today. So thank you for that.

JEFFREY

Great, thank you very much for the time.

JOHN

Terrific. Well with that folks I'll say thank you very much on behalf of Insight Canada and we look forward to seeing you next time.

JEFFREY

Thanks, bye, bye.