The Increasing Importance of Data Resilience

Jim Marous (00:00):

Hello, and welcome to Banking Transformed, the top podcast in retail banking. I'm your host, Jim Marous, owner, CEO of the Digital Banking Report and co-publisher of The Financial brand.

Jim Marous (00:19):

How prepared is your organization to move forward without the fear in the face of ransomware, cyber threats, ongoing digital transformation, and hybrid cloud adoption?

Jim Marous (00:30):

More importantly, if your organization is disrupted for any reason, how fast can you recover and move ahead confidently? This is a problem hidden in every single financial institution to some degree today.

Jim Marous (00:45):

To navigate these complex waters, we're joined by Rick Vanover, senior director of product strategy at Veeam. Veeam is at the forefront of providing cutting edge solutions for data protection and management in the cloud era.

Jim Marous (00:58):

Rick shares insights on how Veeam's innovative approaches are safeguarding financial institutions against the threats of cybersecurity and downtime, while ensuring operational continuity in the face of these ongoing changes.

Jim Marous (01:16):

We often talk about the reality that change has never happen so fast, and it'll never happen this slowly again. Unfortunately, the evolution of cyber risk and challenge to data and system resilience is also evolving faster than ever before.

Jim Marous (01:31):

Outages carry rising financial and reputational consequences. Modernized backup practices has emerged as foundational to financial services as operational resilience and consumer trust. They're all integrated and they all hit all parts of the financial institution.

Jim Marous (01:49):

So, Rick, welcome to the show today. Could you introduce yourself and give our listeners a quick look at your extensive background and also, describe Veeam's for who may not be familiar with the brand?

Rick Vanover (02:02):

Well, thanks, Jim. First of all, real pleasure to be here. Welcome everyone. My name's Rick Vanover. I'm on the product team here at Veeam Software. I'm based in central Ohio in the United States.

Rick Vanover (02:12):

I'm in my 14th year here at Veeam on the product team that whole time. And I have a real simple mission, bringing our product capabilities to market, talking roadmap, listening for enhancements to make.

Rick Vanover (02:26):

And, Jim, it's really relevant because before this, I used to work in a bank, so I have a little bit of financial services in my DNA and really happy to be here and chat with everyone today.

Jim Marous (02:39):

How does Veeam distinguish themselves in a marketplace that's so complex and involves so many solutions out there? What's special about what your company does as it relates to what financial institutions need today?

Rick Vanover (02:51):

Yeah, it's a very relevant question because backup, data protection, resiliency, those are terms that honestly, Jim, 10, 15 years ago were not a very interesting part of a technology stack.

Rick Vanover (03:04):

I would challenge that digital transformation, ransomware threats, all of these other things that have come into the market, they have really put the onus on backup to get people out of these problems.

Rick Vanover (03:19):

So, just in my time here, Jim, I've seen this become a much more relevant part of a technology discipline, a technology stack, a resilient IT operation, because in the end, if something goes bad, we need to fix it. That's where we are nowadays.

Rick Vanover (03:37):

There is no manual mode. And the investments of what an organization does ahead of an incident will 100% predicate how they get out of that problem. Ransomware, fire, flood, and blood, you name it. And back up resiliency, data protection is very much relevant nowadays.

Jim Marous (03:56):

Well, it's interesting. Before we had the podcast, we had a discussion around how do we present your solution to a bunch of retail bankers who make up the bulk of our listener base.

Jim Marous (04:06):

But the reality is financial institutions tend to look at everything as a financial risk. And this goes well beyond this because I think everybody can relate to the situation where somebody or some company they've worked with, something's gone wrong with regard to resiliency, the ability to respond to problems, the ability to respond to downtime or a cyber risk.

Jim Marous (04:26):

And the reality is this gets down to customer trust, which there's nobody in a financial institution that doesn't have an impact in some way as to how does a consumer view you as a trustworthy partner that they should work with so that they don't lose their money.

Jim Marous (04:41):

So, what unique challenges are in place today in the financial services ecosystem that maybe have changed rapidly over the last, since you've been with the company, for instance?

Rick Vanover (04:52):

Well, I think it's very relevant because if there is an incident, a cybersecurity attack, those types of things, out of nowhere, management comes up with every minute is costing us this much money. These statistics are just never available until an incident.

Rick Vanover (05:12):

But digital systems that really underpin financial systems are so critical to this. So, uptime, resiliency, those types of things matter. And I've talked several organizations in my time, a lot of consistent things, Jim, come out of that.

