The State of Enterprise IT Security Podcast - S1 EP. 18 Building a Cyber Resilience Vault with Zerto, Discussions with Zerto Global Field CTO Shariq Aqil

Cybersecurity The State of Enterprise IT Security Podcast - S1 EP. 18 Building a Cyber Resilience Vault with Zerto, Discussions with Zerto Global Field CTO Shariq Aqil

In episode 18 of the State of Enterprise IT Security podcast, Brad Bussie discusses cyber resilience with Shariq Aqil from Zerto. Explore how Cyber Resiliency Vaults protect against threats, ensure rapid recovery, and the role of Zerto's technology in enhancing organizational defenses.


Welcome to episode 18 of the State of Enterprise IT Security Podcast, where host Brad Bussie, Chief Information Security Officer at e360, discusses the critical topic of cyber resilience with Shariq Aqil, Global Field CTO at Zerto, an HPE company.

They explore the importance of Cyber Resiliency Vaults in protecting organizations against cyber threats, ensuring operational continuity, and rapidly restoring functionality after attacks. This insightful conversation explores how Zerto's innovative technologies aid in building resilient systems that not only respond to threats but also anticipate and mitigate them before they cause harm, emphasizing the need for comprehensive strategies that encompass prevention, detection, and recovery.

Listen to the Episode:


Watch the Episode:


Key Topics Covered:

  1. Introduction to Cyber Resiliency:

    • The concept of cyber resiliency is discussed, explaining its importance in helping organizations operate effectively despite facing cyber threats.
  2. Role and Impact of Cyber Resiliency Vaults:

    • The function and significance of Cyber Resiliency Vaults are explored, particularly in how they protect critical data and systems from ransomware and other forms of malware.
  3. Zerto's Technology and Cyber Resilience:

    • Shariq Aqil provides insights into how Zerto’s technology supports the building of cyber resiliency vaults, emphasizing the benefits of continuous data protection and quick recovery capabilities.
  4. Strategies for Achieving Cyber Resilience:

    • Discussion on the comprehensive strategies necessary for achieving resilience, including the integration of prevention, detection, response, and recovery processes.
  5. Practical Application of Zerto Solutions:

    • The conversation includes practical advice on how organizations can implement Zerto's solutions to enhance their cyber resilience and ensure rapid operational recovery in the event of a cyber incident.

Read the Transcript:

S1 EP. 18: Building a Cyber Resilience Vault with Zerto, Discssions with Zerto Global Field CTO Shariq Aqil

[00:00:48] Brad Bussie: Hey, everybody. I'm Brad Bussie, Chief Information Security Officer here at e360. Thank you for joining me for the State of Enterprise IT Security Edition. This is the show that makes IT security approachable and actionable for technology leaders. 

[00:01:05] Introducing Shariq Aqil from Zerto

[00:01:05] Brad Bussie: I'm very happy to bring you a special guest this week.

[00:01:09] Brad Bussie: Field CTO, Shariq Aqil of Zerto, an HPE. You may not know this, but you are my very first guest.

[00:01:18] Brad Bussie: So if you wouldn't mind, tell our listeners a little bit more about you and about Zerto. 

[00:01:26] Shariq Aqil: Thank you. Thank you very much, Brad. I'm glad to be here. And thank you. Thanks a lot for having me. So I'll start with my background. So my name is Shariq Aqil. I'm global field CTO with Zerto, which is an HPE company.

[00:01:42] Shariq Aqil: I joined this company just over two years ago, and before joining HPE and Zerto, I was, with Dell. I spent, just over five years there with Dell and EMC. I was part of their data protection division. And, then I was covering their global alliances, for the complete enterprise portfolio.

[00:01:59] Shariq Aqil: [00:02:00] Before joining Dell, I was with IBM. I spent, a few years there working in the software defined storage. And before that I was with Dell and before that spent a few years as a hands on resource in a data center. So just over 20 plus, years in the field. That's about me. 

[00:02:18] Shariq Aqil: If we talk about Zerto, which is now acquired by Hewlett Packard Enterprise back in 2021, Zerto came into being back in 2009.

[00:02:29] Shariq Aqil: And, it was a software that provides customers with disaster recovery, quick failover, failbacks, data mobility across different platforms and ransomware resilience. And all of this was built on the logics of continuous data protection. So always on data protection that provides customer with these three major use cases.


