International Business Machines Corporation (IBM) Earnings Call Transcript & Summary

Good afternoon, everyone, and welcome to today's interesting webinar on End-to-End Data Resilience with IBM Storage, brought you by ETCIO SEA in association with IBM. I'm Shweta Modgil, Senior Assistant Editor for ETCIO SEA and I will be your host for today. With the average cost of the cybercrime rising to $4.24 million and recovery spanning from days to weeks. Cybercrimes continue to be a major concern for organizations the world over. It's critical to have a cybersecurity strategy to defend against those cyber attacks, but as no security tool is 100%, it is possible that a cyber attack might bypass all your defenses. So the key is how to recover keenly and faster within minutes or hours rather than days or weeks. Hence, you need both cybersecurity and cyber resilience strategies in place. Organizations today need a cyber resilience strategy that encompasses every aspect of their on-premise and cloud environments to support all their traditional hybrid cloud and virtualized workloads. So in this webinar brought to you by ETCIO SEA in association with IBM, we are going to deep dive into how organizations can understand their current data resilience, what steps can they take to build a well-defined data resilience strategy and how IBM Storage can enable them to minimize business exposure from a cyber attack and speed up recovery. So let me quickly take you through the flow for today's session. Post that, we have a Tech Connect session, which will be led by our IBM speaker. Post that, we have an open Q&A session with the audience, followed by closing. So let me introduce to you today the speaker that we have for today's webinar, today, we have with us Tung Yang How who's the storage technical specialist, IBM ASEANZK. Welcome, Tung Yang. Thank you for joining us today.

Thank you very much. Good afternoon.

Great. So I think we have you here. So without much ado, let's begin the interesting Tech Connect discussion. So over to you.

Thank you, Shweta. Thank you very much. Thank you very much to the organizer, to the IBM fellow colleagues and everyone who helped organizing this event and a warm welcome for everyone, whichever location.

Just a request to Tung How, I also request you to please switch on your camera.

