Global collaboration key in mitigating AI threats and enhancing Data Protection

Sandeep Bhambure, with over 20 years of IT industry experience, serves as the Vice President and Managing Director at Veeam for India and SAARC, where he has driven significant growth for the company in the region, achieving triple-digit expansion in key areas such as SaaS workload and Microsoft 365 data protection.

Harish Soni, with over 17 years of IT services experience, is the Resiliency and Security Practice Leader at Kyndryl India. He specializes in business continuity, data protection, disaster recovery, and security strategy, driving robust cyber resilience initiatives for enterprises.

In this joint interview, Harish and Sandeep talk about the joint partnership between Veeam and Kyndryl, the evolving cybersecurity landscape, and the need for businesses to prioritize cybersecurity measures. They emphasize the importance of implementing a robust data resiliency strategy to protect and recover data, promptly.

Sandeep Bhambure
Vice President and Managing Director,
Veeam India & SAARC

CIO&Leader: Sandeep in your opinion what are the most significant data resilience challenges that organizations in India are currently facing?

Sandeep Bhambure: Veeam Ransomware Trends report 2024 that surveyed 1,200 respondents — including CISOs, security professionals, and backup administrators — whose organizations suffered at least one ransomware attack in 2023 to assess different perspectives in the united fight against ransomware. Cyber-attacks were the chief reason for the customers to re- look at their cyber resilience strategy. Alarmingly, three out of four organizations faced ransomware attacks in the previous 12 months.

Our research from the previous year shows consistent data, however the frequency and sophistication of cyber-attacks have notably increased. Bad actors are becoming smarter and more sophisticated. Making data protection and cyber resiliency strategies an integral component of a customer’s IT and cyber security framework. Ensuring data protection is now essential for any business, as bad actors often target backup data first. In fact, 95% of attacks are aimed at backup data.

When bad actors gain control of backup copies, it becomes extremely difficult for an organization to get back on their feet and recover data. Therefore, having secure data protection, backup copies, or implementing immutable and air-gapped backups are critical elements of a resilient cyber strategy.

CIO&Leader: Building on that, with the increasing emphasis on data sovereignty and the Make in India initiative, many are concerned about where their data is being stored and the level of control foreign entities might have over it. How do you think we can address these concerns and ensure data security and trust while supporting the Make in India initiative?

Sandeep Bhambure: This is a crucial aspect for companies to consider in their data protection strategies, particularly when it comes to immutable or air-gapped backups. Organizations are looking at either on-prem disk drives or maybe even cloud as a target to secure or to have a secure and immutable backup copy.

The good news is that the hyperscalers today provide assurances to companies and we work with them very closely to ensure data sovereignty is maintained. Additionally we work very closely with the whole ecosystem of Make in India or Indian-born cloud service providers. Kyndryl is our global partner. While data sovereignty is a mandate for many organizations, but its not universal. Wherever it becomes a mandate, we have the partnerships in place to ensure that this part of the compliance or the requirement is really adhered to.

CIO&Leader: What measures does Kyndryl take to ensure responsible AI practices in its generative AI services, and how do you balance innovation with ethical considerations such as transparency and privacy?

Additionally, some startups and enterprises believe that the lack of regulations fosters greater innovation, providing more freedom and space to innovate. How does Kyndryl navigate this landscape, and where do you position yourselves in balancing regulation and innovation?

Harish Soni
Resiliency and Security Practice Leader
Kyndryl India

Harish Soni: As you rightly said earlier, we need to be responsible when using AI, given its potential impacts. Companies need to utilize AI in their services or solutions in the right way and in a practical manner. AI is also being increasingly used in cybersecurity attacks, particularly evident in recent incidents where senior politicians have been targeted by AI-driven attacks.

Applications, Data and AI is one of Kyndryl’s six key practice areas and a very key focus for us. We integrate AI in different solutions to generate the right set of insights for our customers. Specifically in this cyber resiliency space, we are working on using AI to get insights from the technology stack that protects the customer, and then use it on a technology stack of a single server or an endpoint business application to give the customer an overview of how it can help them avoid incidents and disaster situations.

CIO&Leader: With the government actively moving towards AI regulation, there are ongoing discussions and budget allocations in this area. Currently, the EU AI Act serves as the benchmark for AI regulation. Where do you see the government heading in terms of regulating generative AI, and how do you think this will shape the future of AI in India?

Harish Soni: As you rightly mentioned, we are witnessing an increase in data regulations globally, not just in India. Data privacy in India is a vast and critical area that has become a major concern, significantly influenced by frameworks such as the GDPR in Europe.

