Transcripts
Hi folks.
Speaker:This week, I learned something new.
Speaker:We talk about sheltered Harbor certification, which is a framework for
Speaker:financial institutions to make sure that they can recover after a cyber attack.
Speaker:I think there's a lot to learn for all of us, not just financial institutions.
Speaker:Hope you enjoy the episode.
W. Curtis Preston:Hi, and welcome to Backup Central's Restore It all podcast.
W. Curtis Preston:I'm your host, w Curtis Preston, AKA Mr.
W. Curtis Preston:Backup.
W. Curtis Preston:And I have with me my dust collector consultant Prasanna
W. Curtis Preston:Malaiyandi how's it going?
Prasanna Malaiyandi:am good, Curtis.
Prasanna Malaiyandi:I do have to let you know I have a pretty bad allergy to
Prasanna Malaiyandi:dust, so I may not be the right
Prasanna Malaiyandi:person.
, W. Curtis Preston:that makes you the perfect, but, but, but, but I have to
, W. Curtis Preston:say, you're not doing a very good job because I keep buying and buying the
, W. Curtis Preston:wrong, like I gotta connect this to that.
, W. Curtis Preston:And the thing with the thing cuz
Prasanna Malaiyandi:know, you.
W. Curtis Preston:you
Prasanna Malaiyandi:You know what you really need to do.
Prasanna Malaiyandi:So for the listeners, this is Curtis is, has his wood shop up and running.
Prasanna Malaiyandi:He has a bunch of tools which produce a lot of dust, and therefore he's
Prasanna Malaiyandi:trying to build like a dust collection system to spare me from dying.
Prasanna Malaiyandi:So, um, one of the things though is like each one has a different size adapter.
Prasanna Malaiyandi:Some are one and a half inches, some are two inches
W. Curtis Preston:One and
Prasanna Malaiyandi:and some,
W. Curtis Preston:two and a half, four.
W. Curtis Preston:Uh, and, and then non-standard sizes.
W. Curtis Preston:There's also non-standard sizes.
W. Curtis Preston:Yeah.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:So what you need to do, Curtis, and I think this will help you a lot, is you
Prasanna Malaiyandi:need to draw a picture on a piece of paper with your various equipment pieces
Prasanna Malaiyandi:with the size of those, so then you can figure out what you need and what you have
W. Curtis Preston:Yeah.
W. Curtis Preston:The, you know, what's that
Prasanna Malaiyandi:planning?
W. Curtis Preston:Yeah.
W. Curtis Preston:Well, it's not just that, like I recently found out that D DeWalt makes.
W. Curtis Preston:on purpose makes non-standard sized dust ports on some of their machines because
W. Curtis Preston:they sell a dust collection system.
W. Curtis Preston:And so they're like, well, it works with the DeWalt dust collection system, right?
W. Curtis Preston:Which I don't even see for sale anywhere.
W. Curtis Preston:I'm sure it is for sale somewhere, but so like half of my tools have
W. Curtis Preston:standard size ports, although they're not all the same size.
W. Curtis Preston:And then some of my tools like the table, and the, the sander has
W. Curtis Preston:a total non-standard, uh, port.
W. Curtis Preston:Um, and so this is what is, is apparently this is a problem being
W. Curtis Preston:solved by 3D printers and Etsy
Prasanna Malaiyandi:yep.
Prasanna Malaiyandi:Oh, I could totally see.
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:It's a little cottage industry of people selling, you know, the thing to the thing.
W. Curtis Preston:Um,
Prasanna Malaiyandi:You should get into this business, Curtis.
Prasanna Malaiyandi:I bet you can get a 3D scanner, right?
Prasanna Malaiyandi:3D scan?
Prasanna Malaiyandi:No, no, no.
Prasanna Malaiyandi:First you need a 3D scanner so you can scan the dust port collectors, right?
Prasanna Malaiyandi:That you have already, and then you use that to build the adapters.
W. Curtis Preston:you know, what I do is I go down to Lowe's and,
W. Curtis Preston:and, you know, use a caliper.
W. Curtis Preston:, can't you just use a caliper?
W. Curtis Preston:Right.
W. Curtis Preston:Um, I think I could make it happen, but yeah.
W. Curtis Preston:Uh, this is a thing.
W. Curtis Preston:Um, but, uh, yeah, so these are the problems that I have with my
W. Curtis Preston:expensive, my new expensive hobby.
W. Curtis Preston:Um, but so, you know, our, our guest that, uh, we're having on, he's a,
W. Curtis Preston:he's a repeat guest and last time.
W. Curtis Preston:we were talk, you know, we had him on the podcast.
W. Curtis Preston:He threw out this phrase, and, you know, we were immediately
W. Curtis Preston:like, what, what is, what is that?
W. Curtis Preston:What is that thing?
W. Curtis Preston:And so we decided to have him back, uh, just to talk about that.
W. Curtis Preston:We'll talk about that in a minute.
W. Curtis Preston:He's been in the industry for over 30 years, um, and, um, he
W. Curtis Preston:is now the enterprise architect at Presidio Network Solutions.
W. Curtis Preston:Welcome to the podcast, Eric Bursley.
Eric Bursley:All right, Thank you Curtis, and thank you Prasanna.
W. Curtis Preston:So
Prasanna Malaiyandi:Glad to have you back
W. Curtis Preston:Yeah.
W. Curtis Preston:So this little phrase that you threw out was this Sheltered Harbor
W. Curtis Preston:certification, which, you know, I think, I think you threw a little
W. Curtis Preston:shade at me saying that, you know, you were a little surprised that, uh, Mr.
W. Curtis Preston:Backup didn't know about this, backup centric, uh, thing.
W. Curtis Preston:Uh, so why, why don't we back up a little bit and.
W. Curtis Preston:Sort of set the stage in terms of what, you know, I always want to know
W. Curtis Preston:how, you know, how did we get here?
W. Curtis Preston:Um, so first off, maybe let's do what real quick, like a, you
W. Curtis Preston:know, a 20-second overview of what Sheltered Harbor certification is.
Eric Bursley:So Sheltered Harbor Certification is a,
Eric Bursley:first of all, sheltered Harbor is a nonprofit organization.
Eric Bursley:It is an independent organization that provides.
Eric Bursley:Um, a financial institution with an assurance that they can provide back
Eric Bursley:to their users, their customers, that their data is resilient
Eric Bursley:against a ransomware attack.
Eric Bursley:So, um, with that, it it, it's supposed to, um, provide them with more confidence
Eric Bursley:that if something happens to my bank through a ransomware attack, What
Eric Bursley:data I had available to me yesterday will be available to me once they
Eric Bursley:recover, typically within 24 hours.
Prasanna Malaiyandi:and.
Prasanna Malaiyandi:Because it's Sheltered Harbor certification.
Prasanna Malaiyandi:I'm guessing, do they actually own the data and the processes and everything
Prasanna Malaiyandi:else, or are they just sort of like NIST or some of these other organizations where
Prasanna Malaiyandi:they're like, Hey, here are the standards.
Prasanna Malaiyandi:Here's like the best practices.
Prasanna Malaiyandi:Here are the things you should be following in order to be able to do.
Prasanna Malaiyandi:It's kind of like how, if you're doing credit card transaction, right, you have
Prasanna Malaiyandi:to do like P C I certification, right?
