This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Welcome to This Week Health Conference. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health, a set of channels and events dedicated to leveraging the power of community to propel healthcare forward. Today we have an interview in action from the Fall Conferences on the West Coast.

Here we go.

all right, here we are for another interview in action. I'm looking forward to this conversation. We're talking with Jason Cook, Field CTO for the Americas. They don't narrow it down much, do they? The Americas at Rubrik. I mean, so that's North and South America, essentially.

That is North and South America. Although I haven't been to South America, I've been in this role for about four months. I've been with Rubrik for about seven years. Most of my tenure was in people leadership in the sales organization, specifically the technical sales folks. So I most recently built and ran the technical sales folks for the major account segment, which is like the Fortune 250 and below at Rubrik.

And then I just was craving more interaction, more evangelism, more getting out there. And decided to step into this field VP role, O Role. So, so far I have been to Canada a couple of times, but not South America yet. So we'll see.

I like the evangelism role. I'm going to, I'm going to, I'm going to ask you some pretty open ended questions here.

Cause I, I just want to get a lay of the land of what's going on. So, talk to me a little bit about cloud data management. So where are we at? What are the latest advancements or how are organizations thinking about it?

So, I think a couple of things. One is there's the security of the data, which is what we're keenly interested in.

And the vehicle we're using to secure data is backup and recovery. And I think for the longest time, backup and recovery applications were more operational in nature, you know, either for compliancy or just being able to do operational recovery. Should somebody delete a file, should a system need to be restored, or multiple systems, or perhaps even a data center failover, or a failover from an on prem to a public product.

But what has really changed, Bill, is the state of and the reality of cyber threats these days. They are more and more prevalent. They are happening every day. And I would like to believe that people's mindset are much less the if, and maybe we'll just put our hand in the sand and or we'll say a lot of prayers and hope it doesn't happen.

They're more of the, it's going to happen, we're assuming breach. And folks are realizing that so many of these cyber attacks are attacking backups, and so they need to revisit that. So that's kind of the first thing. And then as far as the cloud, inferring public cloud, what we're finding more and more is that pendulum is starting to swing back around again.

I've seen it kind of move a lot. Over the last five, you know, ten years, where people have been very heavy on trying to shift and move applications up to public cloud providers, they realize it's a more expensive way of, say, doing infrastructure as a service, and they end up coming back down again. But now I feel like more people are starting to realize how to gain the system around.

Platform as a service and SaaS and those types of applications and that, in my mind, counts as a cloud strategy. So I think the second part of the security is there is that we need to be able to secure data wherever it lives, you know, and to be able to perform relatively speaking the same recovery functions.

You know, whether it's in Google, whether it's in Microsoft 365, whether it's in Azure, Amazon, or on premise. You know, that's what we're

seeing a lot of. It used to be fairly easy from a cyber security standpoint. It used to be fairly easy. I mean, we had our backups. We sent them over to Iron Mountain. We didn't, you know, we didn't think about them.

we did have those tapes and we were lucky to get them all done at night, especially in healthcare. I mean, the amount of data was growing so rapidly. That I remember the conversations like we, we need to double the size of the tapes. We need to double the size of tapes. Good. All right. So all that's changed pretty dramatically, but with the new cyber security threats, I mean, the impact of these things was pretty devastating on health systems.

I mean, are there different models and methods that we're applying? In order to make sure that our backups aren't carriers of the infection and when we restore, they're not bringing it back as well?

That's a great, that's a great question and great insight because it's so true. One of the things that Rubrik talks a lot about is why backup and recovery is not equal to cyber recovery.

And to your point, when you look at cyber recovery, there's not just the syncopy of knowing I have secure copies that I can restore from in the event of an event. But also knowing what's in those copies so that I can defensively and reliably know that whatever I recover is free of malware or free of infection.

So what we're doing is, to that point, we're giving you the sanctity of knowing you have sound, you have safe, you have secure backups that can't be encrypted or deleted or tampered with. But then we're also offering analytics software on top of those backups to do things like look for encryption events, malformed encryption events that would infer a ransomware or a cyber attack.

We're looking at sensitive data, which I think using backups still as a repository for security analytics of any kind is a very novel idea. Because it's a complete copy of everything that you have in your estate, or at least generally is or should be. And so, it's a place where you have everything sort of co located into a single repository where you can do these types of analytics.

It's also a time series, so it can go back in time. And that's the struggle I think people have with. Security devices and trying to do an endpoints and trying to do prevention based security there is that the data that flows in and out of that is pretty transient. Whereas with a backup, it's 15 days, 30 days, you can really get a sense of what dwell time might have been, you know, in terms of how long the attackers were in the environment.