Rick Vanover (05:30):

There's always this phenomena of, I put forth a lot of plan on how to handle that incident. But there always are surprises. And I talked to a lot of organizations to go through cybersecurity incidents. I talked to one organization that had a disaster within a disaster, those types of things to it once.

Rick Vanover (05:50):

And those types of organizations who put forth the effort to prepare for this will come out on the better end. And the risk, the cost, the investment, those types of things come up.

Rick Vanover (06:03):

In my professional experience, Jim, what I've found is that the organizations that get out of these ransomware scenarios most efficiently, get out of these cybersecurity incidents the best are the ones who have planned. And believe it or not, that's not a technical thing.

Rick Vanover (06:20):

The technology's out there, but have they thought about what could happen if you can't come back to where you came from? Okay, now, Jim, that's a really crazy one.

Rick Vanover (06:28):

If you take some of these risk points that are out there in the market, imagine the digital equivalent of police tape being wrapped around a data center where critical systems we need are running. You can't go back there.

Rick Vanover (06:42):

Maybe cybersecurity insurance is taking over the situation to see if there's a claim, and a lot of times people haven't thought of that.

Rick Vanover (06:50):

So, there's a lot of things, but the organizations I see who are most prepared are the ones who plan for scenarios, including scenarios that are beyond what they have planned for like a plan B within the bigger problem plan.

Jim Marous (07:06):

It's interesting because complacency overall, is such a risk right now. We have situations where for 10 years the marketplace did not have to worry about interest rates on savings accounts or positive generation because there's no change in the marketplace.

Jim Marous (07:20):

And then all of a sudden it happened. And I look and I smiled and going, "Geez, ALCO committee all of a sudden had to be involved again."

Jim Marous (07:27):

But you look at the way that impacts cybersecurity and everything else, and you talk about the plan. Plan for the unforeseen, because it most likely is going to happen in a big or small way.

Jim Marous (07:36):

And the reality as I see it, is how do you keep it from moving the entire organization to a shutdown mode? Because that is your worst-case scenario.

Jim Marous (07:45):

And it's interesting because as I've seen the marketplace changing, I look at, let's say hybrid cloud marketplace solutions. And people initially were very skeptical about the hybrid cloud because they said, "Geez, taking our data and putting it outside, it puts all this risk and everything else."

Jim Marous (08:02):

But in a matter of a few years, now, organizations are using hybrid cloud solutions exactly because of the fact they provide better data security because they're not based on legacy systems that have so many vulnerabilities.

Jim Marous (08:16):

So, from where you stand, (and we need to work with financial institutions) where do you see the biggest vulnerabilities around data and system availability right now today? And what do you think a bigger vulnerability may be in the short term may be? What should organizations be looking out for?

Rick Vanover (08:33):

There's a lot to unpack there. And first thing I'll tell you, Jim, is that the data backs up kind of what you're observing, what you're feeling. And really, for the listeners, probably you're shaking your head to this.

Rick Vanover (08:46):

Every early part of the year, so, in January '23, as we did in January '22, and we will do in January '24, we have the Veeam Data Protection Trends. This is telling us this is industry standardized research about what's going on.

Rick Vanover (09:00):

And the numbers are telling us. We grew up preparing for fire, flood, and blood, but the numbers are telling us now that these cybersecurity incidents are the type of threat to our data to prepare for.

Rick Vanover (09:11):

But then you have to, to your point, what is the risk point? What is the root cause of these things?

Rick Vanover (09:18):

And one of the biggest challenges, Jim, is just simply that organizations don't know what they have. Different lines of business are going to ramp up different systems. They're going to really be balancing time to market challenges.

Rick Vanover (09:33):

If you are in financial services today, you have a big challenge of bringing innovation to market, customer accessibility, mobile technology. I mean, if people have to get off their phone to do something to do business with you, you have to kind of consider it now. It's like that's work for them.

Rick Vanover (09:50):

I am of a generation where I do run these apps on my phone and my previous background in the 2000s when I did supply chain engineering, and stuff would show up tomorrow when you order it today online. That was really hard back then.

Rick Vanover (10:05):

But today, it's easier, but it's risky. And it's all about these risks. So, I think just knowing what's going on, what are these other parts of the businesses doing? What new services have all of a sudden become super important and critical to a line of business, to a customer confidence and more.

Rick Vanover (10:24):

And one example, Jim, I'll kind of leave it with is an old saying in the backup world that you can't restore what you didn't protect. And this is again, a people problem. Are we talking to all the different lines of businesses to know what they're doing?

