Keynote: Defending Health Data: The Rubrik & Microsoft Alliance for Cyber Resilience
Episode 7616th May 2024 • This Week Health: Conference • This Week Health
00:00:00 00:54:02

Share Episode


This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Today on Keynote

They're often underskilled. They're understaffed. It's hard to hire. Security people, they're expensive, they're hard to retain. So, AI is playing a very key role in empowering whatever the SOC team, whatever security analysts there are in the Health and Life Sciences organization,

My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health, where we are dedicated to transforming healthcare one connection at a time. Our keynote show is designed to share conference level value with you every week.

Today's episode is sponsored by Quantum Health, Gordian, Doctor First, Gozio Health, Artisight, Zscaler, Nuance, CDW, and Airwaves

Now, let's jump right into the episode.

(Main)  , let's get started. Hi, I'm Drex DeFord from This Week Health.

I'm happy to be here. I'm your host of the webinar today. This is Defending Health Policy. Data, the rubric, and Microsoft Alliance for Cyber Resilience. I have some amazing guests with me here today. We'll talk to them in just a minute. A few thank yous, I think a good way to sort of start all of this.

For the attendees, thank you for attending. We really appreciate it. It's I know you're taking time out of. What are very busy, very crazy busy days, and I really appreciate that again. Thank you for sending questions in advance. I think that's a big deal and really helped us sort of structure inform some of the conversation that we're going to have today.

So you have an influence on what's happening in the webinar today. I'll do my best to get to most or all of those questions you submitted up front today. And then, of course, I'm going to say thank you to Rubrik and Microsoft. I really appreciate you all sponsoring the webinar today and being the guests.

I think I think we're going to have a good time, right? It's going to be, it's going to be interesting. I think what you'll see today for folks who are listening is not just me talking and then somebody answering a question. I think what's going to happen. Having, knowing these guys, there's going to be a little bit of crossfire that sort of happens here.

So I'm looking, really looking forward to that. Three folks on the line with me today. I'll ask you to introduce yourselves very briefly, and then we'll get the webinar question and answer part started. But Ryan, why don't you start with a quick introduction.

Sure, thanks Drex. My name is Ryan Baker.

I own responsibility for our Enterprise Core business as well as our healthcare business for North America.

And David.

Yeah, I serve as Director of Global Healthcare Security and Compliance Strategy at Microsoft.

Nice. And my buddy Rick. Hey, Drex, thanks for having us. I've been looking forward to this. I'm a huge fan of your LinkedIn podcast.

Thank you so much for having us. My name is Rick Bryant. I've been in healthcare for 30 years now. Don't hold it against me. And that's both on the provider side, but also on the manufacturer and solution side. So that's where I'm at right now. I'm the healthcare CTO for Rubrik and very excited to be here.

Nice. Thanks again everyone for being here. I'm Drex DeFord. I briefly introduced myself. I'm at This Week Health now focused on the 229 cyber risk community. I had a long history as a healthcare CIO and so, I've never This is my first webinar, honestly. This is the first one that I've really run from the seat.

I've been involved in in other webinars as a CIO. I was executive healthcare strategist at a big security company and did webinars there. So, bear with me. I think we're going to have some fun today, though. So, let me start with I was thinking about how to open this, and then it hit me that maybe one of the most obvious ways to talk about Rubrik's evolution over the past few years is that with most companies they start as one thing and they get really branded as that thing, and then they grow and change and expand and do, do other things They go through this evolution.

You guys just had a, an IPO. So you're you're listed now, a very interesting. Ride, I think for a lot of the folks at Rubrik, but what most people think of when they think of Rubrik is not necessarily to me, the company that I see today. Tell me about the evolution of Rubrik, Ryan and where you've come from and where you are today.

ere seven years. So I came in:

Virtualized environments, some SQL workloads. We didn't even replicate yet, and we archived to S3. Right, so very kind of elementary. But it was very good for some really specific pain points for our client base. So, that's how we got our foot in the door. You look now, Seven years later, we are a true cyber recovery tool.

And the biggest evolution, honestly, besides some of the acquisitions we've made to fulfill very specific pains that our customers have, things like unstructured protection and M365 protection, if you look at the core product itself, We were built from the ground up, day one, when we were just a backup tool with a file system that was immutable.

e cyber recovery game back in:

They didn't know what was going on. Everything was locked up being ransomware. We got them back in a matter of a couple hours where ransomware was just becoming something people heard about. It was not very real. We helped them restore operations and get back to a known good state with clean data so they can maintain operations.

And that's when it spiraled. That's when we. realized our underlying technology, which was built this way, this wasn't a bolt on, this wasn't anything that we intended to do day one, became something very relevant in the world we live in today. Because, I mean, there's a lot of bad actors out there, there's a lot of malicious people, I mean, bad guys are now logging in, they're not really hacking in anymore, right?

It's the ability to restore Operations and availability is paramount, regardless of what segment. Right? Healthcare, it's obviously paramount for patient care, but regardless of what segment you're in, the recovery is what's most important.

I think it's interesting too, the the happy accident of some of these things also tells you a lot about how a product's built, that you look back several years later at the hardened kernel and you say things to yourself, like, I'm glad we did that.

Like it just happens to be the perfect fit for the environment that we're in today, right?