And then the last piece here point is the ability to remove those indicators of compromise out of the backup sets. So when I go to do my clean room recoveries. Or perhaps by critical system recoveries, you know, post breach, where I'm just bringing back a limited set of applications so I can get workers in to do work, I'm doing so free of compromise so that they don't get reinfected.

So we talk about that a lot and I think that's a great insight.

📍  We want to thank you for a wonderful year. As you know, we have celebrated our five year anniversary at This Week Health, and we are going to enter our sixth year of doing this. And we set out a goal to raise 50, 000 for childhood cancer this year, and you did not disappoint. We have raised close to 60, 000 this year for childhood cancer, and we really appreciate you.

We appreciate you. The community coming together. And we hope to do more of this next year. We hope that you'll join us. 📍 📍   📍 📍

 You know, the dwell time is interesting because I saw a recent study. The dwell time used to be months and months before they initiated The attack. And now it seems like, and I thought that was amazing. I thought that the fact that they could be in your network sort of hanging around for months, I thought that was amazing, but I think what's even more amazing to me now and a little concerning is it's not months.

It's getting to be days. Not that we're finding them, but that they can do what they need to do. A lot quicker than they used to.

Totally. And Bill, I think that's really two things. Number one is, it's the type of payload they're wanting. What we're seeing is an increase of whole system or whole VM or virtual machine encryption attacks.

So when they do encrypt, They're taking down whole systems, not just getting inside of one system and encrypting files within it. That just takes too long. And I think the vector of attack or the style of attack is just predicated on the fact that cyber criminals are not really interested in working hard.

That's why they became criminals. Easy path to revenue. So they're finding ways, to your point, to get in and do work immediately, do damage immediately. Also, the overwhelming amount of breaches. You know, back in the day, it would be more brute force. Now, it's socially engineered MFA attacks, where they, you know, the MGM, you know, that one.

I mean, it's just, so that's, it makes it even harder on security operation centers and security professionals, because it looked like benign or typical traffic by authenticated users with proper credentials. So I think that's another reason why they can increase the time it takes to get to the ransom note, because now they have the permissions and the credentials to be able to do that.

So we're seeing that a lot too. And that's why these, you know, analytics tools later on top really help try to figure out what happened and what the source of the breach was.

I had 15 CISOs in a room. And I did the same question with some CIOs. I asked them would you pay the ransom? And I just went around the room.

It's like, would you pay the ransom? Yes or no? I mean, or have you already decided if you pay the ransom? Yes or no? And it was fairly split. And there was a couple of them that said game time decision. I'm like, game time decisions are interesting to me. And they said, well, it depends what they've gotten into, how prepared we are, and if we really need to.

And I think, you know, when you look at the MGM Caesars... Comparison. It's interesting. One just said, here's the money. We're done. The other said, you know, we're gonna, we're gonna, we're gonna go through this. And I think that's what the game time decision is about. Are we ready for this?

Correct. I totally agree.

Or Colonial Pipeline is an example. Here's a Rubrik customer. Here's a CEO who didn't realize he had Rubrik. And could have recovered or not paid the ransom. But I think to your point, it's still a game time decision because of the chaotic nature of a cyber breach like that. Phones are ringing, services are down, people are upset, customers are asking if you're publicly traded, maybe reporters calling to get the scoop.

I mean, there's so many things going on in the case of Colonial Pipeline. He's got trucks backed up, up and down the Eastern Seaboard, waiting to get their gas stores. He's got people without fuel, businesses. I mean, I think he thought if I could just, I've got cyber insurance, I get this done, I can get the decryptor utility and away I go.

What the customers are, or the people are finding Bill, is that once they get the decryptor utility, it's so slow, they can't recover You know, in a reasonable amount of time at all. So now we're kind of left like, Ooh, I thought this was, They

just call the support desk, right? They just say, Hey this is running a little slow.

Can you send me the version? It's a little quick, Tom. Sorry. It's just the. There's so much risk associated with that of saying, okay, we'll pay the money. Give me the thing and away you go. But I'll close with this. Talk to me about trends. I mean, one of the things that I hear that's driving organizations to get prepared, not only is the risk and the threat, but it's also the cyber insurance, like the cyber insurance and cyber carriers.

are dictating a better posture, a better approach. And will that continue? Will we continue to see that? And are you seeing us become more ready for these kinds of attacks?

I think yes. Although, it depends, though, is what vertical, what segment, what business. What I've noticed in oil and gas lately is that they're self insuring.

