Scaling Software Solutions and Protecting Your Data with Rubrik Cloud
Episode 38431st March 2021 • This Week Health: Conference • This Week Health
00:00:00 00:49:09

Share Episode

Transcripts

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Thanks for joining us on this week in Health it. This is a Solution showcase. My name is Bill Russell, former Healthcare CIO for a 16 hospital system and the creator of this week in Health. IT at channel dedicated to keeping health IT staff current and engaged. Today we talk cloud data management, and we have Bill Gerling, principal architect with Rubrik.

We have Chris Knapp, system engineer for New Hanover Regional Medical Center, and Brian Farino, system infrastructure manager as well. And of course we have Vic Naji, CTO, extraordinaire with Sirius Healthcare to round out the panel. Great discussion. I think you'll enjoy it. . Special thanks to our influence show sponsors Sirius Healthcare and Health lyrics for choosing to invest in our mission to develop the next generation of health IT leaders.

If you wanna be a part of our mission, you can become a show sponsor as well. The first step. It's to send an email to partner at this week in health it.com. You know, somebody sent me a note and said, Hey, how can we help out the podcast? There's two great ways you can help out the podcast. One is just shoot a note to a friend and, and tell them that you're getting a lot of benefit outta the show and that they should really subscribe to it.

But another way you can, can really help us out is by, you know, whatever app you are listening to the podcast on. Go ahead and click and give us a review. Tell people about . The, the value that you're getting from the show, we would really appreciate it. It helps us, it moves us up in the rankings in, uh, apple and in Google and in the, in the other services as well, and, and doesn't take that long and we really appreciate it.

Just a quick note before we get to our show. We launched a new podcast today in Health it. We look at one story every weekday morning and we break it down from a health IT perspective. You can subscribe wherever you listen to podcasts at Apple, Google, Spotify, Stitcher, overcast, you name it, we're out there.

You can also go to today in health it.com. And now onto today's show. Alright. Today we're gonna talk about building an effective cloud data management strategy. And we have a great group of guests with us today. We have uh, bill Gerling, who's the principal architect with, uh, Rubrik. We have Chris Knapp, system engineer at New Hanover Regional Medical Center.

Brian Farman, Tino System Infrastructure manager for New Hanover Regional Medical Center and you guys will tell us about New Hanover in in a minute. And then Vic Naji, who's been on the show a couple times, healthcare managed services with Sirius and, uh, all around CTO and, and smart guy. So we love having Vic on the show.

the Southeast since November,:

We have close to 8,000 team members currently supporting multiple hospitals, many medical practices throughout the area. We continue to rank in the top quadrant of various surveys that, you know, include not just the great patient care we provide to the community, but also one of the best places to work.

That was and, and, and it is true. It's a great place to work, great leadership, great employees, everyone dedicated, you know, to making it . It's the best experience for a patient, you know, that we can. Recently and on February 1st, new Han Regional Medical Center, we joined forces with and became a division of Novant Health.

And this will allow us to expand, you know, all of the great healthcare we currently provide to the area, but we'll be able to expand that. Up and down the East coast, we're really looking forward to, you know, the journey with Novant Health. We're very similar in, uh, the way we approach taking care of our patients, our teams, our employees.

So overall we're really excited to see where that goes with Novant. Yeah, you know, I'm, I'm looking forward to, Wilmington is a place I used to drive through on my way to Myrtle Beach. Uh, but, but we did hang out there. My dad was on a, uh, a destroyer when he was in the Navy, and I guess the, the, is the battleship North Carolina still there?

Yeah. USS North Carolina. Yep. It's on the Cape Fear River, just 10 minutes from our hospital. Yeah. And I remember my dad took us up there when we were little kids, and he walked us around and said, you know, and I remember they took us into the, oh.

It's not that big of a ship anymore. You look at those ships going out into the ocean, you're like, oh my gosh. That went out into the ocean, and the the quarters are really small. It was, yeah. Yeah. When you get to do that tour on that ship, the biggest accomplishment is getting through through it without having, I.

A bump on the head or falling down a step is, is very tight quarters. Yeah. So I, I also remember all the alligators around the Yes. Around the, the base as well as, as a little kid. That's what I remember. Uh, well, Navan Health, you know, congratulations on that. That's a great organization and I think that's a.

journey probably back in late:

You know, was really attracted to us. We, we were attracted to it, but really hadn't, hadn't had a lot of experience with it. So originally we, we decided to just jump right in, you know, right into the 10 feet and see, you know, see where that went. Shortly after that, we realized that, you know, we, this is new to us and we really need to partner with a vendor to help us at least guide us through the

You know, the basic foundation and the processes that just we weren't familiar with, and HRMC. So one of the first things we did was we developed a cloud first strategy. You know, that was really approved by our executive team and communicated throughout the organization as a way forward for the organization.