Rick Vanover (10:40):

Because I didn't know that Kubernetes is now production over there in that business unit. Is it protected? Is it resilient? Is it ready for a ransomware threat? Does it have disaster recovery? Is it governed? Is it subject to the audits? All these different things come into play.

Rick Vanover (10:55):

But identification is truly one of the biggest challenges yet today. In fact, you can see that documented in the NIST Cybersecurity Framework. One of the earlier functions there, which goes across all industries, is identification. You can't respond, protect, detect, and recover from what you don't have identified.

Rick Vanover (11:15):

So, that's one of the biggest challenges. And then keeping it up to date, platform currency, compliance, all those other things fall in.

Jim Marous (11:22):

So, when I look at different elements of what could play a role in cybersecurity and resilience, not only do you have this cyber risk, the bad players out there, but you also have the massive amount of data that we're adding to our systems that were in many cases not even come close to built for the amount of data that's spinning.

Jim Marous (11:42):

In addition, digital makes it so everything spins faster.

Jim Marous (11:47):

If you were to be in charge of a financial institution, what area provides some more sleepless nights? The person's going to come to your organization and do something that's bad against you.

Jim Marous (12:00):

Or is it your own system and the amount of data you're putting into the system that was never done before. And the speed of that data availability? What is the biggest risk right now?

Rick Vanover (12:11):

Well, it comes down really to simple trust in the simplest of terms. So, one of the things I always advise my clients to do is what I call a red team exercise. So, that is you, this group, this individual who knows how everything is set up, try to break it. Because you really can't trust anybody.

Rick Vanover (12:29):

I pay this individual well to be a system admin or a business owner, an app owner but do I really know that nothing will ever go wrong or omitted at their hand? I don't know that for sure. There's very little for sure nowadays.

Rick Vanover (12:45):

So, I recommend these red team exercises. Protect it, build it as much as you can, and then turn your hat around and think, “If I want to do something malicious, how would I succeed?” And then just this continual innovation here.

Rick Vanover (12:59):

And the one kind of thing that I think organizations need to do more of ... and this is something like my role on the product team. I love telling these stories out in the market.

Rick Vanover (13:07):

We have really put in this kind of two human model, anything data destructive, which is a really bad day when it comes to backups. Because chances are if backups are destroyed, the production data is destroyed already.

Rick Vanover (13:22):

But we have put in these two human models, or four eyes authorization type of constructs. You see it in television, Jim, like the launch of the missile takes the two keys exactly at the same time, and they're so far away that one person can't do it. Those types of things. This is a discipline across all types of things.

Rick Vanover (13:43):

And on the unit level now, how many times have you tried to log into something and you get this text message on your phone that you need to go get a code? These types of constructs are a layer.

Rick Vanover (13:55):

Nothing's absolute, but they're a very important layer that I think can let these decision makers sleep at night. Let these business owners feel confident in meeting the business needs. Time to market, new services, innovation, competitive offerings, all those are important.

Rick Vanover (14:14):

But in the end, if it all blows up and you lose all that customer confidence, trust, NPS, all of that, that's not a good thing.

Rick Vanover (14:22):

So, that's one thing I really think. Anything that's too human, four eyes authorization, multi-person, multi-user, those are areas that I think are really good investments for technology leaders today.

Jim Marous (14:35):

So, one of the things I'm sure your company, Veeam, puts in place is you don't know what you don't know. So, you talked about the ability to go in and say, "Let's see how we can attack our own system." But the reality is, you're limited to what you know.

Jim Marous (14:51):

You see it all in the marketplace. Your job as a company is obviously to be ahead of the curve.

Jim Marous (14:57):

When you first engage with a financial institution, how do you find out where their vulnerabilities are? And then how do you immediately try to engage with a client to fix them?

Rick Vanover (15:09):

There's always a discovery. And I'd argue that discovery is the most overlooked, yet most relevant part of making anything better. To your point, you don't know what you don't know.

Rick Vanover (15:21):

There may be a indicator from a system, from a part of the business, we need more X, or X is full, or Y, we need to scale it out, all these different elements of the business. But I have learned a long time ago that if you work backwards in the supply chain, you will learn so much more.

Rick Vanover (15:42):

So, I think it's important to think about an outcome of scaling X, Y, Z system or increasing the capacity or adding a new line of business, but working backwards to the people, the processes and the products involved.

Rick Vanover (15:56):

And I would go one step further for financial service professionals and technology professionals in that area. If you can get the business involved, aligned, and supportive. Think of it like a menu.

Rick Vanover (16:10):

Like, Jim, if I give you this menu that says, “Hey, I can give you five minute, one minute, ten second RPO, recovery point objective, so that we're talking a very small amount of potential data loss.” That sounds great.