Something I forgot, sorry. And warm welcome to everyone here. Good morning, good afternoon, or even good evening for whichever location you are within these APAC regions. Now thanks for organizer again. And thank you to all that spend some time, allocate some time for the next 1 hour, our call discussion sharing with us. Feel free to pose your questions. If you have any question related to the presentation content and so on, feel free to post it into Q&A chat panels, and then we will address in the Q&A slot later. Now to start today's sessions, we will discuss the concept that can help you understand the needs and importance of having a data resilience, data centers, okay? We'll help you to identify the pain point that certainly, okay, come when there's a -- when the data center is not resilient, focusing primarily on the storage. Last is, I show you how IBM Storage solution can help you experience -- help you experience a sustained excellent performance, enjoy the highest level of business uptime at the same time, protect the data wherever it resides. Now for what you see next -- so why is data resilience so important? Why do you need to act now? Why the number of cyber attacks are not showing any sign of reductions? In fact, they are doubled in 2020, having also doubled in 2021 and in the first half of 2023 alone, okay, the number are 2.5x more than the previous year. So frequency of cyber attack is accelerating, not slowing. And on top of that, the cyber threats or cyber attack is happening not no longer in minutes, they are happening in the second, okay? This basically showing the well known attack or penetration method by the cyber crime trying to infiltrate your security parameter, your firewall, which is basically the cybersecurity facility that you have invested to protect your operating environment. I believe these are the so-called terms that shown on the page, it is no stranger to some of you or most of you, at least I believe so. So what you're seeing here next is approximately 49% of attacks are targeting the data itself with ransomware attacks accounting for 24% of the attacks, but more worrisome is the destructive attacks, often linked to us with cyber warfare and which is now at 25%, up from approximately 5% just 2 years ago. With ransomware as a service or hacker as a service that you've seen in the previous page. When a new vulnerability is found, they can very quickly scale to cause destruction to not only 1 organization, but many organizations at what I call worldwide scale, global scale and impact a lot of -- impact the entire so-called business change. Now the fundamental issue here is without a proper data residency strategy, the industry average for recovery after an attack is 23 days, and this is not sustained for any business, and it's definitely won't be sustainable for your business [indiscernible] I think 20% of the clients who pay the ransom still could not recover the data because cyber attacker only interested in exploiting your money, not recovering your assets or data after you pay the ransom. Even though organizations have invested a lot in layer of perimeter defense, just 1/3 of the cyber crimes or cyber threats are being discovered by the company, all security tools and stuff. That means 2/3 are not being discovered or in exposure. So beside the additional threats, another reason as there have been change for your consideration is the new operational resilience regulation and governance that come into effect. Now what we're seeing here is in Europe, there are a set of new regulation referred to as DORA for financial and NIS2 for other industry. Across the governance basically require that the business impact of this new regulation means that there will be major significant fine for failure to comply with new operational resiliency guideline, up to 2% of global turnover. While these are currently European regulation, there are no doubt this regulation will start to become enforced in other geographies, just like the GDPR that started in Europe and then spread all over the world. It's easy to see why European put this regulation in place. There is a great concern over things like track of a coordinated attack on multiple banks for example and the potential damages that could do to the entire global economy. At a very minimum, this new regulation can also be accessed the new benchmark for the best practice that you should be looking to deploy, not waiting for regulations. Now the very first known fine for failing to comply with operational resilience regulation was in the U.K. to a customer called [ Deloitte ] they will fine GBP 48 million for failing to meet the FCA regulation for operational resiliency. So it is going to be important for organizations to understand who can help them. The only Microsoft tried to combine for us to meet the regulations, but they could only go up to approximately 60% compliance. IBM can help you and IBM can help you up to 100 -- meeting 100% of the regulation requirements. Now in this screen in this -- basically, this is going be animated screens. So what you're seeing is top right, which is your top -- sorry, top left will be the production workloads, which is basically your business workloads in short, snapshot is the standard practice of creating backups for your data, okay, to create a point and back up to the data so that it can act as a point of recovery. And at the bottom part -- bottom sections is basically the cybersecurity protection parameter that you have invested and built on to protect the infrastructure on the top layer. So -- but I think this is without a proper data resiliency, you have all the cyber -- you have all the security parameter facility built for infrastructure, but without the data resilience. So let's see what happens. So let's look at this as an example of a typical customer without data resilience capability. The perception is that the combination of cybersecurity and data protection or backup is all that is required to protect from cyber threat. But unfortunately, no cyber security can be 100% just like what Shweta mentioned. They are absolutely required to prevent and detect as many as possible, but what happened if one slip through the net. Well, when the primary attacker -- when the attacker happen -- when the attacker infiltrate your environments, the first vector -- attack vector that they will focus on will be your backup. This is to remove the ability to recover then it will spread to the production environment and spread around from 1 workload to another workload, to another workload to cause the maximum disruptions, okay? For many organizations, when they first know about the threat being in their data is