Navigating the data security iceberg: An exclusive with Cohesity's Sanjay Poonen

Navigating the data security iceberg: An exclusive with Cohesity’s Sanjay Poonen

  • Cross-industry integrations can amplify global cyber detection, protection, and recovery.
  • Cohesity unveils Turing: a growing AI solution powering insights for global customers.

Data security, privacy, and access have emerged as major challenges for many organizations in the rapidly evolving digital landscape. It’s predicted that several significant issues will confront companies in the near future. Companies must secure their sensitive information while ensuring accessibility to appropriate parties. This task adds another layer of complexity when balancing access with necessary privacy measures.

Furthermore, organizations must prepare for evolving cybersecurity threats, such as advanced persistent threats and ransomware attacks. Companies must establish comprehensive data management strategies incorporating advanced technologies and robust security practices to navigate these challenges successfully.

Tech Wire Asia had the opportunity to speak exclusively with Sanjay Poonen, CEO & President of Cohesity, about data security and protection capabilities. He also shed light on how Cohesity is helping customers with its AI & ML capabilities and integration with one of the ‘big 3’ cloud providers’ AI offerings.

Addressing data security challenges

Sanjay Poonen, CEO & President of Cohesity

Sanjay Poonen, CEO & President of Cohesity

Poonen likened challenges in data security and privacy to an iceberg scenario. The visible part represents primary data, actively collected and stored in databases, emails, or files. Over time, this data is backed up and becomes harder to access, much like an iceberg beneath the water. This burgeoning backup data presents two significant issues.

Firstly, cybercriminals have identified this secondary data as a lucrative target. Companies often find themselves compelled to pay the ransom if infiltrated since the compromised data is typically their only backup. This situation has led to a surge in ransomware attacks on backup data, shifting it from a mere storage concern to a prominent security issue.

Secondly, the nature of this backup data—compressed, deduplicated—makes applying analytics, business intelligence, and artificial intelligence challenging. This results in a sizable but underutilized treasure trove of information, presenting an obstacle to efficient data utilization.

“We have identified these challenges and are uniquely addressing them by applying security and AI techniques, such as generative AI, to this secondary data. We believe we’re on the cusp of something big,” said Poonen.

Cohesity and Google Cloud: A powerful alliance

Cohesity recently announced an expanded collaboration with Google Cloud at the Cohesity Catalyst virtual conference, aiming to empower organizations with generative AI and data. They also introduced Cohesity Turing, a dynamic AI technology suite enhancing data security and management. This strengthened alliance with Google Cloud and Cohesity Turing allows organizations to manage their entire data spectrum through a secure, unified workflow across on-premises, multi-cloud, and edge environments.

Poonen envisages significant collaborative potential between AI-centric Google and startups like Cohesity, augmenting their partnership with Microsoft in OpenAI.

“Google’s strong reputation in the AI field, alongside the successes of Google Cloud, is mainly due to their expertise in AI. Therefore, we are adopting a customer-focused approach: if customers choose Google Cloud as their preferred vendor, we’re poised to work closely with them. The same applies if they choose Microsoft Azure or AWS, which is currently working on its general AI platform, Bedrock. Ultimately, our priority is customer choice,” Poonen explained.

Cohesity and Google Cloud have a longstanding collaboration providing customers with a robust enterprise-grade solution for application backup and recovery. Expanding on recent developments, Cohesity is further integrating its AI-ready platform, Cohesity Data Cloud, with premier cloud services such as Google Cloud’s Vertex AI.

This integration combines Cohesity’s data security and management prowess with Vertex AI, empowering customers to derive new insights from their already secured and managed data on Cohesity’s platform. It also enhances data search capabilities across vast quantities of data, enabling swift threat detection and response to specific queries.

Regarding Cohesity Turing, this launch encompasses an assortment of AI/ML technologies and abilities, integrated into Cohesity’s multi-cloud data platform and solutions. Cohesity plans to persistently refine the range of technologies offered by and powered through Cohesity Turing as new AI requirements surface, thus empowering customers to use AI in a secure and responsible manner.

Cohesity Turing is designed to facilitate organizations in leveraging the most recent AI capabilities to streamline operations, gain a deeper understanding of security threats, and extract more value from their data.

“Our primary focus in data security is on ransomware protection. While we aren’t as concentrated on the privacy use case, we certainly prioritize protecting the data. We can provide privacy controls for the data that companies store and govern. If you envision that large volume of data as the bottom of an iceberg, you’ll see that the more we can scan the data for malware or sensitive information, the better we can ensure its integrity ,” said Poonen.

