Colm Keegan, a friend of the CUBE and from Dell, discusses cyber resiliency in an age of multi-cloud, hybrid cloud, and edge. Keegan emphasizes the importance of protecting and securing customer data in a way that takes the burden off IT operations. He highlights the need to understand cybersecurity posture, vulnerabilities, and offer solutions that extend across multi-cloud and edge environments.
Keegan mentions Dell's partnership with CrowdStrike to provide managed detection and response capabilities. The focus is on reducing the burden of constantly monitoring alerts and ensuring data recovery capabilities in case of a breach. Keegan stresses the importance of regular testing, automation, and process refinement to ensure efficient data recovery.
The discussion also touches on air gapping data, the importance of logical and physical separation of critical data, and the need to prioritize data protection efforts based on business-criticality. Keegan shares excitement about extending services, partnering with CrowdStrike, and introducing anomaly detection capabilities in Dell's PowerProtect portfolio. The goal is to simplify data protection and cyber resiliency efforts for customers, making it a team sport involving both vendors and partners.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: AI & Retail Trailblazers. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: AI & Retail Trailblazers.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: AI & Retail Trailblazers
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: AI & Retail Trailblazers.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: AI & Retail Trailblazers. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: AI & Retail Trailblazers.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: AI & Retail Trailblazers
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: AI & Retail Trailblazers. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Colm Keegan, Dell Technologies
Colm Keegan, a friend of the CUBE and from Dell, discusses cyber resiliency in an age of multi-cloud, hybrid cloud, and edge. Keegan emphasizes the importance of protecting and securing customer data in a way that takes the burden off IT operations. He highlights the need to understand cybersecurity posture, vulnerabilities, and offer solutions that extend across multi-cloud and edge environments.
Keegan mentions Dell's partnership with CrowdStrike to provide managed detection and response capabilities. The focus is on reducing the burden of constantly monitoring alerts and ensuring data recovery capabilities in case of a breach. Keegan stresses the importance of regular testing, automation, and process refinement to ensure efficient data recovery.
The discussion also touches on air gapping data, the importance of logical and physical separation of critical data, and the need to prioritize data protection efforts based on business-criticality. Keegan shares excitement about extending services, partnering with CrowdStrike, and introducing anomaly detection capabilities in Dell's PowerProtect portfolio. The goal is to simplify data protection and cyber resiliency efforts for customers, making it a team sport involving both vendors and partners.
Colm Keegan, a friend of the CUBE and from Dell, discusses cyber resiliency in an age of multi-cloud, hybrid cloud, and edge. Keegan emphasizes the importance of protecting and securing customer data in a way that takes the burden off IT operations. He highlights the need to understand cybersecurity posture, vulnerabilities, and offer solutions that extend across multi-cloud and edge environments.
Keegan mentions Dell's partnership with CrowdStrike to provide managed detection and response capabilities. The focus is on reducing the burden of constantly...Read more
exploreKeep Exploring
What is the focus of the individual being discussed and how can a company avoid going out of business due to a cyber disaster?add
What are the potential benefits of outsourcing cybersecurity services for businesses in terms of alleviating the burden on internal IT staff and allowing them to focus more on business operations and innovation?add
What approach does Dell take when it comes to cybersecurity and data protection?add
What was mentioned by CrowdStrike about the number of cybersecurity tools that an average customer could have?add
What new capabilities and partnerships are being added to the PowerProtect portfolio to enhance security measures for data protection?add
>> Hi, everybody. Welcome back to the NYC Wired and CUBE community's coverage of NRF Week. We got a special guest in here, Colm Keegan, friend of theCUBE. He's from Dell. Colm, I think the last time I saw you was in the hallway at re:Invent last year.
Colm Keegan
>> That's right.
Dave Vellante
>> Not last year, two years ago.
Colm Keegan
>> I remember that.
Dave Vellante
>> You were at re:Invent this year probably, right?