Prasanna Malaiyandi:In order to be able to handle credit cards.
Prasanna Malaiyandi:Is that kind of how this.
Eric Bursley:So yeah, Shelton Harbor is more of a framework , um, in
Eric Bursley:place, they make some recommendations, um, that if followed, um, you
Eric Bursley:can apply for certification.
Eric Bursley:And if you follow their framework, um, strictly, they would be able to
Eric Bursley:provide you with that certification saying that, yes, you are good.
Eric Bursley:Um, and that, um, you can, uh, put our name on your website
Eric Bursley:that your data is gonna be safe.
Eric Bursley:Um, so what is the.
Prasanna Malaiyandi:And that is, when you say that you can get that
Prasanna Malaiyandi:certification, is that a customer, like a bank in your example, or is that
Prasanna Malaiyandi:like a vendor who provides the service?
Eric Bursley:It's typically the, the bank gets the certification, the bank
Eric Bursley:is applying for the certification.
Eric Bursley:Um, now in order to achieve that certification, the bank has to have
Eric Bursley:certain things already in place.
Eric Bursley:Um, the first of which is a data vault.
Eric Bursley:For their backup data.
Eric Bursley:Um, so, you know, following the traditional 3 21 rule, um, that offsite
Eric Bursley:copy would be an immutable copy that is operationally air gapped, um, and
Eric Bursley:also scanned for any vulnerabilities so that you would be able to determine a
Eric Bursley:specific point in which you are clean.
Eric Bursley:To restore, um, into an integrated recovery environment or an i r e.
Eric Bursley:Um, so it, it's a set of processes.
Eric Bursley:It's not just, I have tape which tape is traditionally immutable, um, but
Eric Bursley:I am also actively scanning my data vault that is immutable so that I know
Eric Bursley:which restore points I can restore.
W. Curtis Preston:So, uh, yeah, so, so a lot of questions that come up there.
W. Curtis Preston:So the first would be, what is it about banks?
W. Curtis Preston:that make them want to be to, to, to achieve a certification like this.
W. Curtis Preston:What you know, why isn't this just for everybody?
Eric Bursley:Well, the, the process.
Eric Bursley:Could be applied for everybody.
Eric Bursley:Um, but sheltered Harbor is focusing on the financial industry in particular.
Eric Bursley:Um, mostly because if we don't have access to our money, we can't do anything.
Eric Bursley:Um, so that was their primary target around this.
Eric Bursley:But the process that they have, it's solid for all in.
Eric Bursley:and, and Presidio recommends this for all industries as well.
Eric Bursley:Um, and, and one of my feature workshops I talk about, um, data immutability.
Eric Bursley:And that that, uh, third copy of your data, that offsite copy should be
Eric Bursley:in a separate authentication domain so that it is protected against
Eric Bursley:any sort of credential compromise.
Eric Bursley:It's immutable, but it Shelter Harbor adds onto that and says it's also
Eric Bursley:verifiable that you know when to restore and how are you going to restore into
Eric Bursley:a a disaster recovery environment.
Prasanna Malaiyandi:Interesting.
Prasanna Malaiyandi:So, yeah, like Curtis said, I have a ton of questions just like
Prasanna Malaiyandi:popping up in my head right now.
Prasanna Malaiyandi:Um, you talked about, one aspect that I wanna go back to is
Prasanna Malaiyandi:like that operational air gap.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:And sort of how do they define that?
Prasanna Malaiyandi:Because I know I've heard about, okay, strict air gap where it's
Prasanna Malaiyandi:like physical isolation completely.
Prasanna Malaiyandi:Sometimes we talk about virtual air gaps.
Prasanna Malaiyandi:Is operational air gap different in some way or has some unique characteristics?
Eric Bursley:So one of the unique characteristics is that
Eric Bursley:it's typically firewalled.
Eric Bursley:From the production environment, um, typically through some natted
Eric Bursley:firewall that allows from the protected environment outbound to pull the
Eric Bursley:data back into the environment.
Eric Bursley:So it's not a, it's never a push, uh, environment from production
Eric Bursley:into the backup because that has a potential for compromise.
Eric Bursley:But if it's a pull.
Eric Bursley:In the environment, that is schedulable.
Eric Bursley:No firewall ports need to be opened up at any time from production in, because
Eric Bursley:it's an outbound connection and it's able to log in to the production environment
Eric Bursley:and through that process, pull in a specific restore point, scanning it in
Eric Bursley:the process for known vulnerabilities, and then continually scanning it in
Eric Bursley:the future for future vulnerabilities.
Prasanna Malaiyandi:Gotcha.
Prasanna Malaiyandi:And when you talk about the pull mechanism, that totally makes sense.
Prasanna Malaiyandi:When it lands in the vault, is it sort of in an isolated spot?
Prasanna Malaiyandi:Like, I'm just wondering in my head like it's kind of like you wanna make
Prasanna Malaiyandi:sure whatever's in the vault is sort of.
Prasanna Malaiyandi:valid has been verified that there are no compromises in it and you
Prasanna Malaiyandi:can't necessarily trust the production not to have any, because you don't
Prasanna Malaiyandi:know what the state is there.
Prasanna Malaiyandi:And so I guess when you're transferring the data, are you sort of transferring
Prasanna Malaiyandi:it into an isolated bucket inside of the vault that then gets scanned
Prasanna Malaiyandi:and verified before it's sort of marked as verified, and valid.
Prasanna Malaiyandi:So nothing bad can happen of that.
Eric Bursley:So it is a continual process.
Eric Bursley:The initial pull is scanned, uh, against the current known vulnerabilities
Eric Bursley:using machine learning, ar artificial intelligence, but then future restore
Eric Bursley:points are also scanned at those points.
Eric Bursley:, but it's also scanned during a recovery operation, which it, it's critical to
Eric Bursley:have that integrated recovery environment that's separate from production.
Eric Bursley:Okay.
Eric Bursley:Um, and through that integrated recovery environment, again, it's
Eric Bursley:network isolated from production, you can actually determine a safe point.
Eric Bursley:to bring things back up.
Eric Bursley:You may be able to have, um, a, a particular application server restored
Eric Bursley:two point B, but then pull clean data in from production to bring it more current.
Eric Bursley:So it, it just provides you that specific point that you
Eric Bursley:can be assured that you are.
W. Curtis Preston:Yeah.
W. Curtis Preston:You know, th this brings up a, a topic that I've been looking
W. Curtis Preston:at a lot lately, which is I, if.
W. Curtis Preston:We're going to, um, cuz it's one thing.
W. Curtis Preston:I don't know, there's a lot of things going on in my head.
W. Curtis Preston:All right.
W. Curtis Preston:So, uh, you know, I, I, I hear you talking about pre-scan and
W. Curtis Preston:post-scan and that all sounds great.
W. Curtis Preston:Um, I'm gonna throw out a little shade and say if the pre-scan at the
W. Curtis Preston:backup finds the ransomware, why didn?
W. Curtis Preston:Like some regular virus scanning tool.
W. Curtis Preston:Find it already.
W. Curtis Preston:I don't, I, I don't, I don't know why that, why one would work
W. Curtis Preston:and the other would not work.
W. Curtis Preston:Um, but I'm not saying it's not a good idea to do it.
W. Curtis Preston:I'm just, it's just, that popped up in my head.
Eric Bursley:Well, that that speaks to the maturity model of the
Eric Bursley:organization's security infrastructure.