Rick Vanover (16:25):

But the reality is, backup days and resiliency approaches of the past were very much one day, one week. Unacceptable nowadays, right?

Jim Marous (16:39):

Oh yeah.

Rick Vanover (16:39):

But the technology's there. So, if there's like a mismatch of well, we don't have this and we don't have budget for that, get the business involved. Because trust me, that can absolutely drive change and make budget appear where budget wasn't there, those types of things.

Rick Vanover (16:54):

But discovery, working backwards in the supply chain.

Jim Marous (16:57):

That whole discovery thing. There's not a finance institution that's listening today or out there in the world that doesn't have backup plans in place, doesn't have security in place for cyber attacks, things of this nature.

Jim Marous (17:08):

But it's all a matter of degree. Have they put the right emphasis on it? Or are they just unaware of risks that are there?

Jim Marous (17:14):

When you're working with, let's say, a brand new prospect and you're trying to find out what's wrong, what right now, is the thing you feel is the most vulnerable from a legacy backup solution that most organizations say, "We got this covered." And you're going, “I don't necessarily believe that's true anymore."

Jim Marous (17:34):

What is that area of falling short with legacy backup systems?

Rick Vanover (17:41):

So, two things to that, Jim. First of all, actually, you make an assumption that everything is at least backed up, but that's not the case. A lot of times, new services, Jim, like Microsoft 365, Salesforce, any software as a service, some of these cloud hosted apps, a lot of organizations don't know that they need to back them up.

Rick Vanover (18:00):

So, a lot of times, they'll have these compliance aha moments, and that is not a good aha because they don't have their own discreet separate copies. So, again, working backwards, you find out these things, these cloud hosted offerings. Okay, okay. But back to your question.

Rick Vanover (18:16):

There are many challenges, but there's one that I want to highlight. It comes again right out of that Veeam Data Protection Trends report, which we published this at veeam.com for really anybody to read. This is not a technical how anything works.

Rick Vanover (18:31):

This is trends in the market, what decision makers, IT leaders, buy industry, buy geo, all kinds of great information here.

Rick Vanover (18:38):

But I believe now, three years in a row, we asked the question, why would you ever change your backup product? And I believe over 54% this year ... it's very high every year. I believe this year's number is 54% are going to change, Jim, due to the reliability.

Rick Vanover (18:57):

That just blows my mind here, Jim, because the reason I'm changing my backup is because it's not working. And that is unacceptable in today's data protection space, the expectations of a digitally transformed world, and then the nature of some of these cybersecurity threats.

Rick Vanover (19:18):

And that's before we even get into like, “Well, we have these really 30, 50-year-old systems that are still super important to my business and all the data just happens to live there and I need to protect it.” There's that problem as well.

Rick Vanover (19:33):

But at the heart of it, people have the motivation to change because the systems just aren't reliable enough. And I mean, that's a business we're in to help people improve that, but it's kind of shocking that it's that high.

Jim Marous (19:48):

Well, let's talk about the opposite of that. You just gave the example of why organizations say they're going to change it. What do you hear from organizations as to why they aren't going to change it?

Rick Vanover (19:58):

Oh, that's a good one. So, why not, even almost ignoring the problem. I think, Jim, I'll give you one, a discreet example, and this one actually does come from a financial services organization.

Rick Vanover (20:10):

This particular one was in Europe, and I'm not going to drop the name of the org. But this is something I think that maybe some of the listeners can relate to.

Rick Vanover (20:19):

The organization went through a ransomware incident, I want to say it was in the middle of the last decade, so quite a bit ago. And when some of the threats were, pardon my language, a little bit kids scripty and easy, they weren't very sophisticated.

Jim Marous (20:38):

Certainly today, comparatively.

Rick Vanover (20:39):

Yeah. And dare I say, the organization got a little bit too comfortable, honestly. They had an incident, a few systems were impacted, they had complete recovery, they were happy and they moved on. And they're almost too comfortable for the level of threat out there today.

Rick Vanover (20:56):

So, Jim, I think that there's a real risk of these organizations a little bit complacent, haven't got stung hard enough by some of these threats out there. I think that's one really big reason.

Jim Marous (21:09):

You know what, that's kind of what I thought because status quo is a comfortable place. And unfortunately, the people that you're probably selling to, the very top of organizations, their hurrying words from their teams, "We're okay." Because if they weren't ...

Jim Marous (21:25):

I mean, there may be some complainers within the group, but you run the risk of people saying, "We're okay,” without knowing that they're not.