Yeah. So real quick, our founders, kudos to them, because if you talk to Bipple's our CEO, I still have a daily relationship with him if I need him. He is one of the most involved executives I've ever seen in my life.

But if you talk to him, modernizing this space of data protection was Non sexy, non priority thing for many years, right? I came from the storage world, it was virtualize this, SSD that, all flash this. It was all about kind of compute speed, efficiency, virtualization, when at the end of the day, workloads were growing, performance was growing, and the data volume, I mean, the size of the data volumes we're seeing today is crazy, but backup was always an afterthought.

So that's how Rupert kind of came to be.

Yeah, it's I want to get to you, Rick, because I know that you have something to say here. I want to encourage folks that are online with us to ask questions. If you have questions about anything that you hear, please pop it in the chat, and we'll wind up getting to it.

Rick, you're, you recently joined as the healthcare CTO. It's a big job it's always interesting to talk to somebody who comes into a company and has new fresh eyes about how the product works. And I know you have some comments to tie to, probably what Ryan said today, but Ryan said just a couple of minutes ago, but tell me about your experience so far.

What do you think, like, some of the big value is for healthcare from what you're seeing as you just walk in the door?

Well, I think the biggest thing, Drex, is that I was drawn to Rubrik because of their dedication to healthcare. I am committed to this space, the resiliency, the security, the privacy, the better outcomes at a lower cost.

And I saw that Rubrik was really leading that space. And in fact, I don't think there's any other place in the world. solutions or organizations out there that are dedicated to health care like this. And I'm not just talking about from a sales standpoint, I'm talking about from a product development.

They have made commitment and investments in health care application, data protection that outperforms everybody else. And then when I finally got into the organization, the thing that amazed me the most is the level of commitment. passion and excitement. Everybody here is some of the best people I've ever worked with, and they have this drive.

It's not like huge corporations where, we're solid, steady, we keep moving forward. Everybody wants to make a difference, and everybody, especially on the healthcare team, has taken the investment to understand the applications, understand the differences, understand the regulations, and they want to help this industry.

And everything that they do is focused on saving them money and reducing risk. So it's just a match made in heaven. One thing that I thought was a big differentiator is that, let's be honest, as you're a CIO, we don't, nobody really cares about backup. It's just the necessary cost of doing business, right?

But when it comes to predictable recovery, that's when you get my attention. And that's where Rubrik has really evolved over the years is going from a backup company to a cyber resilient and predictable recovery organization. And that's specifically what we need in our organization. We have some facts that are going to come out in this.

We've released some zero lab reports on the healthcare specific industry. Again, doing research specific to this industry to understand where the challenges are. That they just literally blew my mind. I thought I have seen everything, but the more and more is coming out on a daily basis on how we can help the healthcare industry.

Yeah. Interesting. You don't, so tell me there are other verticals at Rubric besides healthcare. Or just healthcare? How, tell me about that.

So yeah, the usual verticals, I can hit this one. So we've always had our sled business and our fed business. Those are really focused verticals. Prior to that, there was really no vertical focus.

The reason I ran toward healthcare, complete transparency. And the reason I got sponsorship from my leadership team was we weren't focused on healthcare only. And it was our fastest growing segment of the business, right? So revenue's great, all that, but the customer acquisition the sheer volume of new logos and health systems coming to us, whether it was an ancillary hospital or part of a larger system or the actual parent system itself, it was our fastest growing part of the business without the focus.

So seeing that opportunity is why I got sponsorship to build out the dedicated SE org, the dedicated sales org, hiring guys like Rick. Making sure the conduit in a product engineering. We have a weekly cadence with product engineering, again, to make sure we're going to where the puck is going, not where we think it's going, right?

Like I just, I'm in Atlanta right now. I just left two customers this morning. All I'm doing is soliciting feedback because I want to know what they care most about. Right? A lot of that conversation, again this specific morning meeting is around M365 protection. What should we be doing? Unstructured workload.

So, the workload focus is the same, the difference is the scale. Right? So, we are running toward healthcare for that. There's an opportunity here. And again, coming from the space where I came from, there's a lot of potential customers. I actually see some customers on this webinar. There's money, both operationally and capital, being tied up in incumbents in this space now.

So it's not like we're not trying to sound like overly cheesy here, but we're not going to create, we're not creating demand, we're not asking for new budget. We're trying to capture existing budget, drive some cost out, drive some consolidation across all the different tools between security and infrastructure.

To do more with less tools. I don't have a customer who's trying to manage more vendors, honestly. So that's a huge value.

Yeah. David, I'm going to get to you in a minute. I'm going to talk to you. I'm actually going to ask you about something very important, but I want to give a Rick a chance to follow up on that because we're so complex in healthcare, there's so many different things.

I was thinking to myself as I was preparing for this, like this also makes me sound really old besides having a Commodore 64 back in my day. It seems like we had a backup system for PAX and we had a different backup system for right down the line. There were a multitude to your, to your point, Ryan, about not wanting to manage one more, one more partner.

So I love the focus on healthcare. Talk more about that and how it simplifies and the fact that really it is using budget that you already have just in a really new and innovative way.

So, we always look at things, especially in the healthcare is in two different aspects, right? First, our primary driver is being able to reduce costs, reduce total costs of ownership.

And if you tie it back to the Affordable Care Act, isn't that really what we're supposed to be doing? We're supposed to be improving the quality of outcomes and we're supposed to be lowering the cost of healthcare. So I'm really excited about that and how we help deliver that mission. But to your point, being able to consolidate tools not only helps reduce costs, it reduces risk.

Every time you have to switch a screen and look at a different one, there's that little air gap, that human error in between, so being able to consolidate that gives you better visibility into your data, and as you and I know, it's really hard to protect something if you don't know where it is or what it is.

And I think that's one of the real value propositions as well is that because when you trust us to protect your data, we also gather insights from the metadata to help you understand where your critical sensitive data is. And who has access to it? Healthcare has always been a double edged sword.

It's the only industry that I know of that even though if you're a doctor, if you're not my doctor, you have no right to be able to see my information. And so, being able to help further that, not only for reducing duplications and improving security, but there's a potential for us to really help harvest information to come up with better clinical protocols.

Give me six months to a year and I think you're going to see some pretty impressive stuff in addition to cyber resiliency. But focusing on those different workloads, being able to consolidate the pane of glass for cost savings and risk management. That's our core mission. And another thing that I think is really key about how rubric enforces its practice is we don't just work with the storage and infrastructure folks.

We work with the storage infrastructure, the security, all pull those teams together to come up with a cohesive response and to merge those tools together so that you have early warning, rapid containment, rapid recovery, so that it doesn't impact patient care.

Great. Drex, can we answer the question in the chat?

Chuck Christian put in a good one.

Yeah, absolutely. For those of you who can't see it, Chuck says with all of us moving to multiple locations where systems and data reside on prem and in the cloud and co locations, protecting that data becomes a challenge. What are your thoughts on that? So thanks, Chuck, for submitting that.

To, in my opinion it ab, it abso absolutely is a challenge, right? I feel like in healthcare, because I've been in the CSO role, I know what it's like to have those sleepless nights and to worry about where the data's going. But when you do have the visibility across all the different platforms and the control across all those different platforms, it literally does help you sleep at night.

You can see regardless of where an asset is, that it's under data protection and then has the proper security mechanisms. So the right tool and the right processes and the right people are always important. But there are ways to be able to consolidate that and to improve that posture. I was amazed at the amount of cloud adoption there's been in healthcare.

And it makes sense, right? If you look at the pandemic and all the drama that created and all the extra demand for the rapid testing clinics, and then you couple that with supply side, supply chain issues, We were forced to go into the cloud. So healthcare embraced that cloud and they're able to take advantage of that agility, but they need the right tools to make sure that it's properly protected and that it's cost effective as well.

So you operate across all those domains? Oh, across all those. In

fact, I think one thing I'd pile

on, sorry, Rick. One thing I'd pile on specifically, it's an important point. And. is we don't, the days of rip and replacing, clean sweeping, a data protection solution, an incumbent from any health system is just not realistic.

Depreciation schedules don't line up. There's always a cost factor, timing. We're very realistic. But to Chuck's question specifically, I have some customers who are that have started with M365 only. I have a massive health system in the Northeast, 140, 000 users. All we do for them now is protect M365.

We're earning the right to go talk at TalkEpic. We're earning the right to go talk about the run structured world. Whether it's on prem, AWS, Azure, right? Our Azure workloads and our development in the Microsoft world is, probably growing faster than anything. Regardless of where the workload is, it's identical.

You're going through one. One data plane protecting the workloads regardless of where it lives. That's a huge value going back to the tool consolidation. Once you get into a true TCO conversation, again, trying to capture other dollars once we've proven the right to protect certain workloads, it's universal regardless of where the data lives.

That's really important. We want to protect the data regardless of where it lives. And most importantly, we want to give the ability to dig into the sensitivity of the data, be able to isolate and monitor for threats regardless of where the data lives, right? It needs to work universally regardless of where the data lives.

And that's one of our biggest value props.

Interesting. So, this wouldn't be it would be hard to have any kind of a conversation that touches on cybersecurity without talking about ransomware. So David, welcome to the show. I'm glad you're part of the webinar. One of our biggest challenges today, there were a lot of folks who asked questions about this and the register when they registered what about ransomware?

There's a lot of different companies that are sort of Fighting this battle in a lot of different ways. What are you all seeing out there, starting with Dave, what are you all seeing out there as ways that healthcare organizations are preparing for what feels like an inevitable fight that they're going to get into with bad guys around ransomware?

Yeah, ransomware is a huge pain point, especially for healthcare providers that are relatively intolerant of disruption, and therefore, relatively quick to pay in the views of the attackers, and they're seen as a soft target, unfortunately. And so, that is compounding the problem with ransomware.

The other compounding factor is AI, and the use of AI for ransomware. for phishing and spear phishing at scale, finely honed. And so that's only going to increase the click rate, right? And, when there's a click, you get the malware, the ransomware, et cetera. And so, one of the things we do at Microsoft and I know Rubrik does, and we strongly recommend for all health and life sciences organizations is a zero trust security approach.

And that's not just marketing. It's some very tangible things that are underpinning zero trust, multi factor authentication, least privilege. Both in role and on the time timeline. So if you get giving elevated privileges, those get ratcheted down after the task. Device health, hardening configurations, patching devices, client side, service side, encryption, segmentation, data resiliency, and robust data backup and recovery that you have tested and you know will work in an emergency.