[00:02:53] Brad Bussie: Well, thank you for being on the show, and I wanted to talk a little bit about cyber resiliency, so I know we're going to get into the Cyber Resiliency Vault, but I think for some of our listeners, maybe just giving them an overview of what a what is cyber resiliency and what is the problem it solves.

[00:03:16] Brad Bussie: So I figure I'll give them just a quick. You know, kind of high level, and then we can get a little bit more into the vault side of it. So as far as cyber resiliency, we're referring to an organization's ability to continue to operate effectively. Really in the face of cyber threats and attacks, and it encompasses what we would consider a comprehensive strategy, and that strategy includes things like prevention, detection, response and the analytical and Recovery and these are processes that are [00:04:00] designed to protect as well as sustain the organization and really it's focused on what I would say critical operations and really the main problem that cyber resiliency solves is the vulnerability of, organizations to disruptions that are caused by things like cyber attacks, which can result in, we'll say, significant operational, financial, as well as reputational damage. And by implementing, we'll say, robust cyber resiliency measures, organizations can minimize the impact of attacks, ensure the continuity of essential services, and this is, I think, the important one, quickly restore full functionality. And that's really just maintaining the trust that the business has put in us as cyber defenders.

[00:05:08] Brad Bussie: And really safeguarding assets in what I think Shariq and I would consider an increasingly hostile digital landscape. So I think that sets the stage for like cyber resiliency, really the problem. 

[00:05:26] Exploring the Cyber Resiliency Vault Concept

[00:05:26] Brad Bussie: And I think it would be useful now, Shariq, if I go into like, what is a Cyber Resiliency vault and what problem does it solve?

[00:05:38] Brad Bussie: And then I think what would be good is, is just getting an idea of how does, how does Zerto work? Look at this whole problem and what, what does that landscape look like to you and, and let's see if we match up on what I'm saying. Does that sound good? 

[00:05:58] Brad Bussie: Yeah, that sounds pretty good. And you know what, the way you describe cyber resilience is exactly what cyber resilience is.

[00:06:06] Brad Bussie: Let's just call it. It is an outcome. It is an outcome. It's not a product. It is an outcome. And to achieve that outcome, we have to have, different policies in place, right people in place, right education in place and right products in place. Only then we'll be able to achieve the resilience that you were talking about a few minutes ago.

[00:06:25] Brad Bussie: And, when it comes to it, there are two strategies. One is the proactive one means keeping the bad actors out. And that is like having a strong security defenses in place. So right products, right people, right policies, right education for the employees. They are well aware of what to click, what not to click so that we keep the bad actors out.

[00:06:44] Brad Bussie: The second phase comes in is like reactive when if a bad actor is in and they are able to cause any damage. Now, how to respond to that, how to detect it, how to recover and recover very quickly because, recovery is the, is the base that whole business will rely on in case of a cyber attack. There's a downtime.

[00:07:03] Brad Bussie: Now you have to recover. Now, how quickly you can recover and how sure you are, what kind of data you are recovering back. So, this is my perspective on cyber resilience, approaches. 

[00:07:15] Brad Bussie: That's perfect. Yeah. And I think talking about the whole vault concept too will definitely help kind of add a little bit more to that.

[00:07:27] Brad Bussie: So essentially, like, when I look at this, this whole piece of what we've talked about, I look at the and you can correct me if I'm off here, but I think of a Cyber Resiliency Vault as... we'll call it secure, because that's what everybody wants to hear. A lot of times it's air gapped, air gapped storage.

[00:07:49] Brad Bussie: And it's really designed to protect critical data, as well as systems. And it's against things like [00:08:00] ransomware and other forms of malware. I think that was kind of the initial intent. And it ensures that stored data remains secure. Immutable, and that means it can't be altered, can't be deleted, and thereby we maintain something pretty important, which is data integrity as well as availability, even in the event of security breaches, because we hear about this all the time where organizations have been breached and I see them down for a long time.

[00:08:34] Brad Bussie: Weeks, if not months. And what I'm starting to realize is I think a lot of them have not gotten very far into the concept of resilient systems and a resilient vault. So. I think when you look at this and having a specialized vault that can address things and, and it's really the, the crucial need for rapid recovery.

[00:09:04] Brad Bussie: And this really gives an organization. A point to restore back to and what we're trying to do is restore operations quickly, minimal disruptions. And this is following an attack. But I could almost see this as not just an attack. But if somebody makes a mistake, we call this in the industry a lot insider threat.