By applying these techniques, the company can confirm the data’s cleanliness, similar to being in a “clean room.” The data is then isolated in a secure, immutable location, whether in an air-gapped environment, in the cloud, or on-premises.

The importance of the CISO and CTO collaboration

Given the challenges and bottlenecks Poonen mentioned, it’s evident that the Chief Information Security Officer (CISO) role is more critical now than ever before. However, collaboration between CISOs and Chief Technology Officers (CTOs) is also essential. Typically, the focus on infrastructure falls under the purview of the CTO, while budget allocation often stems from the CISO.

While partnerships might succeed or fail, adopting an egoless perspective and understanding that the shared goal is safeguarding the company can lead to effective collaboration. “Regardless of who controls the budget, if the CISO can secure approval for a ransomware protection budget item, and this approval aids the implementation of a next-generation data management and security solution like Cohesity, it would be beneficial for both roles to work together,” Poonen emphasized.

Source - Shutterstock

Source – Shutterstock

Reflecting on the rapid evolution in data security, it’s clear that the responsibility lies with organizations, particularly the CISO, to anticipate future trends. Poonen offered valuable advice for such organizations to prepare for impending changes.

He stressed the importance of strengthening cybersecurity hygiene to shield against many attacks. This could entail implementing multi-factor authentication, endorsing routine password updates, defining segmentation and micro-segmentation policies to contain exposure, and adopting a privilege-based access system to establish varying authorization levels. Additionally, he advocated for the incorporation of a zero-trust approach.

“These are fundamental security principles that everyone in the organization should understand,” said Poonen. “It’s akin to attending driver’s school – each employee must be educated on these principles as they play a significant role in ensuring safety. It’s then crucial to enforce these policies in a way that might resemble traffic school. There are traffic lights and police for a reason, but within those confines, there’s still freedom – you can drive quickly on the freeway but slow down on congested streets.”

Poonen likens managing AI to taming fire: beneficial if controlled, destructive if misused. Advocating for ‘responsible AI’, he emphasizes the need for safeguarding measures to prevent misuse. Cohesity implements these AI guardrails, ensuring secure and responsible use while promoting productive data analysis.

Cohesity’s data security alliance: Bridging enterprise IT and security

Cohesity, prioritizing data security, expanded its unique Data Security Alliance with new members, including Netskope, ServiceNow, and Zscaler. Further, it introduced fresh integrations with cybersecurity leaders like CrowdStrike, ServiceNow, and updated its association with Tenable.

In November 2022, the alliance also comprised BigID, Cisco, CyberArk, Mandiant, Okta, PwC UK, Palo Alto Networks, Qualys, Securonix, and Splunk. This unique consortium bridges enterprise IT and security, fostering rapid threat detection, enhanced remediation, and improved cyber resilience.

An upcoming global study commissioned by Cohesity, featuring BigID and Tenable, highlights the demand for such alliances. In the survey, 87% of over 3,000 IT and security respondents concurred that integrated anti-ransomware solutions provided by data security and management, and cybersecurity companies are essential for combating ransomware threats.

What steps is Cohesity taking to stay ahead, and what can organizations in the APAC region expect from Cohesity?

Cohesity’s central strategy is to uphold an innovation rate that outpaces its competition. Although its team is smaller than many competing firms in the traditional data protection sector, Cohesity’s spirit of innovation has positioned it as a frontrunner. The goal is to innovate five to ten times faster than competitors.

“Despite being smaller in size, we’re the fastest-growing company in terms of market share growth, according to key analysts,” said Poonen. “We attribute this growth to our emphasis on innovation. We strive for recognition as a leader in vision and strategy, with our team aiming to outperform by a factor of three or four.”

This acknowledgement isn’t just internal; even IBM, a competitor, has recognized Cohesity’s innovative prowess. After evaluating all players in the space, IBM concluded that Cohesity has the best platform, deciding to exclusively OEM Cohesity, a decision made just two months ago in March.

Poonen is optimistic about its reputation in the field, stating, “Increasingly, customers and partners see us as a top product in the sector. We’re excited about the potential of our partnership with IBM in APJ. They have a much broader channel and a strong brand presence in Asia Pacific, Japan, Australia, Singapore, and many other countries where our distribution may not be as widespread. I’m eager to see how this partnership can broaden our market reach in APJ.”