Sign up to save your podcasts
Or
Share The backup is the target: Dell’s Rob Emsley on building a real cyber resilience practice
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The backup is the target: Dell’s Rob Emsley on building a real cyber resilience practice
Rob Emsley, director of cyber resilience marketing at Dell Technologies
For most of the history of managed services, backup has been foundational but frankly unremarkable. You back up the data. Customers sleep better. Everyone moves on.
That model needs to evolve.
In this episode of In The Channel, recorded at Dell Technologies World in Las Vegas, Rob Emsley, director of cyber resilience marketing at Dell Technologies, makes a compelling case for why MSPs need to reframe their entire backup practice around cyber resilience – and why the opportunity to do so has never been bigger or more urgent.
The stat that sets the table: 97% of cyber attacks now involve targeting the backup infrastructure directly. Attackers know that if they can compromise the backup, the game is essentially over. An MSP whose backup practice is not built around isolated, immutable copies is not selling a last line of defense – it’s selling false assurance.
Central to the conversation is the idea of the “minimum viable company”: a framework Emsley encourages MSPs to bring to their customers, ideally at the board level. The question is deceptively simple – if everything goes down, what are the absolute minimum systems and data sets required to bring the business back online? Building a resilience strategy around that answer changes how you architect backup, and how you price and position it.
Emsley walks through Dell’s PowerProtect portfolio, including the Data Domain platform and its multi-tenant capabilities for MSP environments, the Workspace Protection endpoint play, and the new premium rebate incentives for cyber resilience solutions in Dell’s Modern Partner Platform.
His most practical advice for the mid-market? Have an incident response plan – and print it out. Because when ransomware strikes, the runbook sitting on the encrypted server is not going to help anyone.
Read Full Transcript
Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show.
We’re still coming to you from Dell Technologies World in Las Vegas this week, where AI Factory and agentic AI have understandably grabbed most of the headlines. But while I was on the show floor, I also wanted to bring you a conversation that I think is going to resonate long after the conference fades. The question of how MSPs should be thinking about cyber resilience – not just backup or data recovery, but the full picture of what it actually takes to bring a customer’s business back to life after a ransomware attack – sits at or near the top of virtually every board-level buying agenda right now. And with AI increasingly in the hands of the bad guys as much as the good guys, the calculus around protecting data is changing fast.
I sat down with Rob Emsley, director of cyber resilience marketing at Dell Technologies, for a conversation about the difference between disaster recovery and cyber recovery, the concept of the minimum viable company, and why MSPs who are still selling backup the old-fashioned way may be leaving both value and their customers seriously exposed.
Let’s get right into it. My chat with Rob Emsley.
Robert Dutt: Rob, thanks for taking the time. I appreciate it.
Rob Emsley: Yeah, great to meet you, Robert.
Robert Dutt: Director of cyber resilience marketing. You’re sitting in a pretty fascinating place right now, I have to think. Let’s start by sort of setting the table a little bit for an MSP and solution provider audience. How do you define cyber resilience at Dell today and how is that different from what it looked like even a couple of years back?
Rob Emsley: Yeah, I mean, for many years, what the portfolio that I market was really the data protection portfolio. And like many vendors in the industry, one of the things that’s dramatically changed over probably the last decade, I would say, is the increase in cyber attacks and really the concern over things like ransomware, over things like insider threats, basically anything where bad actors are going after your data. And over the last probably 10 years, you’ve seen a lot more interest in cyber recovery as opposed to disaster recovery.
Disaster recovery has been around forever. Bad things happen to good people. Do I have a set of infrastructure that I can restart from, whether it’s a natural disaster or human error, et cetera, et cetera. And the interesting thing with cyber recovery is the frustrating reality is that your hardware is probably still in good shape. You’re not under five feet of water or your infrastructure hasn’t been destroyed by a tornado. So everything looks as if it’s recoverable, but you know it isn’t because it’s been impacted, it’s been infected, and your good data is now bad data.
So many MSPs that work with vendors in this market have seen an evolution of those vendors changing their messaging to certainly become more security companies. And some of that, you could argue, is based on vendor evaluations, especially private companies that are looking to go public or be acquired, et cetera, et cetera. So Dell Technologies was probably one of the last to really make a hard pivot from the products that we sell, predominantly delivering backup and recovery, but really to position those products and market those products as cyber resilience offerings.