Eric Bursley:Some organizations don't have a SEIM in place.
Eric Bursley:They don't have a current, um, Antivirus that it includes, um, artificial
Eric Bursley:or AI ml into those technologies.
Eric Bursley:So based on the NIST framework, they're not preventing the infection from coming
Eric Bursley:in, and it's up to the recovery process of the NIST framework to bring you back.
Eric Bursley:Preferably, it is a multi-faced approach like NIST calls.
W. Curtis Preston:Yeah, it is just that, you know, as big of a fan as I
W. Curtis Preston:am, a backup, if you're relying on your backup system to let you know you got
W. Curtis Preston:a virus or malware of any kind, uh, I don't know what to tell you anyway.
W. Curtis Preston:I, yeah, but I'm not saying that that doesn't happen.
W. Curtis Preston:I'm just saying I'm not sure I agree with that plan.
W. Curtis Preston:Um, There's been a thought that I've been thinking a lot about lately and, and, and
W. Curtis Preston:it comes from the fact that we know, based on the stuff that's been published, that
W. Curtis Preston:the average dwell time or the mean dwell time of malware is well over 60 days.
W. Curtis Preston:So if, if, if the malware has been in your environment for, for a long time, and,
W. Curtis Preston:and maybe it hasn't deployed, maybe it hasn't done anything, maybe it hasn't,
W. Curtis Preston:um, um, you know, encrypted any data, and then it doesn't generally wreak
W. Curtis Preston:havoc until it starts encrypting data.
W. Curtis Preston:Um, and, but you, meanwhile you've probably created weeks and weeks
W. Curtis Preston:and weeks of backups of the machine with the malware still on it,
W. Curtis Preston:which you didn't notice, right.
W. Curtis Preston:You can scan all you want.
W. Curtis Preston:Some of this stuff isn't noticeable or, or you know, it's
W. Curtis Preston:easy once you find it, right.
W. Curtis Preston:Once you find it, you get the signature and then you can um, right, you can then
W. Curtis Preston:you can scan for that specific signature.
W. Curtis Preston:But a general scan doesn't necessarily pick it up.
W. Curtis Preston:So then my question is, well, what does the organization do?
W. Curtis Preston:And you know, what would be my recommendation?
W. Curtis Preston:Um, you know, and of course then they're, they're free to do whatever they want.
W. Curtis Preston:I know some people have talked about, well, I need to restore
W. Curtis Preston:from before I even got infected.
W. Curtis Preston:That is an option.
W. Curtis Preston:But to me that if, if the dwell time is 60 days, or, or it could be, it
W. Curtis Preston:could be as much as 120 days from what I've seen, um, that doesn't
W. Curtis Preston:seem like a viable option to me.
W. Curtis Preston:To start from a greenfield, restore the, the VM image from 121 days ago,
W. Curtis Preston:and then somehow bring it, right?
W. Curtis Preston:Because, um, it just, it gets, and you, and then you look at the, um, the
W. Curtis Preston:complications involved with, um, all of the, um, different ways in which we.
W. Curtis Preston:OSS and non oss, you know, things like containers, um, and applications, and we
W. Curtis Preston:have VMs and we have physical servers and on-premise VMs on, uh, cloud-based VMs.
W. Curtis Preston:This is just like deciding that, making that decision.
W. Curtis Preston:Um, it just seems really, uh, a difficult one that I think
W. Curtis Preston:environments have to decide.
W. Curtis Preston:I know there was, there was no question anywhere in that
Prasanna Malaiyandi:I was waiting.
Prasanna Malaiyandi:I was like, should I tell Curtis he's on a rant?
Eric Bursley:Right.
Eric Bursley:So
Eric Bursley:that, that's essentially where a partner like Presidio can come in.
Eric Bursley:We can help advise, um, specifically leveraging a tool that, um, I help
Eric Bursley:produce called our ransomware workshop.
Eric Bursley:It is a free offering that we offer our clients, two and a half
Eric Bursley:hours of discussion with one of our cybersecurity analysts, a data
Eric Bursley:center analyst, which focuses on primary storage and backup recovery.
Eric Bursley:And working with a C level as well as the engineers at a specific customer
Eric Bursley:identify potential problems such as you don't have a SEIM in place, you don't
Eric Bursley:have a current antivirus solution in place such as CrowdStrike or cyber reason.
Eric Bursley:Um, you don't have a, a good initial protection of that.
Eric Bursley:And then, , you know, from a backup recovery standpoint, what are you using?
Eric Bursley:How are you backing up your data?
Eric Bursley:Are you following the 3 21 rule?
Eric Bursley:Do you have an operationally air gap vault for that offsite copy?
Eric Bursley:Those are the questions that we bring up, and then we can help address some
Eric Bursley:of those problems over time, whether it's a financial customer or not.
Eric Bursley:Okay.
Eric Bursley:This.
Eric Bursley:Offered to everybody.
Eric Bursley:Um, and then once we understand the direction you need to go with
Eric Bursley:that vision, um, that we provide, um, we can then start chipping away
Eric Bursley:at those questions that you have.
Eric Bursley:Um, and we do that as an diagnostic type of service.
Eric Bursley:So, um, outside of the vendors, we may bring up vendors in the conversation,
Eric Bursley:but we're trying to solve that business, uh, problem and then aligning.
Eric Bursley:Those requirements to a technology vendor,
Prasanna Malaiyandi:I think having that process, that
Prasanna Malaiyandi:approach totally makes sense.
Prasanna Malaiyandi:And just going back to Curtis's rant, quote unquote rant, right?
Prasanna Malaiyandi:I think honestly, it's going to depend, right?
Prasanna Malaiyandi:I don't think you can say that we will always go back 121 days,
Prasanna Malaiyandi:or the best option is always to go pick the latest copy, right?
Prasanna Malaiyandi:I think it is going to depend on the value of the data, how long it takes to recover
Prasanna Malaiyandi:the importance of that application, right?
Prasanna Malaiyandi:All of these things, and I think it's sort of a recovery.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:And hopefully you've already planned this ahead of time.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:And you know, okay, this is the importance of this data, but it's sort of one of
Prasanna Malaiyandi:those things that at recovery time, you execute your plan in your runbook that you
W. Curtis Preston:yeah, I think it was a rant because I see a lot of people
W. Curtis Preston:talking about, Well, we're just gonna scan, you know, we, we, our, we have
W. Curtis Preston:backup software that will, you know, we, we can identify the, the hash, we
W. Curtis Preston:can give the hash to the backup product.
W. Curtis Preston:It can scan for that, you know, we know where the malware is.
W. Curtis Preston:And then we'll just restore from before the malware hit.
W. Curtis Preston:And, and I just wanna say, um, to 121 days ago that, that's what, that's
W. Curtis Preston:why I just, it, it, you're right.
W. Curtis Preston:It's not simple.
W. Curtis Preston:Um,
Eric Bursley:It's not
Prasanna Malaiyandi:and I think Eric had brought it up earlier.
Eric Bursley:yeah.
Eric Bursley:You don't necessarily have to restore to 120 days ago.