Our cloud first strategic benefits. You know, they really allow us to increase our ability to serve bursts in demand, which are becoming more and more popular. And even those that exceed, you know, the provision capacity, really scalable, easy to adjust. You know, as we, as those things pop up, another key driver for us is really to shift some of our IT personnel away from managing data centers and, and the day-to-day stuff.

Uh, you know, from the past, . Being able to develop and concentrate on new higher value tasks for the organization as healthcare shifts. You know, it's shifting every day. So, so Brian, Brian, you're in a, you're in a hurricane center. So where, where, I mean, where, where is your cloud? Where, where did you choose to, to house your, your Yeah.

We are definitely hurricane alley or we're close to that, you know, every couple years. You know, we usually get a storm, so we. We decided to go with Amazon, you know, to start. And mainly, and I was actually gonna get to that, uh, as, as I move forward here, really what drove us to Amazon was we were working on a Alexa, you know, an Alexa project with some of our team.

And that's really attracted us to Amazon. So since then we've been able to install significant, significant amount of Alexa devices in patient rooms. And this has been a huge success for not only patient experience, but for our patient families as as well. So that was really the kickstart. Into this on top of all the, you know, reducing our data center, getting our IT staff thinking in a different way.

You know, as we move forward, you know, as healthcare is changing, technology's changing. So that was really our . Start, you know, of our journey in, into, into the public cloud. So we continue to move environments into AWS as we're getting more acclimated and comfortable with cloud computing and have already seen the agil agility and scaling opportunities prove itself to us.

We saw that just a couple weeks ago within a critical system we put in that was, you know, it. At the initial start of it was a little more than we more, a little more financially than we expected, but immediate scaling and looking at all the opportunities that cloud offers, we were able to drop those costs significantly right away.

So that was a, you know, that was a great . Proven point to us that yeah, it, not only do we read it, we just experienced it, you know, moving forward. So we're definitely looking forward to increasing our cloud footprint with us now, being able to offer, uh, VDI capability to some of our teams using AWS workspace.

So we are. In somewhat the beginning stage of that. We've done APOC with some of our team members and it's has been pretty successful. We had, we've had a few bumps along the road, but that's to be expected with all the different applications, you know, that we have and getting all those to work. So we're looking forward to the future in that workspace.

And finally, you know, like cloud computing, our teams are, are becoming more agile and developing skills. They probably never thought . They would've had a couple years ago in being, being able to apply, you know, those into the ever-changing world, you know, of it and healthcare, you know, we get both sides of it.

Yeah. You, you really hit on the, the three main things that people talk about when they go to the cloud. And we heard this really in spades throughout the pandemic. One is agility. You know, we can, we can.

Alexa, and, and they have, obviously, they have AI tools and those kind things, as does Azure, as does Google's cloud and, and others. Correct. And then the, the third really being, redirecting your staff to higher level items instead of, you know, moving a, a server from one rack to another. They're now logically moving stuff around and.

On, on the big three that we hear, hear quite often. Yeah. Bill and like everyone else, we have no doubt that we are gonna be a multi-cloud environment. You know, there's just gonna be, you know, there's things that Amazon will do better. There's things that Azure will do better or maybe required by us, you know, one of our applications, uh, same with Google and we're, you know, we're reading more and more about the opportunities that Google has.

So we have no doubt that we're gonna be a multi-cloud. Environment moving forward. Just wanted to get, get our hands on basic cloud computing with Amazon first. And you know, once, like anything else, you get the foundation done, you move forward and you know, you apply a lot of the same concepts, whether it's Azure.

AWS Google or whatever. Yeah. And, and this is where it gets interesting. Vic, I wanna come over 'cause you and I have had cloud conversations back when you were interim CTO over at Cleveland Clinic and other places. We talked about, you know, the, the, the need to get to cloud for agility and those kind of things.

We also talked about some of the challenges, but, you know, what, what kind of specific challenges do companies face? When examining really the, their data management strategy, especially across a.

Thanks for that Bill. Now I'm gonna start with my, my usual. How long is a piece of string as to how long you wanna take to talk through this, but essentially, you know, I think it all comes back to the, just the nature of the applications that, that healthcare organizations deal with. Right? They're, some of them have.

Specific regulations. They're either FDA regulated, some of them are based on more, let's call them foundational platforms that are not very modern. And, and it's the, the biggest, I guess the biggest aspect is the fact that the data is so spread out and, and, you know, in pockets, right? Within healthcare organizations.

'cause once again, you know, interoperability is a bad word. So things are kind of like in their own things and they're, they're kind of spread out all over the place, right. So. When you start talking about data management, I think the first thing that comes up now is creating a data governance strategy.