Because I think they feel like, well, any given hit is going to be more than what the rent, the cyber insurance payout would or could be. So, we're going to have to take, we'll have to supplement that or take the matter into our own hands. You know, and that's just sort of me guessing. I'm just hearing more and more that in that particular vertical there, when I ask, are you cyber insured?

Are you self insured? They're self insured. And I think the other part of that, though, is for smaller or medium size or even the Fortune 1000 who really will rely or need cyber insurance. The thing that they're going to have to sort of wake up to is that there's a whole new set of requirements.

So it's going to kind of force a reevaluation to your point earlier about planning and being ready and knowing and looking at all of the things the cyber insurance requirements just to get. Applicable or just to get available or able to receive that is pretty lengthy at this point.

And it's a lot of the stuff that we've been talking about. If you have immutability in your backups, do you have a way of finding indicators of compromise? In your backup systems, all of that kind of stuff. What we used to be kind of a differentiator or something we were forging a market towards is now becoming a required capability.

So it's fascinating. The other trend Bill is AI. I mean, it's kind of the thing that everybody's talking about. I try to make it practical. Obviously it's related to how we're leveraging it. And I think a lot of it is there still has to be that human element on policy creation, policy, data classification, governance, knowing your regulatory realities, and then being able to align the tools to do that.

But there's also a lot of just, there's vast amounts of number crunching and computational things that need to happen. So in our case, we're leveraging generative AI to do a lot of that, to try to help. Figure what's occurred, and then inform the end user on not only the specifics of where the attack was, but then inform them on what to do, what variation of ransomware was, et cetera, et cetera, et cetera.

So I see a lot of that 'cause I see the trend being a lessening of operators and a lessening of staff. The cliche of trying to do more with less. I think that's a very real thing, especially in healthcare. And so the more you can automate. Those things that just require so much manpower to cull through, or like data analysis, the better off you

will be.

You know, Jason, I said that was my last question, but, and this might get us a little off topic, but we'll close it with this. That's okay. Isn't it amazing how fast, it feels to me... Like this AI train is moving so fast. I mean, I opened up an application this morning a web based application, and sure enough, it had a little box at the top saying, what do you want to do now?

I used to like go in and do stuff. It says, what do you want to do? I said, well, I want to do this. And it popped up, like all the work I used to do, it like popped it up in front of me. I'm like. aNd that's not an isolated incident. I'm like, there's a couple of my applications now that have that little box.

Is this as ACTO? I mean, are, do you feel like that, that this pace of AI is moving pretty quick right now?

Yes. I think the struggle is just definition, what is it and how does it relate? And then number two, what specifically is the application? How are we going to use it? And I think that's where, you know, vendors like myself, it's incumbent upon us to make that real, to really be clear about what it is and what it means specific to a given value proposition or use case or what have you.

Because it's one of those terms, AI, that's so broad, it doesn't really have a standard definition, and it could practically be applied to anything. So I think it's our job to make it practical, to make it real. You can use it for this, or this is how we use it, and this is the outcome that you will get. But I think in your example, it's perfect.

That's the trend, though. Anything that rich was computational in nature, or it was iteration, iterative in nature. You had to go into the application, you had to click these 17 things, and you would do that every time you logged in. That's the stuff I think AI is trying to, to reinvent. So it takes all of that work away so that when you log in, the system has relative knowledge about what it is you're looking to perform.

In our particular case, we're trying to inform end users. After there has been a notification about suspicious activity, about what that means specifically, and what their next step should be. Just sending an alert, what we found is not enough. You want to give people more information on, hey, this is this ransomware variant.

This is this ransomware gang. Call this number, the FBI hotline, right? And restore this copy. Because it's free of that particular malware, that's what we can be using AI for, because just like in your example, otherwise that's a series of clicks that an operator has to go through. So I think that's, it's moving really fast, but at the same time I do think people need to slow down to go faster.

It can really, you got to really define it. What's the right use case, you know, talk to the vendors, how are they applying it and then go implement it.

I love it. Jason, I want to thank you for your time and look forward to seeing where Rubrik takes this whole AI journey. I think it's going to be, I think it's going to be fascinating.

Me too.

Thank you so much. This was great. I appreciate it.

Another great interview. I want to thank everybody who spent time with us at the conference. I love hearing from people on the front lines. It is phenomenal that you shared your wisdom and experience with the community and we greatly appreciate it. We also want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders.

They are CDW, Rubrik, Sectra, and Trellix. Thanks for listening. That's all for now.