Spend Advantage Podcast

How to make your data unhackable

November 03, 2022 Varisource Season 1 Episode 5
Spend Advantage Podcast
How to make your data unhackable
Show Notes Transcript

Welcome to The Did You Know Podcast by Varisource, where we interview founders, executives and experts at amazing technology companies that can help your business save a lot of time, money and grow faster. Especially bring awareness to smarter, better, faster solutions that can transform your business and give you a competitive advantage

https://www.varisource.com 

Welcome to the Did You Know Podcast by Varisource, where we interview founders and executives at amazing technology companies that can help your business save time and money and grow. Especially bring awareness to smarter, better, faster solutions that can transform your business. 1.3s Hello, everyone. 

This is Victor with various welcome to another episode of the Did You Know podcast. Today, super excited to have a Calamu team on the podcast with me. Dean, who's the sales leader, will be going through a lot of interesting topics. Calamu essentially makes your data unhackable and that is one of the coolest taglines I can think of, especially when we think about all the recent hacks alone, like Uber and Rockstar games, which we're going to get right into it with a Dean. But hey, Dean, welcome to the podcast and why don't you maybe introduce yourself? 

U1

Yeah. Hi, Victor. It's a pleasure to be here. Huge fan of Varisource. So pleased to be joining you today. My name is Dean Archibald. I have the privilege of leading the sales team here at Calamu. We're on a bold mission, as you clearly pointed out there, the world and 1.6s the data around the world is more vulnerable now than ever before. And we're very confident that we've got a solution that can help customers and entities of all shapes and sizes. So excited to share a little bit about that with you today. 

U2

Yeah, absolutely. So I think what I usually love to start with is how did Kalamoo came about? Obviously the founder. I'm sure there's some interesting backstories of why do they want to solve this specific problem? Because obviously, cybersecurity, in the last couple of years, every week there's a new cybersecurity company, right, and for good reason. I mean, there's more cloud, more software, and there's more loopholes for companies to be attacked and so there's more and more solutions, but oftentimes we're seeing solutions that are protecting the perimeter or the edge or these kind of things, but not a lot of companies focusing on actually the most important piece, which is the data itself. Right. So what was kind of maybe the vision of the founders of Calamu because of their background? Or how did this idea kind of came about? 1.1s

U1

Great question. So, yeah, our founder, Paul Lewis, had spent about 30 years in data and cyber forensics before starting Kalamo. And so what Paul did was he pretty much helped large enterprise organizations entangled the messy web that's associated with the data breach, especially with ransomware. And Paul, through all that experience, came to the conclusion that despite all the investment and efforts to build a stronger, taller, more fortified perimeter, the bad guys are always going to get in. And the proof is in the pudding. We're seeing it on a daily, weekly, yearly basis. There's a proliferation of successful ransomware attacks. There's no reason to believe that it's going to slow down, let alone be stopped entirely. This is going to continue as long as these guys are making good money, which, you know, these are multi million dollar ransoms that are getting paid out. They're going to continue doing it, and they're going to continue to invest into malicious ways to penetrate environments. And so Paul came to the conclusion that we need to approach security with the mindset that the bad guy is already in the network, has already gotten past the perimeter, or inevitably will. And that's really the premise that our company was built on. You know, we're pioneering this cyber storage space. It's called data for security. It's where we're protecting the data itself, and we're protecting it in a way that no one has ever done before. And ultimately, what we're doing is we're devaluing data to unauthorized outsiders, to hackers, to bad actors, and it's making a difference. It's making big difference for our customers. 1.1s

U2

Yeah. So, you know, when I first met you guys 1s again, that tagline really got me. Right. Make your data unhackable. And we all know data is the heart and soul or the IP of really almost every company, right? Whether that's your customer data, IP, data source code, all of these things is the foundation of what has taken companies a long time to build. Right. And that's their crown jewel. And when you say, make data unhackable, for somebody like me who knows technology but I'm not an engineer kind of walk me through or help me explain to the audience, 1.3s how do you guys make data unhackable? Because that just sounds like a utopia, right? Like, wow, that makes perfect sense, right? How absolutely. I'm sure it's a challenging task or engineering feat, but how do you guys do it on a high level? 

