Check out our companion blog!
June 13, 2022

Just do something! (about your security and your backups)

Just do something!  (about your security and your backups)

Today we are joined by security expert and host of the Secure Talk podcast, Mark Shriner, to discuss information security. (Make sure to check out his podcast here: http://www.securetalkpodcast.com/)

We talk about it from a personal perspective, as well as for organizations. Mark, Curtis, and Prasanna talk about what are the bare minimum things you should be doing as an individual to protect your personal information and data, both from a security and backup perspective. We then move on to talking about it from a company perspective, and how very important things like MFA (while good) do not solve everything, and then we talk about many other things you could be doing. Then there was the moment that created the title of the podcast, where Prasanna disagreed with Curtis – but not quite. When it comes to information security and data protection (and many things in life), perfect is the enemy of good. Try not to be overwhelmed with all the things you could or should be doing; just pick something and do something. Something is always better than nothing when it comes to these areas. This episode is jam-packed with good information you won't want to miss.

Mentioned in this episode:

Interview ad

Transcript
W. Curtis Preston:

I prefer a cloud-based system that will backup

W. Curtis Preston:

the most important stuff for you.

W. Curtis Preston:

Um,

Prasanna Malaiyandi:

I'll disagree with Curtis here

Mark Shriner:

Okay,

Prasanna Malaiyandi:

I am.

Mark Shriner:

here we go.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

I agree that to some extent, yes.

Prasanna Malaiyandi:

SaaS based is good.

W. Curtis Preston:

I just muted your microphone Prasanna.

Prasanna Malaiyandi:

Thanks, Curtis.

W. Curtis Preston:

I've never done that.

W. Curtis Preston:

That was fun.

W. Curtis Preston:

Hi and welcome to Backup Central's Restore it All podcast.

W. Curtis Preston:

I'm your host, W.

W. Curtis Preston:

Curtis Preston.

W. Curtis Preston:

AKA Mr.

W. Curtis Preston:

Backup and have with me, my close personal friend, but a guy who's impossible to get

W. Curtis Preston:

an actual date with Prasanna Malaiyandi.

W. Curtis Preston:

How's it going Prasanna.

Prasanna Malaiyandi:

oh, Curtis, I'm good.

Prasanna Malaiyandi:

I know the fact that you came all the way up to Santa Clara to visit the office

Prasanna Malaiyandi:

and we didn't get a chance to meet.

W. Curtis Preston:

And how many times has that happened?

W. Curtis Preston:

Just saying,

Prasanna Malaiyandi:

We didn't.

Prasanna Malaiyandi:

No, no, no.

Prasanna Malaiyandi:

I think last time you came up, we did meet because remember we did the photo shoot.

W. Curtis Preston:

okay.

W. Curtis Preston:

All right.

W. Curtis Preston:

That doesn't count.

W. Curtis Preston:

The photo shoot doesn't count.

Prasanna Malaiyandi:

it does.

Prasanna Malaiyandi:

I think so.

Prasanna Malaiyandi:

And then the time before we met twice, so

Prasanna Malaiyandi:

I

Prasanna Malaiyandi:

think that I get to carry over one of those, but you were also

Prasanna Malaiyandi:

busy.

Prasanna Malaiyandi:

You were

W. Curtis Preston:

still feeling a little butt hurt.

Prasanna Malaiyandi:

but you were also busy with

Prasanna Malaiyandi:

your

W. Curtis Preston:

get a date with my friend, by the way, my

W. Curtis Preston:

friend whose wife isn't even in town, like who, who took, who took

W. Curtis Preston:

priority over hanging out with me?

W. Curtis Preston:

What entity I want you to say publicly, what entity took

W. Curtis Preston:

priority over, hanging out with me.

Prasanna Malaiyandi:

The dog.

W. Curtis Preston:

The dog.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

The dog, you had something to do with the dog.

W. Curtis Preston:

And so that was more important than hanging out with me,

W. Curtis Preston:

but whatever, I'm not hurt.

W. Curtis Preston:

I'm clearly I'm

W. Curtis Preston:

not hurt.

Prasanna Malaiyandi:

I love you.

W. Curtis Preston:

whatever.

W. Curtis Preston:

All right.

W. Curtis Preston:

So our guest is like, what have I wandered into, uh, so,

Prasanna Malaiyandi:

Yeah.

W. Curtis Preston:

so, uh, we actually have a, this is one of the

W. Curtis Preston:

few times where I was on our guest's podcast, and now he's on my podcast.

W. Curtis Preston:

Mark Shriner is the strategic sales director for a memo Q a leading

W. Curtis Preston:

translation management system and host of the secure talk podcast,

W. Curtis Preston:

which is how we came to meet.

W. Curtis Preston:

I got to go over and talk about backups on his podcast, and then he got to come here.

W. Curtis Preston:

He's now on my podcast to talk about security.

W. Curtis Preston:

He graduated from Penn state university with a bachelor's degree

W. Curtis Preston:

in liberal arts and sciences.

W. Curtis Preston:

In 2022, he completed Harvard cyber security, managing risk in the

W. Curtis Preston:

information age, diploma program.

W. Curtis Preston:

welcome to the podcast Mark Shriner.

Mark Shriner:

Thank you, Curtis.

Mark Shriner:

And thank you persona.

Mark Shriner:

It's a actually, I've had fun kind of watching you guys with the intro there.

Mark Shriner:

You seem like an old married couple or something too,

W. Curtis Preston:

We're an old, married couple that never sees each other.

W. Curtis Preston:

I'm

Mark Shriner:

right?

W. Curtis Preston:

cause cause Prasanna lives in and you know what it is.

W. Curtis Preston:

It's a Santa Clara Yeah.

W. Curtis Preston:

He lives in Santa Clara.

W. Curtis Preston:

I live in San Diego and you live a little bit farther north,

W. Curtis Preston:

as I recall up in Seattle.

Mark Shriner:

Yes.

Mark Shriner:

Yes.

Mark Shriner:

And I'm envious of both of your weather.

Mark Shriner:

Um, I actually, to be honest with you, I just spent the last three months

Mark Shriner:

traveling between Arizona, uh, St.

Mark Shriner:

George, Utah, Las Vegas, and San Diego and Los Angeles all in that

Mark Shriner:

area for three months for business and for some personal business.

Mark Shriner:

And in three months we had like five cloudy, rainy days.

Mark Shriner:

And I got back here at the beginning of may thinking like, Hey, it's

Mark Shriner:

safe to come back to Seattle wrong.

W. Curtis Preston:

Speaker:

Yeah, it's funny to see.

W. Curtis Preston:

Speaker:

Seattle is one of those places where, when it is sunny, it is just one of

W. Curtis Preston:

Speaker:

the most beautiful places on earth.

W. Curtis Preston:

Speaker:

Right.

W. Curtis Preston:

Speaker:

I remember.

W. Curtis Preston:

Speaker:

And I think I told you on when I was on your podcast, that I did some

W. Curtis Preston:

Speaker:

work for Amazon back in 1998, I put in for the record, I put it in their

W. Curtis Preston:

Speaker:

first enterprise wide backup system.

W. Curtis Preston:

Speaker:

And, um, I was there in the summer.

W. Curtis Preston:

Speaker:

Right.

W. Curtis Preston:

Speaker:

And not a single cloudy day for three months.

W. Curtis Preston:

Speaker:

And it was like I said to them, you know, going up to Mount Rainier and going out on

W. Curtis Preston:

Speaker:

the sound and watching them throw the fish there it's a pike place market, of course,

W. Curtis Preston:

Speaker:

hanging out at the bubble gum wall.

W. Curtis Preston:

Speaker:

I'm just saying, I like, I like Seattle,

W. Curtis Preston:

Speaker:

the original Starbucks.

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

I went up for a trip, I think like four years ago around this time in may.

Prasanna Malaiyandi:

And like, the weather was gorgeous, like perfectly sunny.

Prasanna Malaiyandi:

And I was asking everyone, I was like, what are you guys complaining about?