Eric Bursley:You can restore from the latest copy of just the data that is clean.
Eric Bursley:Okay.
Eric Bursley:Um, not everything on the system is encrypted, so you need to pull the
Eric Bursley:data prior to the full encryption that ransomware is going to.
Eric Bursley:That is a point, then you can start saying, okay, how did it get in looking
Eric Bursley:for the executable in that environment and then removing it or deactivating it.
Eric Bursley:And it's critical to look not just for static files, but also um, Shell less,
Eric Bursley:or I should say, um, script, less sort of, um, vulnerabilities because
Eric Bursley:they're able to actually execute some of these processes in memory
Eric Bursley:without writing anything out to disk.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:I think the other thing is when you're also doing that recovery, sort of
Prasanna Malaiyandi:doing it in an isolated fashion, right?
Prasanna Malaiyandi:Where
Prasanna Malaiyandi:maybe you don't have that network connectivity, right?
Prasanna Malaiyandi:So they can't call out to their C N C servers, right?
Prasanna Malaiyandi:Their command and control servers and get additional
Prasanna Malaiyandi:information and kickstart things.
Eric Bursley:E.
Eric Bursley:Exactly.
Eric Bursley:And there are OEMs that offer these types of solutions and, and
Eric Bursley:Presidio can recommend them all.
Eric Bursley:And these are not a limited list of solutions either.
Eric Bursley:Um, but they're, um, solutions that can become safe Harbor
Eric Bursley:certified when deployed.
Eric Bursley:Um, they're not in itself guaranteeing safe harbor.
Eric Bursley:You still have to implement them, right?
Eric Bursley:You still have to create your run.
Eric Bursley:Um, and any sort of automation around it.
Eric Bursley:Um, but they definitely give you a leg up, uh, around achieving that certification.
Prasanna Malaiyandi:and would you get that certification?
Prasanna Malaiyandi:, that's for a point in time.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:Is there sort of audits done things you have to show, like
Prasanna Malaiyandi:as your environment changes, as things happen to keep up to date?
Prasanna Malaiyandi:Or is it sort of a one and done thing?
Eric Bursley:You do have to get re certified.
Eric Bursley:Um, over time, um, this is because policies do change,
Eric Bursley:recommendations do change.
Eric Bursley:Um, technologies do change, you know, containers, for example.
Eric Bursley:Um, how are you protecting your container workload?
Eric Bursley:It's.
Eric Bursley:Regardless of what the original intent of immutable containers are, people are
Eric Bursley:persisting data in their containers.
Eric Bursley:How are you protecting those?
Eric Bursley:The data as well as the ecosystem of your Kubernetes or your Docker, uh,
Eric Bursley:automation system that goes into it.
Eric Bursley:There are strategies around that.
Prasanna Malaiyandi:I'm gonna take Curtis's favorite question that he
Prasanna Malaiyandi:loves to ask in topic, actually, which is, Does Safe Harbor Certification
Prasanna Malaiyandi:talk Anything about SaaS applications?
Eric Bursley:It is.
Eric Bursley:I would say that it doesn't necessarily, um, Dictate one way or the other.
Eric Bursley:It does say that you are protecting your data in this fashion.
Eric Bursley:So if you're using a SaaS uh provider such as Microsoft 365, are you backing it up?
Eric Bursley:And then are you storing that data in a vault?
Eric Bursley:Um, and that you can actually do an operational recovery?
Eric Bursley:You know, same, same thing with salesforce.com.
Eric Bursley:They just started implementing backup through their API for salesforce.com.
Eric Bursley:Are you protecting that data, storing it in a vault and that becomes
Eric Bursley:that, that, you know, sort of.
Eric Bursley:Ecosystem that that pattern.
Eric Bursley:So they're not dictating SaaS, they're not dictating on-prem,
Eric Bursley:they're not dictating cloud.
Eric Bursley:What they are saying is that you have a copy of your data in a vault
Eric Bursley:that is operationally air gapped.
Prasanna Malaiyandi:Yeah, I was referring also mainly to like SaaS applications.
Prasanna Malaiyandi:But you covered it, Eric, like Microsoft 365.
Prasanna Malaiyandi:Because a lot of times Right, people are, Curtis, you and I hear this all
Prasanna Malaiyandi:the time, it's like, Hey, Microsoft 365, there's no need to back it up.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:And I know that's one of, uh, Curtis's big pet peeves.
Eric Bursley:It, it's one of mine too.
Eric Bursley:I hear a lot.
Eric Bursley:Um, every one of my customers are not backing up their
Eric Bursley:Microsoft 365 environment.
Eric Bursley:And I advise them that they should.
Eric Bursley:And then I describe the differences between archive, which they do
Eric Bursley:provide any true backup solution, which they don't provide.
W. Curtis Preston:So, um, I should probably take notes
W. Curtis Preston:so that I can keep track.
W. Curtis Preston:, my questions are coming in various, in various ways, but the
W. Curtis Preston:one that's in my head right now.
W. Curtis Preston:So I know that you have this, this concept of, um, uh, alliance partners and I do
W. Curtis Preston:see, you know, a couple of companies on there, obviously that I recognize.
W. Curtis Preston:There's only one that says endorsed.
W. Curtis Preston:Um, and I'm, and it's Dell.
W. Curtis Preston:And it says, uh, they, they can help your financial institution expedite sheltered
W. Curtis Preston:Harbor Data Protective certification with long name the first turnkey data
W. Curtis Preston:vaulting solution to receive endorsement for meeting all of the requirements
W. Curtis Preston:of the Sheltered Harbor standard.
W. Curtis Preston:That's interesting.
W. Curtis Preston:So there wa there there was some sort of process that they went through to
W. Curtis Preston:satisfy someone at Sheltered Harbor.
W. Curtis Preston:Enough.
W. Curtis Preston:that they can say, this solution meets all of the requirements.
W. Curtis Preston:Um, and, and the, because there are other companies, right, that are on
W. Curtis Preston:there listed as alliance partners that would be competitors of Dell.
W. Curtis Preston:Um, and, and by the way, before we continue a little bit farther, I'm just,
W. Curtis Preston:I forgot to throw out our disclaimer.
W. Curtis Preston:Uh, I work for Druva, Prasanna, works for Zoom, and uh, although
W. Curtis Preston:we're talking about very, you know, stuff right up our neighborhood,
W. Curtis Preston:this is an independent podcast and the opinions that here are ours.
W. Curtis Preston:And, uh, if you wanna join the conversation, please reach
W. Curtis Preston:out to me at w Curtis Preston.
W. Curtis Preston:On Twitter, I'm sorry, WC Preston on Twitter or w Curtis Preston gmail.
W. Curtis Preston:And, um, you know, and say, Hey, I got stuff to talk about in this neighborhood.
W. Curtis Preston:Um, and uh, also be sure to rate us, um, just scroll down to the bottom.
W. Curtis Preston:You're probably listening on Apple Podcast.
W. Curtis Preston:Most of you are.
W. Curtis Preston:Just scroll down to the bottom there.
W. Curtis Preston:Click, click five stars.
W. Curtis Preston:Hey, give us six stars.
W. Curtis Preston:I'm fine with that.
W. Curtis Preston:And, uh, give us a comment.
W. Curtis Preston:We love that.
W. Curtis Preston:Um, so yeah, so I see that like some companies are, are listed as alliance
W. Curtis Preston:partners, but only one is listed as endorsed, which surprised me honestly.
W. Curtis Preston:Uh, organizations like this don't tend to endorse it, actually uses that word.
W. Curtis Preston:Uh, any thoughts on that?
Eric Bursley:Well, the Dell Cyber Recovery Solution was one of the first
Eric Bursley:to market, um, with their solution.