[00:09:28] Brad Bussie: Sometimes it's malicious. Sometimes it's not. Sometimes it's just somebody that doesn't know what they're doing. And next thing you know all of those VMs that you had are, are gone, they're wiped. And when you ask, well, how did that happen? It comes down to somebody just didn't know what they were doing.

[00:09:45] Brad Bussie: But I think some of the things to keep in mind is that with a vault, you know, we're doing things like encrypting the data. We're isolating it from the network. We're preventing unauthorized access and tampering. And [00:10:00] really it, it fits into that broader. That broader resiliency strategy, that we've talked about.

[00:10:07] Brad Bussie: And I look at this as organizations that implement a vault really, they're enhancing their ability to withstand and quickly recover from an incident. We're, we're really ensuring that business continuity. And the protection of sensitive and critical data is there. And I think that generally this, I think this approach was looked at for just crucial environments where like data integrity and availability are super important.

[00:10:42] Brad Bussie: So if I kind of rewind, I look at this as financial services, healthcare, government, large enterprises. But honestly, I think where we're at now. Okay. Is this should be business as usual for organizations of all shapes and sizes. 

[00:11:00] Shariq Aqil: Yeah, absolutely. Absolutely. Beautiful description. And, the basic reason that these cyber walls came into being, like cyber attacks and these cyber attackers, what they were doing is like, they get into the network, they perform a network scan.

[00:11:15] Shariq Aqil: And they identify anything that is connected anything that is storing the data or keeping the copies of the data. And then they attack those before encrypting the production environment So if you have a backup server sitting in there because we have to understand backups are good Backups needs to be there for operational recovery, but if they are sitting on network, then they are also a target.

[00:11:37] Shariq Aqil: And we have seen these attackers targeting the backup copies or replica copies before they encrypt the production environment. So because of that reason, the requirement came to have an air gap copy of your data so that it is if somebody comes in and perform a network scan, they are not able to see that copy.

[00:11:54] Shariq Aqil: And that copy has to be immutable. And when we talk about immutability, it has [00:12:00] to be really immutable in a way that once it is written, nobody's able to tamper with it, including administrators. So the point that you were talking about internal attacks. So in that case, you have to have that protection available, uh, Once it is written, it has to be, it has to be immutable and nobody should be able to tamper with it.

[00:12:19] Shariq Aqil: So we talked about isolation, we talked about immutability, but the third thing and that is the important thing is like integrity of the data that you are storing. What is the health of the data? How clean the data is so that in case you are hit, you should know what is the last known good copy I can go back to, to start the recovery process?

[00:12:39] Shariq Aqil: So these cyber walls really provide all three or four capabilities not only to store the data, but to check the health of the data as well as keeping it immutable. 

[00:12:51] Brad Bussie: Exactly. And I think something, if I know the listeners out there, and I know those watching, they're probably going to ask the question based on, on what we've discussed.

[00:13:05] Brad Bussie: Why do we need cyber resiliency and Cyber Vaults? And I think of this as kind of two pieces. One, the way we've described it, cyber resiliency focuses on the broader strategy of preparing for and responding to and recovering from a cyber attack. While the Cyber Resiliency vault, is it's a specific and we'll call it a tactical tool that is supporting the the strategy and that's that's essentially by safeguarding the data.

[00:13:46] Brad Bussie: What do you think? Is that a pretty accurate assessment? 

[00:13:50] Shariq Aqil: Accurate, pretty accurate. And I'll just give you an example. There are like five different pillars you already talked about, identify, protect, detect, [00:14:00] respond, recover. So usually the first three pillars usually lies with the security teams.

[00:14:05] Shariq Aqil: Identify, protect, detect is like keeping the bad actors out, stopping the attacks even before they cause any damage. So they are doing a very good job. They have best tools in place and they are keeping the bad actors out. But if a bad actor is in, and if there is any corruption, Now, the question is who owns the recovery of the data after that corruption? Is it security team? Or is it someone else? If it is a storage team, now the question is, do they have the right infrastructure deployed to be able to perform that kind of recovery from a cyber attack? And this is where, exactly where you need the vault to help complement your cyber resilience strategy.

[00:14:44] Brad Bussie: I agree, because I end up seeing organizations that often point in different directions when you say, well, who's responsible for for this recovery? And I think I think having a vault definitely starts to simplify and having the strategy overall is, I think, pretty important. 