It's like, how do you actually take and put together a, a, a a, uh, program around your data? How do you classify it, how do you access it, et cetera, et cetera. And in parallel you have this whole data management and data protection strategy. With the focus and goal being not only do you actually safely back up your data, which is very important to you, but you have the ability to be able to actually restore it.

In a timely fashion so that it's useful and available to you and your applications when you need it, right, to your users when you need it. So how can we take this fragmented system that we have today and sort of learn from the cloud first approaches and the cloud platforms that exist, that are, that were born in the cloud era, right?

That talk about the fluid motion of data that have access to these sorts of different. Techniques and capabilities, automation orchestration. So the, the trick really is, is how do you bring some of those things back into an on-premises enterprise type environment? So that's kind of like the biggest challenge, I think.

Yeah. And this, and this is where, where Rubrik comes in, and I love talking about this. Because, you know, we, we talk about a cloud first strategy, but there are companies that were built from the cloud. So Rubrik is a, a cloud data management company, but it was, it was built with from the cloud first. So Bill, uh, talk to us a little bit about what, what makes Rubrik different in their approach in, in what they bring to healthcare?

Absolutely. I would, I would say first and foremost, you know, the point that you just made is, is particularly relevant and that's, that's being born in this era and sort of having architected for these consumption models and these patterns. Our philosophy is one of security and resiliency at the point of data right now.

So that, that, I think that philosophical difference is, is a big thing that brings a lot of value to our customers. When we interact and protect data or interact with and protect data sets that are in the data center. We're doing so with sort of like best of breed integrations with those data center technologies.

But when we interact with and protect data sets in a cloud platform, we're doing so in a, in a very different manner. Right? We're using. API driven integrations as opposed to being in the data path, things of that nature. And so this idea of, of sort of security, data protection, resiliency at the point of data using whatever methodology is most logical for that implementation is something that's, that's like a key foundational piece of our design philosophy.

And our customers really, really seem to appreciate it because it lets you operate in these hybrid and, and multi-cloud environments using. Sort of a best fit approach for whatever platform you're interacting with. On top of that, I would say just trying to build out more data services out on, on top of operational backup and recovery, and continuing to kind of like bring additional value to these solutions.

So things like detecting ransomware and offering rapid rollback, detecting where the data sets live. In your data protection assets and alerting the customer of some piece of, uh, PII spills over some undesirable boundary orchestrating recovery across, across accounts or across regions, or even across hybrid and, uh, multi-cloud architectures.

Those types of things are things that we sort of built our product to do from day one. We built it into the DNA of our software and now that, uh, our customers are really beginning to adopt these sort of multi-cloud hybrid cloud architectures, it's just paying dividends. So, so it's a, it's a fabric that sits above all the, all of that, right?

So it's a, it's a fabric that sits, you can be a multi-cloud environment, multiple data centers, multiple environments, and you can essentially apply those same kind of data tiering, data security models and, and frameworks across all of it, no matter where it resides. That's exactly right. So we've got a control plane, uh, that actually lives in SaaS and you can link that control plane to things that SaaS would naturally interact with.

So cloud native workloads is a great example there. When we protect workloads in AWS or Azure or GCE, it's an API driven integration from our SaaS control plane. To the APIs of the cloud platforms. But then if we protect the data center workload, it's more logical for us to co-locate some sort of appliance with a lot of these things, integrate that appliance natively with, say, the APIs of the storage on premises or the APIs of the virtualization.

Virtualization platform on premises, and then we hook that up to the SaaS control plane that natively protects things like infrastructure as a service, platform as a service, or software as a service in the cloud. And that is sort of your single set of APIs and your single user interface for interacting with this whole suite of capabilities.

So data management, but, so it's not a security platform, but has security built in. And it's not a DR platform, but it has. Elements of DR. Built into it. It's not an automation platform, but since it's built on APIs, there's a significant amount of automation that that goes on across it as well. I mean, so it is the classification data management platform, but you provide services across all those other things that I just rattled off.

That's exactly it. Yeah. Yeah. We're trying to essentially take this asset, right? That was data protection, that was operational backup and recovery. That was a must have. And, and in the age of ransomware is, is even doubly so, and we're trying to just produce additional value drivers out of this, this object or this capability that our customers sort of felt like they had to have.

And now it's something like, oh my gosh. I can actually extract business value out of this, right? I can automate this for test dev, or I can orchestrate ransomware recovery using this really rapidly. And, and all of a sudden it goes from a sunk cost to a value driver. And that's really what we're trying to do as a company is, is take this idea of data protection, expand it across all of these boundaries, and turn it into a value driver instead of a call center.