Colm Keegan
>> Yeah. I could spot you from a mile away.
Dave Vellante
>> Yeah, it was cool. We were like in between the encore and the wind or something like that.
Colm Keegan
>> That's right.
Dave Vellante
>> But we're going to talk about cyber resiliency in an age of multi-cloud, hybrid cloud and edge, and we're going to tie that in to some of your retail experience.
Colm Keegan
>> Sure.
Dave Vellante
>> You used to work for a company called Caldor, which is no longer with us, permanently closed. So love to understand how to avoid going out of business because of a cyber disaster. So not that that's what happened to Caldor. It's not. It was just the sort of business model change. So what are you up to these days? What's your focus? And then we'll get into the whole cyber resiliency piece. I mean, that really is your focus, right?
Colm Keegan
>> Yeah. Well, it's the data protection portfolio with more of, a little bit of an emphasis on cloud, but it's looking at how do we protect and secure customer data wherever it lives, and ideally do it in a way that it takes the burden off of IT operations. Because we were talking about my Caldor experience. There was a lot that we had to do in terms of, and our prime directive was making sure that the registers never went down. If they went offline, we went into firefighting mode and we took care of that.
Dave Vellante
>> Because cash stopped. Cash-
Colm Keegan
>> Right, exactly. And so we were really focused on that, but there was a lot of other things that we had to do. So if there's something that you can do that takes that burden off of your IT staff so they can focus on the business, right? Because let's face it, cybercriminals, their business is getting into your environment and wreaking havoc, and that's all they focus on. What you got to do is you got to keep them out and run the business and innovate. You know what I mean? It's like something's got to give, right? And so, if we can bring our capabilities to bear, which obviously consists of solutions that extend across multi-cloud out onto the edge, but it's more than just product. It's helping organizations understand what their cybersecurity posture is so they understand where their vulnerabilities are. And part of that includes services and assessments so we can show them, "Hey, this is where you're at today. This is what we can do to help you plug those holes, and then here's how we can take you on this journey so that you get to the point where you really do have this zero trust framework that is giving you the best of protection and then recovery."
Because we all know that despite your best efforts, cybercriminals are going to find a way to get in. So now it's like, "Okay, how confident am I that I can get my data back in the worst eventuality that I've been breached and all my data's encrypted, how do I get that data back?"
So we're really looking at it from an end-to-end standpoint, Dave. And as you know, Dell takes a very holistic approach in terms of from the point of manufacturing, making sure that the components before they even land on your loading dock, where your data center is, everything's been scrubbed. Nothing will boot up unless it's secure, and then coupling that with other capabilities. So we recently announced a partnership with CrowdStrike where we used our Falcon platform to bring managed detection and response capabilities. And so that's one thing that really struck home with me. It was, like, I would've loved to have had a service that we could have subscribed to when I was at Caldor that could've taken the burden from us having to constantly have our eyeballs on these screens that were constantly populating alerts. And I remember one time talking to a developer saying, "You got to do something about this because we're completely desensitized to the amount of data that's coming across the screen here." It's meaningless after a while, you know what I mean?
Dave Vellante
>> Yeah, it's numbing. It's mind-numbing.
Colm Keegan
>> Yeah. So that's kind of how I looked at it. It was, like, I think that's where we can make a big impact, is reducing that burden and giving the confidence that, "You know, look, we can screen out most of this stuff. But when the unexpected happens, we also feel pretty good that we can get our data back and get it back in a reasonable timeframe from an SLA perspective."
Dave Vellante
>> I wanted to ask you about, let me stop, roll back a bit, talk about posture management. So you've got your on-prem state, you've got your cloud state, you've got multiple clouds, you've got the edge coming in, especially in retail, you know, there's a perception, there's two camps. There's perception, "Oh my on-prem stuff, it's solid. I control it." And another perception is, "These cloud guys are really good at security." And then the other piece is, "Well, the edge is Wild, Wild West."