U1

Yeah. Why wouldn't you want to make your data unhackable, 1.5s essentially, to your point, customers competitive, edge sensitive information about their employees or their customers, it's everywhere. And so every customer out there has a reason to try to make their data unhackable. And we're super proud to be able to execute on that, to actually help them protect themselves from even the most advanced forms of cyber attacks. And so, ultimately, what we do is we help customers take their intellectual property, their personal, identifiable information, the medical files, their legal files, whatever they deem as being sensitive. And we put it through the Calamu process, which is a patent protected it's our special sauce. And ultimately, what we do is we compress files. We encrypt the file. Big emphasis here. We fragment the file, breaking into multiple pieces. We re encrypt the fragments. So we take these fragments and encrypt them again with unique keys. And then we scatter. Big emphasis on scatter. Scatter those fragments across multiple storage locations. And so when the initial inevitable happens and a bad actor gains access to a customer's data, all they have access to is what we call digital sludge. Heavily encrypted fragments of data. Nothing that they can read. 1.3s Nothing of value, nothing that they can go sell or leak on the dark web. And that really is the core of the value that we bring customers right there. Even when the inevitable happens, when the data gets compromised, it's completely useless and the hacker has no leverage to demand those is multimillion dollar ransom. So it's unique and the outcome is predictable and very impactful to the business. 

U2

So again, Dean, I know every time you and I talk we can talk for an hour because this topic is just such 1.1s an important topic. Obviously, if a customer says hey, look, I have my data in AWS, I have my data in dropbox box or OneDrive or all of these places they assume has some security and protection for them, what would you say that's where a lot of people are hoping their corporate data information in the cloud, how would you guys complement that? Or what would you say to those customers? Maybe engineers are not engineers that. 1.5s Yeah, like where they feel protected already, where their data is located today. 

U1

Yeah, great question. And my response always is, as long as there are human beings pressing a keypad that represents vulnerability right there. So whether it's a successful phishing attack configuration of one of those environments that you were describing, or even just brute force from a bad actor, there's opportunities for them to get into environments. And the statistics really back that we're seeing more successful attacks today than we were yesterday, and certainly before we were the day before that. 2.5s Until we're completely run by robots, there's going to be vulnerability. And that's just the human element of the world and the way we manage our digital assets. So we also believe in a concept that not all data is made equal. Right. So the data that lives in one of those cloud environments, and we're often compared to immutable storage, which isn't it terrible, but it's an inaccurate and incomplete way to view us or compare us. Immutable storage is great. It's going to stop a malicious bad actor from deleting or manipulating your data. What immutable storage will never solve for is when that bad actor wants to come in and steal a copy of your data, steal your IP. So while those immutable environments are great for recovery scenarios, meaning you're always going to have a clean copy of your data to restore back to should it, should you have an event, it's never going to protect you from the bad guy who wants to steal your important stuff. And that's the real key differentiator that Calamu brings to the table. And, oh, by the way, the bad guy trying to steal your stuff, we call that exfiltration. That's prevalent in over ransomware attacks today. And so, you know, the methodologies, the security controls of yesterday simply aren't keeping up with the attacks of today. 1.3s

U2

Yeah. And 1.8s you and I talked about it's an interesting time, because even though we're seeing every single day, every single week, big companies, well known brands getting hacked, and you just think to yourself, like, wow, these guys have all the money in the world. They have all the security teams in the world, and all the tools. How are they still getting hacked? And you just realize that no matter how big a company you are, how many tools, and how big your team is, you just can't protect it all. I mean, that is the world we live in today. And that is, one, very scary. And two is I think you need to get rid of that fear, but have to have a plan to deal with it. Right? So obviously, the very recent there's kind of two very, very recent just in the last couple of days examples and would love to kind of get your feedback on one is Uber, and obviously two being the Rock Star Games, right? And kind of maybe talk about your commentary, the difference between each companies and maybe how Calamu could have helped these companies. 1.1s Yeah, I'd be happy to. A good place to start is these are not your traditional, your classic ransomware attacks. This is not your father's ransomware attack. And it's terrible to laugh at it, but it's really key to point out that Lapse, who was the cyber gang behind these attacks, the same cyber gang behind both of these attacks. 1s They were out to steal the data. They did not care to simply go in and encrypt and lock down your data or your applications. They were out there to steal incredibly sensitive intellectual property from both companies and then go back to these companies and say, hey, I have your special sauce. Pay me x millions of dollars for this special sauce is going to hit the dark web. And that's all the leverage they will ever need to demand even the highest of ransoms. And that was consistent with both of these attacks. And again, it's consistent with over 1.1s the breaches that we're seeing today. 2.7s

U1

So let me talk a little bit about where Calamu comes in. 1.2s So should these and I hope to speak to both of these organizations at some point. But ultimately, these companies were storing their crown jewels on what I call vulnerable storage platforms. It could have been an as environment. It could have been a backup. A lot of the details still haven't emerged yet, but ultimately, they did not take a data first security approach. They may have encrypted their data, but poor key management or, again, stealing credentials is an easy way to bypass that. 1s Either way, they got at that data. They were able to read that data. They were able to download that data, and subsequently are in a position to demand millions and millions of dollars of ransom from from both of these organizations because they have control of their intellectual property. And I think in both cases, their source code. 1.9s

U2

So you talked about earlier, Dean, that you guys actually fragment the data. And again, we want to keep the audience excited and that if you want to learn more about how the technology works, we're going to be planning a webinar with Dean and Calamu to kind of go through all of that to make sure the audience attend that one. But when you guys fragment the data, how does then the people who need to access that data then put it back together to use it? Right. What is kind of the high level process to do that while you're protecting them at the same time they need to use it perhaps on a daily or weekly or monthly basis? 