Chris. Chris, I'm gonna get to you in a second 'cause I want to hear how this got implemented at at New New Hanover's data Center across your multi-cloud environment. But Bill, I wanted to talk to you a little bit about ransomware. I just read this article and it was the scariest thing as a former healthcare.

CIO was the scariest thing I've read, and it was really about one of the health systems that got attacked and lost everything, lost all their images for years. Like there's, there's no way to get 'em back kind of thing. And that is one of those things that, that scares the, the, the living daylights outta, you know, executives at this point of, you know, you can't negotiate, you can't pay for, uh, to get the, uh, keys to unlock that, that information, therefore.

What, what happens to you once they're in and doing those things? What protects a rubric from that kind of attack? What, what, what kind of architecture have you guys implemented that, that would either alert or, or protect against, uh, ransomware attack? Absolutely. Great question. Thank you. So I, I would say number one, uh, I hate to sort of beat the drum, but this idea of security at the point of data is, is really the big driver for our value relative to that use case.

So oftentimes these, you know, images are in storage systems that are on premises, but when we're protecting this stuff. We're typically ingesting it into our product storing snapshots for some duration of time, sticking a copy in the cloud somewhere, right? And then in, in a scenario like this, the desire is to sort of recover on mass as rapidly as possible to the last known good point in time.

And so our product is engineered in such a way that the actual file system on the ingest point, first and foremost, is built with being immutable in mind, like all the way down to the lowest primitive. And I don't wanna belabor the the point too much, but like . This extends all the way down into the file system layer, where literally the file system APIs will not accept override operations even from our own software.

And then it, it, it sort of climbs up the stack there. So those APIs are authenticated, right? And they're built specifically to talk to our data management applications. They're CRCs built in all the way up and down the stack. So this is sort of . The product that goes in the data center is sort of a, a clustered, uh, scale out architecture.

And so that, that file system all the way down to like the chunk level, all the way up to the stripe and object level has CRCs built all the way up and down the stack. And so we, we do like rolling scrubs on the data set itself. To ensure it hasn't changed since ingest. And then we do scrubs as the data is reassembled and presented to the data management application for recovery to ensure that the actual data being returned, uh, to the end user is in a known good state from, from its, from its, you know, last known snapshot that you're trying to recover from.

And so that's sort of the, just the fundamental, like, we know the data is good attributes of the file system itself, but that's, that's kind of tactical. I think the more strategic thing that we do. Is the idea of using the metadata from our snapshots and from the, you know, file systems and virtual machines and databases and cloud instances that we're protecting and, and keeping track of, of known good patterns in, in that dataset.

And then alerting the end user if we see an anomalous pattern, right? So this could be. Sweeping ACL changes file extension changes the actual contents of the files themselves changing just as examples. And the people that write this are way smarter than me. You know, the engineers can tell you all the, uh, models that they're using and how they've trained it and, and whatnot, but, but the net of it is, is that we, we can detect anomalous behavior.

And when we think we see ransomware, we alert the end user and then we essentially provide through our SAS control plane. The ability to identify the blast radius, so what's been affected and the ability to identify last known good point in time. And then we, we hand them a workflow where they can begin rolling back or recovering maybe into an account where they might conduct some sort of forensic activity or what have you, you know, whatever that sort of their, their runbook and their use case dictates at that point.

So I would say security at the point of data. Knowing that the data is good, protecting the data from malicious activity, like all the way down to a fundamental level is point number one. And then intelligence on top of operational backup and recovery. So that, that data set is like immediately at your fingertips, uh, during an event would be, would be the second biggest point that I would present.

No, I think it's interesting you use the word blast radius. I, we've been talking about the fact that, you know, cybersecurity has become a cyber war. And we're now starting to use that kind of terminology, you know, war, you know, blast radius and those kind of things of what are we protecting, how, how do we protect them?

We're talking about offensive and defensive strategies. It's, it's really interesting. Chris, I, I, I wanted to come to you. This, you know, I'm, I'm thinking back of, you know, 20 11, 20 12, we were doing things like, you know, tiering of our data. We doing. Pretty traditional things across, you know, sands and whatnot in our data centers.

This represents a, a pretty significant shift. You know, give us an idea of, you know, from, what were some of the things you had to do with your staff to bring them up to speed? What's it like working with this, with this tool and, you know, what are the kind of things that you.

Sure. Uh, thanks for having us on. When we first started looking for a new backup solution, we first, we wanted something that was easy to use and we also wanted something that would help us to kind of start. Cloud journey, you know, that we'd be able to leverage some cloud functionality to help maybe offload some workloads or some storage issues or anything like that, that, that we've kind of experienced in the past.