[00:15:05] Building a Cyber Resiliency Vault with Zerto

[00:15:05] Brad Bussie: So what I'd like to talk about is specifically like how do you do this vault concept with Zerto? So I would think of this as, as building a Cyber Resiliency vault with the Zerto technology. I'm just super interested in, in what that looks like and kind of the approach that you take. And then I figure what I could do is talk about how we look at this from a program perspective and tooling is always great for supporting the program. So I think let's go tools first and then let's talk a little bit about program 

[00:15:46] Shariq Aqil: Sure thing. So before going into the details of our solution, I want to talk about the market landscape quickly, which was there before we launched our product.

[00:15:56] Shariq Aqil: So there were many cyber world offerings out there in the market. [00:16:00] But one thing that was common in all those solutions, all those solutions were based off of backup software. Right. The backup software writing the data and then you are vaulting it. And one reminder that our customers never relied on backup software to provide them with mass recovery of the data.

[00:16:18] Shariq Aqil: Nothing to do with anything. It is some technology limitations are always there. They use something like a storage replication, something like Zerto to provide them with the ability to quickly fail over, fail back and do the mass data recovery. Because the backup, first of all, it takes long time to recover.

[00:16:35] Shariq Aqil: Right. Right. Right. Plus you only perform backup once a day. So there's a data loss window. If we talk about data loss of 24 hours plus the recovery time of a couple of weeks, that's a long, a long time. And we saw that as a gap in the market, that all these solutions are based off of this technology. So what we did with our solution is, we brought the data mover Zerto into the picture.

[00:17:00] Shariq Aqil: And coupled it with HPE hardware to come up with the solution where we provide a cyber vaulting, not based off of backup, but based off of continuous data protection. So any point in time recovery that is getting replicated to our vault, number one. The second thing is as we are replicating the data, now we are performing the scan of the data to identify any anomalies, any traces of the encryption.

[00:17:27] Shariq Aqil: So within three to five seconds, you are. You know that the data copy is clean or not, instead of you perform backup, wait 24 hours and then start the scan and then you know that you have a right, a clean copy or not. So we combined it. So this is how we move the data. As we are moving the data, we are scanning it, then we are making it immutable, but we are not leaving it there.

[00:17:49] Shariq Aqil: From there on, we are creating an air gap copy of that data into our wall zone. And that is totally based off of [00:18:00] decentralized architecture. So there is no single manager of it. If there is no single manager, there is no single point of compromise. The whole architecture is built on zero trust principles.

[00:18:12] Shariq Aqil: So the data mover component does not know about the retention policy. The retention policy holder does not know about the replication policy. So there are many things that we considered. And the beauty of this architecture is that it is continuous data protection. So it does any point in time recovery for up to whatever retention duration you want.

[00:18:30] Shariq Aqil: Plus the recovery time for petabytes of data came down from weeks or months So that's one part of the recovery of the data loss window. We brought it down from like 24 hours down to three or four hours. Recovery time, we brought it down from like 30 plus days down to two hours. So that's the business impact that we reduced.

[00:18:55] Shariq Aqil: The third thing that people don't usually talk about, we always talk about vaulting the data, but we never talk about recovering the data. Because if you have, if you are under cyber attack means your production is compromised, might not be accessible. So now you have the data copy, where will you recover it?

[00:19:12] Shariq Aqil: You will need a clean room. So what we did in our architecture, we combined the vaulting and clean room in one solution to be able to not only store the data, keep it safe, but also in case of attack, we will be able to recover it, perform tests, do the forensic, do the cleansing, and then move the data back to production.

[00:19:30] Shariq Aqil: So that's on a high level Brad, that's our architecture. 

[00:19:33] Brad Bussie: I love it... Honestly, when I look at this, I mean, I, I feel that this is in some cases, the only chance that an organization would, would have to recover because of just how attacks are starting to ramp up. 

[00:19:49] The Importance of Testing and Recovery Planning

[00:19:49] Brad Bussie: And, I think, you know, tools are tools are fantastic, but when I've noticed is after watching a lot of these recovery events of [00:20:00] organizations that have been compromised, I found really the kind of the weakest link is the people in preparation and the ability to act when the event occurs like your technology is fantastic.

[00:20:16] Brad Bussie: It's, it's there to be leveraged. But when I start talking to an organization and I, I just ask one simple thing, what needs to come up first? Let's say you're, you're completely down. What does that actually look like? And I have a bunch of people staring at me and they don't know the answer to that. So what, what I think would be interesting is if we talk through kind of the, the programmatic approach and how we could then leverage Zerto.