when the product stop working or acting weird or when they receive a ransomware demand or indeed both. So the issue is with this [ organization ] it is already too late for you to recover any data because both your production versions and your backup versions are compromised. Now let's look at this from an impact time line basis. This graph show and represent the business impact kind of not being data resilient. If your business decide to do nothing about this, the result can be actually costly, painful and time consuming. When you do nothing, the typical time from point of attack to recover, can be up to 23 days. Here is why? When attack occurs, but you maintain unaware. If you're lucky, you might detect the attack nearly a day after it occur, during which time the attack has been spread and impact a lot of data. Once you are aware of the attack perhaps it was the ransom demand. Then begin -- you begin the process of working out what has been impact? What to do next? Engage with the negotiator. But during this time, more time has passed and more damage has been done. Finally, you start to hopefully recover from the attack. You can see how this can easily take up to 23 days. The longer it takes to identify that you have been attacked, the more workload and data will be compromised, and therefore, it takes longer to respond and ultimately recover. This next graph show the effect of data attrition, disruption impact over time by the cyber criminals. A lot of you might be wondering, how much damage could be caused with the 24 hours, how much data could be damaged within 24-hour period. Now from a statistical study, up to 2.5 petabytes of data could be destroyed in 24 hours. So do a check back, do you have 2.5 petabyte of data in your own current data centers that run your business. Now the next question coming in is, what if you knew the problem here -- discover the issue of data corruption as early as in seconds or less than a minute. In that case, if you can detect and pick up a notification alerts, okay, from your system -- from your cybersecurity systems, okay? At worst case scenario, you only have 1.7 petabyte of data impacted. And with that, it means to say that the faster the sooner you detect the attack, the data corruption symptom, you can -- you only need to recover 1.7 terabytes compared to 2.5 petabytes. Recovery speed and amount of data to recover are crucial to business recovery. It will help you to reduce the time to resume your business operations? So we know that, okay, the value of your data should be continually safeguarded. Questions, can your array, can your search really detect threats before that happens? IBM FlashSystem can and it keeps on getting better. Only IBM FlashSystem can offer cyber attack awareness, defense, detections, response and recovery. IBM FlashSystem is designed to ensure that data is accessible and secure. This is why we continuously innovate to create the most robust storage solutions. Now IBM is delivering -- not just to recover from attacks, and we already have this feature built into our IBM storage. It is the integral part of the IBM storage functions. We call it safeguarded copy. Safeguarded Copy, Cyber Resiliency feature. This feature provides the abilities to perform automated interval based backups to your most mission-critical data and safeguard this data in an immutable format, temper proof formats, isolated format between the primary storage, between the primary storage that holds your production data. So you can just think of it as synonymous to a bank that do -- well, call one debit transaction for your banking requirement. At the same time, they also offer a service to safeguard your most precious valuable asset that you want the bank will take care for you. So safeguarded copy is technically equivalent to a bank book, safety box in short, that provide the storage service for your business application server. So now what we did is in the second half of last year, 2Q -- sorry, 2Q of the 2023, we actually enhanced further on this safeguarded copy, we basically include a feature called inline corruption detection capability in 2Q of the 2023. What it does is with this feature that run on the controller -- the storage controller systems. These functions take assembling of the ingested IO, the right workloads that the right -- what I call operations, they're coming from your business applications, and check on some other statistics like [ compressor ] business statistics to ensure that the write is a valid write. It's not encrypted data corrupted write that could potentially be invoked by your -- by the attacker by the cyber criminal. And with that information that we collect for minutes, we send it to our advance Call Home feature for the storage that is basically also have Call Home function. So this is basically rely on the advanced Call Home function of the Storage. And then that is residing in IBM with that facility. IBM actually will notify you if it detected data anomalies from the statistic perimetry, data statistics that we receive in the support center and then send you the alert as needed. Now just this function is good, employ early detection, but it is capable of only doing that up to minutes -- means to say that in 5 to 10 minutes, you will most likely get alert if IBM analytic engine, the AI engines in the cloud, determines that -- conclude that you most likely fall victim to potential threat because of the data anomalies statistics that we analyze on. So -- if you think this is good enough, IBM is doing better now. Half year passed IBM is making huge enhancement and advancement into this inline data corruption detections procedure or dysfunction in general. What we did is we are introducing a new drive set okay? Next-generation drive, okay? They have built in inline anomaly detections, recorded ransomware attack detections capability, [ RTD ] in function in short into the physical drive itself to ensure that we can help you -- the storage can help you to detect any attempt of data corruptions in seconds. Let's look at the details. So what you're seeing here is FlashCore Module Gen 4. This is the Gen 4 our, what I call, FlashCore module drive that we are so-called delivered together with the IBM Storage. IBM FlashSystem Storage. What it does is this record module 4 have embedded additional processors that take on the task and the role and the responsibility to analyze the incoming IO, every single incoming I/O to the disk to check on the [indiscernible] payload compression statistics, change in the right patterns and throughputs, LBA addressing and sequencing patterns and so fast to identify any anomalies, which is technically the ransomware