And cyber resilience really drives us to have new conversations with different parts of the customer’s team. Certainly it’s the old adage that when you’re selling data protection, you take the elevator to the basement to talk to the infrastructure team. When you’re selling cyber resilience, you take the elevator to the top floor to talk to the board, and it really has become a board-level discussion.
So I think for managed service providers, the topic of cyber resilience is a much broader conversation that they can have with prospective customers. I think that customers know that there’s only two things that they’re afraid of losing. One is their employees, and two is their data. Losing either of them is really a bad day.
So I think that when you look at buying intentions from many analyst firms that do those types of research projects – Omdia, for instance, is one – cyber resilience tops the top three, if not the top two or even top one, buying intentions for the coming years. And it has done for many, many years. So I think that’s why cyber resilience is an opportunity for managed service providers to expand the conversations and the people that they’re talking to, because it’s a horizontally required discipline.
One of the things that customers, unfortunately over the years, have overspent on – maybe not overspent, but maybe not got the balance correct – is they’ve spent a lot of their budgets on cybersecurity products, trying to make their environments more secure. Basically build a wall. Firewalls fall into that category of technology, ransomware detection, those types of things. The area where we’ve tried to get a better balance in IT budgets is on recovery and resilience, based on the premise that there’s no such thing as absolute security. So you need to be prepared to have a good copy of your data to bring back to life, to bring your company back to life.
Robert Dutt: Obviously, a lot of talk about AI because it’s the 2020s and we’re at a tech conference. Everyone’s going that way, which is good news in some regards and bad news in other regards in the security sphere, because it turns out the bad guys have access to it.
Rob Emsley: Yeah. And that’s true for, as you imagine, a lot of technology. If you think about just life in general, there’s a lot of things that are available in the market that can be used for good and can also be used for bad. It all depends on what hands those technologies are in.
And certainly, if you look at the use of AI to manufacture more sophisticated cyber attacks, certainly if you think about the use of AI to provide more sophisticated phishing emails, that’s certainly one thing I think we’ve seen. And certainly the concern around using AI to more quickly identify vulnerabilities – that’s been something that’s been top of mind in the news over the last few weeks, a couple of months.
But again, I think both of those just reinforce the importance of having a surety that you have a good known copy of your data that you can take to the bank to bring the company back online. And I think from an MSP perspective, offering an infrastructure that gives their customers that assurance is really beneficial to customers. The old adage of customers want to sleep well at night – and if an MSP can help them do that, then a good night’s sleep is worth a fortune sometimes. Certainly my wife would say so.
Robert Dutt: I think after 365, backup has been a fundamental underpinning of managed services for such a long time. I’m curious what you think is most common for MSPs to miss in terms of evolving and doing more than just the old-fashioned backup technology and getting more out of that.
Rob Emsley: Yeah, I think if you look at a lot of the backup technologies that are available, certainly backup has always been that last line of defense. And unfortunately, being that last line of defense, the bad actors realize that if you compromise the backup infrastructure, you can pretty much do whatever you want. All bets are off. The customer doesn’t have a last line of defense.
So if you think about some of the research that’s in the industry, 97% of cyber attacks involve attacking the backup infrastructure. And that doesn’t matter whether or not it’s managed by the customer or managed by an MSP. So I do think that MSPs need to become much more conversant in explaining what they are doing and how they have implemented a backup infrastructure that really is that last line of defense. And that’s something which you start getting into the concept of offering isolated copies of backups – maybe not for every single data type, but certainly we believe wholeheartedly in the concept of the minimum viable company, which really is a discussion to have with the board about when everything is gone, what needs to come back in order for you to be viable.
Because I think that’s the killer – some people have a laissez-faire attitude to, well, everything’s important. But if everything’s important, then nothing’s important. So I do think that the MSPs that are in the backup industry need to realize that the backup value has changed. It used to be very much around being there for operational recovery. Having backups is just good hygiene, but having backups that aren’t secure is a no-no in today’s market. So that becomes a very important shift for MSPs that are in the backup market.
Because I do agree with you – backup, God bless it, has been a great value creator for MSPs. Many customers realize that they need to back up their data. Subscribing to a service to do that is certainly an easy way to use your resources for more productive work to drive revenue. But at the end of the day, if you’re not secure, it’s difficult to innovate with confidence.