Jim Marous (21:32):

And you said it in the last answer too. The whole issue of, okay, but question, is everything backed up? Because you can't recover what's not backed up. And you've mentioned Salesforce, and you mentioned Microsoft 360.

Jim Marous (21:44):

And those elements we're sometimes afraid as humans and as organizations to peel back the layers to find out, “Oh man, we are SOL.” And that's not a good feeling, but that 43% (I think it's 43%) that said we have to fix it, those are people that say, “Gosh, we thought we were okay, but we're not.”

Jim Marous (22:08):

So, in that realm, I know that core providers tend to offer the services in general, in the umbrella of what you're talking about to a degree. They're also, other organizations that provide integrated services.

Jim Marous (22:24):

Have you found it to be better today, where more and more organizations are looking at composable solutions to take care of problems that the traditional systems just don't keep their eye on the ball as much? Because the core providers are all very good firms, but they're all good at different things.

Jim Marous (22:41):

And I think that keeping up with everything that has to be done that a core provider used to do is virtually impossible. They can't be the best at everything. Just like Veeam can't.

Jim Marous (22:50):

When you look at that, how do you sell into an organization that says, "We have it. X, Y, Z company is doing it for us." And you're going, "I understand you're already paying that bill, but they also do other things."

Jim Marous (23:03):

How do you get to the point of working with an organization to say, "You've got to double down on the investment, preferably with us, Veeam, to be able to solve this problem that's out there that you may be overly comfortable with," as you just brought up a second ago?

Rick Vanover (23:18):

Well, we have to start with outcomes. The outcome, I think that's a really good conversation starter in a situation like that is really solved by the relatively new product by Veeam, the Veeam Recovery Orchestrator. And this is a product that solves a very big problem.

Rick Vanover (23:36):

Jim, you've been in this space long enough to know that if you talk to anybody about disaster recovery, there's two really big problems. I don't have an ability to test it, and my plans are out of date. The way things change, it's just a prescriptive recipe for failure of doing disaster recovery this way.

Rick Vanover (24:00):

And I believe that the Orchestrator product from Veeam is the only one on the market that will automatically everyday check to make sure that the disaster recovery plans I've communicated to the business that we can recover in one hour are met.

Rick Vanover (24:18):

And the moment that that one single straw that breaks the camel's back, that takes us from one hour recovery to one hour in two minutes recovery, this product will catch that.

Rick Vanover (24:29):

And it's an outcome of knowing that disaster recovery is tested, and it could go to the cloud, and it can also make sure there's no malware ransomware in scope of it. It can go to other sites. It's very flexible nowadays.

Rick Vanover (24:45):

But it'll also check the little details like, "Oh my goodness, the time is not the same and the DR site as it is here, that might mess up authorization. Or the license is expired or something is full over there."

Rick Vanover (24:58):

These are the types of things that people stub their toe on when they clumsily walk into a actual disaster recovery drill. And we have a product in the market that's really based around applications that will verify it every day.

Rick Vanover (25:13):

And we have customers that are really embracing this per application. And if any of you listening have many applications across your estate, it might sound a little bit overwhelming, but my advice to orgs is to start small.

Rick Vanover (25:27):

Take one important application that's not the biggest or most critical. Get a early success, communicate to your stakeholders. “This is something we can do to provide an outcome of verified recoverability without any malware every day. And if we wanted to, go to the cloud.”

Rick Vanover (25:45):

That's what the market wants, Jim. And we'll check to make sure that all the details are sorted out. That is the outcome that people want.

Rick Vanover (25:52):

But I don't want to boil the ocean in the very first step. I want to take a small app, get a success, get my stakeholders aligned, repeat it on the next app, repeat it, repeat it, repeat it. That is the way to really solve some of those challenges out there. It really is about the outcome.

Jim Marous (26:10):

So, that's interesting. You just brought up an interesting point that you are not getting involved with an organization on very many times where you're doing it all at once. So, because one of the other things behind the mind of the leader of the organization is, "Oh geez, will this create its own threat?"

Jim Marous (26:27):

But you can take a specific product line, a specific situation, a specific channel, whatever, and say, “Let's solve for here knowing that we eventually have to solve for everything.” But you can start small and scale up quickly then.

Rick Vanover (26:41):

Oh, absolutely. And I'll go one step further, Jim. Veeam is the crossroads of data. I feel that we touch a lot of data to protect it, and we touch a lot of production apps to protect it.

Rick Vanover (26:54):

And then there's also other solutions in the mix. There's storage integrations, there's cloud, there's application services. And the details matter. At the heart, I am a techie, and that discovery is so important in the long game of really reaching to that outcome.

Rick Vanover (27:13):

And I say think of the outcome, start small, but the reality is there will be time pressure on an organization to get there. The moment something is deemed out of compliance, it immediately becomes a priority. I get that. I've been there.

Rick Vanover (27:30):

But I'm convinced the technology is there, the resources are there, the expertise is there to really get those outcomes that people want. It's just a matter of discovery, alignment, starting small, and getting the outcomes that people want.

Jim Marous (27:46):

How has organizations, financial institutions, both credit unions and banks and both traditional non-traditional, are building more and more partnerships outside their four walls? I just made a circle, but outside there are four walls.

Jim Marous (27:59):

How does that change the dynamics of what you are looking at, what you're trying to solve for when data is maybe not necessarily flown out of the organization, but the access to the data continues to be coming from multiple places?

Jim Marous (28:13):

How has composable solutions changed the dynamics of what you're trying to solve for, for the financial institution?

Rick Vanover (28:21):

Well, I think Veeam's very well positioned to handle that challenge. I like to say that partnerships are in Veeam's DNA. And that's everything from the big cloud providers, to the data center technology providers, to the application providers, to solution providers.

Rick Vanover (28:39):

And Veeam has a huge network, Jim, of professional service partners that will help balance that or manage service providers who can help kind of do something that really the core audiences can't do on their own.

Rick Vanover (28:55):

There's a real information overload challenge. Our audiences are hit every day with explosive amounts of data, so many new services in the mix, not that many new people resources to get there. And the human element is part of it.

Rick Vanover (29:14):

And I'd argue or I’d challenge that within a financial services org, the CISO organization (the chief information security officer) probably has ramped up in people at a very disproportionate rate than what the IT apps and infrastructure teams are dealing with. Which is usually who I talk to.

Rick Vanover (29:37):

But the reality is, the only way I think practically to scale outside of the four walls is to leverage the expertise where needed. Manage service providers, professional services.

Rick Vanover (29:49):

And there's a trust element there. You've got to have a very good relationship with these people. You have to be really in tune to their authorization and their access.

Rick Vanover (29:58):

But I'd also challenge, there's an expertise available there. And when it comes to the resiliency side of the equation, I spoke to one ... this one is in energy, oil and gas, a little bit out of financial services, but the outcome was [crosstalk 00:30:14].

Jim Marous (30:13):

But a lot of data.

Rick Vanover (30:15):

Yeah, exactly. A lot of data. But they had a lot of field sites. Not quite like a bank branch, but the thought was, it's a lot of edge in modern terms. And the IT team just couldn't tackle it.

Rick Vanover (30:29):

So, they leveraged service provider to have a full kit dropped on what was needed at that endpoint on that edge point. And the service provider was able to give the organization an outcome that they couldn't do on their own.

Rick Vanover (30:44):

And when I say service provider, Amazon, Microsoft, Google may be part of the equation, but there's a whole network around the world in every country of these managed service providers that have expertise and resiliency, data protection. And Veeam's really invested in that.

Rick Vanover (31:03):

So, I think that's a way to kind of solve that challenge because this information overload is real.

Jim Marous (31:10):

There's so much evolving in the marketplace. Not only do finance institutions have to make sure they're always backed up, they're always availability. But the consumers expecting data insights at the touch of a button.

Jim Marous (31:25):

I mean, everything that we used to take for granted in speed and scale has been amped up beyond anything we've ever felt we could have. We look at instant payments, things of this nature. Everything is based on instant data availability and capabilities.

Jim Marous (31:41):

And the consumer's expectations has made it so it's a big part of their customer experience to say, "I better not have to wait for anything." And there's really no excuse in their mind because they compare it to other industries where they have accessibility or other finance institutions where they have accessibility.

Jim Marous (31:58):

So, given the fact that the ground is always shaking and evolving and there's all kinds of movement going on, how does Veeam stay ahead of what's going on and what new services or what new capabilities are you bringing to market to make it so a financial institution can take care of every imaginable problem today?

Rick Vanover (32:20):

So, Jim, thank goodness you used the word instant several times in that question because quite truthfully, that's one of the reasons I joined Veeam.

Rick Vanover (32:29):

In 2010, quite a long time ago, Veeam had a significant innovation in this technology segment. At the time, it was called Instant Veeam Recovery. Today we just call it Instant Recovery.

Rick Vanover (32:46):

So, I'll really quickly walk you through this because it speaks to an outcome that consumers want, that the audiences want, financial services, IT professionals want.