Protecting customers’ data within a country involves several key measures and governments are increasingly focused on data protection. As individual countries, specific measures can be implemented to protect critical assets. However, addressing broader, global issues requires international cooperation. Governments will need to collaborate to establish standardized approaches for managing these threats, rather than addressing them in isolation. In that  context, we are seeing India and the US entering into partnerships to see how they can work towards the cyber security or the cyber resiliency journey. By sharing knowledge, resources, and strategies, governments can create robust frameworks to mitigate AI-driven threats and enhance data protection on a worldwide scale.

This collaborative approach ensures a more resilient defence against cyber threats, leveraging the collective expertise and resources of multiple nations to safeguard data and maintain security in an increasingly interconnected world.

CIO&Leader: Sandeep there is a noticeable trend of enterprises shifting from public to private cloud. Why do you think this is happening, and how can we make the public or shared cloud more cyber-resilient and safer for enterprises, particularly startups? What measures can we take to ensure and encourage startups to adopt more secure cloud solutions?

Sandeep Bhambure: The movement of data from on-prem to cloud or a cloud to on-prem is not going to stop. The reality of the IT world is a multi-cloud scenario. And again within the multi cloud, I would say a hybrid cloud as well. You were alluding to data moving from a public cloud to a private cloud where I believe you’re essentially talking about a setup which is built on-prem. Customers are still dabbling with workloads that could move to cloud.

They are also thinking about initiatives where data needs to be brought on-prem or into a private cloud setup for example, AI led initiatives. Organizations are taking a cautious approach as far as AI is concerned. I think everyone wants to look at how AI can really help or drive better outcomes for their business. But then companies are very selective on where to deploy AI and it is more for most companies. It is in a pilot phase and then whether it is for the sake of regulation coming in from the government on the AI act and so on.

In a multi-cloud scenario, its crucial for customers to recognize that the responsibility of protecting the data and the ownership of data still lies with them. If you read out the fine prints of any hyperscalers or when they talk about data protection, it is very clear that it’s a shared responsibility between the hyperscaler and the customer.

Customers are adopting diverse strategies to safeguard their workloads across AWS, Azure, Google Cloud, and other platforms. They could look at different ways of protecting that information in different architectures. For instance, AWS data workloads could be protected on Azure cloud, M365 data coming to Azure or AWS or coming on-prem. This movement of data and protection of data for the sake of resiliency is something that is driving the business for us.

Our partnership with Kyndryl is pivotal in bolstering customers’ cyber resiliency strategies, ensuring secure backup and data protection approaches.  

CIO&Leader: Harish how does the strategic alliance between Veeam and Kyndryl enhance the resilience services offered to customers?

Harish Soni: Its very important to have visibility of the data flowing across different kind of workloads, be it hybrid or your multi-cloud. With that visibility, you can bring in the right set of controls and the skills needed to build it. Along with our alliance partners, we are working with two of our customers to help them build that visibility and bring the required controls as part of the technology stack.

Kyndryl and Veaam works together in understanding the customers’ requirement and building the right approach for their cyber resiliency strategy. We do an assessment for customers on their key assets and build the best cybersecurity solutions to protect those assets.

Sandeep Bhambure: Two-third of the organizations actually don’t look at their cyber resiliency, which is security and backup strategy, they look at it in silos. Alongside our partnership with Kyndryl and their extensive global expertise, we work closely with their ecosystem. We collaborate with Sophos, Palo Alto Networks, CrowdStrike and so many other security players.

Together, we deliver significant value to the customer by presenting a cohesive strategy that integrates backup and security considerations. That’s the ability or the capabilitties that this partnership brings to the table. This capability is crucial in cyber resilience efforts, especially since 95% of cyberattacks target backup copies. It’s essential for organizations to adopt security strategies that encompass protection for backup data, ensuring immutability of backup copies for effective recovery.

They need to look at their security strategy in a way where the security software or platform is also protecting the backup copies. Once you ensure that and you make the backup copies immutable, you have a road to recovery and this is what the partnership with Kyndryl brings to the table, because we know that they have global capabilities and integration with the ecosystem players that actually bring a lot of value to the customers, enabling a unified approach to data protection and cyber resiliency across their organizations.

CIO&Leader: In what ways do you think enterprises can enhance their cyber resilience?

Harish Soni: Cyber resiliency is a journey of cyber security plus resiliency. Cyber resiliency needs to be a board-level discussion within organizations, for them to be cyber resilient or to start on their journey.

Many organizations are now investing heavily on the zero-trust approach. However, a key challenge they face is that they don’t know their landscape. Companies need to invest time and effort to first map their IT and security landscape, then build a framework that will give them exposure to minimum impact.

When protecting critical workloads, the levels change depending on whether its a cloud workload to on-premises workload. There are different protection levels for each, which is also a reason why organizations need to take stock of the critical assets first before building security protocols. They will also need to put in place resiliency measures that will help to recover faster in case of a cybersecurity incident.

Image by Freepik

Share on