U1

Yeah, great question. So the short answer is the authorized users experience. So the user that has Calamu credentials notices no change in how they interact with their files. So whether that file used to exist on their laptop or just an organizational or companywide file share, their experience does not change. They don't take any additional measures or need to go through any decryption. They don't need to put the fragments back together. Calm and handles that, and we handle it in a very, very highly performant manner, where not only is there no additional steps that the user has to take in building that file back together, but it's also very, very performant. We're talking like millisecond type of reconstitution or pulling that file back together. 1.8s

U2

So you and Paul have both been in, obviously, this cyber security in this space for a long time. I'm sure you've seen a lot of changes from the last ten years to the last two years. Even with COVID Right? Everything digital transformation is a fantastic thing for businesses, but then it also drives complexity and more loopholes than ever. Right? So what have you seen, Dean, in the last two years? Where? 1.3s Why call them now? Is this the right timing? Are we too early? Or is this the right timing? And why do you think that is? Especially now that we're on this digital transformation journey? And it's not going to slow down anytime soon, right. There's going to be more software, more data generated, which is great for the business, but at the same time, that means they have even more risk that they're generating on a daily basis to protect. What do you think? 

U1

Yes, 1.1s with the Pen thing, I mean, there's more people working from home, there's more devices being used for business purposes. Now than ever before, and that number only continues to climb. There's more access points. There's more applications to kind of cater to this work from home community that's now out there to make them productive. Well, that, as you pointed out, also represents vulnerability. It represents opportunities, entities for bad actors to penetrate this environment or this network that we keep describing. I would also suggest that the Internet of things just a mere value of data. What enterprises are realizing that data is the new oil, even if it doesn't represent a ton of value. Today, you want to take in as much data as possible, because who knows? Tomorrow, next week, next year, the data that you're collecting today could represent competitive advantage, right? So there's always a reason to hold on to data. Sometimes 2.9s it's regulatory purposes that you got to hold on to. That it's compliance purposes. Other times, it's competitive advantage. Nonetheless, data is accumulating faster than ever before. There's more access points than ever before. There's more data to be stolen than ever before. And the bad actors realize this. They're making money. They're only increasing the sophistication and the frequency of their attacks. So now is the time to pivot and really take a data first security approach. Protect your crown jewels, protect your intellectual property, your PII, your medical data, your legal files whatever is sensitive to you, there's now a solution out there can completely neutralize the impact of these double extortion style ransomware attacks where these guys are trying to steal your sensitive data. And the answers calamar. 

U2

Yeah. And again, just you guys messaging. And the concept just resonates so much with me because one of the main things I always remember you tell me is, look, the bad guys are going to get in. Like, it doesn't matter how tall your walls are, how wide those walls are, how deep those walls are. Like the bad guys are going to get in, if not now, later in the future. And it's not a matter of if, but when. And that sounds discouraging to business owners and executives trying to run business while they're focusing, trying to run a business. There's such a huge risk behind them every day. But that's why I love your concept, right? So when you talk to these customers who when you first talk to them, they already have a security stack today, whatever the stack is, right. And sometimes there's five tools, ten tools that they try to build this wall, as we call it, once they implement Calamu. What do you suggest? Do you see customers maybe getting rid of some of those stacks? Not saying that it's not as important anymore, but obviously a customer only has so much budget, but understanding that, hey, look, if we're protecting our foundation, the data, the data cannot be taken or hackable, maybe we don't need certain products that's in the stack anymore. Do you see that approach or do you see, see this as another add on to compliment what else the customer has? Or do you feel like there are certain stack where customers can also reduce cost, where, hey, you have calamar protecting you. So maybe a few other stacks you don't need as much. What do you think? 

U1

Yeah, that's a great question. And every scenario is a little bit different. But by and large, the situation that we find ourselves in with customers is Calamu is bringing value is complementary to these other investments, other security controls that they have in place. Security controls is where they don't have to worry about a widget that wasn't designed to stop exfiltration or theft of data to COVID them. They now have a solution that can focus exclusively on that. That's Calamu, the backup product, the Data loss prevention product, the Data Security Posture Management product can just focus on and deliver value on what it was designed for. So actually, we come into an environment and we give customers and their technology stack a nice boost in that we're complementary to what they do. We add value to what they do. And we're building out very quickly an ecosystem of alliance partners with the backup vendors, with the DLP folks, with the Data Security Posture Management folks. And it's resounding how excited they are to see calamu enter the space and when they see first hand the value that they bring to their products. 1.2s