[00:20:48] Brad Bussie: In this type of scenario where we've been compromised, either systems are down, all systems are down. Active directory has been impacted. There's some form of event that is, that is happening. So the first thing that, that I ask clients is Let's try to get in front of this before it happens.

[00:21:13] Brad Bussie: That's the big thing. But first, ask yourself and your organization today, can your business recover without major financial loss? And I would say in 80% of organizations that are asked that question, the answer is maybe. It's not a no. It's not a yes. People just aren't sure. So what what we've done is we've we've kind of looked at this as a cyber resiliency framework.

[00:21:47] Brad Bussie: So the first thing that I would ask is if that's a maybe for your organization, consider this framework, and I'm going to just kind of rapidly go through it. First aspect is [00:22:00] making sure you understand the mission. What? What is the mission of your organization? The implementation of your technology and identify technology requirements overall.

[00:22:13] Brad Bussie: When do things need to come up? In what order? What service accounts? There's a lot of things that go into that. I make it sound kind of easy, but there's a lot of work that needs to happen. Second is revenue as well as brand equity. So this, this essentially supports. Enables your overall business strategy because as we've seen with some of these cyber attacks recently, not only is it a revenue impact to the business 'cause they're, they're down and they're unable to provide the service that they are implementing in the first place.

[00:22:51] Brad Bussie: They brand takes a significant impact and customers may not be as comfortable coming back and doing business with an organization that's been compromised So. Asking yourself that question. Third, what what are the core business functions and aligning those with security to protect critical systems as well as data?

[00:23:15] Brad Bussie: And then I think this is where some of that vaulting technology comes into play. And fourth, There's the internal operations and administrative functions. And this is where I see a lot of organizations really struggle, because what I'm asking you to do is map technology to business functions. And that's essentially the only way you're ever going to recover from.

[00:23:41] Brad Bussie: A large scale cyber event. What do you think of that? Do you think that's, that's pretty solid as far as a framework and approach? It's pretty high level. 

[00:23:53] Shariq Aqil: That's a really, really, very strong approach. And you covered it again. You covered it very well [00:24:00] because you cannot achieve resilience with one thing.

[00:24:02] Shariq Aqil: You have to have the right people identified. You have to have right policies in place. You have to have right products in place to be able to support that. But not only, not only these three P's, but you also, also need to consider. That, in, in case you are attacked, what are the minimum viable business components that you are recovering?

[00:24:23] Shariq Aqil: So, it will start with identification. As you explained it very well. Identify what you want to protect. Identify the interdependencies of those components. So that you are not just recovering the data, but you are recovering the complete ecosystem that is required to serve that data. 

[00:24:38] Brad Bussie: Exactly. 

[00:24:39] Shariq Aqil: Right. So you have to identify that.

[00:24:42] Shariq Aqil: Then when you have identified, then you move it, then you protect it using a product, but then you need to have right processes in place and right people identified that who will be able to test that data. What should, should be the access mechanism? What are the policies about it? And. After that, what, how can, how can you perform the testing of whatever you have identified to be protected and whoever is required to, to test the data and actually perform the recovery testing?

[00:25:12] Brad Bussie: That's a big one. Yeah, that's a big one. I see a lot of organizations struggle where they haven't tested and what they bring back is not what they needed to bring back. , that's, that's something 

[00:25:24] Shariq Aqil: because that, that testing will really compliment when in case of a cyber attack, when you are down, you will need to go through not only like just bringing data backup, you might have to go through like data forensics first.

[00:25:36] Shariq Aqil: So do you really want to have a solution in place that supports you so that supports you to perform testing so that you've been. You perform the testing, you'll be able to test all of your tools right there on the set of the data to perform forensic analysis, cleansing, and a rehearsal to move the data back to production.

[00:25:57] Shariq Aqil: So these are the important things. So identification. [00:26:00] Identification, protection, testing. 

[00:26:05] Expert Tips on Cyber Resiliency and Vaulting

[00:26:05] Brad Bussie: And Shariq, something I always like to do in the podcast is I like to give a kind of a wrap up, of an I never liked to use the word expert, but it comes out of my mouth often, like an, an expert opinion and some pro tips when it comes to.

[00:26:24] Brad Bussie: So when it comes to cyber resiliency, as well as vaulting, I kind of want to give the listeners a couple of high level things to consider, because I think sometimes this can seem a little complex. So I'll start with just a couple. And then I think we can, we can wrap it up with, with kind of your, your pro tips or, or overall thoughts when it comes to a Resiliency Vault.