patterns that ingested and corrupting your data. All this statistical information is captured and analyzed by the built-in processor core that help you to analyze it on the per volume basis. So you basically can -- you basically are being well informed of any attempts to attack your data on certain servers on certain group of servers for the entire storage. So this summary of statistic are passed from the drive up to the controller in every 2 seconds, to do further analysis. So payload. First that the drive, analyze all the incoming right IOs to that so-called return down to the physical drive itself, and it will it will pass this information every 2 seconds to the controller. That's why the next page for the entire architecture, how it works. So in this page, you're seeing that the drive -- FCM 4 drive is these the so-called the FCM drive at the bottom from one to N number of drive. This drive will be basically collecting [indiscernible], statistics compression, details and so on and so forth and then pass it to the summerizer of each of the drive. Summarizer will aggregate this information and send upward to the storage controller, which is the aggregator. Aggregator will look at this and buy statistics from all the drive, which is basically the [indiscernible] engine which probably has [indiscernible] will collect and consolidate and look at this data and analyze it within the seconds as ingestions of the statistics come in from the drive at the bottom layer. And the data will continue feedback to the -- via the Call Home, what we call Call Home functions of the storage to the IBM support center. And in this IBM support center, which is the SI cloud, we start in the cloud. We basically do a last step analysis. And within the minutes, if it determines that all the information that collected for the last 60 seconds or so show a symptom of data corruption through a symptom of ransomware attack. We will create an alert and notify the owner to the storage. So I also say you actually pick up. And if your environment is compromised, you actually will pick up a notification for IBM support within a minute. So next screens. All of you might hate this screen, sorry, you might be curious what this screen about. This screen is basically a sample screen capture of victims of ransomware attacks. This is how it appear. I mean, this is just a sample, but this is one of the [indiscernible] we actually capture from a customer. So this is something that they ask you to do to pay the ransom and you need to go through some process, okay, don't report to police because you won't be able to get back your data, so on and so on and so on, okay? So this is something you'll hate to see, but it will happen. It's just about when. Now having said all this, I will basically show you a demonstration video of how the inline data corruption ransomware threat detection function work from the step of configuring the alerting policy to the minutes, we receive the alerts. So what you're seeing here is this is the log-in screen of your Call Home. Every customer have a Call Home portal that they log-on. You log into your Call Home. This Call Home because it's viewing all your storage, so you can have multiple storage here. So I take a pause here. Let me make a pause here. So what you're seeing here is just now from the main screen, landing screen, landing dashboards, we nailed down to a single storage. This is the storage. And you notice that currently, there's no policy there. There is no alerting policy or monitoring policy that are being created. So I will start with doing the policy creations. So what you are seeing here is, basically, I show you -- this is order volumes, inside the storage. You can select one or select multiples to be the object, to be the target, to be the subject of that policy that [indiscernible]. Then now you create a policy -- so basically, this -- I will just -- we just [ anomaly ] will you see and you just think -- well, of course select this storage. And select the storage that we are looking at, create a policy, then we create the policy by selecting the alerting feature that you want to do. Now I think a policy against when I done with the policy creations, [indiscernible] the policy creation, I chip in all the recipient of the e-mail notifications. So the policy has been created. Now I go to the server stimulating ransomware attacks which create -- which destroying your data by encryption methods. So this is basically a screen that's showing you. We are simulating so-called data destruction procedure, which is basically using the encryption technology, which is used by most of the cyber criminals. It will generate I/O that's basically corrupt your data, so to say. So you notice that these are I/O generated. So this is basically in seconds. It happens in seconds. So as we see the data, the process of destruction is destroying your data. We will now move to the next screen which is basically the Call Home. The Call Home pick it up. Call Home recorded alert that they send an e-mail to you. So we notice that just that alert was zero, correct? So we go back to check alert, there's an alert definition created, which is the one that we did last in the previous screen -- previous step of the video. Now you see there's two alerts being recorded. And you noticed that -- this is the alert that the system recorded and sent to you. So an alert will be locked in the Call Home portal for your storage. At the same time, the 3 recipients that previously key into the alert to recipients is that they will also receive an equal e-mail of a similar, what I call notifications to tell them that this particular volume is compromised. So this is how you -- how IBM inline data destruction -- data disruptions procedure work in the entirety, okay, in a very quick manner. Now let's move on to the next step. Now let's look at our timeline in background. We know that without any proper -- we have proper cyber security, but without any proper cyber resilience capability for your operating environment, you may having to take 23 days to recover data before you can receive operations. So let's relook at this with this into this timeline in background when we have IBM FlashSystem, SGC cyber security function protection in action. At the same time, the inline data destructions and random threat detections function in place. What will happen? So if we look at what happens when we start off with the -- what we call detecting the attacks. We take lesser time; much, much lesser time to detect the data corruption instead of hours or even day. We just take less than a minute to detect the data corruption patterns or data corruption behavior, and then we can