Robert Dutt: All right. How does the portfolio that you guys are offering today help partners position their customers to be able to bounce back based on what really happens when they get attacked, breached, when their backup is part of that?
Rob Emsley: Yeah. So within the Dell Technologies portfolio, this occurred probably about seven years ago. When I came back to Dell in 2018, we were simplifying the infrastructure portfolio of the company – storage predominantly, servers, and at the time data protection and cyber resilience. So many of our customers and our partners realized we have a portfolio of Power-branded products: PowerEdge, PowerStore, PowerMax, PowerSwitch. And probably in 2019, we introduced PowerProtect. So PowerProtect is the umbrella portfolio for everything we do in that backup and recovery, data protection, and cyber resilience space.
Within there, we sell software to create copies of data and store them on hardware. And the hardware that we sell is something that we’ve been very lucky to have ownership of for literally 20 years. It’s an acquisition that was made by Dell Technologies, actually prior to the acquisition of EMC – it was an EMC acquisition, a company called Data Domain. And Data Domain has been really foundational for delivering cyber resilience. It falls into the category of what IDC calls the purpose-built backup appliance market. So unlike general purpose storage that many backup vendors use, this is a storage tier that was specifically developed for the purpose of storing backups.
So it was developed with three attributes in mind. One was performance – how fast can I back up, how fast can I recover? It was built on efficiency – backup is a very repetitive process, so how can I store multiple backups in less physical capacity? So data reduction, deduplication. And then scalability – how can I start small and scale? But then overarching to that is how can you make it rock solid and secure? So the security features of our PowerProtect Data Domain appliances are something that’s very advantageous. And many of our managed service providers have stood that up in their data centers and offered that as the foundation for cyber resilience.
The nice thing is that Data Domain, as well as supporting Dell Technologies software – so PowerProtect Data Manager, and other software assets that we’ve had for even longer, products like Networker and Avamar – it also has a very healthy ecosystem. There’s a protocol called Data Domain Boost that we use to allow third parties to integrate with Data Domain directly. Because the reality is that an MSP, when they go and talk to a customer, that customer has more than likely already made choices around the backup software that they’re using. And it’s more than likely not just one.
And sometimes when they go to the MSP, they’ll say, well, can you basically choose a backup software application? But even the nice thing is, from an MSP perspective, Data Domain is multi-tenant. So you can slice up Data Domain into an ability to serve many MSP customers using different software if the customer so chooses. So if you look at our expo floor this year, we’ve got companies like Commvault exhibiting, companies like Veeam exhibiting. That’s the way that our portfolio is set up to provide that backup infrastructure for MSPs to leverage.
Robert Dutt: Obviously, one of the big occurrences here from a partner point of view is the Modern Partner Platform that’s rolling out. And in part of all of those changes, you got the specific call out for cyber resilience solutions as one of the differentiated product areas for premium rebates. That’s a pretty big carrot. What does it say about the signal to the channel about where you see the biggest growth opportunities across Dell?
Rob Emsley: Yeah, we have historically done the majority of our business through the channel, but we also recognize that the channel has a lot of choices. Many of our competitors, in fact most of our competitors in that cyber resilience backup solution space, are all pure-play individual companies, most of which have very little direct sales capabilities. So very channel-focused and therefore have blanketed the channel to sell their wares, sell their products.
We wholeheartedly believe that the Dell Technologies portfolio, either standalone from a cyber resilience solutions perspective, but also taken in context of the other key elements – you think about things like private cloud and AI – gives a channel partner the concept of delivering secure infrastructure and the opportunity to take advantage of that broader portfolio. And as we talked about earlier, you can’t deny that cyber resilience is top of mind. It’s as high on the board’s agenda as, hey, how are we going to take advantage of artificial intelligence? Some could argue that cyber resilience is either on par or if not, for many customers, more of a concern, because it’s that ever-present danger of – is the infrastructure that I have now, even before I’ve implemented AI, secure enough to allow us to sleep at night?
We certainly see the pivot from data protection to cyber resilience fitting well with the other vendors that our MSPs talk to. We certainly have a portfolio that addresses small customer needs to large customer needs, can absolutely be leveraged by our MSP partners to build a practice behind. And also, with cyber resilience solutions, there’s that upfront services component built in – identifying what is the minimum viable company that needs to be the most secure, the most isolated, to give those customers the peace of mind and actually show the MSPs as valued trusted partners.