[00:26:55] Brad Bussie: So I think if you're looking at this today, I would start with getting a clear understanding of what your critical assets actually are. I think it's actually one of my mentors, John Kindervog has said "it is defining your protect surface. It's not necessarily your attack surface because. That's pretty much everywhere now, but it is start with that clear understanding of what it is that you're going to protect, which is your critical asset."

[00:27:26] Brad Bussie: I would say ensuring the vault is properly air gapped. So I liked the discussion that we had about the zero trust implementation and keeping things separate as a cyber practitioner, I would say, encrypt everything as often as possible, whether it's in transit at rest in a vault, encrypt everything that you possibly can.

[00:27:54] Brad Bussie: And then I would say, implement those strict access controls [00:28:00] and and adopt least privilege, wherever possible. And then I would say, and this is just good cyber hygiene, you know, regularly update and patch systems. I think the one that stuck with me from this conversation is test your recovery process.

[00:28:20] Brad Bussie: And I would stay, I would say, stay compliant as well as audit regularly the entire process, not just for your cyber program, but the audit slash recovery process for your cyber vault. 

[00:28:41] Shariq Aqil: That's a great description again, but, one thing that we have learned from these cyber attacks in almost all type of cyber attacks.

[00:28:49] Shariq Aqil: There was a requirement for having a clean infrastructure in place before you can perform the recovery because production was compromised, DR was compromised, and they were, our customers were not able to use existing infrastructure. So you need to have a clean set of equipment available. For you to perform the recovery and perform the testing and you can, and that will actually enable you to perform the regular testing because now you have a dedicated infrastructure that's clean.

[00:29:16] Shariq Aqil: So identification, identify it, have a detailed incident response plan in place. Because now, now it will not be only the security teams doing the forensic. It will be the storage team providing them with the data. It will be networking team, bringing the networks back. And then all these teams have to work together.

[00:29:37] Shariq Aqil: So you need to have the right incident response plan in place that. Product is providing you with a copy of the data, but everything else that is serving the data has to be in place before you go back to normal. So identification, then documenting it, having this incident response plan in place. And again, I'll come back to.. [00:30:00] Test it. Perform the testing. Have a testing exercise, testing rehearsal plan for your teams to like coordinate and test everything beforehand.

[00:30:11] Shariq Aqil: All right. 

[00:30:13] Brad Bussie: Couldn't agree more. 

[00:30:15] Action Steps for Organizations

[00:30:15] Brad Bussie: I think, if there's, if there's two things that I want our listeners to, to take away from this, it's always what's the action that, that they should take after listening to something like this? So we spent, you know, 25, 30 minutes, I would say going pretty, pretty high level on this, but there's a lot more conversation to be had.

[00:30:37] Brad Bussie: So from an organizational standpoint, what, what should their action be? And I would say. Two things. One, I would implement a cyber resiliency review, so I'm a big fan of discover and assess before you do much of anything. So I would say, conduct that review, and it's really looking at current trends.

[00:31:03] Brad Bussie: Cybersecurity strategies and systems and second, once you've done that and you have some good information that comes back from it, then it's time to adopt a Cyber Resiliency Vault. And I think that's where you can invest and adopt, vault technology. And I think Zerto is a great, great solution for that.

[00:31:22] Shariq Aqil: Yep. Thank you. Thank you for, for that, feedback, but, you nailed it right there.

[00:31:30] Shariq Aqil: We go to doctors to perform our health checks. Now we have to do the health check of the business. Just ask the question to your team that in case we are attacked, what we need to recover, who is responsible, how will we recover, where we will recover. Do we have the right technology in place? When you ask those questions after your health check is done only then you'll be able to understand your current state of business And are you cyber ready or cyber resilient...[00:32:00] 

[00:32:00] Shariq Aqil: or not? And from there on we can take the discussion further. There are many technologies. It's not just HPE. It's not just Zerto. There are many technologies out there. They all have unique benefits. So I think, once you identify what is your requirement, our customers should talk to all these providers of these components so that they can take the discussion forward, understand what is available and be able to make the right decision for their environment.

[00:32:26] Brad Bussie: Excellent. All right, Shariq, I really appreciate you spending some time with us on the podcast today. And, thanks again. I hope our listeners have a great rest of their day or night or whenever you're listening. And, enjoy the content. Thank you. 

[00:32:42] Shariq Aqil: Thank you very much, Brad. 

Consult a Zerto Expert


Written By: Brad Bussie