So what's the reality in terms of where's the exposure? Is it within those states? Obviously it depends on the level of quality, maturity, how much technical data, et cetera. Or is it the seams in between those? Is it the injection of all these new technologies, too many tools in cyber? Where are the vulnerabilities?
Colm Keegan
>> So I would say your general characterization is probably pretty accurate, although you can certainly find vulnerabilities in any of those scenarios. Certainly the edge, yeah. I mean, look, there's likely more vulnerabilities there compared to, say, what you're doing in your data center or out in the cloud, right? But I do think that one of the things that is maybe low-hanging fruit for organizations is seeing how you can rationalize this profusion of tools that they have to manage. I mean, I think it was you guys that mentioned something along the, and I may even be low on this account, something along the lines of like 70 different cybersecurity tools that any average customer could have. And it just kind of blows my mind. It's like-
Dave Vellante
>> I first heard that from CrowdStrike, so I'll give them credit for it, so yeah.
Colm Keegan
>> Okay. All right. All right.
Dave Vellante
>> So I stole it.
Colm Keegan
>> So even if you cut that number in half, even if-
Dave Vellante
>> Literally.
Colm Keegan
>> Right? Even if you cut it in half, it's still way too many, you know? So the risk there is, is that you're going to get fatigued from all these alerts. And then how do you get your folks fluent in all those technologies? Kind of going back to my experience, you know, it took me the better part of a year when I first walked into that Caldor NOC to kind of feel comfortable in my seat. Not like I felt rock solid, but comfortable enough that I kind of knew what was going on. And then I would say two years where I was like, things are slowing down. Like, I know what to do. I knew to just kind of take a glance around the NOC and kind of see if there's anything I need to be paying attention to, and then know how to triage it and take care of it. So that takes time, you know? And when you look at cybersecurity, obviously we've been living in a world where there's a dearth of skill sets, and so clearly that affects everybody. And so what you're going to have to resort to is taking people that you think can learn quickly, get on-the-job training. Hopefully they have somebody that's more experienced to give that over-the-shoulder training. And then ideally have partners that can kind of backstop you so that, when you talk about filling the gaps or the seams, that's where I see some of those seams, is that everybody's going to have some gaps there in terms of what their capabilities are from a process standpoint, from a management standpoint. And obviously tools are helpful, but they're not the answer. It's the process. It's identifying where those vulnerabilities are, right? So for example, we can come in and work with our partners and do pen testing so we can show the customer right in front of them, "Okay, here's where you have some significant gaps. Let's take care of those so those don't occur, they aren't there. And then let's figure out a way to design a solution that's going to get you to a point where, in addition to screening out any threats that are incoming." Probably your safest posture is just to assume that the bad actors are already inside the network.
Dave Vellante
>> Okay, so that's where I want to go. So assume that. So you're in your NOC at your former position, feeling more comfortable. You're not as stressed out, it's not as frenzied, but at the end of the day, you're making the assumption that somebody's doing some bad things inside. Okay, so that leads to recovery. So you've got to have a corpus of data that you trust that you can recover to. I want you to take me through that because I've got my on-prem, I've got my cloud, I'm across clouds, I'm in my SaaS, which a lot of people don't think they have to back up. I've got the edge, disparate data. How do I deal with that problem from a architectural standpoint, a process, a people and technology perspective?
Colm Keegan
>> Right. So first, you need to understand, like you said, what's sitting out there? What's unprotected? How can I protect them? How can I do it with the least amount of effort, right? So in some instances on the edge, and we have customers that say, "You know, I want to have any data protection infrastructure out there. I don't have people to manage that."
When I was in Caldor, we had store managers changing the tapes inside the in-store processors, right?
Dave Vellante
>> Yeah, yeah. Right.
Colm Keegan
>> And guess what they would do? The tape would pop out, and they'd push it back in. So even though we had tapes for every day-
Dave Vellante
>> Yes, it's crap....