Robert Dutt: So much of the focus is obviously on enterprise data, on the data center, on the infrastructure side. But you also have the Workspace Protection offering going on. How important is securing the endpoint in the overall resilience strategy, and what’s the play there for partners from a resilience point of view?
Rob Emsley: Yeah, certainly if you think about the entry point into most networks, the endpoints are clearly the most numerous, just by the volume of endpoints compared to the volume of elements in the data center. So certainly when we look at cyber resilience, we look holistically – not only at the data center infrastructure, but absolutely the endpoints that we sell.
We continually look at the elements of security across the portfolio. And there’s a lot of foundational technology across the Dell product line, whether it be in the client space or in the server or storage space. The concept of trusted boot, secure BIOS, really carries forward through the PC line all the way into our server line and then the leverage of those servers into our storage portfolio.
And then from an MSP standpoint, when you engage with Dell from a purchase perspective, you gain the advantage of the secure supply chain that Dell uses to its advantage. Our supply chain forever has been an incredible value, not only to ourselves, but also to anybody that buys from us, including our partners. But the fact that the way that we leverage that supply chain securely gives a lot of peace of mind. Because many of our partners, when they’re working with security companies, those security companies are not manufacturing their devices. Certainly they’re not manufacturing endpoints. Most of the time, they’re not manufacturing data center servers and data center storage solutions. They’re buying from somebody else.
So the concept of a secure supply chain becomes harder to rationalize when you have multiple suppliers providing your solution. So at the end of the day, one of the advantages when it comes to Dell is that if you choose to work holistically with Dell, you get this foundational benefit across the portfolio of a lot of commonality when it comes to security and resilience. That’s one take-it-to-the-bank benefit that an MSP can achieve when they work with Dell Technologies across the entire portfolio. We’re fortunate enough to be in a position to have that entire portfolio, and long may that continue.
And certainly that’s one of the advantages – when we look at security and resilience, we can look at it from the endpoint all the way to the data center and beyond. And I think that’s something that is a big benefit for MSPs to lean into the whole portfolio, as well as the advantages of aggregation of benefits and different tier levels by having a single-vendor, multi-portfolio opportunity, as opposed to slicing and dicing their vendor engagements across half a dozen different vendors.
Robert Dutt: What do you see as the most common gap, especially in the mid-market, in terms of incident response plans today?
Rob Emsley: I think it’s one, having one that is documented and printed out. That may seem very basic, but…
Robert Dutt: Until your systems are locked down by ransomware.
Rob Emsley: Exactly. So the very basic advice of have a plan and print it out may sound very old-fashioned and simplistic, but in the mid-market, that is probably something that people should consider. Certainly, practice does make perfect is not a trite saying. Practice, practice, practice in the mid-market becomes important. You don’t want to be developing a plan or using a plan for the first time when the house is on fire. You want to know where the exits are, where the fire extinguisher is, and you want to know how to use it. You want to make sure that when you use it, they work. Something which we can probably all think about in our own home lives, to be honest.
So I think that’s probably something which, no matter what size company you are, it comes back to – you don’t want to lose your employees, you don’t want to lose your data. And when it comes to cyber resilience, you’re never too small or too big to take a fresh look at what you do and what your plan is.
Robert Dutt: Once again, I appreciate you taking the time. Great chat.
Rob Emsley: Great. Thanks, Robert.
Robert Dutt: There you have it, Rob Emsley from Dell. I’d like to thank Rob for carving out some time during what has been a very busy week on the show floor at DTW.
A couple of things from the conversation that I think are worth mentioning. First, that 97% figure – 97% of cyber attacks now involve targeting the backup infrastructure directly. If you’re an MSP and your backup practice is still built on the assumption that the backup is the safe harbor, that’s a foundational problem. The attackers know exactly where the life raft is.
And second, the idea of the minimum viable company sounds simple, even obvious, but it’s actually a board-level conversation that most MSPs probably aren’t having and probably should be. What are the absolute minimum systems, data sets, and processes that a business needs to restart their operations? Answering that question and then building a resilience stack around that answer is the real difference between selling backup and selling business continuity.
And his parting advice – have a plan and print it out – almost laughably basic until you consider how many organizations discover their incident response runbook is sitting on the encrypted server when they need it the most.
I’d like to thank you as always for listening to the show. Please follow or subscribe wherever you get your podcasts – Apple Podcasts, Spotify, YouTube, most directories. Ratings and reviews are always appreciated and always help.
Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
View all episodes
By ChannelBuzz.caRob Emsley, director of cyber resilience marketing at Dell Technologies
For most of the history of managed services, backup has been foundational but frankly unremarkable. You back up the data. Customers sleep better. Everyone moves on.
That model needs to evolve.
In this episode of In The Channel, recorded at Dell Technologies World in Las Vegas, Rob Emsley, director of cyber resilience marketing at Dell Technologies, makes a compelling case for why MSPs need to reframe their entire backup practice around cyber resilience – and why the opportunity to do so has never been bigger or more urgent.
The stat that sets the table: 97% of cyber attacks now involve targeting the backup infrastructure directly. Attackers know that if they can compromise the backup, the game is essentially over. An MSP whose backup practice is not built around isolated, immutable copies is not selling a last line of defense – it’s selling false assurance.
Central to the conversation is the idea of the “minimum viable company”: a framework Emsley encourages MSPs to bring to their customers, ideally at the board level. The question is deceptively simple – if everything goes down, what are the absolute minimum systems and data sets required to bring the business back online? Building a resilience strategy around that answer changes how you architect backup, and how you price and position it.
Emsley walks through Dell’s PowerProtect portfolio, including the Data Domain platform and its multi-tenant capabilities for MSP environments, the Workspace Protection endpoint play, and the new premium rebate incentives for cyber resilience solutions in Dell’s Modern Partner Platform.
His most practical advice for the mid-market? Have an incident response plan – and print it out. Because when ransomware strikes, the runbook sitting on the encrypted server is not going to help anyone.
Read Full Transcript
Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show.
We’re still coming to you from Dell Technologies World in Las Vegas this week, where AI Factory and agentic AI have understandably grabbed most of the headlines. But while I was on the show floor, I also wanted to bring you a conversation that I think is going to resonate long after the conference fades. The question of how MSPs should be thinking about cyber resilience – not just backup or data recovery, but the full picture of what it actually takes to bring a customer’s business back to life after a ransomware attack – sits at or near the top of virtually every board-level buying agenda right now. And with AI increasingly in the hands of the bad guys as much as the good guys, the calculus around protecting data is changing fast.
I sat down with Rob Emsley, director of cyber resilience marketing at Dell Technologies, for a conversation about the difference between disaster recovery and cyber recovery, the concept of the minimum viable company, and why MSPs who are still selling backup the old-fashioned way may be leaving both value and their customers seriously exposed.
Let’s get right into it. My chat with Rob Emsley.
Robert Dutt: Rob, thanks for taking the time. I appreciate it.
Rob Emsley: Yeah, great to meet you, Robert.
Robert Dutt: Director of cyber resilience marketing. You’re sitting in a pretty fascinating place right now, I have to think. Let’s start by sort of setting the table a little bit for an MSP and solution provider audience. How do you define cyber resilience at Dell today and how is that different from what it looked like even a couple of years back?
Rob Emsley: Yeah, I mean, for many years, what the portfolio that I market was really the data protection portfolio. And like many vendors in the industry, one of the things that’s dramatically changed over probably the last decade, I would say, is the increase in cyber attacks and really the concern over things like ransomware, over things like insider threats, basically anything where bad actors are going after your data. And over the last probably 10 years, you’ve seen a lot more interest in cyber recovery as opposed to disaster recovery.
Disaster recovery has been around forever. Bad things happen to good people. Do I have a set of infrastructure that I can restart from, whether it’s a natural disaster or human error, et cetera, et cetera. And the interesting thing with cyber recovery is the frustrating reality is that your hardware is probably still in good shape. You’re not under five feet of water or your infrastructure hasn’t been destroyed by a tornado. So everything looks as if it’s recoverable, but you know it isn’t because it’s been impacted, it’s been infected, and your good data is now bad data.
So many MSPs that work with vendors in this market have seen an evolution of those vendors changing their messaging to certainly become more security companies. And some of that, you could argue, is based on vendor evaluations, especially private companies that are looking to go public or be acquired, et cetera, et cetera. So Dell Technologies was probably one of the last to really make a hard pivot from the products that we sell, predominantly delivering backup and recovery, but really to position those products and market those products as cyber resilience offerings.