Eric Bursley:It is a very strong solution that is powered by their Power Protect gated
Eric Bursley:domain product, um, that can provide you with an immutable, um, solution.
Eric Bursley:Um, the cyber recovery vault, leveraging all of Dell's technology.
Eric Bursley:Dell PowerEdge, Dell Switch.
Eric Bursley:Um, partnership with Sonic Wall Firewall, um, as well as Avamar
Eric Bursley:or Networker or the Power Protect, uh, data Protection Appliance.
Eric Bursley:Um, it, it's an all-encompassing solution.
Eric Bursley:So Sheltered Harbor was able to say if implemented via this process, it
Eric Bursley:gives you that leg up, making it super simple to achieve our certification.
Eric Bursley:They were one of the first to market to do that.
Eric Bursley:, um, since, um, that happened, we've had this thing called a pandemic that
Eric Bursley:shut down a lot of those processes.
Eric Bursley:Um, and Shelton Harbor couldn't go through, um, some of the other OEMs, um,
Eric Bursley:that wanted to achieve this certification.
Eric Bursley:Um, And one of those processes, uh, like I said, was the ability to
Eric Bursley:pull the data into the vault rather than pushing it into the vault.
Eric Bursley:Um, w with that, um, since the pandemic is nearing at its end, um, other
Eric Bursley:products are becoming, um, able to achieve the certification, although they
Eric Bursley:haven't been fully endorsed by Sheldon.
W. Curtis Preston:Gotcha.
W. Curtis Preston:Gotcha.
W. Curtis Preston:Um,
Prasanna Malaiyandi:I think that was why in the beginning I was wondering, Eric,
Prasanna Malaiyandi:around sort of that certification, right?
Prasanna Malaiyandi:If it was the customer, like the bank, or if it was a vendor who was actually
Prasanna Malaiyandi:getting the certification, right.
Prasanna Malaiyandi:Um, I could see that in the case of Dell is like, Hey, we have everything
Prasanna Malaiyandi:packaged together so it becomes easier for the bank or the customer
Prasanna Malaiyandi:to just start, deploy and use it.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:But that's why I was wondering like where it actually ends up being.
Eric Bursley:Right.
Eric Bursley:And yeah, the sheltered harbor is granted by the financial
Eric Bursley:institution that is seeking it.
Eric Bursley:Um, there's actually a process that they go through.
Eric Bursley:They have to register as a client of Sheed Harbor and based on how much.
Eric Bursley:Money their institution has, they pay to that specific level and then they
Eric Bursley:go through that process to validate that they have the solution in place.
Eric Bursley:Um, there are definitely other solutions outside of the cyber recovery vault
Eric Bursley:from Dell that can achieve this.
Eric Bursley:It, it's not just limited to that product.
W. Curtis Preston:Uh, I, I'm assuming, um, , you know, if somebody want, if
W. Curtis Preston:a, if a financial organization wanted to join, there would be, there's some
W. Curtis Preston:sort of fee that you need to provide to achieve certification, given that there's
W. Curtis Preston:gonna be a cost involved with somebody
Eric Bursley:Right.
Eric Bursley:Yes.
Eric Bursley:The, there is a, uh, stair stepped approach based on the financial holdings
Eric Bursley:that the, uh, financial institution has.
Eric Bursley:Um, and, and that is published on their website.
Prasanna Malaiyandi:I look at it similar to like when an organization
Prasanna Malaiyandi:goes through like a SOC two audit, right?
Prasanna Malaiyandi:It's kind of like that, right?
Prasanna Malaiyandi:You're getting certified that yes, everything's in place,
Prasanna Malaiyandi:everything's good to go with the solutions that you've chosen,
Eric Bursley:Right.
Eric Bursley:E.
Eric Bursley:Exactly.
Eric Bursley:And this actually would help with the insurance organizations as well, because.
Eric Bursley:Many insurance companies are saying you need to have certain things in place
Eric Bursley:in order to get, you know us to pay for
Eric Bursley:an incident.
Eric Bursley:Right, exactly.
Eric Bursley:To get a rate.
Eric Bursley:If a financial institution goes to an insurance provider and say, Hey,
Eric Bursley:we just received this Safe Harbor certification, the insurance company
Eric Bursley:can actually come back and say, you've done all these check boxes.
Eric Bursley:So we're gonna give you a lower rate, or we're gonna offer you a policy
Eric Bursley:where if the financial institution didn't have this, then they would have
Eric Bursley:to go manually check that themselves.
Eric Bursley:So it, it can streamline your insurance process as well.
W. Curtis Preston:Yeah, it's it.
W. Curtis Preston:What do you think it or, or have you heard that it could
W. Curtis Preston:also assist in lower rates or
Eric Bursley:That would be up to the insurance company, but I would
Eric Bursley:imagine so because it's gonna be less likely that you're unable
Eric Bursley:to recover in a timely fashion.
Eric Bursley:That's one of the things that the insurance company wants to do is
Eric Bursley:ensure that you get back to operational effectiveness as soon as possible.
Eric Bursley:Um, get back to business achieving this certification.
Eric Bursley:Can't assure you that you would be able to be back up and running within 24 hours.
Prasanna Malaiyandi:It's like I, like Curtis said at the start of this,
Prasanna Malaiyandi:right, it was like the first time we had heard about this term, right?
Prasanna Malaiyandi:In being in the backup space.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:And I'm wondering like, is it more common?
Prasanna Malaiyandi:Like, is this a well known certification in like the financial institutions
Prasanna Malaiyandi:and in the insurance business?
Prasanna Malaiyandi:Or is this something new and upcoming that is going to take, um, time to achieve
Prasanna Malaiyandi:critical mass, but it is like a future standard that everyone's looking toward.
Eric Bursley:Say that it's more of a future standard at this point.
Eric Bursley:I was just talking with a financial customer yesterday.
Eric Bursley:He was unaware of Shelton Harbor.
Eric Bursley:He actually had to go look it up, and then he was extremely intrigued, uh,
Eric Bursley:around the framework that it offers.
Eric Bursley:Um, and we're gonna have a follow up conversation, um, with him regarding
Eric Bursley:our ransomware workshop that we have so that he can understand the value.
Eric Bursley:You know, protecting his data more with the data vault, um, and how
Eric Bursley:we would implement that so that he can achieve sheltered harbor.
Eric Bursley:Um, I also gave him a reference of one of my larger financial customers that
Eric Bursley:is currently in the process of getting Sheltered Harbor certification so that he
Eric Bursley:can have a one-on-one conversation with.
Prasanna Malaiyandi:Nice.