Colm Keegan
>> they just push it back in, and so it's like not too good, right? So you can understand when people say, "Yeah, we'd rather not have infrastructure out there."
So as you know, we have a backup-as-a-service offering that basically goes and does the discovery. And it's basically any workload, doesn't matter where it's located, if it's on the edge, it's in the cloud, and it'll protect it back. It'll protect it in the cloud. It has cyber recovery, cyber-resiliency capabilities baked into it. And then there's instances where customers, maybe they say, "Hey, I have some spare compute in storage. If you can give me something that's a lightweight touch that can be managed remotely that has deduplication, encryption capabilities, and it can send it back each night very lightly over the network, I'm not pushing even if I have this hub-and-spoke configuration where I can bring it all into the central data center, and now I know I got a clean copy. And then from there it's like, "Okay. Well, now I got to figure out what's really the most important dataset here in terms of worst-case scenario, we've been breached and now we've got to get the registers back online."
Well, that's where we want to help the customer and say, "Okay, let's figure out, of all that data that you're protecting, what's the data that's most important," in the case when I was at CalDor, that'll keep the registers running, "and let's get that data into a vaulted environment." It's isolated. It's off the production network. It's got some capabilities around it in terms of need ability, the stringent access controls so only a few select people can get in there. And that, ideally, you also have some intelligence running against that so you can see whether there's any anomalous behavior. And the idea being is that you want to feel rock solid that copy's going to be available to you in case the worst happens. So just broad brushstrokes, right? That's kind of how I would see one way of approaching the issue.
Dave Vellante
>> Correct me if I'm wrong, but it seems like there's an inverse relationship between the complexity of the environment, on-prem, cloud, hybrid, multi-cloud, multiple cloud, SaaS, et cetera, edge, inverse relationship between that complexity and your ability to shrink RPO. How do you deal with that challenge?
Colm Keegan
>> Yeah. I mean, it's a good question. Part of it's raw speeds and feeds things. How quickly can I ingest the data, push it over the network, right? And then the other part of it is the recovery, I mean. So you could do a really good job of getting the data into a manageable format, but then when you have to explode it, namely rehydrate it, say from a deduplication perspective, part of that is doing the math and understanding it. And then the other part, which we haven't talked about yet is drill, drill, drill, right? So when I was at Caldor, we would do these off-site DR tests. Remember Comdisco?
Dave Vellante
>> Sure.
Colm Keegan
>> Yeah, so across the water here. And so once or twice a year we would go down there, and it was largely centered around the mainframe stuff. But the fact is that we were doing this testing so that if we got hit with, and back then it was more like natural disaster-type stuff that you were trying to protect against. But the same rule applies is that what makes you confident is the fact that you've had a chance to get behind the keyboard and actually do recovery testing. So to your point about how do you know you're going to make your RPO, well, we can do back-of-a-napkin math and say, "Well, if you throw enough hardware at it, brute force, this'll work."
Dave Vellante
>> But if you don't test it?
Colm Keegan
>> If you don't test it, you're not going to know. So the testing part of it is extremely important, right? And quite frankly, as frequently as you can. I mean, I think ideally on a quarterly basis, but worst case, semi-annually or very worst case annually, you want to do that, right?
Dave Vellante
>> Well, you well know people used to not test back then DR because they were afraid it would blow up.
Colm Keegan
>> Right.
Dave Vellante
>> So they would check a box and say, and pray, hope that if they ever had to do it, that I think has changed. I think it has. But actually what you were describing was not just tech. It's definitely a lot of process. You've got to have your process down and the people to execute on that. But going back to what I was saying before is you used to not test because you're afraid. Now you can test, right? Why? What's different today from a technology perspective that enables you to test more frequently with greater confidence? What are the tooling that's available to do that?