So I, you know, how long from the time you decided to, to go down this path, so the time you, you actually got it up and running, how, how long of a time period was that? Well, we did it. We, we had a pretty lengthy POC with Rubrik just to validate the functionality of everything. But we've got, you know, being a healthcare organization, we've got some older systems, some older, you know, AAX systems for our EHR and our ERP systems.

So we needed make sure. A little bit older. Um, and, and it did. But after we completed our POC and we received our, our own hardware, we were racked, stacked and backing up in four hours. It was that easy to, to get it installed, get it configured, and create our first SLA policy to start backing up and protecting our data.

Wow. So, so the transition from the older tools that you used to, to the rubric environment was not, was not a major, like you had to send people off for training and that kind of stuff. They were, they were able to pick it up pretty quickly. Oh, definitely. Uh, that was probably the, one of the major pieces that, that we were looking at for, uh, a new backup was, uh, just ease of use because, you know, backups are kind of boring, you know, it.

But with the rubric interface, you know, the, the, there's only a few of us that have to work with the backups, but the oth the other guys, you know, they picked up on it fairly easy and have been able to kind of run with it within any kind of formal training. Yeah. It, it sounds like you guys have, I mean, you guys are just scratching the surface of what you can do with Rubrik.

It's gonna be interesting, you know, to talk to you, you know, a year or two down the road, see what you're.

You've run large managed service programs, including managed services around EHR and EHR, managed hosting. You know, how does a cloud-based solution like Rubrik work in that environment? Very well. I. Next question, . I'm just kidding. I mean, no, but seriously, I mean, you, you've run like, you know, I mean Epic managed service hosting.

You've, you've done a lot of ER service hosting. I mean, are you saying it just snaps in there and works, works well? Yeah. I think, you know, there's, there's a couple different things, right? So first of all, fundamentally, and Chris mentioned this too, right? Fundamentally, it has to be able to protect the data.

Across the systems that you have. 'cause if it doesn't and there are gaps, then you're like, Hmm, now I need something else to fill those gaps. And then you start running into a tricky situation because you have multiple points where you're trying to protect your data, right? So, so first of all, it's gotta check all those boxes.

And then you started looking, uh, a little bit under the cover. So as it started out, as a pure data protection play. As Bill really well articulated, kinda all of the other goodness that you get from the platform, you start looking at how you can apply or take advantage of some of those goodness type things in your environment.

So as a service provider, you know, restoration, so protection of data is absolutely paramount, right? Because you're writing SLAs, which you're obligated to, to folks for, to protect their environments and. And, and protect against ransomware and all those sorts of things, right? So protecting the data is great.

Recoverability is super important. 'cause you have to be able to recover it in the event something bad happens, malicious or not, right? So recoverability becomes very important. Then you start thinking about things like, okay, how do I actually build in some automation and orchestration into my entire workflow?

Because, you know, the, the, the, the thing that kills a service provider is, there's two things, right? So one is inefficient processes. I. That require a lot of manual intervention. And second, are one-offs. So you want standardization across the board as much as possible so that you can, you can then scale. So you want to create these automation and orchestration planes and platforms as well as you can across the entire spectrum.

So when, when you have a platform that was built for that, that was built for the cloud, now you're sort of almost playing catch up. In an on-premises model, right? It's like, okay, what are some of the features that we can take advantage of that, that this platform offers that we may not already have in our regular day-to-Day operations.

And so we started building out a lot of automation based on this platform. A lot of orchestration based on this platform, a lot of automated tests to validate the integrity of the data because it's not just good enough to back it up. And yes, the data platform, the data protection platform does. A lot of CRCs, a lot of checking, but at the end of the day, it's the application that needs to be able to read the data.

So you're going to, you know, have automated restoration into the application in a sandbox environment, run your integrity checks and validate it and so on. And then coming back a little bit even further is like, okay, the, the. The base protection for things like EHR systems based on modern storage platforms are snapshots, right?

So how do you actually protect these snapshots? How do you actually recover from these snapshots as quickly as possible in the event that you actually have, uh, a, a problem in your production side or your, or your primary storage array? And then how do you actually protect those snapshots? So. That was also another very important thing that we had to look at as we were building out, you know, the certified A model say, can we actually tie into the storage platform?

Because the storage platforms have capabilities to be able to do diffs between snapshots. And so if the data protection platform could tie into that, that's just like super goodness, right? So those are some of the pillars that we built on. And then look. Fundamentally, it's all about cogs, right? You have to optimize your cogs as a service provider.

You have to be able to do things better, cheaper, faster, stronger, so that you can actually scale and, and, and you are competitive, right? So when you actually start looking at the price or the cost per, per front end, terabyte protected, which is typically what you look at when you're looking at a data protection platform.

