One in three businesses is affected by cybercrimes. These attacks impact the revenue, reputation, and the recovery of the business after the event. With companies expanding their computing capabilities, adopting hybrid cloud models and utilizing more devices at the edge of the network, they’re even more vulnerable to cyberattacks and data breaches. And with those odds, it’s not “if,” but “when.”

“Cyber resiliency, cybersecurity — it’s a huge topic. This is something that every business is thinking about, is talking about. It’s not just a discussion in the different departments; it’s at the C-suite level, the board level,” said Bina Hallman, vice president of software-defined storage solutions at IBM Corp. “If you think about it, cybercrimes, as frequent as they are and as impactful as they are, they can really affect the overall company’s revenue generation. The cost of recovering from them can be very expensive.”

Hallman spoke with John Walls (@JohnWalls21) and John Troyer (@jtroyer), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the VMworld 2019 event in San Francisco. They discussed why data breaches are so frequent, the development of resilient security services, and how IBM is protecting clients against cybercrimes (see the full interview with transcript here). (*Disclosure below.)

[Editor’s note: The following answers have been condensed for clarity.]

Troyer: People may not realize how integral storage is now in security, but IBM brings to the table a lot more than just storage. Can you talk about that portfolio and IBM’s approach?

Hallman: When I talk about the “identify stage,” there’s also things around protection — protecting the environment and those services and those systems. The infrastructure, we do a lot in that space. It’s around detection. So now that you’ve got the protection — and protection might include things like having identity management, having access control — just making sure that the applications are at the latest code levels. Often times that’s when the vulnerability comes in when you don’t have those security patches installed. 

Data protection and when it comes to that segment, we’ve got a very rich portfolio of data protection capabilities with our Spectrum Protect offerings. From a protection perspective, going into an encryption, having capabilities where the infrastructure is designed to have multiple types, you can have physical separation, so you can have an air gap. Things like tape are ideal for that because it’s physically separated. You can have technologies like “write once read many” where they’re immutable; you can’t change those. You can read them, but you can’t change them. 

We’ve done a lot of work in innovation around what we call safeguarded copies. This is making snapshots, but those snapshots are not deletable. They’re access controlled; they’re read-only. That allows you to very quickly bring up an environment. 

Troyer: I think people don’t realize that sometimes these things hide. They’ll be in there and they will be innocuous, so you can’t just restore the last backup. They may try to rewrite the backup, so you may have to go back and find a good one.

Hallman: Absolutely, and detection is very important. Detecting that as early as possible is the best way to reduce the cost of recovering from these kinds of events. Your environment might be exposed for 160 days before you detect it. We do a lot working with a research team, our security team, on things like our data protection, where we have algorithms built-in where we look for patterns and we look for anomalies. As soon as we see the patterns for malware, ransomware, we alert the operator so you don’t allow it to be resident for that period of time. You quickly try to identify it. 

Another example is in our infrastructure management software. You can see your whole heterogeneous storage environment. You typically start out by baselining a normal environment, similar to the backup piece, but then it looks for anomalies. And are there certain things happening in the network, the storage, and warns the operator.

Walls: I almost get the feeling that sometimes it’s like termites. You don’t realize you have a problem until it’s too late because they haven’t been visible. What kind of confidence do you want to share with the end users to let them know there are tools they can deploy? 

Hallman: It is difficult, it’s very real. But it’s absolutely something that every business can have under control and have a plan around. From an IBM perspective, we are the number one leader in security. Our focus is not just at a software level, it’s starting from the chips we design, the servers we deliver, to the storage, the flash core modules, FIPS 140 compliance, the storage software, the data protection, the storage management software, all the way through the stack and all the way through our cloud infrastructure. 

Our services and security organization work with clients to evaluate the environment, establish these strategies and interim plans. It’s really about creating the plan, prioritizing it, and implementing it, making sure the whole organization is aware and educated on it.  

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the VMworld 2019 event. (* Disclosure: IBM Corp. sponsored this segment of theCUBE. Neither IBM Corp. nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE