As I wrote in a previous blog, in-person events are coming back! Pure is holding its user conference in Las Vegas this week. My colleague Scott Sinclair, who is also attending, covers some of the announcements in a recent blog. For my part, I will focus on the cyber-resilience announcements at the event, in particular, the ransomware recovery SLA.
Pure’s CEO Charlie Giancarlo kicked off the session by providing some interesting metrics in his keynote to support Pure’s power and space efficiencies, reliability, labor requirements, and TCO, amongst others.
According to Charlie, Pure essentially differentiates itself in the market in 4 areas: direct to flash management (which is key at scale), a cloud operating model (run like the cloud, run in the cloud, build for the cloud, and power the cloud), an evergreen program to minimize obsolescence, and a coherent and consistent portfolio of platforms that rely on common technologies and software. I think a 5th one should be added to the list: Cyber-resilience!
Ransomware Recovery SLA Program
What it is:
On the cyber-resilience front, Pure announced the Evergreen//One Ransomware Recovery SLA program, which is sold as an add-on subscription. Existing and new customers can now purchase an add-on service guarantee for a clean storage environment with bundled technical and professional services to recover from an attack.
Many things can happen when ransomware hits: systems are essentially taken out of production, can be seized by law enforcement, and/or can be used to run forensics, for example. So it could be weeks before you gain access back to your own systems for production. At the end of the day, it’s about being able to recover as quickly and cleanly as possible in order to resume business operations. Of course, this assumes that your data is properly protected in the first place.
A customer can initiate a recovery via Pure Technical Services at any time. When a customer calls with their request following the incident, Pure immediately starts working with the customer on a recovery strategy and plan, which includes Pure shipping a clean array within 24 hrs (for North America) with a professional services engineer onsite to help. The idea is to have you all recovered and ready to resume production within 48 hours with this “loaner” array. Transfer those immutable snapshots back on the loaner and you are back in business. You have 180 days to return the array.
In order to maximize your chances and to qualify, end users must turn SafeMode on for all volumes and set retention to 14 days. This is a must-have best practice, in my opinion, regardless of whether you subscribe or not. The management software, Pure1, has a great set of capabilities for data protection assessment and anomaly detection. The software can give end users an assessment of their whole fleet of arrays and benchmark them against best practices, such as looking for customers having safe mode or snapshots turned on, for example. The protection can be very granular, at the volume level. In addition, the software can perform anomaly detection such as looking for signals like abnormal deduplication ratios. When data is encrypted, it becomes less unique and therefore less “de-dedupable.” A sharp dropping of the “normal” deduplication rate would be a key indication. Pure hinted that they will be adding additional signals in the future, looking at latency, file name changes, and other signals.
Why This Matters
To be clear, this is not a “marketing” guarantee (“we’ll pay you X if you can’t recover data”…followed by many exclusions and requirements). This is a practical, customer-focused, and outcome-driven service. If an array has questionable data, it will not go back in production. If you have protected your environment, you will need to recover the latest good copy of data (which can take a long time if you don’t use high performance snaphots) on a “clean” system. All the while, everyone is in full crisis mode, which is adding tremendous stress to the teams and processes. This is not only differentiated, it is smart and focused on what matters: resuming business ASAP.
Panel: Building a Data-resilient Infrastructure
I also had the pleasure of participating in a breakout session on building a data-resilient infrastructure with Andy Stone, Pure’s Field CTO, and a cyber-resilience expert. I shared some of the findings of our state of ransomware preparedness research and discussed “hot” topics such as budgeting and funding for ransomware preparedness, the reality of recovery service levels, best practices, cyber insurance, etc.
The level of interest in the topic was clearly very high and many attendees shared their concerns and challenges. Andy reminded the group that no one can do it alone, it’s teamwork, and no vendor can solve the whole problem on their own. More importantly, we discussed how it’s not just the data that needs protection, it’s also the infrastructure, the “Tier 0,” and first line of defense. The ransomware SLA program was also mentioned and triggered many questions and a lot of interest.
I have the strongest suspicion Andy’s schedule will be booked solid for the next few weeks with client visits and calls.
A Big Surprise
Look who came to say Hi on stage at the end of the keynote!