Prasanna Malaiyandi:

The weather is gorgeous.

Prasanna Malaiyandi:

They're like, you just ended up being here on like the perfect week.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

in contrast right now in Seattle or in San Diego, we are in the

W. Curtis Preston:

middle of what we call may gray.

W. Curtis Preston:

And then next, next month will be June loom.

W. Curtis Preston:

Uh, this is the worst time of the year to actually visit San Diego.

W. Curtis Preston:

I mean, you can get sunny days, but there will be, you know,

W. Curtis Preston:

multiple days in a row where it's just a hundred percent overcast.

Mark Shriner:

Is it, is it because of the fog that comes in

Mark Shriner:

or is it just overcast and gray?

W. Curtis Preston:

It's overcast and gray.

W. Curtis Preston:

Um, it's not, it's not.

W. Curtis Preston:

So the fog we call that the Marine layer, uh, the Marine layer generally

W. Curtis Preston:

burns off after around nine or 10.

W. Curtis Preston:

If you have, if you have a strong Marine layer and it's just weird because

W. Curtis Preston:

there's no rain connected with it, it's just sort of gloomy, you know?

W. Curtis Preston:

Um, and, uh, it just is what it is and, you know, and I

W. Curtis Preston:

talk to people all the time.

W. Curtis Preston:

They're like, yeah, yeah.

W. Curtis Preston:

Um, and it, and it just.

W. Curtis Preston:

Uh, people will come here.

W. Curtis Preston:

So I thought you guys were sunny.

W. Curtis Preston:

I'm like, you know, to tell you it's it's may gray man.

W. Curtis Preston:

Welcome to

Mark Shriner:

Whenever I've been in San Diego, it's always been sunny and I come

Mark Shriner:

down there three or four times a year.

Mark Shriner:

I'll be there twice, this summer for soccer, for my son's soccer tournaments.

Mark Shriner:

Uh, but I love it.

W. Curtis Preston:

So I I'm curious.

W. Curtis Preston:

What drew you to cybersecurity?

Mark Shriner:

Well, a couple of different things.

Mark Shriner:

I think.

Mark Shriner:

In 2017, we were moving back from a nine year stint in Asia, moving back to the

Mark Shriner:

states and a good friend of mine, uh, had.

Mark Shriner:

A company that would be with becoming a Microsoft

Mark Shriner:

cybersecurity compliance partner.

Mark Shriner:

Um, he was looking for some help on the business development side.

Mark Shriner:

And, um, and I, and I started taking a look.

Mark Shriner:

The more I researched, the more interested I became because, you know, cybersecurity

Mark Shriner:

is something that can go a mile wide.

Mark Shriner:

And, and, and then also a mile deep in any one of those things.

Mark Shriner:

If you want to talk about, you know, pen testing, uh, backups, um,

Mark Shriner:

encryption, different, you know, compliance organizations, you can

Mark Shriner:

just go in so many, uh, data loss prevention, endpoint protection.

Mark Shriner:

I mean, you can go so many different directions and then each one of those, you

Mark Shriner:

can go down these super deep rabbit holes.

Mark Shriner:

And I like learning.

Mark Shriner:

The other thing I, that I find interesting about cybersecurity back then, and now is.

Mark Shriner:

Before, I think we thought that this is the cybersecurity.

Mark Shriner:

There was a couple of people in the back, in the corner of the it department that,

Mark Shriner:

that their job is cybersecurity, but everybody in an organization needs to have

Mark Shriner:

some type of awareness and responsibility for security, but beyond that.

Mark Shriner:

Us as individuals and consumers, we need to be aware of some

Mark Shriner:

security best practices.

Mark Shriner:

And so it affects everybody's life.

Mark Shriner:

And it's something that, you know, 30 years ago, nobody was talking

Mark Shriner:

about because there was no internet.

Mark Shriner:

And now it's hugely important with the internet, social media, everything.

Mark Shriner:

I have three children.

Mark Shriner:

And they need to know some best practices about, you know, what

Mark Shriner:

does a phishing campaign look like or a phishing attack look like?

Mark Shriner:

What w you know, how do they protect their passwords?

Mark Shriner:

What should they shouldn't do with their, with their mobile devices, et cetera.

Mark Shriner:

So it affects everybody.

Mark Shriner:

And it's this, this like new field that was created partially based upon

Mark Shriner:

the explosion of the internet in IOT.

Mark Shriner:

So, um, I think we're just getting started in both in terms of understanding

Mark Shriner:

the threat landscape, but also the, um, the best practices for prevention.

Mark Shriner:

Does that make sense?

Prasanna Malaiyandi:

Do you see that a lot of this, I know it's an interesting point.

Prasanna Malaiyandi:

You made that it's rolling into consumers.

Prasanna Malaiyandi:

Like everyone has to start caring about this.

Prasanna Malaiyandi:

Like every day.

Prasanna Malaiyandi:

Do you start to find that that's actually happening or.

Prasanna Malaiyandi:

Or are people sort of like, yeah, that's just something that a company

Prasanna Malaiyandi:

has to worry about or a business has to worry about, or like this large CEO

Prasanna Malaiyandi:

has to worry about not necessarily.

Mark Shriner:

Well, yeah, let me answer that by backing up even farther.

Mark Shriner:

I think in companies right now, where it used to be the perception of the.

Mark Shriner:

Part of the it teams or the, you know, the CISO's job there, is an a

Mark Shriner:

growing or increasing awareness that it's everybody's responsibilities.

Mark Shriner:

And so you'll have not only do you have like structured educational, um,

Mark Shriner:

programs, but you'll have like simulated phishing campaigns and things like that.

Mark Shriner:

So go enterprise wide.

Mark Shriner:

And if you get the CEO and he clicks on the wrong thing and boom, guess

Mark Shriner:

what you got to go to training you're in a you're you're doing timeout.

Mark Shriner:

Um, and companies try to make that.

Mark Shriner:

So in companies it's becoming, uh, I guess increasingly common for people to accept

Mark Shriner:

that everybody has a responsibility.

Mark Shriner:

If you find a thumb drive in the parking lot, don't just walk in and

Mark Shriner:

stick it in your company's device.

Mark Shriner:

Right.

Mark Shriner:

You know, and, and, and sharing those stories, you know?

Mark Shriner:

I remember growing up and listening to my, my grandparents, tell stories about this

Mark Shriner:

accident, that accident, this person who did something good, did something bad.

Mark Shriner:

And we learn from those stories.

Mark Shriner:

And I think when we share these stories about hacks or, you know, the famous

Mark Shriner:

story about somebody finding a thumb drive and then putting it in their device

Mark Shriner:

and then, you know, downloading some malware inadvertently, we learn from

Mark Shriner:

that and those stories are important.

Mark Shriner:

So that's one method of, uh, or one, I guess, data point.

Mark Shriner:

Come people in organizations are becoming increasingly where individuals I think

Mark Shriner:

are also becoming extreme, increasingly aware, let's start off with high net worth

Mark Shriner:

individuals, where they are very much in the sites of, um, targeted phishing,

Mark Shriner:

spear, phishing campaigns, right?

Mark Shriner:

And so there are certain tools and methods and processes out there to

Mark Shriner:

help these people at least become aware of what's what the threat looks like.

Mark Shriner:

But beyond that, I think, um, just the general public, you know, if

Mark Shriner:

I look at my kids, they are pretty suspicious and kind of cynical and

Mark Shriner:

almost jaded, uh, in terms of like, look at this, they'll show me stuff.

Mark Shriner:

They're like, look at this, you know, it's just, and because

Mark Shriner:

it's obviously it's a scam.

Mark Shriner:

And so I think.

Mark Shriner:

Um, people are becoming increasingly aware at the same time you still hear

Mark Shriner:

of consumers every day, you know, for example, they're, they're, they're

Mark Shriner:

transferring money to a title agency and somebody spoofs the, uh, the address,

Mark Shriner:

uh, that w where they're supposed to they're there, the account information,

Mark Shriner:

that kind of stuff is happening in.

Mark Shriner:

So, um, yes and no, to answer your question, I think people are

Mark Shriner:

becoming more aware, but there's, we have a long, long ways to go.

Mark Shriner:

Yeah.

W. Curtis Preston:

that there was a study back in 2016, uh, from the

W. Curtis Preston:

university of Michigan where they left a series of USB drives that had,

W. Curtis Preston:

that had an HTML in there that if you open up an HTML, it had an image tag.

W. Curtis Preston:

So they were able to identify, um, how many people actually clicked on the thing.

W. Curtis Preston:

What do you suppose the percentage was of the people that.

Mark Shriner:

Well, you know, university of Michigan, that's a, that's what?

Mark Shriner:

Big, big 10.

Mark Shriner:

Uh, those guys probably I'm west coast, so I I'm, I'm afraid to guess.

Mark Shriner:

W what was it?

W. Curtis Preston:

It was half,

Mark Shriner:

That was in what year?

W. Curtis Preston:

uh, 20 16, 297 USB drives around the Urbana

W. Curtis Preston:

champagne CA these are college kids.

W. Curtis Preston:

These are,

Mark Shriner:

At the one of the best universities in the country.

Mark Shriner:

Wow.

W. Curtis Preston:

They said they found that 48% of the drives are

W. Curtis Preston:

picked up and plugged into a computer.

W. Curtis Preston:

Some within minutes of being dropped.

Mark Shriner:

yeah.

Mark Shriner:

Well, Hopefully, hopefully the situation or the, the awareness is getting better.

Mark Shriner:

I mean, I look at little things like, um, turning on MFA's or multi-factor

Mark Shriner:

authentication two factor authentications for just any, any, obviously any bank

Mark Shriner:

accounts, but any, any of your online, um, tools or apps, just turn it on,

Mark Shriner:

you know, uh, it's a simple thing.

Mark Shriner:

That's going to stop 99%.

Mark Shriner:

But some people that, well, it's a hassle.

W. Curtis Preston:

Yeah.

Mark Shriner:

If you're, if your account gets compromised, then

Mark Shriner:

that's going to be a hassle.

Mark Shriner:

So.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

I I've mentioned on this podcast a few times that I went from

W. Curtis Preston:

being kind of an MFA newb, I don't know, four or five years ago to.

W. Curtis Preston:

Slowly.

W. Curtis Preston:

And then, and then it sorta, it was sort of a snowball situation.

W. Curtis Preston:

Right.

W. Curtis Preston:

I ended up rolling MFA anywhere it mattered.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, and the cause I have, oh Lord, I have like 800 accounts.

W. Curtis Preston:

At, I'm not kidding.

W. Curtis Preston:

I have a password manager, so I, you know, I can pull it up and see it.

W. Curtis Preston:

And I have, uh, just, just hundreds and hundreds of

W. Curtis Preston:

accounts at random places where

Mark Shriner:

What are you doing, man?

Prasanna Malaiyandi:

Hey,

W. Curtis Preston:

I just, well, it's just stuff.

W. Curtis Preston:

Anyway.

Mark Shriner:

Persona persona.

Mark Shriner:

You going to tell me Curtis's into some shady stuff, man.

Mark Shriner:

If he's got 800 accounts,

Prasanna Malaiyandi:

well, I just hope he talks about his experience with MFA.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

So, and so I, I, don't my point, my point of mentioning how many accounts I have.

W. Curtis Preston:

I don't have MFA on most of those.

W. Curtis Preston:

Right.

W. Curtis Preston:

Because they're just stuff where I don't, there's no information I'm just anyway,

W. Curtis Preston:

but I did roll out MFA, uh, everywhere.

W. Curtis Preston:

And I, I use Google authenticator and wherever I could, because of what I knew

W. Curtis Preston:

about that using Google authenticator.

W. Curtis Preston:

Uh, text-based MFA and, and by the way, I, I, I dunno, well, I'd like to come back to

W. Curtis Preston:

that idea, but, but here's what happened.

W. Curtis Preston:

Um, I got a new phone and I got locked out of all my accounts.

W. Curtis Preston:

So, because I didn't know.

W. Curtis Preston:

I didn't know what I didn't know.

W. Curtis Preston:

And so I, um, I, when I re when I rolled that out again, uh, I switched to authy

W. Curtis Preston:

as an app, which allows you to back up the stuff and try, you know, anyway.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

So, um, I'm a huge fan of MFA.

W. Curtis Preston:

And I, and I've mentioned before that, I went from kind of being

W. Curtis Preston:

a newb to being very angry.

W. Curtis Preston:

If there's a, if there's a company that I'm interacting with where

W. Curtis Preston:

things matter and they don't have.

W. Curtis Preston:

Uh, the authenticator style of, of, uh, MFA.

W. Curtis Preston:

Prasanna you're, you're you're up on this stuff.

W. Curtis Preston:

So here's, here's the thing I'm wondering if there's a company that offers

W. Curtis Preston:

multiple methods of authentication.

W. Curtis Preston:

Um, like my, my, my credit union, uh, they have my phone and, uh,

W. Curtis Preston:

they, they use a, they have an authenticator method where you get,

W. Curtis Preston:

uh, you get the little six digit code.

W. Curtis Preston:

If you, uh, pull up their app on your phone.

W. Curtis Preston:

I prefer that method.

W. Curtis Preston:

I use that method whenever I can, but should I be bothered by the

W. Curtis Preston:

fact that they also support SMS?

W. Curtis Preston:

Like there's no way to disable the fact that they have

Prasanna Malaiyandi:

I would be a little worried just because the number of sort

Prasanna Malaiyandi:

of SIM swap attacks that are happening these days, like you hear it all the

Prasanna Malaiyandi:

time when it comes to crypto, right.

Prasanna Malaiyandi:

With all these acts where someone SIM swaps with someone else

Prasanna Malaiyandi:

gets the authenticator code, cleans out their wallet, right.

Prasanna Malaiyandi:

They're a Bitcoin wallet.

Prasanna Malaiyandi:

So I think it is common.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And even T-Mobile right.

Prasanna Malaiyandi:

Was accused of allowing a porting out of numbers as well.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

That's another thing that can.

W. Curtis Preston:

right.

W. Curtis Preston:

So, so you, so you think I should be worried?

W. Curtis Preston:

I don't know what I could do.

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

And it also depends to what extent, like some random person going after

Prasanna Malaiyandi:

you specifically Curtis, right.

W. Curtis Preston:

I'm a big deal.

Prasanna Malaiyandi:

exactly.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

But I think there are cases like if you're a high net worth user or even

Prasanna Malaiyandi:

you have sensitive data or things like that, that you care about.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

That I think, yeah, you should be worried about even email, right.

Prasanna Malaiyandi:

Multi-factor authentication.

Prasanna Malaiyandi:

Sometimes it's worrisome as well.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

It's things which you can't completely secure on a.

Mark Shriner:

Yeah.

Mark Shriner:

That's what I'm seeing that most of the organizations that I'm F MFA with, um,

Mark Shriner:

offer an option could be, for example, a token that you have, um, uh, it could

Mark Shriner:

be the authenticator app could be a text, could be an email and they offer

Mark Shriner:

the consumer the choice at this point.

Mark Shriner:

Uh, probably just trying to make it easy for somebody to opt in with something.

Mark Shriner:

But there are obviously some that are more secure than others.

Mark Shriner:

And I, I spoke earlier about the, the awareness of some consumers,

Mark Shriner:

especially high net worth individuals, um, becoming more cyber aware.

Mark Shriner:

And the specific attack that I was thinking about is SIM swapping.

Mark Shriner:

And it's be, I, you know, I know a gentleman that's been,

Mark Shriner:

um, SIM swapped three times.

Mark Shriner:

You know, um, and it's, you know, he, he described it as he was on an airplane.

Mark Shriner:

He got out the airplane, his phone wouldn't work.

Mark Shriner:

Right.

Mark Shriner:

And it is took him days to get back online.

Mark Shriner:

It was maddening, scary, um, and primarily done through social engineering where

Mark Shriner:

they contact the, the, the mobile carrier and convince them that they

Mark Shriner:

are you and that you need a new SIM.

Mark Shriner:

And it's just that.

W. Curtis Preston:

Yeah.

Prasanna Malaiyandi:

They made it so easy to port numbers as well.

Prasanna Malaiyandi:

That that's also another common vector.

Mark Shriner:

What does that mean to port a number?

Mark Shriner:

Does that mean to change carriers?

Prasanna Malaiyandi:

To change carriers.

Mark Shriner:

Okay.

W. Curtis Preston:

And so basically instead of just doing a SIM swap,

W. Curtis Preston:

they just pretend to be you and port your number to another carrier.

Mark Shriner:

Wow.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

That's not good.

Mark Shriner:

These bad guys are really bad mint.

W. Curtis Preston:

I think that's something we can all agree on.

W. Curtis Preston:

Um, yeah, so, so like I have multiple accounts where, so like goo like Gmail.

W. Curtis Preston:

Okay.

W. Curtis Preston:

Gmail.

W. Curtis Preston:

It's very specific on what authentication.

W. Curtis Preston:

Systems that you use and you can disable ones that you

W. Curtis Preston:

don't want to use specifically.

W. Curtis Preston:

You can disable SMS authentication, but my credit union, uh, it supports all of them.

W. Curtis Preston:

And I suppose the only way to disable SMS based authentication is to delete

W. Curtis Preston:

my cell phone from the account.

W. Curtis Preston:

But that's just weird,

Prasanna Malaiyandi:

But Change it to like a mobile number

Prasanna Malaiyandi:

or, sorry, to the home number,

Prasanna Malaiyandi:

right.

Prasanna Malaiyandi:

If your credit union allows you to say, is this a cell phone or.

Prasanna Malaiyandi:

Or a mo or a home number.

Prasanna Malaiyandi:

I'm sure if you select a home number, it won't send you SMS, but

W. Curtis Preston:

a ho what's a home number

Prasanna Malaiyandi:

a landline a landline and old school.

Prasanna Malaiyandi:

Like, I, I know I've seen places where it's like, is this a home

Prasanna Malaiyandi:

number or is this a cell phone?

W. Curtis Preston:

Interesting.

W. Curtis Preston:

Uh, so, so I'm curious, mark, what do you, if you're, so I know, you know, as

W. Curtis Preston:

a person dedicated to backup, there's, you know, I have sort of my top five

W. Curtis Preston:

of like, these are things and by the way, on your podcast, the first, like

W. Curtis Preston:

my biggest one, you and I talked about was the, the, the, the idea that cloud

W. Curtis Preston:

stuff is automatically backed up.

W. Curtis Preston:

Which it isn't.

W. Curtis Preston:

Um, if somebody were to say, you know, what are the top five things that I need

W. Curtis Preston:

to be concerned about, uh, as a, you know, either personally or, or it sounds

W. Curtis Preston:

like personally you're thinking MFA,

Mark Shriner:

All right.

Mark Shriner:

I would say that's just a best practice personally or for, for companies

Mark Shriner:

and companies have a little bit more sophisticated tools at their disposal,

Mark Shriner:

so they can push an MFA depending on, you know, the user behavior.

Mark Shriner:

Are they logging in from.

Mark Shriner:

A new location.

Mark Shriner:

Are they logging in from another country?

Mark Shriner:

Is there some kind of, some kind of anomalous behavior, this, you know,

Mark Shriner:

mark never accesses these files now he's downloading gigs, downloading

Mark Shriner:

gigabytes of finance records.

Mark Shriner:

Uh, I think we're gonna force an MFA on that.

Mark Shriner:

Right.

Mark Shriner:

Um, so I think MFA is kind of a foundational thing, uh, for

Mark Shriner:

individuals or organizations.

Mark Shriner:

I think some other best practices for, for individuals again, would be backup to

Mark Shriner:

ensure that your information is backed up.

Mark Shriner:

I don't know if you guys have seen these, uh, Mr.

Mark Shriner:

Backup gives me a thumbs up

W. Curtis Preston:

I'm very, very excited

Mark Shriner:

thumbs up from Mr.

W. Curtis Preston:

Very excited

Mark Shriner:

Backup.

Mark Shriner:

Yeah.

Mark Shriner:

Um, the, you know, you have, you guys get these emails that say, Hey, you know, I'm

Mark Shriner:

sorry to tell you, but I've been spying on you for the last couple of months.

Mark Shriner:

And, uh, you know, and if you don't send this money to whatever, I'm

Mark Shriner:

going to release this stuff, this, you know, this thing of you going

Mark Shriner:

into these inappropriate websites and they send these emails out to.

Mark Shriner:

Thousands of people and some people, cause they know that some people will

Mark Shriner:

be like, oh my God, I should pay this.

Mark Shriner:

Right.

Mark Shriner:

Well, you should, you should.

Mark Shriner:

For one, if you get that email.

Mark Shriner:

Delete it, I don't care what sites you've been going through.

Mark Shriner:

It's just a, they're just phishing.

Mark Shriner:

Um, and too, if you've got your stuff backed up, you don't have to worry

Mark Shriner:

about anybody encrypting anything.

Mark Shriner:

Now, if they're going to release stuff, that is another thing from

Mark Shriner:

malware is if they take your records, even though you've backed them up.

Mark Shriner:

If they're going to release something that you don't want released to the

Mark Shriner:

public, that's a whole nother discussion, but definitely you should back up,

Mark Shriner:

um, antivirus, running an antivirus is, is, is, you know, super important.

Mark Shriner:

Um, what else?

Mark Shriner:

As a, as a consumer.

Mark Shriner:

Just being aware and pausing.

Mark Shriner:

When you see something that looks a little off any time somebody says, Hey,

Mark Shriner:

um, there's a problem with your account.

Mark Shriner:

We need you to log in and can now just stop or, oh, your, your order for $15,000

Mark Shriner:

from Amazon is on its way, you know?

Mark Shriner:

And you're like freaking out, dude, just, yeah.

Prasanna Malaiyandi:

Like if you didn't expect it don't click it.

Mark Shriner:

Exactly.

Mark Shriner:

That's a, that's a perfect way to say it.

Mark Shriner:

I like that.

Mark Shriner:

Didn't expect it.

Mark Shriner:

Don't click it.

Mark Shriner:

And I mean, you know, obviously you can, you can, you know, cause you can look at

Mark Shriner:

the, uh, the sender's real, real address and see, is this something real read?

Mark Shriner:

It is a lot of this stuff, you know, they've got shoddy grammar, you know,

Mark Shriner:

fuzzy images, but people get worked up.

Mark Shriner:

I mean, yes, but I'm sure you've seen the ones where you get an email from the CEO.

Mark Shriner:

Hey mark.

Mark Shriner:

I need you to run out and buy 50 gift cards for target and send, you know,

Mark Shriner:

Uh, it's happened to one of my boys, uh, who was working as an internship for the

Mark Shriner:

cybersecurity committee that I was working with before, which the is Adaquest the CEO

Mark Shriner:

of Adaquest, his name is Hiram Machado.

Mark Shriner:

And, um, it was like my son's third day into his internship.

Mark Shriner:

And he got an email saying, Hey, um, you know, Makai.

Mark Shriner:

I need you to run out and buy, um, $500 worth of gift cards from target.

Mark Shriner:

And I need you to, once you have that, just let me know, and I'll

Mark Shriner:

tell you what we're going to do with them, but I need this for this

Mark Shriner:

event we're doing this afternoon.

Mark Shriner:

And so Makai again, again, telling you the kids are getting smarter these days.

Mark Shriner:

Hopefully not the ones in university of Michigan, I guess that was 2016.

Mark Shriner:

Um, he emailed me and he goes, what should I do with that?

Mark Shriner:

And I said, send it.

Mark Shriner:

I said, we're going to use this as a case study in a learning

Mark Shriner:

example, don't do anything with it.

Mark Shriner:

You know?

Mark Shriner:

Um, but yeah, I don't.

Mark Shriner:

What, what advice would you guys give.

W. Curtis Preston:

Uh, I mean that stuff's all all good.

W. Curtis Preston:

I think, um, the, you know, you talked about hovering

W. Curtis Preston:

over the site to see the site.

W. Curtis Preston:

What I generally say is if you get an unexpected communication from

W. Curtis Preston:

somebody you actually do business with.

W. Curtis Preston:

Right?

W. Curtis Preston:

Because I get stuff like that.

W. Curtis Preston:

My Citibank card has been compromised.

W. Curtis Preston:

I'm like I haven't had a Citibank card in like 20 years.

W. Curtis Preston:

So I think I'm pretty good, but I get, um, I I've gotten phished

W. Curtis Preston:

from like PayPal, um, you know, stuff like that or not from PayPal.

W. Curtis Preston:

You know, as

Mark Shriner:

Pretend people pretending to be PayPal.

Mark Shriner:

Yeah.

W. Curtis Preston:

pretending to be PayPal, um, is if you

W. Curtis Preston:

are actually concerned, if it sounds like something that, that

W. Curtis Preston:

might be real, go to paypal.com.

W. Curtis Preston:

Don't interact in any way with that email, go to PayPal.com or contact

W. Curtis Preston:

PayPal's phone number, not anything listed in that, in that email.

W. Curtis Preston:

Um, would, it's interesting though.

W. Curtis Preston:

There are times when I, in fact, just a couple of days ago.

W. Curtis Preston:

I got contacted by a company that I do business with.

W. Curtis Preston:

And there was a credit card company and they, they were like, you

W. Curtis Preston:

know, we're such and such from such and such credit card company.

W. Curtis Preston:

And we want to call to verify charges.

W. Curtis Preston:

And I'm like, well, how about I freaking verify you?

W. Curtis Preston:

Like, you're just random nude

Mark Shriner:

Show me your badge.

W. Curtis Preston:

show, you know, they will, well, we want to authenticate.

W. Curtis Preston:

We want to authenticate you.

W. Curtis Preston:

Uh, before we talk to you about account, I'm like, well, how do I authenticate you?

W. Curtis Preston:

Like, why do you people still think this is like Lee?

W. Curtis Preston:

I will call.

W. Curtis Preston:

Thank you.

W. Curtis Preston:

Thank you for calling.

W. Curtis Preston:

I will call the 800 number on and by the way, it was a real thing.

W. Curtis Preston:

Um, I will call the 800 number on my credit card and I will ask for the

W. Curtis Preston:

fraud department and it was real thing.

W. Curtis Preston:

Th that that's annoying that that happens, right.

W. Curtis Preston:

Uh, because that is a, that is a phishing way, right?

W. Curtis Preston:

Um, yeah.

Mark Shriner:

I mean, in, in people, people think that, um, all cyber

Mark Shriner:

attacks are through email or somehow somebody is getting into your network.

Mark Shriner:

Some of them are just a phone call.

Mark Shriner:

Uh, you know, I've, I've been called by.

Mark Shriner:

The IRS, the texts, whatever.

Mark Shriner:

And yeah, this Mr.

Mark Shriner:

Shriner.

Mark Shriner:

Yes.

Mark Shriner:

We have an urgent matter that we need to talk to you about.

Mark Shriner:

Um, uh, really, and I, I, sometimes I just like, well, where's this gonna go?

Mark Shriner:

Cause I know at one point they're going to ask me for social security

Mark Shriner:

date of birth, blah, blah, blah.

Mark Shriner:

I'm like, okay.

Mark Shriner:

Yeah, yeah.

Mark Shriner:

What's going on?

Mark Shriner:

They're like, well, uh, before we can go any further, we

Mark Shriner:

need to get some information.

Mark Shriner:

And typically the smart ones, they won't go right to social security.

Mark Shriner:

But just say like, they'll say, like, I just want to confirm that

Mark Shriner:

your name is blah, blah, blah.

Mark Shriner:

They got your name.

Mark Shriner:

Right.

Mark Shriner:

I'm like, yeah, that's me and that you're living at.

Mark Shriner:

Yeah, yeah.

Mark Shriner:

Yeah.

Mark Shriner:

And so now I'm starting to respond to them.

Mark Shriner:

Right.

Mark Shriner:

And then as sooner or later they're like, okay.

Mark Shriner:

And then, so, um, can we give us the year of your date of birth, you know,

Mark Shriner:

and you're like, and, and, and they just start to the good ones, start to tease

Mark Shriner:

it out of you because they're not gonna, if they come in first, first thing to

Mark Shriner:

ask you is social security people like.

Mark Shriner:

But you down there and then, you know, they build a rapport and that's,

Mark Shriner:

that's what they're all looking for.

Prasanna Malaiyandi:

Yeah, it feels like they have that information already.

Prasanna Malaiyandi:

So it's like, okay, what's this one more piece of information.

W. Curtis Preston:

we're doing, we're doing it.

W. Curtis Preston:

Just to verify that we're talking to the right person,

Mark Shriner:

Exactly.

Prasanna Malaiyandi:

Well, and it's funny.

Prasanna Malaiyandi:

Cause I remember when my dad retired, like he'd always get all these calls from.

Prasanna Malaiyandi:

Scammers or salespeople.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And I'd be like, you guys should just chat with them.

Prasanna Malaiyandi:

It's like, what do you have to lose?

Prasanna Malaiyandi:

Just don't give them any information.

Prasanna Malaiyandi:

But at least you're

Mark Shriner:

You retired, they're willing to talk to you,

Prasanna Malaiyandi:

And at least you're saving someone

Prasanna Malaiyandi:

else from having to get a call.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

So,

Mark Shriner:

right?

W. Curtis Preston:

Don't click on the emails.

W. Curtis Preston:

Like just, just again, if you think it's actually from

W. Curtis Preston:

PayPal, then go to paypal.com.

W. Curtis Preston:

Not anything with that.

W. Curtis Preston:

Go

Prasanna Malaiyandi:

and one of the points mark made earlier

Prasanna Malaiyandi:

around social engineering, I think people also just, it should just

Prasanna Malaiyandi:

be careful what they post online.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

If you're like putting Facebook messages or tweets, right.

Mark Shriner:

Hey, we're leaving tomorrow for a three week

Mark Shriner:

vacation to The Bahamas, you know?

Mark Shriner:

Yeah.

Mark Shriner:

Sorry.

Mark Shriner:

I'm.

Prasanna Malaiyandi:

no, no, no, no.

Prasanna Malaiyandi:

That's totally the case.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Or it's like, oh yeah.

Prasanna Malaiyandi:

Or you start inadvertently being like, Hey, it's my birthday.

Prasanna Malaiyandi:

Or it's like, oh, my mother is so and so right.

Prasanna Malaiyandi:

And, or a favorite dog's name.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

And all the rest of this and people can take that information and they

Prasanna Malaiyandi:

could use it for social engineering to extract other information from you.

W. Curtis Preston:

I know, I know what your favorite dog's name is.

W. Curtis Preston:

Well, I, because he was more important than me.

W. Curtis Preston:

I'm sorry, I I'm going to let it go.

Prasanna Malaiyandi:

you a

Mark Shriner:

I think he's, he's really hurt, man.

Mark Shriner:

He's damaged, man.

W. Curtis Preston:

I went to il fornaio without you.

W. Curtis Preston:

That's some really good food.

W. Curtis Preston:

Um, yeah.

W. Curtis Preston:

So what about, what about companies?

W. Curtis Preston:

So we talked about, we talking about have MFA, so there's

W. Curtis Preston:

two ways to talk about MFA.

W. Curtis Preston:

You should, as a company, be offering MFA when people are interacting

W. Curtis Preston:

with your service online, right.

W. Curtis Preston:

Uh, and then you should, as a company, I like what you were talking about earlier.

W. Curtis Preston:

Um, cause obviously, um, by the way, I haven't thrown out our,

W. Curtis Preston:

our disclaimer, so Prasanna and I work for different companies.

W. Curtis Preston:

I work for Druva, he works for Zoom and this is not a podcast of either company

W. Curtis Preston:

and the opinions here are all ours.

W. Curtis Preston:

And, um, be sure to rate us by the way, at a ratethispodcast.com/restore.

W. Curtis Preston:

And then, um, you know, if you want to come on.

W. Curtis Preston:

You know, listen to me, complain to Prasanna yourself life.

W. Curtis Preston:

Um you do that

Prasanna Malaiyandi:

We

W. Curtis Preston:

that, just it just @wcpreston it on

W. Curtis Preston:

Twitter or wcurtispreston@gmail.

W. Curtis Preston:

So, um, yeah, so, you know, with Druva, for example, you know, we've

W. Curtis Preston:

supported, uh, third-party MFA for awhile, and now we support native MFA.

W. Curtis Preston:

Uh, if you're a company.

W. Curtis Preston:

If you're a cloud company, or if you're a company that has, that has information

W. Curtis Preston:

that is important like that, and people are logging into your system without MFA.

W. Curtis Preston:

Then bad, bad company.

W. Curtis Preston:

And, and, and, and it should also not be SMS based authentication you should

W. Curtis Preston:

offer, um, you know, authenticator method and, um, uh, and I'm gonna throw

W. Curtis Preston:

out, I'm going to throw out, please.

W. Curtis Preston:

Don't be a, website that is hard to use a password manager with, right.

W. Curtis Preston:

Don't be complaining about one or two of the character.

W. Curtis Preston:

The special characters that my password manager came up with, or I had, I

W. Curtis Preston:

had one this week that complained.

W. Curtis Preston:

They're like, Hey man, your password's too long.

W. Curtis Preston:

It was 20 characters.

W. Curtis Preston:

And they said, you can use a maximum 17 characters and I'm like, you suck.

W. Curtis Preston:

Yeah, 17.

W. Curtis Preston:

Um, and, uh, the, uh, So based on that, I no longer interact with the IRS.

W. Curtis Preston:

I'm not.

Prasanna Malaiyandi:

But I also want to go back to a point mark

Prasanna Malaiyandi:

made earlier, which was that MFA.

Prasanna Malaiyandi:

I don't think solves everything.

Prasanna Malaiyandi:

You still need those, especially as a business, you still need those other

Prasanna Malaiyandi:

things to look for anomalies, right?

Prasanna Malaiyandi:

For look, to look at the behavior of the user because MFA will protect

Prasanna Malaiyandi:

you to a certain extent, but it's not the only line of defense.

Mark Shriner:

Oh, yeah.

Mark Shriner:

I mean, at, at the corporate level again, The complexity of the problem

Mark Shriner:

and the P the, the complexity of the solutions available are much

Mark Shriner:

greater, um, at the corporate level.

Mark Shriner:

I mean, you, you have things like, um, device management, for example, and

Mark Shriner:

these days everybody wants to BYOD, uh, but you also have corporate devices.

Mark Shriner:

And, but on my B my own device, I'm going to have access to company apps and data.

Mark Shriner:

How does the company manage that?

Mark Shriner:

Well, there's mobile device management tools out there that

Mark Shriner:

can, if I lose my phone, I can tell the company, Hey, I lost my phone.

Mark Shriner:

They can remote wipe their data.

Mark Shriner:

Um, you know, they can do remote backups, all of that stuff.

Mark Shriner:

They can, they can check for anamolous behavior on a phone.

Mark Shriner:

Mark just logged in from Bellevue, but, but he's also logging in from romania.

Mark Shriner:

Hmm.

Mark Shriner:

Something's wrong here.

Mark Shriner:

Right?

Mark Shriner:

So, uh, yeah, I mean all that stuff and it's, you know, depending on the size

Mark Shriner:

and the shape of the organization, it can be, you have SEIMs to, to monitor all

Mark Shriner:

types of activity to collect your logs.

Mark Shriner:

Um, so that's, again, it comes back to that original point of why

Mark Shriner:

cybersecurity, cause it's such a broad field and there's so many different.

Mark Shriner:

It's constantly evolving.

Mark Shriner:

It's it's pretty cool.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Um, I, I'm curious what you think about, so one of the things I'm pushing

W. Curtis Preston:

outside of the backup space, one of the things that I'm pushing people to

W. Curtis Preston:

do or companies to do is to look into a couple of different types of tools.

W. Curtis Preston:

One is we've we've had, we had somebody on here from a

W. Curtis Preston:

company that does a DDI, right?

W. Curtis Preston:

So what, what did we decide that was DNS DHCP?

W. Curtis Preston:

And IPAM.

W. Curtis Preston:

Yeah.

W. Curtis Preston:

Um, and so th that, those one group of tools, which is like,

W. Curtis Preston:

they can do things of like, why is somebody going to this really?

W. Curtis Preston:

Why is, why is something looking at a DNS address that is a.

W. Curtis Preston:

You know, a DNS name that is, that is like 57 characters long,

W. Curtis Preston:

and it doesn't make any sense.

W. Curtis Preston:

Right.

W. Curtis Preston:

That, that is, that is a, you know, a, um, uh,

W. Curtis Preston:

ransomware thing, reaching out for command and control.

W. Curtis Preston:

Um, that's number one and number two, the type of software or system or

W. Curtis Preston:

whatever that can identify data leaks.

W. Curtis Preston:

Right?

W. Curtis Preston:

So that, so that you it's like, there's a general level of outgoing.

W. Curtis Preston:

Uh, you know, traffic and then suddenly there's this giant

W. Curtis Preston:

spike from Fred's desktop.

Mark Shriner:

And Fred's no longer in the company.

W. Curtis Preston:

And the company exactly.

W. Curtis Preston:

Fred's on vacation.

W. Curtis Preston:

Cause he posted on Facebook that he's in Maui this week.

W. Curtis Preston:

Um, and you know, his laptops doing that.

W. Curtis Preston:

What do you think about those two types of tools?

Mark Shriner:

I think, uh, depending on the situation, I mean, it's,

Mark Shriner:

every tool has its appropriate usage.

Mark Shriner:

And I think for, for most companies, both of those make sense.

Mark Shriner:

Um, I mean, for both those tools make sense for a lot of companies

Mark Shriner:

and organizations out there.

Mark Shriner:

Um, and I guess the question, I mean, I, again, I'm not technical more at

Mark Shriner:

the kind of higher level understanding what the, trying to understand, what

Mark Shriner:

the problems are putting together.

Mark Shriner:

Some solutions.

Mark Shriner:

One of the challenges is, is that you have so many different

Mark Shriner:

vendors of so many different tools.

Mark Shriner:

And so do you look for these custom bespoke kind of solutions and tools,

Mark Shriner:

or do you, do you work with a platform provider, for example, Microsoft

Mark Shriner:

365 has a lot of DLP tools in there.

Mark Shriner:

They have, uh, advanced threat protection.

Mark Shriner:

Um, they have antivirus, you know, uh, anomaly detection,

Mark Shriner:

all of that's built in there.

Mark Shriner:

Um, so do you, and then device management as well.

Mark Shriner:

Or do you say no, we don't want to put all of our eggs in the Microsoft basket

Mark Shriner:

and we want to go for best in breed.

Mark Shriner:

And I don't know.

Mark Shriner:

I mean, you know, Prasanna, like at, I don't know how much you can talk about

Mark Shriner:

at Zoom, but like, you know, how do you guys decide, you know, what kind of a tool

Mark Shriner:

are you going to go with a, an integrated approach or do you look for best in breed?

Prasanna Malaiyandi:

So I can't talk specifically about

Prasanna Malaiyandi:

Zoom, but in general, right?

Prasanna Malaiyandi:

I think it's going to come down to.

Prasanna Malaiyandi:

The need for a tool, as well as the expertise.

Prasanna Malaiyandi:

If I'm looking at sort of small, medium businesses where maybe they

Prasanna Malaiyandi:

don't have specialized it admins, we face the same thing in backup as well.

Prasanna Malaiyandi:

Right?

Prasanna Malaiyandi:

There is no one who could go learn everything and

Prasanna Malaiyandi:

anything about security tools.

Prasanna Malaiyandi:

And so you're going to probably want a single tool that allows

Prasanna Malaiyandi:

you to solve everything.

Prasanna Malaiyandi:

Just like in backup.

Prasanna Malaiyandi:

You sort of have those issues as well, but once you get to larger

Prasanna Malaiyandi:

companies, or if you have specialized problems, you might start to.

Prasanna Malaiyandi:

Uh, rollout into, okay.

Prasanna Malaiyandi:

I now need a specialized tool, a best of breed tool because I have this special

Prasanna Malaiyandi:

need, or I now have the skillsets to be able to address some of these issues.

Prasanna Malaiyandi:

And therefore I'm going to pick different tools based on my needs.

Prasanna Malaiyandi:

And I think it's sort of hard to say one is better than another.

Prasanna Malaiyandi:

I think it depends on where you are and what your needs are.

W. Curtis Preston:

Yeah, I would, I would agree.

W. Curtis Preston:

I mean, and not just because I work for a SaaS company, but I would agree that

W. Curtis Preston:

where, where there's a big business need, that you have such as email,

W. Curtis Preston:

clearly a business need a need that every business has, um, that, that if a

W. Curtis Preston:

SaaS solution is available and it's a, it's a well-known respected et cetera

W. Curtis Preston:

solution that you can vet out then.

W. Curtis Preston:

Uh, from a security basis, I would prefer that over something that you're going

W. Curtis Preston:

to, let's say I would prefer Microsoft 365 over Exchange on prem in a heartbeat.

W. Curtis Preston:

Exchange on prem is harder to secure.

W. Curtis Preston:

It's harder to manage.

W. Curtis Preston:

So you've got to manage the system.

W. Curtis Preston:

You've got to manage the storage and then you got to manage the backup of that.

W. Curtis Preston:

And then you gotta make sure that backup gets off site.

W. Curtis Preston:

All of that is easier if you have Microsoft 365.

W. Curtis Preston:

Right.

W. Curtis Preston:

Um, now you should be backing it up, right?

W. Curtis Preston:

Microsoft is not backing it up for you.

W. Curtis Preston:

That was what you and I talked on your podcast, but there are services,

W. Curtis Preston:

that will back up, obviously Druva offers one, but there are many

W. Curtis Preston:

companies that backup Microsoft 365.

W. Curtis Preston:

And so I, I think from a security basis, as long as you vet the security vendor,

W. Curtis Preston:

Um, you know, look at, look for things like MFA, look for things like, um, you

W. Curtis Preston:

know, what their, what their NDA situation is to cut the type of data that they

W. Curtis Preston:

have, whether or not they share personal information, uh, cause some, so many

W. Curtis Preston:

of these SaaS vendors, that's actually their, um, that's their business model

W. Curtis Preston:

is they're they're, they're either cheap or, free, and they make, you know, their

W. Curtis Preston:

money with using your personal data.

W. Curtis Preston:

That's that's, uh, that's not what I'm recommending.

Mark Shriner:

No.

Mark Shriner:

Um, it's interesting.

Mark Shriner:

You know, when you talk about, um, tool selection, I think another factor should

Mark Shriner:

be, do you have the in-house expertise?

Mark Shriner:

Uh, and if you don't, how accessible is it on the market?

Mark Shriner:

Because right now, depending on what tool you're trying to deploy,

Mark Shriner:

uh, it could be very challenging.

Mark Shriner:

I mean, you can, you can get a great deal and that's interesting, cause it would

Mark Shriner:

be what people will start talking about.

Mark Shriner:

Well, how much is this per seat or per license and, and.

Mark Shriner:

One of the things that you have to look at is what are your

Mark Shriner:

deployment costs going to be?

Mark Shriner:

And then what are your ongoing maintenance costs going to be in terms

Mark Shriner:

of the, the expertise to manage that?

Mark Shriner:

And that's, that's something that often doesn't come into play until after the,

Mark Shriner:

you know, they, they, they focus on the technology, um, or the vendor, but not

Mark Shriner:

on the total cost of the deployment.

Mark Shriner:

And, uh, I would encourage everybody to do that.

Prasanna Malaiyandi:

Yeah.

Prasanna Malaiyandi:

also along with the deployment, it's how flexible is it to change

Prasanna Malaiyandi:

as your environment changes as well?

Prasanna Malaiyandi:

I think some in some tools are very static.

Prasanna Malaiyandi:

It's easy to deploy the first time, but anytime you add a new app or

Prasanna Malaiyandi:

a new environment or something else, it becomes very difficult.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

Or it's time consuming to get it, to expand to now cover that new

Prasanna Malaiyandi:

workload, versus maybe it's better to get something that might be a little

Prasanna Malaiyandi:

bit more complex for the initial deployment, but like you said, ongoing

Prasanna Malaiyandi:

maintenance, ongoing monitoring, right.

Prasanna Malaiyandi:

All the rest of that becomes a lot easier.

W. Curtis Preston:

Yeah, that that's, I think that's why from a

W. Curtis Preston:

security basis, I'm a big fan of SaaS apps because you know, you

W. Curtis Preston:

look at again in the backup space.

W. Curtis Preston:

If you're, if you're using an on-prem backup software, you must be up to date,

W. Curtis Preston:

right, on what, you know, you, you have both a, a box, maybe multiple boxes that

W. Curtis Preston:

are, you know, you might have a server, you might have a storage array and a.

W. Curtis Preston:

That, that you must be up to date on that operating system and protecting

W. Curtis Preston:

that operation, securing it, doing all of those things, uh, hope you have

W. Curtis Preston:

MFA on that backup server, by the way.

W. Curtis Preston:

And then, and then you've got the software, the backup software that

W. Curtis Preston:

you have to stay up on and people are notoriously very bad at upgrading

W. Curtis Preston:

their backup software that, uh, the, we, you know, we brought a guy over

W. Curtis Preston:

from Veritas and he told us that their best guess was that the average

W. Curtis Preston:

time that customers took to upgrade their backup software was 18 months.

Prasanna Malaiyandi:

If it works, don't touch it.

W. Curtis Preston:

People are terrified of upgrading their

W. Curtis Preston:

backup, their backup server.

W. Curtis Preston:

Right.

W. Curtis Preston:

Cause it's the last line of defense, but the problem is back up.

W. Curtis Preston:

The problem is that ransomware folks, uh, specifically the Conti group are

W. Curtis Preston:

specifically targeting backup servers.

W. Curtis Preston:

And so not only is it, um, You know, something that,

W. Curtis Preston:

that needs to be protected.

W. Curtis Preston:

It is a, you know, it is a direct attack point, right.

W. Curtis Preston:

So, um,

Mark Shriner:

I'm curious because we touched on consumers before.

Mark Shriner:

Uh, what are your recommendations or suggestions for just individuals,

Mark Shriner:

um, to, in terms of backing up their, their personal data.

W. Curtis Preston:

Uh, you know, I'm going to sound like a broken

W. Curtis Preston:

record, but SaaS backup, man.

W. Curtis Preston:

Uh, there are, there are SaaS backup Druva's not one of them.

W. Curtis Preston:

There are SaaS backup companies that target consumers and you're, you

W. Curtis Preston:

know, you're looking at like, Like 50 bucks a year, that sort of thing.

W. Curtis Preston:

Um, I, you know, I, I, I pay more than I would like to back up my iPhone,

W. Curtis Preston:

like I pay for paid for iCloud.

W. Curtis Preston:

So that's, you know, there's that, uh, but, but there are a number

W. Curtis Preston:

of services that will back up.

W. Curtis Preston:

What's important to you.

W. Curtis Preston:

Um, and specifically if, if you've got a, if you've got a laptop, right.