Rick Vanover (32:55):

And the technology was simply flipping the concept of recovering data on its head. I grew up in my IT world back when I had hair to if I had an incident where I needed to recover data, hey, I've lost something. I need to bring it all back and then I can use it.

Rick Vanover (33:16):

What Veeam did in 2010, Jim, was flip that around. It's like, "Hey, I will put a window into the backup storage and make it immediately usable, get the stakeholders back up and running. And then with all the technologies afforded by modern platforms, I'm going to transparently move that all back to production without anybody even knowing."

Rick Vanover (33:35):

So, what was hours, days was now, seconds or minutes. It changed the backup world. Everyone in the backup world would agree. Patented, imitated, you name it. That technology's been innovated and iterated every year with every release.

Rick Vanover (33:52):

And now, we're applying it to file shares, databases. We can now, instantly change platforms.

Rick Vanover (33:58):

Let me give you a really good example, Jim, because this speaks to that like instant gratification culture. I think that started in consumer technology circles, but it absolutely is falling into business technology, financial banking, et cetera, heck, Venmo, and some of these transfers that people can do with money.

Rick Vanover (34:20):

So, instantly it's all digitally dependent and we all know that.

Rick Vanover (34:23):

But here's an example. Go into any data center today, and there's probably physical, virtual, all kinds of different types of systems, unstructured data. If something broke and I mean broke badly, like I need to call the vendor, they need to send me parts. That used to be a literal way things were sorted out.

Rick Vanover (34:46):

And I remember being okay with four-hour parts back in the day. And that literally meant someone would have to be dispatched to the warehouse, grab said part, and take it to me. I don't know if my business would still take that.

Rick Vanover (34:59):

So, this notion of instant recovery flips it all on its head where I can change the platform, “Hey, this X, Y, Z part broke, but over here it can run there. I may need to convert it.” You know what, there's a big green thing called Veeam that can do that.

Rick Vanover (35:14):

So, I really love the flexibility that the recovery angles come in when these types of things happen. And I don't know if I'm allowed to use kind of gimmicky phrases here, Jim, but I like to say, backup for show, restore for dough.

Rick Vanover (35:29):

And what I mean by that is when big problems happen, I can get out of them in very creative ways with Veeam.

Jim Marous (35:37):

Yeah. Because the consumer or the business owner or whoever works for the financial institution doesn't really care about the backup. It cares about how's it going to impact me. So, the recovery is the part I'm concerned about.

Jim Marous (35:48):

I'm hoping you have backup, but I'm also hoping you can bring whatever platform I'm looking at, and you brought up many times here is that there are more and more platforms that financial institutions are using on an ongoing basis that make this equation just expand exponentially very quickly.

Jim Marous (36:08):

And I'm going to do a little bit of a maybe a testimonial to your company, but also to the solution you're providing is that we can't hire (most organizations, there may be a couple that can) enough people to stay on top of all these elements and how they impact each other, let alone what happens outside of our control.

Jim Marous (36:30):

As a result, you have to make partnerships with those that can get you there quickly, easily, and without massive investment in human resources, which most of us can't afford.

Jim Marous (36:43):

As with a lot of solutions in the marketplace today, the ability to deal with specialists that can get it right more than pays for itself in both security and on the financial balance sheet to be able to say, "How do we make it so it all makes sense from an investment perspective?"

Jim Marous (37:01):

And if you've continually referenced, it gets down to speed and scale. How can you do it faster than ever before and at a scale that isn't even imaginable today?

Jim Marous (37:11):

And finally, how do I stay on top of what I don't know that's going to happen tomorrow? That's where the real risk is. Financial institutions that put their head in the sand going, "I'm just going to hope that people are going after organizations bigger than me, more vulnerable than me."

Jim Marous (37:28):

We all do that on a human basis. I'm not going to leave my keys in the car, that's one thing, but I may not get a security system because there's better cars in the road. Well, that's not a really good security backup system.

Jim Marous (37:40):

But again, the fact that your job at your organization is to continually make it so you don't have to stay awake at night saying, "We're not protected." But you think in the back of your mind, "Those companies that don't work with us, they're vulnerable."

Jim Marous (37:56):

And again, if something comes up this weekend that is a brand new thing that no one's ever seen before, I would sense the fact that you'd be on top of that faster than anybody else because it's your lifeblood of your business as it is your clients. But if you get it wrong, then the whole system comes down.

Jim Marous (38:15):

So, what advice would you give financial IT and security leaders around how to advance their data protection today to be prepared for tomorrow? Where should they start?