immediately react and respond to the corruptions by doing data -- checking on the -- well, getting the right backup copies that we created from the safeguarded copy and then do a restorations. So end to end, we can see that we can perform recovery and make your system or business operation resume within hours. Now let's look at IBM's strategy of doing data resiliency. IBM have a 5-step blueprint for data resiliency. To build a data resiliency and for this prior step, data resiliency blueprints, these are basically the capability that we are looking at. first, okay? We build the foundation of security and data protection. And this is basically the foundation that you can build with IBM or anyone else because these security protections. But [indiscernible] together with us with IBM you are not only building the creative protection but you're also building the data resiliency protection with IBM storage. So that is the difference between IBM and non-IBM. The next step is immutability. Important to secure, which is importantly secure immutable copy of the data that can't be changed, so that it cannot be changed, cannot be deleted. This can provide a recover point following an attack. This is what the IBM Safeguarded Copy, Cyber Resiliency feature is doing and delivering but this also all -- but this -- there is also all other things that you need to ensure it truly help to secure the copies such as multifactor authentication, 2 person integrity checking even things such as ensuring the system calendar cannot be changed, which could be otherwise causing the copy to be expired. So these -- all these things that I just mentioned, feature that I just mentioned, is already part of the feature of IBM Storage. The next step is discovery. And this could be done at various points definitely, but it's important to find active threat as fast as possible and also finding the dormant attack before they become activate. So what we deliver with the FlashCore Module for is with this inline data corruption detections that provide the function of ransomware detection technology, this will help you achieve the goal of discovering the threat in seconds. So clearly, with fewer workloads and terabyte of data corrupted, it's going to help you in accelerating your recovery. So this will bring me to the recovery process, which is [indiscernible]. The recovery procedure and best practice will help to recover the business in as little as a couple of hours rather than days and weeks. It also help to isolate the environment to check the data copies before recovery to a production environment. So the fastest recovery comes from a copy help on the primary storage. So this is the key advantage of IBM solutions. We deliver the security functions and the resiliency function between the primary storage that holds your production data. If anything were to -- if your cyber resiliency feature is to hold it out of your primary storage, you will take example, a backup facility, could be in the cloud, it could be on-prem. It will delay and prolong the recovery time objective for you to resume your business? And lastly, definitely, we have the full stack of automations available to run the step 1, 2, 3, 4 in a fully automated manner so that these will create operating environment of self running, to ensure that you have no risk in what I call operating this security -- cybersecurity and cyber resiliency by referring to a playbook that could potentially be 500 pages long or you need to find an expert or SME to run the restoration, recovery procedure when you are hit with a disaster. Now this quick animation screen that tell the story of integrating the SGC and the inline data corruption detection procedure together with the automation of your security software. In this case, in our example, we use Curator software as an example. So here, you'll see that on the top left, which is the production environment is the place where your business applications were running and the data is reading and writing to the disk drive itself in the context of storage. At the bottom is the integrated inline data corruption that built into the IBM Storage that help to detect and pick up any data anomalies in seconds. And to the top right is basically the safeguarded copy functions, the cyber resiliency function that perform the backups in the fixed interval and retain your data according to your retention policy. So it work similar -- the safeguarded copy work similar to a traditional backup procedure, but just that the backup and retention is storing the copy of this immutable copy within the primary storage. And at the bottom left -- bottom right, sorry, which will be the security software that monitor the whole entire infrastructures from server, from network to the storage itself. And it also perform -- it also acts as an orchestrator to perform any automations to the procedure of recovery and restoration if corruption happens to your data. So let me play the -- well animation now. So what you're seeing here is look at the bottom -- so called the top left and the top right, as data right into the operating environment, inline data corruption detections that at the control level and at the drive level will scan the data set. And the operating environment also being protected by safeguarded copy, as I mentioned. So the safeguarded copy will basically do a backup and also if you incorporate the workflow of scanning, it will create a cleanroom environment for deep scanning for the backup copies that have been created. So if there is a corruption attempt or attack happens, and bad actor infiltrate your environment, corrupting your data, these will be picked up by the inline data corruptions in seconds and notify to the IBM Cloud support. At the same time, you also would trigger your in-house security tools to perform the next step of actions. Before the attacks spread to other servers, the first thing of the -- mostly your security software will -- add-on will be isolating the workloads. So it will basically create a defense for -- to contain the attacks -- the data destruction process from spreading to other workloads. And then it can also involve the next step of recovering from a clean copy. So it will basically tell the storage to look for the clean copy based on the deep scanning procedure, identify a clean copy. So in this case, basically, the copy of 18 hours is not clean because you see a box there. Then what you do is you pick up the second copy and detector is cleaned and you will perform the restorations to restore the data, to recover the corrupted data of the impacted server volumes in the shortest possible time. So with that case, basically, you can see that you're