And then the one last thing is as good as we all get at preventing ransomware. There's humans involved, there's spear phishing that's powered by AI now. There's going to be a click at some point in time. When there is a click, super important to detect it quickly, reliably, be able to respond quickly and contain it to one segment of your network, be able to recover quickly and remediate, which includes, again, data resiliency and restoring from backup.

On the exciting side there's a use for AI on the defenders as well. You've got security operations center teams in health and life sciences. Now, we know healthcare is under cost reduction pressure to Rick's earlier point. Security teams are under cost reduction pressure.

They're often underskilled. They're understaffed. It's hard to hire. Security people, they're expensive, they're hard to retain. So, AI is playing a very key role in empowering whatever the SOC team, whatever security analysts there are in the Health and Life Sciences organization, amplifying, being a force multiplier for their capabilities.

Powering them with AI, and Microsoft has Copilot for security doing that. What it's really doing, it's ingesting this complex telemetry from the end to end IT environment. It's ingesting threat intelligence from Microsoft Defender Threat Intelligence. It's identifying with high signal to noise ratios, so low likelihood of false positives.

Incidents as they occur, notifying their security analysts, Giving them a summary of what's happened, what is the recommended course of action, accelerating investigation, accelerating reporting, again, accelerating the detection, response containment, and remediation. Super excited to say Rubrik has already integrated with Copilot for Security via Sentinel, which is our SIEM solution, and I believe there's more direct integration happening.

Rubrik was one of the first organizations into the Copilot for Security pilot program, so I'll pause it there. I know that was a lot.

No, I mean, there's, look, there's a lot to unpack in, in all of that. And you also, not only did we broach ransomware at 27 minutes, we're also, we finally got to AI.

We knew at some point somebody was going to talk about AI too, but that's a good point. And Rick, tell me a little bit about sort of the, how AI helps the integration between Microsoft and Rubrik and the work that you're doing to. Create resiliency for health systems.

So, I was really impressed I mentioned the Xero Labs report.

So, we are as collecting our own telemetry data and correlating with Microsoft and several other data sources including the University of Minnesota to be able to correlate the impact of ransomware. And to your point, it is a matter of if, not, a matter of when, not if. Unfortunately, because all the focus on perimeter defense, eventually there's that click, eventually something gets through.

So, as mentioned, as David mentioned, being able to respond rapidly, rapid containment and detection, and then rapid recovery at scale is critical. What we do with AI is we are able to leverage the AI tool set to look and identify indicators of compromise, basically attack signatures, and that was one of the areas where not only can we identify and detect known vulnerabilities, but we can look for zero day vulnerabilities once that indicator of compromise, that attack signature has been identified.

So what that does is that enables you to detect real time. To be able to look at what we call the blast radius, everything that's infected, so that you can appropriately contain and then start recovering at scale. And the AI helps correlate all those multiple different attack vectors, because there's more attacks out there than Carter's got little pills.

And they're even coming up with more and more every day. They have ransomware as a service. You can have a 12 year old that has a Bitcoin account, go out there and launch an attack against a major health system. And that's just terrifying on its own, but being able to identify and contain and leverage AI for that.

And I think that's just the tip of the iceberg for what we can do within the AI space. But at Rubrik and with most companies, we're approaching this very thoughtfully, making sure that the AI doesn't create false positives and that it does provide good correlation. So look for more to come on that space.

In a lot of ways, then it almost sort of acts as like another friendly face in the sock, right? That just turns out to be really smart.

Yeah. And that's what we do. We use the AI to be able to say, okay, based on these attack vectors, here's a, press this button to create a PowerShell script to be able to remediate it, press a button to do this, that, and the other.

And it just assists you in that recovery process.

I'm getting, I got a text from a friend while I'm sitting here. There's, you're not adding hardware to the data center for any of this or, right? This is all software based. Tell me how it actually works for Rubrik. How do, what are people signing up for?

What's the project look like, Ryan? No sweat. Yeah. So, to say we're not going to add hardware, that would be false. Right. Okay. On prem workloads, hardware is inevitable. It's a means of consumption, right? We do not. Like Rubrik does not even take hardware physical orders anymore, right? Customers have the ultimate choice.

So there's, sometimes there's a real allegiance to a compute vendor, whether it's Dell, HPE, Cisco, our Rubrik branded appliances should, most customers consume that way, 90 plus percent. It's a super micro box. Again, hardware is just for the on prem only workloads, everywhere else, software only, right?

Whether it's in cloud, SaaS, everything else is software. And what we sell, Rubrik is a software company. The hardware component. Is it means consumption for the data center? But again, going back to TCO and consolidation, if you look at the legacy environments, there is always a massive savings, whether it is the simple form of power, cooling rack space, just the hyper consolidation.

Cause if you look under the covers, what we, for even on prem workloads, it's a hyper converged appliance for all intents and purposes, right? Software layers on it, all the. The uniqueness and differentiation is in our software.

Got it. Drex, for healthcare, I always felt like the purpose built appliances were perfect because I don't have to worry about provisioning storage, patching it, managing it, all that.

It's the quickest path to value. You drop it in there and you get it. Drop it into a rack and turn it on,


That's right. And there's also an added benefit for that zero trust architecture that David was talking about. We can enforce, the driver side patching and no root level access and all that.

So it's two benefits there.