Colm Keegan
>> Well, I mean, first of all, either whether you're doing it in your own environment or ideally maybe in the cloud, but the thing is you want to make sure it's as close to what you have on the floor as possible. And it's not only the technologies, it's the network connections. It's the people who are going to be running these things. You want to get that run book down. And then the automation, too, right? So I think a big part of, maybe to answer your question, is I don't know how much of it was automated back then, you know? A lot of it was probably manual. And sure, you had probably some level of scripting that existed on the mainframe that helped assist with that.
Dave Vellante
>> Probably , you know?
Colm Keegan
>> Yeah. It was very manually oriented. So today it's a lot more automated, and certainly some of the things that we've done with our customers, right? Because we've gotten pretty good at this. So I mean, if I just look at what we're doing strictly on the cyber resiliency side, we've built in just a tremendous amount of scripting that's available for our customers to leverage. And so when it comes to customizing it, it's not like there's a lot of work because we've done a lot of the heavy lifting. We have today over 2100 cyber vaults in production, and the idea is, is that you don't want it to be a fire drill when it comes to do a recovery, right? So obviously when you do the testing, that gives you that level of, "Okay, this is what we're supposed to do."
But then there's also sort of some easy buttons involved in there, too, in terms of stuff is going to be, to some degree, self-driving, right?
Dave Vellante
>> Yeah.
Colm Keegan
>> So that, again, now you're just, as an operator, just making sure that everything's coming up the way it should be coming up.
Dave Vellante
>> Drill, baby, drill.
Colm Keegan
>> That's it.
Dave Vellante
>> I like it.
Colm Keegan
>> I'm not talking about oil, either.
Dave Vellante
>> These edge use cases, how do you make it so that the edge in retail, if we can use that as a framework, such that that's not a silo? Or do you want it to be a silo? Because maybe you want to isolate that. My gut says you don't, but what are you seeing in the marketplace? Are those edge use cases, generally retail specifically, if you have any knowledge there? Are they siloed in terms of their data protection and recovery? Or are they part of an overall framework?
Colm Keegan
>> I mean, there's got to be some rationale perhaps for isolating it. But I look at things is that it's all important, right? And I remember a guy that I used to work with, and you remember we used to go from conversations around DR to business continuity?
Dave Vellante
>> Yep.
Colm Keegan
>> And he was like, "Business continuity doesn't mean anything because it all has to come up." And this guy had been around for many, many years and he was like, "Look, there's just way too many dependencies so that it really has to be a DR mindset."
And I'm just barring that example to say that I don't think you could look at edge and sort of say, "Well, that stuff's over here. Let's treat it differently." Because what dependencies are there in terms of how you're looking at that. And if we look at AI, for example, we're going to want to know what's going out on the edge locations so we can be smarter about what decisions our customers are making and try to curate an experience for them if, let's say, if they're in a retail location, right? So it's all interconnected is my point. So I think that would be part of a broader strategy where you don't look at, yeah, maybe on the edge, but may as well be inside the data center with everything else. And so I think the approach should be let's ensure that we're giving, if nothing else, maybe the edge should be getting the priority in terms of availability, performance, maturity.
Dave Vellante
>> Because of the latency aspects of it as well, you want to maybe prioritize that so you don't lose it. And then what? You get it all in one place and then you got to air gap it. But air gapping, logical air gapping is one thing, presuming you're advising physical air gaps as well. What percent of the customers actually do sort of proper air gapping for their data corpus?
Colm Keegan
>> Yeah. You know, honestly, I don't know. I mean, the only physical air gap that I'm aware is if you actually have an external hard drive or tapes that are, literally, in a different location-
Dave Vellante
>> Iron Mountain....
Colm Keegan
>> nowhere near a network, right? But the whole idea behind a logical air gap is that it's pretty close. First of all, it's off your production network and so there's certain things you can do like one way of replication in, nothing's going out, right?
Dave Vellante
>> But physically a separate location, right?
Colm Keegan
>> Yeah. I mean, what-
Dave Vellante
>> I've seen some logical air gaps like right next to the, not on this drive, but on that one, you know?