W. Curtis Preston:Yeah, I, I will say, you know, when I first heard about it,
W. Curtis Preston:and you know, just the first few words, my first worry, which doesn't appear to be
W. Curtis Preston:the case, but my first worry was that this was just, even though it's a nonprofit,
W. Curtis Preston:I mean, anybody can start a nonprofit.
W. Curtis Preston:That it was just a marketing arm, marketing leg, whatever, you know,
W. Curtis Preston:that, you know, like, like in this case it would, I, I would accuse
W. Curtis Preston:Dell of it since they were the first one to get endorsed, right.
W. Curtis Preston:That Dell went and started this.
W. Curtis Preston:So that they could give themselves certification.
W. Curtis Preston:I'm not accusing Dell of anything.
W. Curtis Preston:I'm just saying I was worried that I would, that that's what I
W. Curtis Preston:would find is that I would find a marketing driven organization.
W. Curtis Preston:And that does not appear to be the case.
W. Curtis Preston:It appears that it, this is led by the financial industries or
W. Curtis Preston:the, the financial institutions and the associations, uh, thereof.
W. Curtis Preston:Does that, does that sound about.
Eric Bursley:That would be correct, Curtis.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, and the, the worry of
Prasanna Malaiyandi:your other worry?
W. Curtis Preston:well, well, that, that the worry came from the fact that
W. Curtis Preston:there is this dual certification, right?
W. Curtis Preston:The certification is for the company, but then there's also this
W. Curtis Preston:potential endorsement of the vendors.
W. Curtis Preston:And, uh, so I was worried that this was just a big ruse for the vendors to
W. Curtis Preston:have a, to put another badge on their.
W. Curtis Preston:but it doesn't appear to be the case.
W. Curtis Preston:Um
Eric Bursley:Yeah.
Eric Bursley:For Dell to come out and say that they were endorsed, it is not,
Eric Bursley:you know, checking the box and say you're certified if you have it.
Eric Bursley:. You can be certified if you have it, but you also have other processes
Eric Bursley:that you have to implement around your enterprise maturity to ensure
Eric Bursley:that you have this process in place.
Eric Bursley:Dell gives you a leg up with their solution.
W. Curtis Preston:Yeah.
Eric Bursley:but like I was saying, there are other solutions
Eric Bursley:that can do this as well.
Eric Bursley:Now it's just a matter of time before they also get endorse.
W. Curtis Preston:Yeah.
W. Curtis Preston:Actually, the fact that the website is kind of a little behind, sort of backs
W. Curtis Preston:up the fact that this isn't a marketing driven thing, , because if this was
W. Curtis Preston:marketing driven, this would be up to date with all those other companies, right?
W. Curtis Preston:Um, and they, they, they throw as much money as they need
W. Curtis Preston:to, to, to get it updated.
W. Curtis Preston:Um,
Prasanna Malaiyandi:The
W. Curtis Preston:Go ahead.
Prasanna Malaiyandi:the one, the other question I had though is I
Prasanna Malaiyandi:think this is a great certification.
Prasanna Malaiyandi:I just feel it's yet another isolated, separate process rather than thinking
Prasanna Malaiyandi:holistically and integrating into some other existing framework.
Prasanna Malaiyandi:Uh, to elaborate a bit, right?
Prasanna Malaiyandi:This is just focused on backup.
Prasanna Malaiyandi:Can you recover your data, right?
Prasanna Malaiyandi:Rather than sort of encompassing, okay, do you have the appropriate
Prasanna Malaiyandi:cybersecurity measures in place?
Prasanna Malaiyandi:And thinking from, let's start from who or let's look
Prasanna Malaiyandi:holistically at your environment.
Prasanna Malaiyandi:Make sure you're just not looking at authorization and login in,
Prasanna Malaiyandi:in that environment, but also across your entire infrastructure.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:Do you have the right level, sort of the.
Prasanna Malaiyandi:things, Curtis, that we've talked with Snorkel 42 about, right.
Prasanna Malaiyandi:It's do you have like lease privilege set up and do you have those front
Prasanna Malaiyandi:end cyber monitoring tools to look for malware on production?
W. Curtis Preston:MFA
Prasanna Malaiyandi:like just, and mfa, right?
Prasanna Malaiyandi:It's just seems like this is just such a small portion of things that can go wrong.
Prasanna Malaiyandi:It's a great effort, no doubt about it, but it just feels a
Prasanna Malaiyandi:little isolated and siloed really, when people should be thinking.
Prasanna Malaiyandi:Broadly across their entire organization.
Eric Bursley:Well, e Exactly.
Eric Bursley:And that's where Presidio would talk about the NIST framework so
Eric Bursley:that you can, uh, identify, protect, detect, respond, and then recover.
Eric Bursley:In the terms of the NIST framework, this is addressing the recovery operation.
Eric Bursley:Are you able to successfully recover?
Eric Bursley:Um, but I agree with you that they have to have other processes in place and that
Eric Bursley:leads to their enterprise maturity around do they have the right authorization,
Eric Bursley:authentication systems in place?
Eric Bursley:Are they monitoring?
Eric Bursley:Do they have two factor authentication?
Eric Bursley:Um, do they have geolocation?
Eric Bursley:Turned on in their Azure ad, for example.
Eric Bursley:Um, how are they protecting their users, um, from a user, um, education standpoint?
Eric Bursley:Um, you know, are they using products like no before and other similar
Eric Bursley:products that actually educate users and test users on their functional, um,
Eric Bursley:day-to-day operations that they don't get a ransomware infection to begin?
W. Curtis Preston:So I'm gonna not push back or argue with you persona,
W. Curtis Preston:necessarily with the comment.
W. Curtis Preston:I, I, I, I agree.
W. Curtis Preston:And yet, as a backup guy, I'm saying, well, at least somebody's
W. Curtis Preston:looking after the backups because so many, so much of the anti.
W. Curtis Preston:Ransomware and malware efforts is all on the online stuff, and no one's
W. Curtis Preston:paying any attention to the backups, which is something that, you know,
W. Curtis Preston:we talk about a lot on this podcast where we're saying, Hey, they are
W. Curtis Preston:coming for your backups, or they're directly attacking your backup system.
Prasanna Malaiyandi:
:It's a starting point,
Prasanna Malaiyandi:
:right?
W. Curtis Preston:My, my only thing when I look at, it's like, well,
W. Curtis Preston:it would be nice if organizations who weren't financial organizations
W. Curtis Preston:could, could get a similar level of attention to their backup environment.
W. Curtis Preston:Right.
W. Curtis Preston:Um, and they specifically say, you're only welcome to join and get certification
W. Curtis Preston:if you're a financial institution.
W. Curtis Preston:Um, and I'm like, Hey, you know, there.
W. Curtis Preston:I don't know, a couple of hundred other industries I can think of that
W. Curtis Preston:could really benefit from that as well.
Eric Bursley:There's nothing stopping the, um, other industries from using
Eric Bursley:the framework that Sheltered Harbor has.
Eric Bursley:It's just a matter of, you know, getting the certification.
Eric Bursley:Right now, it is just a financial industry.
Eric Bursley:Um, you know, they may extend that out at some point in the future.
Eric Bursley:Um, that would be up.
W. Curtis Preston:Yeah.
W. Curtis Preston:And who and who is them, by the way?
Eric Bursley:Shelter harbor.org.