Rick Vanover (38:28):

Well, I would really kind of just take it as a mission that an organization, a decision maker, or even somebody just in charge of one thing, make it your mission, make it your goal to be able to bounce back from an outage, data loss, thinking of what could go wrong.

Rick Vanover (38:46):

Think about being able to bounce back from things not going as planned. Red team exercise your IT. I take it as a radical resilient approach, almost paranoid, completely obsessed with being able to get out of those problems.

Rick Vanover (39:06):

And it gets technical. I know it does. You're going to have to talk to the IT people. You're going to have to work backwards in the supply chain of storage teams.

Rick Vanover (39:16):

And there's going to be new words, Jim, that come up. People are going to be using words like immutability and there's no such thing as too much immutability. That's a good thing. That's a resilient copy of data.

Rick Vanover (39:27):

So, I would just challenge everyone to be ready to bounce back and that radical resilient approach. And integrate with the business top, left, right.

Rick Vanover (39:38):

It's hard nowadays. A lot of people working from home, we don't have that same comradery. Maybe people aren't as approachable for these types of business problems. I go in every day, as you can see, I would never do this to my house.

Rick Vanover (39:51):

But the reality is those connections and that ability to make that outcome matter, that radical resilience. That's how we roll here at Veeam. And that's my advice is to just start small, but be radical and seek that resilience to be able to bounce back where needed.

Jim Marous (40:10):

Rick, I've really enjoyed this. As I told you before, the podcast, this is not an area of my expertise, but you made everything consumable and I appreciate that.

Jim Marous (40:18):

I also want to reach out to my listeners and have them realize this is all about customer experience. It's all about loyalty. This is all about trust. It is something that is impacting every single organization, no matter how big or how small.

Jim Marous (40:33):

It's scalable. All these solutions are scalable today. So, the smallest organization can be protected as well as the biggest organizations. It's just the way we do it. We need to reach out.

Jim Marous (40:45):

And if I was a banker still today, which I'm not, I think the first step I'd make is to make a phone call or do a text or do some kind of message and have somebody come in and talk to me about what don't I know?

Jim Marous (41:00):

Again, it gets back to what Rick said throughout the whole thing that says it doesn't cost anything to have one of these vendors have a meeting with your key executives that say, "What do I not know? I don't want to hear it. It's painful to hear what could be vulnerable. On the other hand, I've got to hear it."

Jim Marous (41:17):

And you can get that opened eyes moment so that you can be like a person driving down the road with a GPS system going, "I know where the roads are, but I don't know what's ahead of me. I don't know where the traffic jam's going to be. I don't know where the accident's going to be."

Jim Marous (41:34):

"I don't know when the person's going to go across lanes that I'm not aware of, but I'd like to be on the cutting edge of when that happens so I can make plans otherwise.

Jim Marous (41:42):

And oh, by the way, getting back to Rick's recovery message is I'm also wanting to know what's my alternative when things go wrong." Which is what the GPS systems based on, is, "I'm going to give you your alternative to where you are today to make sure you get there as fast and as simply as possible."

Jim Marous (41:58):

For a guy that doesn't live in the whole security space, I will tell you, you have to be aware of what you don't want to know about because it could determine the viability of your business going forward.

Jim Marous (42:10):

Rick, I'm looking forward to also having another assessment with you in a webinar format with The Financial Brand on February 28th. If somebody listens to this before February 28th of 2024, make sure you sign up for that.

Jim Marous (42:23):

If you have not signed up for it, or if it's after February 28th, be sure to download it on the Financial Brand website to hear more about how organizations can become more resilient and more prepared for what they're unprepared for.

Jim Marous (42:37):

Rick, it's been a pleasure. Thank you so much for being on the show.

Rick Vanover (42:40):

Thanks for having me.

Jim Marous (42:43):

Thanks for listening to Banking Transformed, the winner of three international awards for podcast excellence. If you enjoy what we're doing, please take some time to show some love in the form of a review.

Jim Marous (42:53):

Finally, be sure to catch my recent articles on The Financial Brand and check out the research we're doing for the Digital Banking Report.

Jim Marous (43:00):

Also, if you enjoyed what we're discussed today, be sure to join us on February 28th when we'll be continuing this discussion with Rick and the Veeam team on The Financial Brand webinar series.

Jim Marous (43:13):

This has been a production of Evergreen Podcasts. A special thank you to our senior producer, Leah Haslage, and audio engineering video producer, Will Pritts.

Jim Marous (43:22):

I'm your host, Jim Marous. Remember, the key to success in financial services is to be ahead of the curve of change as opposed to playing catch up.