W. Curtis Preston:

Uh, and, and let's be honest, you got a laptop.

W. Curtis Preston:

Uh it's.

W. Curtis Preston:

It's not that hard to get that laptop backed up.

W. Curtis Preston:

I am not a fan of using uh, USB devices to backup the laptop.

W. Curtis Preston:

I know it works.

W. Curtis Preston:

The problem is that that USB devices generally sitting right next to, or in

W. Curtis Preston:

the same bag that the laptop itself is.

W. Curtis Preston:

You get a theft, there goes your backup.

W. Curtis Preston:

You get a fire that goes your backup.

W. Curtis Preston:

Right.

W. Curtis Preston:

So I much prefer for the same reasons for the companies.

W. Curtis Preston:

I prefer a cloud-based system that will backup the most important stuff for you.

W. Curtis Preston:

Um,

Prasanna Malaiyandi:

I'll disagree with Curtis here

Mark Shriner:

Okay,

Prasanna Malaiyandi:

I am.

Mark Shriner:

here we go.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

I agree that to some extent, yes.

Prasanna Malaiyandi:

SaaS based is good.

W. Curtis Preston:

I just muted your microphone Prasanna.

Prasanna Malaiyandi:

Thanks, Curtis.

W. Curtis Preston:

I've never done that.

W. Curtis Preston:

That was fun.

Prasanna Malaiyandi:

I agree that there are certain things that you do, you will,

Prasanna Malaiyandi:

you want to use a SaaS based service for.

Prasanna Malaiyandi:

But if you're not willing to shell out, or if you don't think you really need

Prasanna Malaiyandi:

it, take at least what's there with your existing, uh, laptop, for instance.

Prasanna Malaiyandi:

Like if you have Time Machine, I know Curtis, we've had the discussion

Prasanna Malaiyandi:

about Time Machine in the past.

Prasanna Malaiyandi:

You're not as thrilled about it, but if you do have a mechanism, use that

Prasanna Malaiyandi:

mechanism rather than have nothing.

Prasanna Malaiyandi:

Right.

Prasanna Malaiyandi:

I'd rather have someone use something rather than being like, oh, do I want

Prasanna Malaiyandi:

to pay $50 a year or whatever it is?

Prasanna Malaiyandi:

Yes.

Prasanna Malaiyandi:

Those are better solutions, but take what you have and just do something.

W. Curtis Preston:

Yeah, I'm not going to disagree with that.

W. Curtis Preston:

Uh, I mean the only thing I will say is that hard drive that

W. Curtis Preston:

you, if you have the hard drive already, I'm not saying it's bad.

W. Curtis Preston:

I'm just saying you just need to think about the fact that, um, that hard drive

W. Curtis Preston:

is, you know, it's so do things like rotate, but the problem is you go buy.

W. Curtis Preston:

You go buy a modern hard drive.

W. Curtis Preston:

To, to, you know, to back up your, your system.

W. Curtis Preston:

Well, that's going to be a hundred bucks plus, right.

W. Curtis Preston:

That's a couple of years of the service that I'm talking about.

W. Curtis Preston:

So just saying, just saying, um, so anyway, what,

Prasanna Malaiyandi:

thought, I think the big thing is just do something.

Prasanna Malaiyandi:

Don't do nothing.

Mark Shriner:

Yeah,

W. Curtis Preston:

I think we're saying that for, I think

W. Curtis Preston:

that's our summary statement.

W. Curtis Preston:

Maybe we'll make that the pilot title of the podcast just do something.

Mark Shriner:

kind of like the Nike thing, but, but just, just

Mark Shriner:

put, just change it to something.

Mark Shriner:

Do do something it's not as inspiring as it, but something,

W. Curtis Preston:

I like it.

Mark Shriner:

Hey, I gotta ask you guys something.

Mark Shriner:

Um, you know, cause you asked me earlier.

Mark Shriner:

Uh, so, uh, how did your, uh, the idea to do a podcast come about

Mark Shriner:

and you know, and your friendship and you know, how did that work?

W. Curtis Preston:

Um, I dunno, I, I got, I got the idea of

W. Curtis Preston:

doing a podcast after being.

W. Curtis Preston:

After going from like, not believing in podcasts.

W. Curtis Preston:

Like I didn't, I didn't get it.

W. Curtis Preston:

Like, I didn't understand why anybody would do a podcast.

W. Curtis Preston:

And then I, and then I started listening to podcasts.

W. Curtis Preston:

I, I got in a situation where they were valuable to me as a person.

W. Curtis Preston:

Then I was like, you know, I talk a lot.

W. Curtis Preston:

Maybe this would be something to do.

W. Curtis Preston:

And so, uh, and then I encountered Prasanna in the office.

W. Curtis Preston:

He used to work at Druva.

W. Curtis Preston:

That's how, that's where I met him.

W. Curtis Preston:

And, uh, I went up to him.

W. Curtis Preston:

And, uh, uh, I proposed the idea of us doing a podcast together

W. Curtis Preston:

because I thought that we had a, you know, a decent interaction and

W. Curtis Preston:

Prasanna just jumped at the chance.

W. Curtis Preston:

Didn't you Prasanna?

Prasanna Malaiyandi:

I was like, what are we going to talk about for 20 minutes?

Prasanna Malaiyandi:

I have nothing to talk about at all.

Prasanna Malaiyandi:

I don't know what you're talking about.

W. Curtis Preston:

yeah, yeah, yeah.

W. Curtis Preston:

It very quickly

Mark Shriner:

So wait, when did, when did you guys launch

Mark Shriner:

it?

W. Curtis Preston:

About three years ago.

Mark Shriner:

I got to say that I feel, um, extremely uncredentialed,

Mark Shriner:

um, because I'm looking at Curtis's background and he's he's got diplomas

Mark Shriner:

or certificates or something.

Mark Shriner:

At least he's got books there.

Prasanna Malaiyandi:

yeah.

W. Curtis Preston:

That's my book right there.

Mark Shriner:

Oh, it's your book.

Mark Shriner:

Little product placement there on the shoulder.

Mark Shriner:

All right.

W. Curtis Preston:

just a little bit.

W. Curtis Preston:

I mean, it's a very small, so it's not that good of a product

W. Curtis Preston:

placement, but, uh, yeah.

Mark Shriner:

Subliminal.

Mark Shriner:

Subliminal.

Mark Shriner:

Yeah.

W. Curtis Preston:

So, yeah.

W. Curtis Preston:

Um, so, uh, all right.

W. Curtis Preston:

Well, well, thanks a lot, mark, for coming on the podcast.

Mark Shriner:

This has been awesome.

Mark Shriner:

I don't get a chance to be on too many other podcasts other than my own.

Mark Shriner:

And, um, I've really, really enjoyed this.

Mark Shriner:

You guys are awesome and funny and obviously very, um, deep subject

Mark Shriner:

matter experts in this area.

Mark Shriner:

So I've enjoyed it.

W. Curtis Preston:

and I, and, and unlike being on your

W. Curtis Preston:

podcast, you can now just leave.

Mark Shriner:

Yeah.

Mark Shriner:

See you guys.

Mark Shriner:

I'm out of here.

Mark Shriner:

What are you going to get this edited?

Mark Shriner:

Curtis?

Mark Shriner:

What is he gonna go online, man?

Mark Shriner:

I mean, come on man.

Mark Shriner:

It's already Thursday.

W. Curtis Preston:

Exactly.

W. Curtis Preston:

Thanks Prasanna, you know, it's, you know, even though you ditched me

Prasanna Malaiyandi:

I'm sorry

W. Curtis Preston:

Curtis

W. Curtis Preston:

know,

Prasanna Malaiyandi:

I'm sorry, I disagreed with you

Prasanna Malaiyandi:

about SaaS, but yeah, do

W. Curtis Preston:

yeah, whatever, whatever.

W. Curtis Preston:

All right.

W. Curtis Preston:

And thanks to the listeners, make sure to subscribe so that you can restore it all.