W. Curtis Preston:no.
W. Curtis Preston:I know you meant sheltered harbor.
W. Curtis Preston:There are people who, where, where do these people work?
W. Curtis Preston:Are they, are they, do they work for Shelter Harbor?
W. Curtis Preston:Do they work for banks?
W. Curtis Preston:And this is like their side gig.
W. Curtis Preston:What?
W. Curtis Preston:You know, because
Eric Bursley:Yeah, I, I don't get into that, so I don't
Eric Bursley:know.
Eric Bursley:Um, I believe that they're an independent organization outside
Eric Bursley:of the banking industry that's assisting the banking industry.
Eric Bursley:Um, reading their backstory, they came from the banking
Eric Bursley:industry and financial industry.
W. Curtis Preston:Oh, uh, this says it's actually a
W. Curtis Preston:nonprofit subsidiary of FS Isaac.
W. Curtis Preston:So that's the Financial Services information sharing and analysis
W. Curtis Preston:Center for those of you that don't live banking world.
W. Curtis Preston:Um, and devoted to the coordinating the development
W. Curtis Preston:of the Shelter Harbor Standard.
W. Curtis Preston:I like that.
W. Curtis Preston:Um,
Prasanna Malaiyandi:Is there framework available online, do you know?
Prasanna Malaiyandi:Or do you have to
W. Curtis Preston:I've been, I've been scrolling around.
W. Curtis Preston:I didn't see the framework anywhere.
Eric Bursley:Right.
Eric Bursley:So you have to become one of their clients to get all of
Eric Bursley:the requirements, um, in place.
Eric Bursley:Um, the OEMs have those requirements, um, so that, you
Eric Bursley:know, they can tell you what it is.
Eric Bursley:But when you apply for membership, then you're going to get the
Eric Bursley:actual certification requirements to go and check the box.
Prasanna Malaiyandi:See, this is what annoys me though, is that it's
Prasanna Malaiyandi:like, this is a great framework.
Prasanna Malaiyandi:We want everyone to use this.
Prasanna Malaiyandi:I know they want the financials, but it's broadly applicable, and yet
Prasanna Malaiyandi:you have to jump through all these hoops just to even try to get to
Prasanna Malaiyandi:see the list of, hey, what's there?
W. Curtis Preston:yeah.
W. Curtis Preston:So I'm gonna, I'm gonna have to disagree with what you said earlier, Eric,
W. Curtis Preston:when you said there's nothing stopping them from implementing the standard.
W. Curtis Preston:Uh, yeah, it is.
W. Curtis Preston:They don't even, I can't even find out what the standard is if they can't join.
Eric Bursley:on their website they tell you that you need to
Eric Bursley:implement a data vault and that you have to have a resiliency plan in
W. Curtis Preston:Right.
Eric Bursley:Um,
Prasanna Malaiyandi:Or, or I would say that you could work with
Prasanna Malaiyandi:the company like Presidio, right?
Prasanna Malaiyandi:Who knows these standards and who's providing a more holistic thing, right?
Prasanna Malaiyandi:So it is possible,
Eric Bursley:Right.
Eric Bursley:It is
Prasanna Malaiyandi:but it's not as easy for anyone to be like, Hey, what is there?
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:I think that's my problem is it shouldn't be a secret
W. Curtis Preston:And, and yeah.
W. Curtis Preston:And I don't think it's secret per se.
W. Curtis Preston:I, I agree with you, Eric.
W. Curtis Preston:I mean, I'm looking, they have like why Sheltered Harbor?
W. Curtis Preston:And they, they've got a nice little page on the, the different stuff.
W. Curtis Preston:Um, I don't know, maybe the, somewhere between where they are and I don't know.
W. Curtis Preston:I, I don't know why they would, I, I think maybe there could be a, these are.
W. Curtis Preston:20 things you need to do.
W. Curtis Preston:I think they're giving a high level plan.
W. Curtis Preston:Perhaps they could do a low level plan.
W. Curtis Preston:Perhaps they could say, Hey, you can't join, but hey, for a hundred
W. Curtis Preston:bucks you could have the, whatever, whatever it is we're missing.
W. Curtis Preston:Um, but, uh, or maybe we're not missing that much.
W. Curtis Preston:I don't know.
W. Curtis Preston:, we don't know what we don't know.
W. Curtis Preston:Um, yeah, but it, I applaud the, I applaud the effort to make backups
W. Curtis Preston:more resilient, uh, and to, and.
W. Curtis Preston:also, what I'm seeing here is the resiliency plan.
W. Curtis Preston:That's what it's really about, right?
W. Curtis Preston:It's, it's almost less about what backup product that you use.
W. Curtis Preston:It is definitely about how you use it, right?
W. Curtis Preston:Um, but it's about what, earlier we had this discussion about
W. Curtis Preston:how are we going to, with the.
W. Curtis Preston:Scenarios that you, that you've got in terms of infection and encryption
W. Curtis Preston:and what decisions are you gonna make.
W. Curtis Preston:That's what you need to discuss upfront, right?
W. Curtis Preston:Okay.
W. Curtis Preston:We've got aws, we've got VMware, we've got physical machines, we've
W. Curtis Preston:got these kind of application servers, we've got a file server.
W. Curtis Preston:Here's what we need to make the decision upfront, what we're gonna
W. Curtis Preston:do with all those various things.
W. Curtis Preston:Right?
W. Curtis Preston:Given there are different.
Eric Bursley:What Well, exactly, and, and part of their framework, they talk
Eric Bursley:about an incident management plan.
Eric Bursley:You know, do you have an incident response process?
Eric Bursley:Um, and it, it can be as simple as, you know, filling out a ServiceNow ticket
Eric Bursley:and, um, either an automated or a manual process kicks off a, a security.
Eric Bursley:, um, as we call it here, um, which is different than your operational
Eric Bursley:or disaster recovery re restore of your application following
Eric Bursley:that incident response plan.
Eric Bursley:You know, calling the insurance carrier, Hey, so-and-so was infected.
Eric Bursley:It took down this specific system.
Eric Bursley:We are in the process of recovering it and they know from their incident
Eric Bursley:response plan that they have to have that current system isolated so that it
Eric Bursley:can be investigated for future forensic.
W. Curtis Preston:Yeah.
Eric Bursley:um, a proper communications plan.
Eric Bursley:Who's talking to who, who's making decisions?
Eric Bursley:Um, you know, how are you going to get back to normal operations?
Eric Bursley:Because if you fail over to that isolated recovery environment,
Eric Bursley:eventually that's going to cost you more money than you would like.
Eric Bursley:So how do you bring that back into your production
Eric Bursley:environment, which may be on pre.
Eric Bursley:and your, uh, i r e, your integrated, uh, recovery environment could be up in aws.
Eric Bursley:Um, are you testing your backups?
Eric Bursley:Something that many of my customers don't do regularly.
Eric Bursley:Um, I wish they would, but, um, they're not testing their environment to verify
Eric Bursley:that one, are their backups good?
Eric Bursley:But are they operationally?
Eric Bursley:um, not just, I have my exchange server or SQL server backed up, but I'm able to
Eric Bursley:bring it back up, test it with your active directory, verify ports are functional,
Eric Bursley:verify that I'm able to send and receive messages, and then shut it down.
Eric Bursley:Is this is a valid restore point.
Eric Bursley:It So having that, um, resiliency plan in place, I think is probably the more
Eric Bursley:important part of having Shelter Harbor certification than just the data.