And cyber resilience really drives us to have new conversations with different parts of the customer’s team. Certainly it’s the old adage that when you’re selling data protection, you take the elevator to the basement to talk to the infrastructure team. When you’re selling cyber resilience, you take the elevator to the top floor to talk to the board, and it really has become a board-level discussion.
So I think for managed service providers, the topic of cyber resilience is a much broader conversation that they can have with prospective customers. I think that customers know that there’s only two things that they’re afraid of losing. One is their employees, and two is their data. Losing either of them is really a bad day.
So I think that when you look at buying intentions from many analyst firms that do those types of research projects – Omdia, for instance, is one – cyber resilience tops the top three, if not the top two or even top one, buying intentions for the coming years. And it has done for many, many years. So I think that’s why cyber resilience is an opportunity for managed service providers to expand the conversations and the people that they’re talking to, because it’s a horizontally required discipline.
One of the things that customers, unfortunately over the years, have overspent on – maybe not overspent, but maybe not got the balance correct – is they’ve spent a lot of their budgets on cybersecurity products, trying to make their environments more secure. Basically build a wall. Firewalls fall into that category of technology, ransomware detection, those types of things. The area where we’ve tried to get a better balance in IT budgets is on recovery and resilience, based on the premise that there’s no such thing as absolute security. So you need to be prepared to have a good copy of your data to bring back to life, to bring your company back to life.
Robert Dutt: Obviously, a lot of talk about AI because it’s the 2020s and we’re at a tech conference. Everyone’s going that way, which is good news in some regards and bad news in other regards in the security sphere, because it turns out the bad guys have access to it.
Rob Emsley: Yeah. And that’s true for, as you imagine, a lot of technology. If you think about just life in general, there’s a lot of things that are available in the market that can be used for good and can also be used for bad. It all depends on what hands those technologies are in.
And certainly, if you look at the use of AI to manufacture more sophisticated cyber attacks, certainly if you think about the use of AI to provide more sophisticated phishing emails, that’s certainly one thing I think we’ve seen. And certainly the concern around using AI to more quickly identify vulnerabilities – that’s been something that’s been top of mind in the news over the last few weeks, a couple of months.
But again, I think both of those just reinforce the importance of having a surety that you have a good known copy of your data that you can take to the bank to bring the company back online. And I think from an MSP perspective, offering an infrastructure that gives their customers that assurance is really beneficial to customers. The old adage of customers want to sleep well at night – and if an MSP can help them do that, then a good night’s sleep is worth a fortune sometimes. Certainly my wife would say so.
Robert Dutt: I think after 365, backup has been a fundamental underpinning of managed services for such a long time. I’m curious what you think is most common for MSPs to miss in terms of evolving and doing more than just the old-fashioned backup technology and getting more out of that.
Rob Emsley: Yeah, I think if you look at a lot of the backup technologies that are available, certainly backup has always been that last line of defense. And unfortunately, being that last line of defense, the bad actors realize that if you compromise the backup infrastructure, you can pretty much do whatever you want. All bets are off. The customer doesn’t have a last line of defense.
So if you think about some of the research that’s in the industry, 97% of cyber attacks involve attacking the backup infrastructure. And that doesn’t matter whether or not it’s managed by the customer or managed by an MSP. So I do think that MSPs need to become much more conversant in explaining what they are doing and how they have implemented a backup infrastructure that really is that last line of defense. And that’s something which you start getting into the concept of offering isolated copies of backups – maybe not for every single data type, but certainly we believe wholeheartedly in the concept of the minimum viable company, which really is a discussion to have with the board about when everything is gone, what needs to come back in order for you to be viable.
Because I think that’s the killer – some people have a laissez-faire attitude to, well, everything’s important. But if everything’s important, then nothing’s important. So I do think that the MSPs that are in the backup industry need to realize that the backup value has changed. It used to be very much around being there for operational recovery. Having backups is just good hygiene, but having backups that aren’t secure is a no-no in today’s market. So that becomes a very important shift for MSPs that are in the backup market.
Because I do agree with you – backup, God bless it, has been a great value creator for MSPs. Many customers realize that they need to back up their data. Subscribing to a service to do that is certainly an easy way to use your resources for more productive work to drive revenue. But at the end of the day, if you’re not secure, it’s difficult to innovate with confidence.
Robert Dutt: All right. How does the portfolio that you guys are offering today help partners position their customers to be able to bounce back based on what really happens when they get attacked, breached, when their backup is part of that?