Colm Keegan
>> So in situations where let's say a customer, for whatever reason, chooses not to do it in a different location, at a bare minimum, it should be in a separate rack and some physical distance between what you're doing in your production racks.
Dave Vellante
>> Just in case, right, yeah.
Colm Keegan
>> Right. And maybe even have it in a cage or something so that-
Dave Vellante
>> And that will lower the probability of losing that data.
Colm Keegan
>> Right.
Dave Vellante
>> And then if you can get it offsite, it's even-
Colm Keegan
>> Even better.
Dave Vellante
>> Yeah.
Colm Keegan
>> Yeah, whether it's in the cloud, -
Dave Vellante
>> Or I guess both, right? I mean, ideally-
Colm Keegan
>> You can....
Dave Vellante
>> if you care about recovery time, and I mean it's expense, though. It all comes down to budget. Like I always say to people, "How much data do you want to lose?" "None." "How much money do you want to spend?"
Colm Keegan
>> "Not a lot."
Dave Vellante
>> Yeah, exactly. And that's the trade-off that you help your customers.
Colm Keegan
>> Well, I think that's why when customers come to us and oftentimes their thought process is everything's going into the vault, and it's like, "Well, hold on a second." You can do that, but that's the situation where your eyes are going to bulge out of their head when they see what's going to be required to do that.
Dave Vellante
>> "Get out of my office."
Colm Keegan
>> Yeah, exactly. "What are you talking to me about this for," you know? And so it's let's rationalize. Let's get it down to really only the most critical data that allows you to keep the business running. And kind of go back to what I said earlier, prime directive we had a Caldor, "I don't care about anything else. Make sure those registers are still ringing."
Dave Vellante
>> No, that's part of the process is really understanding, taking the time to understand where the value is, what the value flow looks like. Start there, prioritize. I mean, these are common sense things. What are you excited about for 2025? Any predictions? It's that time of year.
Colm Keegan
>> Predictions, wow. Yeah. Well, I really like what we're doing in terms of extending out our services, capabilities. I mentioned the partnership with CrowdStrike, and we're going to be doing some interesting things with them in terms of how we can use our APIs to report into their framework. There's things that we're going to be layering into our PowerProtect portfolio to bring additional capabilities from a security perspective, right? So, for example, we're stepping into things like anomaly detection at the data protection layer. Think of it as just another moat that you're putting around your island of data to try to screen out what you can, and we'll have some capabilities that will plug in to that MDR environment, right? So I think that's going to add a tremendous amount of value. And then, of course, there's things going on behind the scenes relative to past acquisitions we've made with Moogsoft and others, and I'm curious to see where that pans out relative to some of our other platforms. Because we have CloudIQ and other platforms that are, again, making it simpler for our customers to look at their estate, whether it's compute, storage, data protection. And when I go back to my experience in the NOC and just seeing this cascading screens all over the place, wouldn't it be nice if people talk about single-plane of glass? Is that achievable? I don't know. But if even just down to a couple three or something, that's pretty good, right?
And as much as we can help drive that, because our partners obviously are a huge part of our value proposition. People talk about data protection and cyber resiliency being a team sport, I think that's true. And so if I'm a customer, I'm looking at, "Okay, Dell, what can you do for me?" It's like, "Yeah. Well, here's what we can do for you. But think of it this, too, as this broader ecosystem of partners that we can bring to bear that gives you those extended capabilities without making it overly burdensome for you."
Dave Vellante
>> Yeah, simplifying in a complex world.
Colm Keegan
>> Right.
Dave Vellante
>> Colm, thanks so much for coming in.
Colm Keegan
>> Thanks, Dave. My pleasure.
Dave Vellante
>> Appreciate you coming down.
Colm Keegan
>> Great to be here.
Dave Vellante
>> All right, keep it right there. We'll be right back, right after this short break. Dave Vellante for John Furrier, NYSE Wired and theCUBE communities, our coverage of NRF and more. Keep it right there.>> (music)
Dave Vellante