In London, ESG's Steve Duplessie and Senior IT Veteran Stephen O'Donnell discuss Disaster Recovery in Western Europe.
Steve: Hey there. I'm Steve Duplessie and I'm happy to be joined by a long-time, IT industry veteran and rockstar, Steve O'Donnell. How are you doing, Stephen?
Stephen: I'm doing really well, Steve. How are you?
Steve: Fantastic. I'm having a great time here in London, finding some interesting folk to talk to about what's going on specifically in Western Europe. So what's the latest with Brexit? How do you think that's going to affect things here? If Brexit does happen, how does a UK company do DR? I mean real DR.
Stephen: Yeah. No, that's an issue. Maybe with North America. Who knows.
Steve: Oh, it just couldn't be within Europe?
Stephen: Well, no, I mean the UK guys can decide to put their stuff in Europe, but then we still have UK laws that are based on European laws, which are about data residency so you can't ... Well, GDPR still plays, even after Brexit, because it's been adopted into UK law. GDPR is an interesting topic actually.
I hear a lot of that happening now in North America, and particularly in Massachusetts, and New York and California.
Steve: We're still a bit confused when it comes to data privacy.
Stephen: Everybody's a bit confused, but it's kind of a state of mind. Who owns the data? Is it Mark Zuckerberg and Facebook or is it yourself? And in Europe, it's the individual citizen that owns the data. In other legal entities, it's whoever's got it, or it's not clear.
Steve: Right. And I think predominantly, it's not clear.
Stephen: If it's not clear, the buggers lose it.
Steve: You bet. You bet. And then we see a breach every day now.
Stephen: It's crazy, isn't it?
Steve: It's just crazy.
Stephen: It's inevitable that you're going to lose data, because the people who are after your data are smarter than you, and they've got more resources than you have. If it's a state-sponsored attack, they're going to get it.
Steve: it's interesting you bring that up. So in the states right now, the second town in Florida just paid a $700,000 ransom to get its data back. Baltimore, major city, has decided, "We're just not paying." But meanwhile, their systems have been destroyed for 10 days now. And so it's a crazy problem.
Stephen: I've been in financial services for some time. In financial services, one of the things that we do is we stress test our business processes, and do extreme events to determine what might happen, what the outcomes might be. And one of the stress tests we did was a state-sponsored cyber attack, where not only did the state-sponsor get our data, but they also got our backups.
and so we lost everything completely, without any chance whatsoever of getting it back. And actually, if you think about it, if they get administrative credentials, then that's exactly what they can do. They can destroy your backups, because mostly they're online now, and they can destroy your main data. So we changed our process and we put an administrative air gap between the backups and the production system so that the administrators couldn't destroy the backups.
Now if the administrators can't destroy the backups, you lose their credentials, the hackers can't destroy the backups. And it's quite an interesting concept but it's a really important one.
Steve: Clearly. Clearly, in today's day and age. It's also, you know, nobody wants to spend money until they have to, but unfortunately, if you're not doing it now, you're going to spend a lot more later, it just seems like.
Stephen: And insurance, lots of people say, "Oh, we'll, get insurance for cyber attacks." But you can't insure loss of data that you're never going to get back, because you'll just lose your business. You don't know who you're going to bill, you don't know who owes you money, who you owe money to. You can't pay your employees, You are absolutely finished.
Steve: That's not the word I thought you were going to use.
Stephen: No, I'm being polite now.
Steve: Well. That was very nice. All right, well, listen, thanks so much for your time. It was great to chat as always, and we'll see you soon.
Stephen: Yeah, thank you, sir.
Steve: Take care.
Stephen: Have a good day.