It's also really critical in the event of a restore. Right. Without going too technical, having the hyperconverged appliance on prem for, right. We have the ability to like literally boot off our system and run for a period of time until you can vMotion back to your production systems, like little things like that in a really bad situation, there's value there.

And a lot of customers use us for that.

Yeah, not to get too technical. As I went through the, some of the material prepping from the webinar and you and I, we all had a, had some conversations about this as part of that prep. You all talked about clean point of recovery, and I read clean point of recovery several times.

And I think it's a very, important point, and I want you to talk about what that means and why it's critical in this whole ransomware data exfiltration, gotta be resilient world that we live in today.

So, do you want me to start, Ryan? Sure,

go ahead.

So guys, I became an expert in ransomware reluctantly.

is because starting in about:

orward to what's happening in:

And we're at the situation that we are here today. And with ransomware, even though the tactics have changed, the impact is still the same. And we found through our own studies the Xero Labs report, that healthcare creates 22 percent more critical or sensitive data for every outreach. And the part that stunned me even more, that didn't surprise me.

All right. You think about healthcare, every, almost everything's PHR, everything's protected. We also found that healthcare is the largest creator of data of any industry. That kind of blew my mind because I would think financial services, I mean, Heck, my wife does 20 transactions on a regular day, whether it's a Starbucks, etc.

But when it comes to a ransomware event, healthcare experiences a 50 percent larger impact because of the PHI. Which makes it that much more critical to properly secure. And I would encourage everyone after this to look at that Xero Labs report and to use this as part of your business case to justify reducing the risk and reducing the overall cost in your environment and making the changes that are necessary.

Everybody always wants to spend money after the accident, but how many people want to spend money to prevent the accident? Do you want to buy a Volvo or do you want to buy a motorcycle, right? That's what you really have the decisions of making today. With Rubrik, I found it very unique in that because we have all the metadata, we're able to identify indicators of compromise that are in the wild, but you also have the ability to be able to manage a zero day vulnerability.

I've had the dubious privilege of being part of a zero day vulnerability, and let me tell you, there is nothing worse than that day. You are scared to death we have been able to correlate or the industry has been able to correlate the patient aspect. There's a 9 percent higher chance of having a sentinel event if you go into an organization that is under a ransomware attack and you have a heart attack or a stroke.

That's something that hits home. Use that for your business case, because I don't know a single person in healthcare that doesn't first take the Hippocratic Oath and believe to first do no harm. We're now able to correlate these impacts to real patient impact. But with that zero day vulnerability, as soon as you work with your partners to be able to identify that indicator of compromise, it can then search in all your environment to see where it's at.

And then the last level of defense, and Ryan touched on this with the boxes. And that having that box on premise will allow us to be able to spin up what we call an isolated recovery environment on our box, not taking your space. A lot of people don't realize that if you don't have surplus capacity at the time of an event, You're probably going to run out of capacity and not be able to remediate.

We should, we have seen that it takes about 30 percent of your capacity to be able to reinstall those systems. Right. But when you're running mostly full, that's a, that can be a


right? Yeah, that's a real problem. How quick can you get a PO and get a storage array in? That can be a very lengthy process.

It can be now. So now you've got to be aware of that, but having that box, we can spin up an isolated recovery environment on the system itself, make sure that it's clean for everything that's known and anything that's found, and then migrate that and motion that back into production. As Ryan mentioned, we even got the level of sophistication to where you can run the workloads off of the box for a period of time.

I wouldn't recommend it for full time, but for a part time emergency, get a critical system, a blood bank. Everybody really wonders about how how healthcare is impacted by technological downtime. And you and I have physician friends, and some of them, like, I can still do life critical care, but what kind of quality of care can I do if I don't know a patient's allergies?

If I don't know what their blood type is, if I don't know what medications they're on right now. So there's a real direct tie, and we're starting to see that that well rise, and to see the organization start to really take those into consideration to better protect themselves.

  📍 📍  Hi, I'm Drex DeFord and I am thrilled to host Unhack the News on This Week Health. Alongside our established Newsday show, we're diving deep into cybersecurity and healthcare. So whether it's Unhack the News with me or Newsday with Bill Russell, you'll find the latest insights and commentary in This Week Health's newsroom.

Expand your knowledge and stay ahead of industry trends, and mostly don't miss out. Join us every Monday on This Week Health for all the latest stories.   📍

 I want to get back to the clean point of recovery, though, that so the IOCs that you see, because you're looking at the data, you can see when and where the bad guys are in the environment.

You can see when that all started. That is how you wind up going back to the point at which you know that you have the clean backup.

Let me hit this one quick. Is it actually Chuck put in another question. Thank you, Chuck, for being so involved here. So under the covers, the way this works, rubric is a first full incremental forever technology.

So that's important to set as a baseline. And explain that, explain what you mean by that initial ingest. The initial metadata index we build is the first fold. That's going to take a period of time in a big environment. After that, every. Backup is an incremental. So think about just moving the volume of data that has changed regardless of the application.

The reason that's important is you can set your SLAs. Think about how frequently now you can back up your tier one, tier zero mission critical apps. Most of my customers back them up every four hours, where historically it was like a 24 hour window just for the sheer time to push that much data. So the granularity of the time you can back up.

dramatically shortens your recovery time, right? So Chuck, I hope that answers your question. So recovery time, it's going to be based on application. And candidly, there's a lot of upstream impact that we don't control. Do you have compute? Do you have, is the environment ready for a restore action? From a rubric perspective, we'll be able to present a clean subset of data for that restore when you are ready.