U2

First of all, those partnerships are super smart, man. I see it on LinkedIn. I think, first of all, you're doing a fantastic job as a sales leader. Those partnerships are it makes perfect sense. I mean yeah. So I think I love seeing you guys grow there. So one of the main questions that I love on these podcast is we have audience from CEO, CEO, CFO, CTO, C level executives who are looking at the vision and the big picture of the business. And then we also have procurement and It and security teams that are working day to day to try to protect the business, provide value to the business, and run the business. Both of these 1.1s departments kind of focus on different things. Right? And so if you were to talk to executives, 1.6s what would the conversation look like? And then when you're talking to, obviously, the day to day security teams and It teams and procurement teams, what would that what would you tell them about Calamu that would really help make their life and their job easier? 

U1

Great question for the executive suite. You know, ransomware and the threat of data theft is a business threat. It's a business problem. It's not just an It or just a cybersecurity problem. It's a threat to the viability of the company long term. Either they're out to steal your competitive edge, your intellectual property. Maybe it's the design of the next autonomous vehicle and leaking on the dark Web. Maybe they're out there to steal sensitive information about your people, your employees. Either way, it's a very significant threat to the business overall. And I think everyone from CEOs to COO across the entire executive suite is starting to realize that this isn't just something that you can push off to the security or the infrastructure team. This is something that really takes a collective effort from everyone, especially the executive staff. And so they hear about Calamu, and even when the conversation becomes a technical one, they love joining the conversations. They are very inquisitive and interested to find out other opportunities to deploy callum, other use cases where they can take advantage of us. 1s For the It folks, for the It admin, the It directors, 1.1s Calamu, let's face it, they're all being tasked with doing more, with less. They got to keep more systems and applications up and running every minute, where they need to ring the firearm or do some remediation work because of a breach or because of an outage. It's time that they shift away from innovation, and that can really hamper an organization, that can really hamper a company entirely. So, you know, the value prop for our It pros let's call them out there is with Calamu, you can completely eliminate the threat of data exfiltration, of successful ransomware attacks. You can ensure that your infrastructure is always available on online. The way that we write and the way that we fragment our data represents virtually unlimited 1.1s availability of your data as well. You can sustain a deletion, you can sustain an encryption attack. You can even withstand a cloud outage and still have your data always available online. So that makes huge difference for the It Pros. And then our friends in procurement, we've got a very flexible and friendly licensing model, one that allows our customers to get in small if they wish and grow, grow at their own pace. Again, technology that is, that is complimentary and allows the organization to recognize the true value of the ancillary technologies, some of these complementary technologies around us. So it's a really nice conversation for everyone across the country, whether It's executives, the It pro, or the procurement folks. 

U2

Yeah, 1.6s you got to check all the boxes, man. And I think every company should definitely check you guys out and obviously through the Vera Source Marketplace, they're going to get additional benefits. But this is amazing stuff. So as we kind of wrap up the podcast here, Dean, the last question I always enjoy asking is more out of the box, which is from everything you've learned in the last ten years or even everything you learn every day. Now, if you were to give kind of like a business tip, 1.4s Could be startups, could be executives, could be it. What would be kind of Dean's business tip just based on something you really care about, 2.5s work wise or not? What would you say, kind of, to the world? 

U1

Wow. Wow. I didn't expect this, victor but I love the question. 1.3s One thing jumps out to me and it's the importance of always showing up, whether it's a prospect or a customer that we don't have much hope for. It's not very clear what the project is, or if there is a perceived need, or if it's a partner that's just trying to find their way in the world. 1s Everybody is deserving of our undivided focus and attention. And sometimes the most meaningful, the biggest impact type of engagements that we find ourselves in are the ones that start off a little bit in a state of ambiguity. We're not really sure what we're going to get out of it. It's not a clear, slam dunker home run yet. Connecting with people, understanding their world, their needs, what they have to bring to the table is incredibly important, and it's easy to lose sight of that. But when I reflect back on some of the most meaningful impactful relationships deals that I've worked with customers on, it's ones that in the beginning weren't entirely clear as to where we're going or what the end goal was. But if you show up, you show up with the right level of preparation and intent, really special things can happen. So if I had to tell the younger me something, that would be it. But that's something that I often share with my team and a lot of the folks that I work with 

U2

that is no, that's amazing. Man really enjoyed our conversation. Again, appreciate having you guys on and look forward to setting up the next webinar with you guys. Man sounds good. Victor I appreciate you having me on and I want to thank you and the Varisource team again. 1.9s 

That was an amazing episode of the digital podcast with various source. Hope you enjoyed it and got some great insights from it. Make sure you follow us on social media for the next episode. And if you want to get the best deals from the guest today, make sure to send us a message at sales@varisource.com.