Rob Emsley: Yeah. So within the Dell Technologies portfolio, this occurred probably about seven years ago. When I came back to Dell in 2018, we were simplifying the infrastructure portfolio of the company – storage predominantly, servers, and at the time data protection and cyber resilience. So many of our customers and our partners realized we have a portfolio of Power-branded products: PowerEdge, PowerStore, PowerMax, PowerSwitch. And probably in 2019, we introduced PowerProtect. So PowerProtect is the umbrella portfolio for everything we do in that backup and recovery, data protection, and cyber resilience space.
Within there, we sell software to create copies of data and store them on hardware. And the hardware that we sell is something that we’ve been very lucky to have ownership of for literally 20 years. It’s an acquisition that was made by Dell Technologies, actually prior to the acquisition of EMC – it was an EMC acquisition, a company called Data Domain. And Data Domain has been really foundational for delivering cyber resilience. It falls into the category of what IDC calls the purpose-built backup appliance market. So unlike general purpose storage that many backup vendors use, this is a storage tier that was specifically developed for the purpose of storing backups.
So it was developed with three attributes in mind. One was performance – how fast can I back up, how fast can I recover? It was built on efficiency – backup is a very repetitive process, so how can I store multiple backups in less physical capacity? So data reduction, deduplication. And then scalability – how can I start small and scale? But then overarching to that is how can you make it rock solid and secure? So the security features of our PowerProtect Data Domain appliances are something that’s very advantageous. And many of our managed service providers have stood that up in their data centers and offered that as the foundation for cyber resilience.
The nice thing is that Data Domain, as well as supporting Dell Technologies software – so PowerProtect Data Manager, and other software assets that we’ve had for even longer, products like Networker and Avamar – it also has a very healthy ecosystem. There’s a protocol called Data Domain Boost that we use to allow third parties to integrate with Data Domain directly. Because the reality is that an MSP, when they go and talk to a customer, that customer has more than likely already made choices around the backup software that they’re using. And it’s more than likely not just one.
And sometimes when they go to the MSP, they’ll say, well, can you basically choose a backup software application? But even the nice thing is, from an MSP perspective, Data Domain is multi-tenant. So you can slice up Data Domain into an ability to serve many MSP customers using different software if the customer so chooses. So if you look at our expo floor this year, we’ve got companies like Commvault exhibiting, companies like Veeam exhibiting. That’s the way that our portfolio is set up to provide that backup infrastructure for MSPs to leverage.
Robert Dutt: Obviously, one of the big occurrences here from a partner point of view is the Modern Partner Platform that’s rolling out. And in part of all of those changes, you got the specific call out for cyber resilience solutions as one of the differentiated product areas for premium rebates. That’s a pretty big carrot. What does it say about the signal to the channel about where you see the biggest growth opportunities across Dell?
Rob Emsley: Yeah, we have historically done the majority of our business through the channel, but we also recognize that the channel has a lot of choices. Many of our competitors, in fact most of our competitors in that cyber resilience backup solution space, are all pure-play individual companies, most of which have very little direct sales capabilities. So very channel-focused and therefore have blanketed the channel to sell their wares, sell their products.
We wholeheartedly believe that the Dell Technologies portfolio, either standalone from a cyber resilience solutions perspective, but also taken in context of the other key elements – you think about things like private cloud and AI – gives a channel partner the concept of delivering secure infrastructure and the opportunity to take advantage of that broader portfolio. And as we talked about earlier, you can’t deny that cyber resilience is top of mind. It’s as high on the board’s agenda as, hey, how are we going to take advantage of artificial intelligence? Some could argue that cyber resilience is either on par or if not, for many customers, more of a concern, because it’s that ever-present danger of – is the infrastructure that I have now, even before I’ve implemented AI, secure enough to allow us to sleep at night?
We certainly see the pivot from data protection to cyber resilience fitting well with the other vendors that our MSPs talk to. We certainly have a portfolio that addresses small customer needs to large customer needs, can absolutely be leveraged by our MSP partners to build a practice behind. And also, with cyber resilience solutions, there’s that upfront services component built in – identifying what is the minimum viable company that needs to be the most secure, the most isolated, to give those customers the peace of mind and actually show the MSPs as valued trusted partners.