Prasanna Malaiyandi:And
W. Curtis Preston:Yeah.
Prasanna Malaiyandi:And is a lot of this, I'm guessing, is automated as well, right?
Prasanna Malaiyandi:Because I can't imagine doing this sort of verification and recovery processes.
Prasanna Malaiyandi:In a periodic fashion, like given the scale of some of this data.
Eric Bursley:Well, some of the products that are offered such as, uh, VMware's
Eric Bursley:Cloud, disaster Recovery, or Cohesity Fort Knox, or, um, rubrics, um, solution,
Eric Bursley:um, that they call a cloud vault, actually automate that testing for you.
Eric Bursley:They can actually spin up an environment from time to time and validate those
Eric Bursley:solutions in place in their cloud.
Eric Bursley:Which is isolated, validate the solution and then shut it back down
Eric Bursley:again, not costing you any money.
Eric Bursley:So there are solutions like that.
Eric Bursley:The Dell solution, it, it's something that you would have to manually spin up.
Eric Bursley:You could probably automate that process.
Eric Bursley:Um, but even products like Veeam that by itself couldn't achieve this.
Eric Bursley:They have the solution built in with their data labs.
Eric Bursley:Functionality to automate the testing of backup.
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah, and, and you know, and I would be remiss.
W. Curtis Preston:If I, if I didn't say that Druva has a, has a similar capability,
W. Curtis Preston:um, the, the question, the, um, no, I'm just, it should, this is such
W. Curtis Preston:a, I, I think the biggest thing is.
W. Curtis Preston:We need to have this discussion upfront.
W. Curtis Preston:, right?
W. Curtis Preston:So many people, they wait until they get that ransomware attack
W. Curtis Preston:and, and then they have, and then they have the meeting, right?
W. Curtis Preston:They're like, oh yeah, we got, we got good backups, we got it,
W. Curtis Preston:we got it in the cloud, right?
W. Curtis Preston:We got a copy in the cloud, or we got, you know, whatever it is that they're
W. Curtis Preston:doing, whatever it is that they're doing.
W. Curtis Preston:And even if they've got a, uh, an air gap copy, if they're not
W. Curtis Preston:having this discussion upfront.
W. Curtis Preston:Of how are we going to do, what, what are we gonna do?
W. Curtis Preston:Like, you, you know, you, you talked about Eric quite a bit about like, who's
W. Curtis Preston:gonna make, who makes the decision, who talks to whom, who communicates to the,
W. Curtis Preston:to the stakeholders, all of those things.
W. Curtis Preston:Um, if you, if you don't have that plan set in advance, uh, it's gonna
W. Curtis Preston:be a, it's gonna be a really bad day.
W. Curtis Preston:Um, and you're gonna have, you know, I, I, I hate to.
W. Curtis Preston:We won't use the, we won't use their name,
Prasanna Malaiyandi:Who do you wanna pick on?
Prasanna Malaiyandi:Yeah, who do you wanna pick on today?
W. Curtis Preston:well, okay.
W. Curtis Preston:Maybe I'll throw their name out.
W. Curtis Preston:Rackspace, right.
W. Curtis Preston:You look at, you look at what Rackspace did when, when they had their outage.
W. Curtis Preston:Then they tested their recovery plan and it was three weeks
W. Curtis Preston:before they got the first.
W. Curtis Preston:Uh, exchange server up and running and you know, and because they had made
W. Curtis Preston:the quick, uh, and I'm not even saying whether a decision or wrong or right,
W. Curtis Preston:but the fact that they had made the decision to go over to Microsoft 365
W. Curtis Preston:because exchange was down and then, and then they restored the exchange
W. Curtis Preston:servers and it took them two to three weeks to get the exchange servers up.
W. Curtis Preston:And then it's like, okay, well how do we get the, the email out of
W. Curtis Preston:these exchange servers over to 360?
W. Curtis Preston:Oh, well the only way we can do that now is PSTs it.
W. Curtis Preston:just felt like the whole thing was shooting from the hip the entire
W. Curtis Preston:time and this was never planned.
W. Curtis Preston:Um, if it was planned, uh, not a good plan.
Prasanna Malaiyandi:Poor planning
Eric Bursley:Right.
Eric Bursley:Well, I,
W. Curtis Preston:So yeah, just gotta have that.
W. Curtis Preston:You just gotta have that decision upfront.
W. Curtis Preston:Um,
Eric Bursley:can't say what their recovery plan was now, but when I worked
Eric Bursley:at Rackspace many years ago, they, they had a plan that was more valid.
Prasanna Malaiyandi:Mm.
Prasanna Malaiyandi:Things have changed maybe over time.
Eric Bursley:yeah, things have changed since I, I left there.
Eric Bursley:I, I was on the sales side of things and I was able to talk about their
Eric Bursley:operational and disaster recovery processes that they had in place
Eric Bursley:because at the time it managed, hosted exchange was one of their main features.
Eric Bursley:Since then, Microsoft 365 has been stealing their market share.
Eric Bursley:Um, Obviously because of this event, they didn't have a well-documented process.
Prasanna Malaiyandi:Yeah.
Eric Bursley:Um, and my wife was actually affected by that . It was
Prasanna Malaiyandi:Oh no.
Eric Bursley:yeah, it was not fun for her company for a couple of weeks.
Prasanna Malaiyandi:Oof.
Prasanna Malaiyandi:Well, hopefully they got their emails.
Eric Bursley:Um, they're still working on it is my under.
Prasanna Malaiyandi:Oh man.
Prasanna Malaiyandi:That is crazy.
Prasanna Malaiyandi:It's been like two months almost.
Eric Bursley:Yeah, there, um, she had to manually type in calendar
Eric Bursley:entries, um, for the majority of her
Prasanna Malaiyandi:Oh my gosh.
Prasanna Malaiyandi:Crazy.
W. Curtis Preston:All right, well, uh, we're starting to have technical
W. Curtis Preston:issues, so I need to shut this puppy down, but it sounds like, you know,
W. Curtis Preston:we, we all agree that this is something that people should do, whether
W. Curtis Preston:they're financial institution or not.
W. Curtis Preston:They should look at these requirements, like definitely the air gap copy and,
W. Curtis Preston:uh, and, and testing and decision making and planning way upfront specifically
W. Curtis Preston:for a cyber recovery plan, not a disaster recovery plan, because, you know, it's
W. Curtis Preston:a, it's a very, very different thing.
W. Curtis Preston:Well, um, I'm sitting here in the blind and so I'm gonna
W. Curtis Preston:thank Eric for joining us.
Eric Bursley:All right.
Eric Bursley:Thank you.
W. Curtis Preston:And thanks for, uh, I don't know what to say with this technical
W. Curtis Preston:problems that we're having today.
W. Curtis Preston:But thanks for being here.
Prasanna Malaiyandi:Yeah, I Anytime Curtis, and thanks Eric
Prasanna Malaiyandi:for teaching me something new that I'd never heard about before.
Prasanna Malaiyandi:I'm gonna have to go look up Sheltered Harbor
Eric Bursley:All right.
Eric Bursley:Thank you.
W. Curtis Preston:And thanks to our listeners, uh, we would be nothing
W. Curtis Preston:without you and remember to subscribe so that you can restore it all.