capable of minimize the destruction to your business from days down to minutes or even hours. Now one of the terms that you might find strange to you is what is the term called Minimum Viable Company. Minimum viable company is the descriptions of state, defined as the fewer business service and organization required to maintain a predetermined levels of functionality. In the layman term is to say that this is the minimum applications or services that you must have to restart your business from any disaster. So what we -- by having this IBM storage with SGC and this inline data corruption detections and integration with your [ Siemens ] applications, you can find that. You are capable of rebuild the environment and achieved the level of minimum viable company state. And then you resume your business in no times, which is in hours. Now a lot of vendors have put up a very simplistic view for cybersecurity and cyber resilience, basically to them is a single-stage, one-size-fit-all solutions. But that's not how IBM look at the details. By looking at the details, filling IBM decide this is actually a 2-stage, 2-tier procedure. Why? Because like I say, or maybe you have known. I mentioned the word Minimum Viable Company. Your business operations need to be restarted from a destruction as soon as possible, which sometimes all of us know it as a term of recovery time objective. Now what constitute the recovery time objective? Is it only rebuilding and reconstructing your mission-critical applications alone or you have to -- rebuild your mission critical application plus the secondary workloads or even pass the tertiary workloads for a whole environment before you can restart your business from a disaster -- disaster conditions. So a lot of other vendors, non-IBM actually take a perspective there. mission critical Minimum Viable Company plus secondary is the way to restart our -- it's the way that you should restart your business. But in IBM context, IBM do not take it that way because we always believe that your business built on infrastructure that is multi-tiered. You just need to make sure that you recover your mission critical tier, your primary tier, your tier 0, you should be able to restart your business, maybe in scale down, lesser performance, but at least you can resume your business to face your consumer. And then we can slowly do the secondary recovery in the later stage. So in view of this concept and this so called design, this requirement, we actually design the impact prevention recovery into [indiscernible]. We call it Go MVC tier and silver. So for Go, Go means to say that the protection, the cybersecurity, cyber resiliency protection will come directly from your primary storage. So this is what we have shared -- or I have shared to you guys in the slide -- in the demo videos in the earlier stage. So the characteristic of this is we're capable of detecting threats or data corruption in seconds. The protections and recovery of [indiscernible] reside in the primary storage in a secure, immutable isolated layer of the storage. And it allows you to recover any corruptions in seconds, in minutes or even in hour. And it's fully automated so that you have no difficulty or no complexity when it comes to react to the -- or respond to the restoration process or recovery process to restart your business. Then we move on to the second -- second tier. And by the way, the first tier is covered and delivered by the IBM Storage FlashSystem solution stuff. The second tier, which is the silver secondary, this is basically solutions that delivered by IBM backup solutions. We call it data protects defender -- storage defender data protect solutions, in short, which you will see the name later. What it does here is basically it take care of automation/orchestration of the backups of your whole entire environment from mission critical MVC Tier 2, the second tier or third tier. This is basically a protection -- cybersecurity protections that move into the secondary storage tier, which could be the virtual tape library backup to the cloud or backup to the date if you have one. And this backup procedure will have embedded threat detections or ransomware detections that scan your backup copy after the backup is completed. That's why you noticed that -- this method, which is the common method used by any non-IBM vendors, it's only performing the data corruption detections after the backup is complete which could be minutes or hours or later. So in that case, it prolonged the detection period of your data corruption itself. And with all the full automation, you will be hopefully recover your data, secondary data in hours, as short as possible. But it will be in hours or multiple -- tens of hours. It depends on how large your secondary workload environment is. So this is basically the 2-tier layer solutions that IBM proposed to resolve threat of cyber criminals, to provide the foundation layer of cybersecurity and cyber resiliency functions. So this is delivered by the IBM Defender Data protects. And with that we make a quick comparison in summary that you can see that with 2-tier solution, 2-tier architecture protections, we will -- we are in better position to provide solutions recovering and restoring and resuming a business in hours compared to other vendors that are only capable of doing this from hours to days to weeks. So this is basically the last part of my presentation and sharing. And I would like to give -- provide [ co-opt ] for an offerings. IBM do provide free of charge cyber resiliency assessment workshop for any interested party who would like to assess their health posture of their cybersecurity readiness or cyber resiliency readiness if they have one. And from there, we will -- from the analysis of this Q&A answer, we will be able to provide you what we call a reporting view of your current state, what is the gap to reach the better state. And the recommendations that we can help you to resolve the problems that -- potential problem or risk factor that you will be facing. So for those who are interested, there are two ways you can sign up for this. One way is scan the QR code. The other way is click on the URL link, both will bring you to the forms, where you can fill up your intentions to embark on this cyber resiliency assessment journey with IBM. Such a information is about 2 to 2.5 day workshops. It depends how quickly you can provide answers to the questionnaire itself. That's all I have. Thank you very much for your time. Thank you for listening and hope this session provides some insightful information that you can digest and think about for your own environment. Thank you very much. Shweta, back to you.