Regardless of all the bells and whistles and features that we just talked about, you have to be competitive and, and this checks the box as well. So it's not like you get all these things and now you're paying an arm and a leg for it. No, it's not. It's like all of this goodness that's packed into this platform.

You're able to be competitive on, on the pricing front too. You know what struck me about that, Vic, is we're talking to a new Hanover, uh, regional medical center, which is, you know, not a, not a massive health system, but what you're describing is, you know, managing terabytes and terabytes of data across multiple health systems.

Multiple EHRs and those kind of things. So, I mean, this is a platform that scales up because it was built and designed from the cloud. It scales up very, very, uh, well from, from, you know, from small to to extremely large. Exactly right. And again, it's, it's a platform that gives you the ability to, just, like you said, to scale up or down as you need and wide or narrow as you need.

And fundamentally, the thing that, that they did, that Rubrik did right from day one is that they're a software company. Everything that they built is all software. 110% software. Yes, there are appliances that you can buy. You know, that are optimized, et cetera, but it's all software and, and it's just, you know when, when you take that and you apply it to your environment, regardless of the size of your environment, regardless of the complexity, look, if they're able to protect your data a hundred percent inside of your data center when you're in healthcare, that's huge.

There are a lot of competitors that play in similar spaces for data protection. Have come about since Rubrik has been around or a little bit after, or some even before that still aren't able to protect data across the wide variety of esoteric operating systems and storage platforms that healthcare providers have.

So when you check all of those boxes, that's pretty, that's pretty dang impressive. Yeah. You know, I, I want to go down this, uh, bill, I'm, I'm gonna ask you about automation. 'cause it sounds to me like this is one of the areas where. This really distances itself from the pack and really provides, I I, I'm talking to a lot of CIOs at this point that are looking at, you know, robotic process automation and all sorts of, of automation to the, to the, to daily operation of the data center.

And, and some of that's cost cutting, but some of that's just efficiency. It's just trying to make the organization as efficient as possible. So talk to us about, about the automation that's available on the, on the rubric platform and, and what, what do people using it for? Absolutely. So I would, I would carve automation up into a couple of camps.

Uh, number one, automated things that Rubrik just does because it's part of our user experience and our approach to data protection. And then number two, hooks or, or integrations that customers can use to extend and, and integrate rubric, you know, to kind of deeper into their environment and processes.

And so the first thing that I would say is like, automation is something that is . That's a key component of what we do. If you look at the way, even the most fundamental thing that we did in V one of our product protecting VMware VMs, right? We automated the discovery process. We automated the jobs through our SLA engine where you just define.

Sort of this decorator of policy and then assign it to things. We schedule all the jobs, we handle all the retry logic, all that stuff. We automate transferring that data set from our storage on the cluster that's protecting those vSphere VMs. And we automated putting that into AWS into S three in an incremental manner, ensuring it was encrypted, ensuring it was indexed.

And then we automated the whole recovery process end to end if you wanted to recover a file or a virtual. Machine outta that archive. So that's like V one of our product when we first came outta stealth. And those patterns are just sprayed all over what we do today. So if you protect databases, automated discovery, live mounts, you know, instant recovery, fully automated, tiering to the cloud, so on and so forth, and the cloud workloads are the same, you add.

A hundred AWS accounts to our cloud platform. You wanna protect instances across all of them. You can create 10 policies and tag and 10 tag rules, and we'll automate assigning those policies out across that whole estate. And we'll automate all the data protection that comes along with it. And then the ransomware workflows, the data governance workflows, things that we're building right now that are gonna come out soon, all predicated largely on automation, orchestration and knowledge of metadata.

So that's, that's sort of number one that I'll talk about is, is . You know, Brian mentioned that he's gonna be multi-cloud. He wants to, you know, people to focus on higher value tasks. Obviously you gotta get the foundation done, building your cloud estate, and part of getting the foundation done, building your cloud estate is, is using tooling that gives you the, the governance models that you want across these hybrid and multi-cloud boundaries.

So, so a big part of that is not only . A tool that supports all of those things, but like a big, but doing cloud right also entails a ton of automation orchestration, right? Like elasticity is what gets you cost efficiencies and resiliency in the cloud. And automation is what gets you elasticity. And so what we've done on top of just automating things like in, in the bowels of our product, for lack of better description, is, uh, is we've also just

Built APIs on top of both the SaaS control plane and on top of the product that is co-located with data center workloads. And then we've exposed those through easy to use, you know, documentation, playground, API, playgrounds, so on, so forth. But then even on top of that, uh, we built out SDKs and common scripting languages that abstract away some of the nuances of the API and just let you build workflows, right?