But it's going to be based on the granularity of your SLA. Our technology enables much tighter SLAs for things like Epic. Epic's the big one for obvious reasons. Everybody wants to back up Epic. It's all about the restore. We don't back up to back up. For honest with ourselves, we back up to restore. So that's how we get very granular.

Yeah. Which leads me to the next question that I think we've all probably faced at one point or another. Healthcare systems are really great at backing up. But the restore part is a thing that sometimes when the restore starts, that's when we realize we haven't really done this. We don't really do it well.

We haven't practiced it. How do you make that? How do I feel comfortable that I'm going to actually be able to do that? You guys have some great ways of showing that and reassuring organizations that they can do restore. And that's part of the resilience plan.

Now, Drex, I've had the opportunity to see this real time, and it's nothing short of amazing, and I get it.

I run IT organizations, and there's two big things, right? There's always enough time to implement the technology, but is there enough time and money to put in disaster recovery, right? That's always an after fact, right? And it's something that as an industry, we need to get better at making sure that we have resiliency based on our design.

And David has a number of guidelines on how to design for resiliency within Azure and others. But being able to have that type of approach where you know what's impacted, you know how to bring it back at that specific piece of time and to know that the configuration drift hasn't really changed.

What happens over here on a daily basis is reflected in DR. It's a difficult task. Also downtime's a difficult task. I remember in an organization I worked with, we would fail over every six months. And that's when we would know if things would work. It's not the best breed, right? So with Rubrik, you have the ability to build recovery groups and to do what I'd like to call fire drill type of testing, meaning you can activate and have it run on a routine basis and send a report out to tell you, yes, this would have recovered.

And it would have recovered within this timeframe without intrusive action on behalf of the customers or the patients or the caregivers. So that's a big one. And I actually seen it's to the level of sophistication to where we have fantastic resources. Marcus showed us this yesterday where they can literally push a button and print out a report to your auditor saying, Hey, this, or your cybersecurity insurance group.

So not only are we recoverable, but here's how quickly we would have recovered by service line and applications. That to me is the future, right? Being able to find ways to validate recoverability and resiliency without having clinical impact.

It's interesting too, because I think. We all have a tendency David, to maybe overestimate our ability to recover, right?

I mean, I think we all want to be optimistic about it, but until you go into a large recovery process, you don't realize how complicated and challenging it is. You've seen a lot of these kind of things happen. David, what do you think?

Yeah, I mean, touching on some earlier points as well, I mean, there's a complex end to end IT environment, and that data is shifting all the time, right?

You've got migration to cloud, you've got AI, all these different things happening that are moving the data around. So, inventory, discovery, classification, protection, it's not a one and done, it's a continual thing, right? Now, when we talk about, so we talked about zero trust. and prevent, detect, respond, super important that whatever you're doing for data resiliency, it's not just a placebo.

Like, I feel good because I'm backing up, but when the event actually occurs, you've never tested it and you discover you didn't catch a certain dataset, there's a certain dependency, and so you can't bring certain capability back online. So the really important thing to emphasize testing.

So when you do your backup, you have your data resiliency with rubric, make sure you test it, make sure your training is there your staff have the right skills. And then I would even say familiarity, because these incidents, when you need to do a full restore, maybe few and far between, and although, At some point in time, people have the right skillsets.

They're not familiar with it because they haven't really looked at it recently. So you can also do regular tabletop exercises to walk through it. Hey what happens if this event and where do we go? What do we do? Make sure you have everything in order. So you can, again, respond quickly. Cause it's super disruptive to healthcare organizations, especially on the provider side.

And, it's a patient quality of care issue. In the worst case, it can be a patient safety issue. And that's that to Rick's earlier point that's where we need to be laser focused because if patients quality of care and safety are at risk we really need to do everything we can to mitigate that.

Yeah. And the stress that already stressed out staff has taking care of patients and families and then suddenly the systems they depend on disappear. The stress involved in that, I mean, I've gotten phone calls from nurses and docs who have been involved in an event who have called me and given me the whole, I'm really concerned that maybe my license is at risk.

Because if I make a mistake now, I'm really fearful for my patients, like I've never done this on paper before. Those are all the things that drive that resiliency point. Ryan and that was great, David. I appreciate it because it set me up for the next question, too. And this is one that that pulled from the registrations.

One of the best ways to understand what a company or their products or services do is through use cases. And something that's real, something that you've worked on with the health system, a story that helps people sort of wrap their head around what you do and how you help. So, Talk about this in the sort of constructive use cases and some of the problems that you've actually solved in the field.

We'll start with you and then we can go around if we want to talk more. This

is a timely question. Honestly, we are, same question comes from our customers, which is why we're building what we're building. Really, if you boil it down, it's four or five primary use cases in healthcare regardless of scale.

It's always tier one application protection, EMR, EHR, right? Virtualized workloads. Think of the core data protection recovery capabilities and cyber resiliency around Tier 1 apps. That's use case number one.

And I see Ritesh had asked a question about that, so I'm glad that you've you've addressed that there too.