Thanks, Yang How. Thank you so much for that interesting presentation and sharing all the details with us. I think with this, we come to the end of the Tech Connect session, and we just take up some questions in the Q&A session. Yang How, I had a question for you that how do you kind of differentiate this offering from other offerings in the market, if I had to ask you 1 or 2 unique features of this offering. What would you say that they are?

Okay. From a uniqueness, I would say that the key primary differentiator is we do the cyber resiliency protections, which encompass the ability to do cybersecurity using the safeguarded copy and this safeguarded copy is basically a function on the primary storage, the storage that you use as a place and locations where your business applications is running on and where your data is being stored on. So this is what we call it as a primary storage. So this is the first uniqueness. Second uniqueness, this safeguarded copy functions, which act as a tool. I just call it a tool to protect your data is fully automated is the data that is backing up or is protecting, it's fully immutable, isolated. There's no way you can change it or tamper it manually even though you are the owner or administrator to the storage itself. So technically, you can just view as. You can rob a bank, but you. It's more -- it is basically very difficult for you to breach the wall, the safety wall. So you are rest assured that your backup copy of data is tamper-proof 100% protected. Now on top of these features, the inline data corruption provide ability to detect any data anomalies or data corruption patterns as early from minutes down to seconds with the new generation of FlashCore Module 4 introduced into our offerings. So with that, it means to say that you've got lesser data that can be corrupted by any so-called any attacks that breach your -- breach through or skip through the vulnerability, the gap of your security defense firewall or parameters. With that, it means to say that less data will get corrupted even though someone successfully infiltrate your environment, they can corrupt as little data as up to 1.7 terabyte in a minute. So in that case, it means to say that in a very worst case scenario, you only have 1.7 terabyte of data that you need to recover and imagine how quick and how fast you can restore this data, restoring this data from the SGC backup is as little as less than 60 seconds, and IBM provide a guarantee for that. IBM have a global guarantee for anyone who use SGC and when there's a data corruption and you find a good copy, clean copy from the cleanroom procedure, scanning procedure, you are being guaranteed that you can restore the data and resume the business operation in or equal to 60 seconds, 1 minute. So that create uniqueness.