So think like Python, go Powershells number one. Uh, for the data center workloads and the vSphere folks, they love the, the PowerShell SDK. And then on top of those SDKs. We've built an ecosystem of integration. So if you go to build, uh, dot rubrik.com, so Bravo Uniform India, Lima, Delta, uh, you'll see a bunch of repositories there with things like integrations with ServiceNow, or integrations with configuration management tools like Puppet or Chef or, you know, Sumo Logic and Splunk, or CloudFormation Terraform, so on, so forth.

And so I would say automation is not only in our DNA, but it's on our skin as well. And our customers can basically enter at whatever level of the stack they want. You wanna write straight to the API bindings and and and create your own workflow end to end, have at it. You want to grab something that's just built for.

You know, the VRA portal, so you can stick us in your service portal and just use what, what we've built or what the community's built have at it. And so, yeah. Yeah, it's, it's, it's, it's a big part of what we do. It's a big part of our philosophy. So I, at, at added space, I'm gonna, you know, this is me just trying to make it simple.

I, I can find it. I, I can listen for an event. Once the, that event happens, I can link into ServiceNow and create a ticket, essentially. I mean, that's, that's, that's a simple workflow and that's something that you. That's correct. Yeah. It's, and it's, it's not even like, uh, it, it, it's a true integration that's, that's sort of in their catalogs and, and, and the like as well.

It's just a module. I'm not a ServiceNow expert, but it's essentially just a module that you install into the ServiceNow platform and it provides linkages so that, so that you can see attributes of what we are doing in the ServiceNow system, and so that you can react to events and, and anomalies on our, but, but it can get a lot more sophisticated.

I mean, you could, you can detect a, an event. Essentially spin up additional AWS processes and services and start moving data and do those kinds of things. It can get very sophisticated very quickly. Absolutely. Yeah. Yeah. Easy, easily accessible, hard, hard to master at the highest level type of thing, you know what I mean?

Uh, I. I spent the whole morning programming. I know exactly what you mean. It gets, you know, af after a while you just have to walk away from the computer and go, I gotta look at the logic diagram again. What was I trying to do? But no, I, I, I get it and I understand. So it's very sophisticated, but it's also very, it's very approachable as the word I would say.

It's, it's, it's as simple as. Tapping into things, looking for events and, and, and creating, you know, creating processes outta those events. And so it's pretty easy to do. Let's see. I, you know, I, Brian, I wanna come back to you 'cause I want to hear where you guys are gonna go. Where's your, where's your cloud journey?

Take you next and where do you, uh, where do you see taking this platform next at your health system? Well, obviously, you know, our cloud journey continues. We're looking at just, you know, increasing our footprint out there. You know, as upgrades become available for our applications or net new systems that come in based on our cloud first strategy, that's, that's how we're looking at a new systems or applications coming in.

And one of our checklist items is, is it cloud capable? You know, if so, you know, . How, you know, how do we get there? How do we build, so, you know, we're constant, constantly going through that with our scoping teams. Will, will that be a limiting factor if somebody comes in and says, look, we, we don't run in the cloud yet.

We only run in your data center. What do you guys say? Uh, alright, we're gonna look at some other. Options. Yeah, that's, that's been a popular question, you know, with, you know, with our director and other folks, we're, we're not pushing that right now, but we are educating our teams and I think a lot of our teams clinical, you know, business, you know, you know what, what have you, they're, they're understanding this is, you know, really where it's going.

And this is where we're going as an organization. So we have what you call application owners that really own the application . And support it, patch it, you know, whatever that may be. And they're pretty much, they're very getting very matured on, you know, that's where we're going as an organization. So they're on top of that, of saying, you know, whether they're evaluating an application, I don't know if it's a showstopper for an application coming in, depending on what it gives the organization, you know, what's, you know, what's the ROI on it?

But as far as we we're seeing today, most applications have either some kind of SaaS option or, you know, infrastructure as a service, either or in those, you know, those fit right into our, our strategy. We're not really seeing anything that says it has to be on premise, especially net new. Now we do have some older, like most healthcare systems, you know, we have some old systems that play a critical role in patient care.

And it is what it is. It's gotta stay where it is, you know, whether it's for latency or, or whatever it is. Their code just isn't up to where, you know, we want it to be, you know, it's gotta stay on premise. So, but those are, those are becoming fewer and far between, to be honest. Yeah. I, I just interviewed ACIO for a major health system and we were talking about P BX systems, , and, you know, I, I, I told him my story of we had a, a 25 year old PBX that was made Nortel.

And Nortel doesn't exist anymore. We were getting parts off of eBay and that's just the nature of, you know, it was a very reliable system. We just, we just never got around to fixing it. 'cause it just kept working day in and day out. Yep. And the cost of replacement was too high, but that, that's indicative across healthcare.