Yeah, and again, there's only a couple flavors of our licensing. Most customers are licensed with our EERNF to get all the security features and recovery capabilities in their tier one apps, but you don't need that for everything. Not all data is equal, right? Number two workload most commonly right now is in the unstructured world.

Think of, in traditional sense, PACS, radiology, VNA, Imaging, there's a million different vendors out there producing a ton of data, right? The reason this I think is, think of like Epic Web Blob as a good example. There's a lot of customers right now protecting Web Blob in a very legacy fashion. It's jeopardizing honor roll status.

Right. That one's coming up a ton. The sensitive data within that unstructured data is outpacing anything we're going to see in a structured world, anything we're going to see in a database, the amount of sensitive PII focused data in unstructured at the rate it's growing, it's almost impossible to manage and in a historical fashion of protecting that data, you replicated a core storage platform to another core storage platform via snapshots.

Right, just because the millions and millions of volume count of files and just sheer capacity, right? I talked to a client yesterday in New York City. They had 140 petabytes of unstructured data. Research is a huge part of what they do, but just think of that data and it's, the data creation is one aspect of it, but it's also the retention tied to that data.

So, better ways to manage, protect, and leverage the cloud. Think of Azure cheap and deep storage for like long term archive use cases. That's coming up with every client. Microsoft Mechanics SAS based workloads is probably number three, I would say. Think of again, M365 is like the low hanging fruit.

Every, Microsoft is saying, you gotta protect this data, right? Like, we partner we co developed our product. Microsoft's a equity stakeholder in Rubrik, so I like to think we had a little bit of a cheat code, but our product was not the first to market, but I think it was built the best alongside Microsoft, but M365 is like the number one SAS workload we're seeing in healthcare, just having to be protected.

And it's

unbelievable how much we depend on 365 just as part of our daily work in health care. We don't think of that as a like health care system, but in my experience has been critical to the operations to get that up and running as quickly as possible. How we communicate

every day. Go ahead. Sorry, David.

No, I was just going to mention I agree with the points. I think it's a core backbone of many organizations. And I think planning is really key, right? Ryan, to your earlier points it's the tiers and solutions within each. It's the dependencies between them and testing to uncover any hidden dependencies maybe you didn't catch in the planning.

You don't want to have any late surprises when you do a restore that you missed a dependency and something's not coming up.


then that last workload I'll hit, Drex, to answer your question, is the fourth real use case, and it's getting a lot of legs now, is just cloud protection, right? Customers want the same protection and recovery capabilities that they've had on prem and that were proven entity, they want it in their clouds now, and there's a lot of blind spots there.

That's a new work, like, I'll be, I hope I don't offend anyone, but I think healthcare was a laggard with cloud adoption for a lot of different reasons, but now it's here. It's. It's


a really relevant place in healthcare and now it's all right. Now I'm doing all this in Azure. How do I protect it? How do I make the uniform recovery across on prem and Azure?

That's coming up a lot. All right. And then the Epic and Azure conversation. I just had this conversation before this call. Because of the VMware Broadcom situation, Epic and Azure's coming up in every single account I'm talking to at some scale. They're planning, they're thinking about it differently.

It's forcing the cloud conversations faster than anyone had anticipated, but it's here.

I'm going to go to a couple of audience questions. We've got a few minutes left. How does Rubrik ensure compliance with new regulations as they're put into action, especially with the new state laws that are coming out.

How do you guys play into that?

Well, ironically, I just did all the training for that yesterday. I've been in training jail for the past several and I was literally amazed by the amount of Privacy regulations that we've not only incorporated into our company culture and our purchasing and operating matrix, but we've also put into the product.

I mean, there's a new regulation called DPDP out of India that I never heard of until yesterday, right? So we have compliance and regulation tools for all the stuff that's known out of the box and the ability to be able to add that stuff on a regular basis. Specifically GDPR and all the European regulation, privacy regulations are of key concern.

CCPA and CPRA, the California Privacy Rights, is a great concern for us. Then Virginia has one. Colorado has one. There are several states that

have, yeah,

like seven. And I get so frustrated with this because, in our industry, the regulations have always been unnecessarily nebulous, so they say you are required to have a backup.

They don't tell you what that means, right? Same type of thing. There's so much variation between accountability with CCPA, for example, versus the Virginia regulations. But you have the ability to put in all those plugs for all your national and multinational corporations and for the people that you do business with.

So that's an excellent question, and it is constantly changing. So far, we are staying ahead of the curve and we plan on staying that way.

Thanks. Chris Ackroyd just popped a question in here. We did, I think the poll came up and I didn't actually even talk about the poll. But the poll came up and one of the questions was around recovery time and what's your recovery time.

What's a realistic, Recovery time, a ransomware recovery time for a healthcare organization. Is that just a really hard question that doesn't have a really good answer? I can give you my best

practices, but to be specific, that question, it's always a formula, right? It depends on the application, it depends on when you last backed it up, it depends on the resources that you have.

One thing in Rubrik, which I thought was amazing, is that we have the ability to be able to spin up multiple threads, and I don't want to get too complicated. But we can spin up multiple threads and continue to spin up more and more threads until we saturate the network and the capabilities to be able to reach the recovery time objective that you set.

