Alex Hesterberg, CEO of Superna, speaks with Mark Johnson, Chief Growth Officer of CoStrategix, in a video interview about how the company is bridging the gap between storage and security teams, the gaps in data security, the cyberstorage category, and the limitations of traditional storage security. 

Superna is a global leader in data protection and defense for cyberstorage and the hybrid multi-cloud.

With an exemplary career trajectory in infrastructure technology of over 25 years, Hesterberg has gained insights into data resiliency and security from different company perspectives. This brought him to Superna, which has been around for over 14 years.

The company initially focused on developing data resiliency and security solutions specifically for the EMC Isilon Platform, now known as PowerScale. That became Superna’s main go-to-market path, says Hesterberg, with thousands of customers adopting its failover and resiliency tools, along with its next-gen real-time data security capabilities.

Since then, Superna has grown to support over 3,000 customers globally, all relying on the company for robust resiliency and security capabilities.

Bridging the gap: How Superna is redefining data security integration

Next, Hesterberg sheds light on a long-standing disconnect within the enterprise IT ecosystem, which is the divide between data/storage teams and security operations. Reflecting on the industry’s evolution, he highlights a structural misalignment that has persisted for years.

Historically, Hesterberg says, security efforts have primarily focused on the network and identity layers. He explains that storage and data teams were rarely looped into incident response frameworks or real-time security operations.“The data and storage teams didn’t really have any kind of connection into the security event or incident response technologies. The closest thing to security within the data and storage layer ended up becoming backup.”

While backup solutions were traditionally seen as a safeguard, Hesterberg emphasizes that modern security operations demand far more than simple recovery mechanisms. “What security tools do today and how security teams are outfitted to handle an event are very different from the concept of a recovery and a rebuild,” he says.

This disconnect created a clear gap that Superna recognized early on and took proactive steps to close it.

Where does data security fit between CISOs and CDOs?

When asked where data security fits between the two roles of CISOs and CDOs, Hesterberg states that most existing security investments are largely peripheral to where the real risk lies. He says, “Most of the security technologies that customers have spent millions on are looking at endpoints and devices and parts of the environment that are kind of peripheral to the data and the storage.”

Adding on, Hesterberg says that most technologies are unaware of what is happening in the data and storage layer. That is where the issue becomes critical, as threat actors’ end game is data. He asserts, “Why is that important? Because it’s very rare, if ever, that any kind of an attack, an exfiltration, or an encryption event is going for anything except your data, that’s where the attacks are focused.”

This oversight has been actively exploited by modern cyberattacks, which are increasingly sophisticated in targeting the data layer, says Hesterberg. Fortunately, the industry is starting to take notice, and Superna has brought a technology and platform to the market to address this gap.

The cyberstorage category

When asked about the need to carve out a separate space for cyberstorage in Gartner’s Magic Quadrant, Hesterberg discusses its interesting origin and context. He says the analyst who originally defined this category had deep roots in the data and storage domain, serving as the primary Magic Quadrant lead for file and object storage at Gartner.

Her long-standing experience in the space made her uniquely positioned to recognize a growing gap in data protection strategies, says Hesterberg. After speaking with hundreds of customers over several years, the analyst began to notice a pattern.

Through these interactions, it became increasingly clear that despite the presence of traditional defenses — such as intrusion detection systems, firewalls, antivirus tools, backups, and snapshots — organizations remained vulnerable.

Furthermore, Hesterberg notes that the problem had been magnified by stringent data privacy regulations like CCPA and GDPR, which reinforced the critical importance of safeguarding sensitive information.

“Data is the target,” he stresses. “No one’s really coming in to try to pull out IP addresses and other things. They’re trying to get to the data.” This realization became the inflection point that led to the formal recognition of the cyberstorage category.

The limitations of traditional storage security

Then, Hesterberg highlights a fundamental difference between traditional security technologies and how storage has historically been managed. He maintains that core security tools like firewalls, intrusion detection systems, and identity access management operate on binary, real-time principles. “If you don’t have permission, you don’t get through.”

In contrast, the storage layer has never operated with that same immediacy, says Hesterberg. Instead, it has relied on reactive measures, primarily recovery after an incident.

However, with modern threats growing more sophisticated, persistent, and stealthy, this reactive approach has become increasingly risky. Concluding, Hesterberg states that this exploitation of the gap has driven him to join Superna.

CDO Magazine appreciates Alex Hesterberg for sharing his insights with our global community.