We, we do have a lot of legacy gear because of the, the very specific nature of the work that we do in, in healthcare. So it's, it's some. It doesn't have a path offsite yet, so it'll be interesting to watch. Yeah. And it's, and sometimes, you know, with, with some folks it's, if it's not broke, if it ain't broke, don't fix it.

You know, it's working fine. You know, that's, that used to work. But, you know, in today's, in today's industry and, and the way things are going, that will leave you behind. You know, if you're, if you're not being forward thinking on, you know, the, a new way of doing something, even if the old way is working.

You know, Brian, as a former CIO for a 16 hospital system, it would've been easier for me to get the money after that PBX broke than to ask for the money ahead of time. I, I don't know what it is, it's just the nature of the budgeting process. So, alright. So gentlemen, you know, one of the things I've been doing lately is just throwing out this question at the end, which is, you know, what question didn't I ask?

What, what topic didn't I cover? To this that maybe, maybe I shoulda, and if if nobody has anything, I'll close it up. But, you know, I, I, I may not have captured everything, so I'll just, I'll just throw it out there.

I think one thing, you know, for your audience is, you know, you, you have the, uh, rubric is very flexible, like Bill alluded to with how you want to configure environment. Do you want appliances? Do you want four appliances? Do you want something in Dr. So for us, we, we currently have several appliances spanned between on premise in our DR location in Charlotte, North Carolina.

And that was really from what we had in place, you know, to eliminate some of the complexity of bringing a new system in. Obviously as we're moving forward with cloud, you know, our plan is to eliminate that Dr. Appliance requirement and shifting synchronization and replication out to Amazon. And we're, we're actually already doing that in conjunction with having the appliance to Dr.

So you, you know, that's an interesting point, bill. I want go to you with this 'cause this is happening a lot in healthcare. So, uh, yeah. New Hanover is, is now partnering with. How does, how does a tool like this play with regard to, you know, mergers and partnerships and organizations coming together? Yeah, I mean, I, I feel like we play quite nicely because of the affirmation automation stuff first and foremost, right?

So, uh, oftentimes the big hangup there is the way business is done in the other organization as opposed to business being done in this organization. And can we get the KPIs that we need? Can we get the telemetry that we need? Can we operationalize it without having to, as Vic said earlier. Have one-offs or unicorns in these large environments.

And so our, our ability to kind of shim into whatever your workflow is through automation is, is something that's exceedingly useful because whether it's provisioning day-to-day management, or you know, operational stuff, monitoring, reporting, alerting, so on, so forth. We're, we're pretty, we're pretty friendly.

We, we'll, we'll bind with anything as long as, as long as you can either make an outbound rest call, scrape a file from somewhere or take an input from from some other system. And then I would say with regards to the cloud initiatives, like we, we see ourselves as a bridge to cloud and almost every one of these environments is looking in some way, shape, or forward to do.

Do more with cloud. So whether you're on the new side of cloud where maybe you just wanna protect some data center workloads and archive those to object storage in the cloud, whether you're getting a little bit more mature and you want to maybe lift and shift some stuff into the cloud and begin experimenting, or whether you're fairly mature and you're looking for things like hybrid cloud or multi-cloud data protection, we've got

Value to bring and we, and we've got a story. So, so the whole idea just, just being flexible and multifaceted and really trying to do one thing well, which is tie data sets together and provide insights, I think, I think it, it goes over really, really well during m and a type scenarios. Well, that, that is a great place to, to close out our conversation.

Gentlemen, I, I really wanna appreciate, I really appreciate your time and, and really wanna thank you for this discussion. I, I think it's so important for, for health systems to get this right. The, the cloud data management strategy as we move into the cloud, as we move into multi-cloud is going to be, you know, top of mind and something you wanna get right.

Obviously, you, you don't wanna move into the Hotel California of cloud and not be able to get in and out. Is the kind of platform that gives you the ability to switch workloads across clouds and those kind of things. So again, thank you for your time. I really appreciate it. Thanks, bill. Thanks Bill. Great speaking with you.

Yep. What a great discussion. If you know of someone that might benefit from our channel, from these kinds of discussions, please forward them a note. Perhaps your team, your staff. I know if I were ACIO today, I would have every one of my team members listening to this show. It's it's conference level value every week.

They can subscribe on our website this week, health.com, or they can go wherever you listen to podcasts. Apple, Google. . Overcast, which is what I use, uh, Spotify, Stitcher, you name it. We're out there. They can find us. Go ahead, subscribe today. Send a note to someone and have them subscribe as well. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health IT leaders.

Those are VMware, Hillrom, Starbridge advisors, Aruba and McAfee. Thanks for listening. That's all for now.