Robert Dutt: So much of the focus is obviously on enterprise data, on the data center, on the infrastructure side. But you also have the Workspace Protection offering going on. How important is securing the endpoint in the overall resilience strategy, and what’s the play there for partners from a resilience point of view?
Rob Emsley: Yeah, certainly if you think about the entry point into most networks, the endpoints are clearly the most numerous, just by the volume of endpoints compared to the volume of elements in the data center. So certainly when we look at cyber resilience, we look holistically – not only at the data center infrastructure, but absolutely the endpoints that we sell.
We continually look at the elements of security across the portfolio. And there’s a lot of foundational technology across the Dell product line, whether it be in the client space or in the server or storage space. The concept of trusted boot, secure BIOS, really carries forward through the PC line all the way into our server line and then the leverage of those servers into our storage portfolio.
And then from an MSP standpoint, when you engage with Dell from a purchase perspective, you gain the advantage of the secure supply chain that Dell uses to its advantage. Our supply chain forever has been an incredible value, not only to ourselves, but also to anybody that buys from us, including our partners. But the fact that the way that we leverage that supply chain securely gives a lot of peace of mind. Because many of our partners, when they’re working with security companies, those security companies are not manufacturing their devices. Certainly they’re not manufacturing endpoints. Most of the time, they’re not manufacturing data center servers and data center storage solutions. They’re buying from somebody else.
So the concept of a secure supply chain becomes harder to rationalize when you have multiple suppliers providing your solution. So at the end of the day, one of the advantages when it comes to Dell is that if you choose to work holistically with Dell, you get this foundational benefit across the portfolio of a lot of commonality when it comes to security and resilience. That’s one take-it-to-the-bank benefit that an MSP can achieve when they work with Dell Technologies across the entire portfolio. We’re fortunate enough to be in a position to have that entire portfolio, and long may that continue.
And certainly that’s one of the advantages – when we look at security and resilience, we can look at it from the endpoint all the way to the data center and beyond. And I think that’s something that is a big benefit for MSPs to lean into the whole portfolio, as well as the advantages of aggregation of benefits and different tier levels by having a single-vendor, multi-portfolio opportunity, as opposed to slicing and dicing their vendor engagements across half a dozen different vendors.
Robert Dutt: What do you see as the most common gap, especially in the mid-market, in terms of incident response plans today?
Rob Emsley: I think it’s one, having one that is documented and printed out. That may seem very basic, but…
Robert Dutt: Until your systems are locked down by ransomware.
Rob Emsley: Exactly. So the very basic advice of have a plan and print it out may sound very old-fashioned and simplistic, but in the mid-market, that is probably something that people should consider. Certainly, practice does make perfect is not a trite saying. Practice, practice, practice in the mid-market becomes important. You don’t want to be developing a plan or using a plan for the first time when the house is on fire. You want to know where the exits are, where the fire extinguisher is, and you want to know how to use it. You want to make sure that when you use it, they work. Something which we can probably all think about in our own home lives, to be honest.
So I think that’s probably something which, no matter what size company you are, it comes back to – you don’t want to lose your employees, you don’t want to lose your data. And when it comes to cyber resilience, you’re never too small or too big to take a fresh look at what you do and what your plan is.
Robert Dutt: Once again, I appreciate you taking the time. Great chat.
Rob Emsley: Great. Thanks, Robert.
Robert Dutt: There you have it, Rob Emsley from Dell. I’d like to thank Rob for carving out some time during what has been a very busy week on the show floor at DTW.
A couple of things from the conversation that I think are worth mentioning. First, that 97% figure – 97% of cyber attacks now involve targeting the backup infrastructure directly. If you’re an MSP and your backup practice is still built on the assumption that the backup is the safe harbor, that’s a foundational problem. The attackers know exactly where the life raft is.
And second, the idea of the minimum viable company sounds simple, even obvious, but it’s actually a board-level conversation that most MSPs probably aren’t having and probably should be. What are the absolute minimum systems, data sets, and processes that a business needs to restart their operations? Answering that question and then building a resilience stack around that answer is the real difference between selling backup and selling business continuity.
And his parting advice – have a plan and print it out – almost laughably basic until you consider how many organizations discover their incident response runbook is sitting on the encrypted server when they need it the most.
I’d like to thank you as always for listening to the show. Please follow or subscribe wherever you get your podcasts – Apple Podcasts, Spotify, YouTube, most directories. Ratings and reviews are always appreciated and always help.
Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.