Great. Thanks for sharing that. We have very interesting questions, some audience questions also. So this is asking like, how do you identify attack early as you mentioned in your slides? Like if you can identify the attack in early stage, you can very well prevent it instead of doing all the recovery process. So how do you kind of identify attack early?

We use the AI intelligence built into our drive and our controller. So the -- in the holistic manner, holistic collectively, we call this function called inline data corruption detections, which encompass 2 capability, 1 ability, first layer capability which already introduced in second Q of 2023 is at a control level picking up the so-called the data corruption in minutes, actually multiple of minutes. So based on statistics, it's basically from -- what we call 5 minutes, 10 minutes in that region. But it can be as low as 5 minutes. But the new capability that we just introduced by having the new FlashCore Module drive Gen 4 that we just make available to the market. We cascade the control layer inline data corruption down to the hardware layer of the drive set. Now we call -- it's still a function of inline data corruption detection, but just that we give a proper name, we call it ransomware threat detections, RTD, just to differentiate the layers that will table or pick up any threats, any attacks, which in the form where the symptom is data corruptions, in seconds, in -- actually in a proper manner, is in every 2 seconds because every 2 seconds is where the system will -- well, where the system influence the AI/ML engine that built into the drive will actually scan through the I/O statistics, and we put this back to the controller, controller between the minutes or less than a minute via the Call Home features, your Call Home functions for the IBM Support Cloud will actually send you an e-mail or notifications of that so-called the potential attacks. So yes, that is the things that how we do.

Johan has also question. He inquiring about the name of the Total Solution again because there are a lot of products involved like storages, store backup. So what is that one solution -- he's inquiring about the name of the Total Solution that we can leverage.

I can understand why Johan asked that question because I mentioned a lot of terminology in this case. But Johan there's only one single product for IBM that do all the things that I mentioned is the IBM Storage. And the IBM Storage I'm talking about here is IBM FlashSystem Storage. In IBM FlashSystem Storage, as you get -- yes definitely, if you are not a friend of IBM now, you need to buy IBM Storage, IBM FlashSystem Storage. We replace your existing storage. Then from there, all the function of the safeguarded copy will come in automatically and all the function of inline data corruption detection will come in automatically together with the storage.

Great. Thanks, Yang How. I think with this, we almost come to the end of the webinar and today's session, so once again, I would like to thank our speakers, Yang How for sharing your insights with us, our partner, IBM, for making this session possible. And all our audience today who joined us and made the session fruitful and engaging one. We have more such sessions lined up in the future as well. Please do stay tuned and join us for those as well. Thank you, once again. Thank you.

Thank you very much. Everyone, have a good day.

Thank you, bye.

Bye.