Now, that being said, my best practice that I always talk to hospitals with is that for Tier 1, or what I call patient care critical applications, and Tier 2, you should have an RTO of no more than two hours. And there's two ways to go about doing this, right? The best process is to do a business impact analysis with your organization and have them determine the guides.

That's very difficult and time sensitive and costly. What I see most organizations now is coming up with an agreement with their organization saying, I kept patient care critical and tier one and tier two applications, I will promise you no more than a two hour RTO and whatever the requirements are for the recovery point objective.

And then the organizations get to kind of battle for what goes into that bucket. So set up the straw man first. Set up a straw man, and then, the next tier would be four hours. And there's something that you said having gone through this nightmare. Email is absolutely a critical application in healthcare.

I would rather lose a phone system than email because there's so many reports and so many safeguards that come out and are communicated via email that I consider them tier zero critical infrastructure, just like your app, your Active Directory or your LDAP, your email should be there at all times and in all


Yeah, thanks. We are we're running close on time. I want to get in a couple of more questions. Let me see, David what are we predicting for new threats in the near future?

Yeah, I mean, it's hard to say in some cases. I mean, the evolution is accelerating also with the use of AI by the bad guys.

So you're getting new sort of zero days popping up, which are unknown by definition. But the one sure thing that we're expecting and candidly we're already seeing is the use of AI specifically for phishing and spear phishing, even. It used to be really costly for an attacker to create a customized phishing email for an individual using their.

social media profile, whatever the case may be, get them to really make it really compelling for them to click. It's becoming much cheaper for attackers to do that at scale with AI, so phishing and spear phishing are going to get much worse. You've got deep fakes with voice, with video, even very sophisticated, we've observed some very sophisticated attacks that involve Voice and video deep fakes and millions of dollars of impact.

So that, that is what we know. But again there's what we don't know and the use of AI to uncover new vulnerabilities, new zero days, new attacks emerging. That's why it's super important to plug into threat intelligence, right? Is rather than a given organization, go it alone. You need to be getting that threat intelligence feed, whether it's from Microsoft Defender Threat Intelligence or otherwise, so you can see what's happening worldwide, what's the latest.

And again, be able to correlate that with what's going on in your environment and recognize, Hey, this is a brand new attack. Here's what it is. Here's how it occurs, indicator compromise. Here's what you need to do to, again not just detect, but respond and contain it and remediate and restore.


Great advice. Ryan, I'm going to give you the last word. Oh. This is a very broad, open question also from the audience. Are we ever really safe? How does Rubrik help us with that?

Are we ever really safe? That is a loaded question. We're never going to keep them out. I will say this, it's We are never going to keep the bad guys out with all the prevention tools I think we have.

Are we safe? We will, we guarantee the recoverability, 100 percent of the data that's protected by Rubrik. That's about as best as we can do, right? And that's something we really stand behind. Like with our, I got some real stats. So we have a ransomware response team. It's part of every Rupert customer.

They have access to this. It's not like, it's just part of what we do. Give you an example. If there's any severity case opened up and ransomware is mentioned at all, that team is engaged. So they see roughly 8 to 10 per week, Rupert customers opening, Hey, we think we're under attack. We've recovered 100 percent of the data.

We've had zero data loss. That is something we are very proud of. And that's just an, that's a function of good technology. So, but to answer your question, are we really safe? I can't ever say, yeah, we're 100 percent safe. I'd be shooting myself in the foot, but we are in a much better spot for availability for our health systems, which at the end of the day, we can't treat patients, that's all we really care about, right?

Availability over anything. And one thing I see. Tying to availability and patient care is like the run books and DR playbooks that we historically had. Data Center 1, Data Center 2, Can We Restore? That was really built for environmental tornado, storm, sometimes some operational error. Those playbooks got to be rewritten.

They got to be written for, they got to be written for malicious bad actions, whether internal or external. The function may be the same, the endpoint's the same, but BC and DR are different now. And it's, it just, it is what it is. So we got to make sure the playbook and runbooks are tied to the application and tied to the prioritization.

That's one thing I see as a big gap when we look at planning overall, and that a lot of customers are spending time on.

Yeah, I appreciate it. Okay, we are basically at time. I really appreciate you all being here. Rick Bryant, Ryan Baker, David Holding, you guys were fantastic. I really appreciate the conversation today.

I think the audience did too, based on the participation, the number of questions and all of that. So thank you to the audience for being here. You're a big part of this. Sending in questions in advance really did help us build the structure for the webinar too. So thanks for sending questions ahead of time and participating during the event.

You'll see a copy of this. We will release a copy of this as a podcast after the fact. So, when you get a copy of that, when you get that notification watch it yourself. This is probably, to me, going to be worth the re watch, but also make sure you share it with friends and peers. And other folks who are who are in your orbit.

And and that's it. Thank you. Thank you gentlemen so much. Thanks to Rubrik. Thanks to Microsoft for sponsoring and being the guests here today. We'll see you we'll see you guys around campus.

Thanks. Thank you, everybody.   📍

Thanks for listening to this week's keynote. If you found value, share it with a peer. It's a great chance to discuss and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. it if you could do that.

Big Thanks to our keynote partners, Quantum Health, Gordian, Doctor First, Gozio Health, Artisight, Zscaler, Nuance, CDW, and Airwaves

you can learn more about them by visiting thisweekhealth. com slash partners. Thanks for listening. That's all for now..



More from YouTube