(upbeat music) >> Welcome back to theCUBE's coverage of VEEMON 2022. We're here at the Aria in Las Vegas. Dave Vellante with David Nicholson, my co-host for the week, two days at wall to wall coverage. Jason Buffington is here, JBuff, who does some amazing work for VEEAM, former Analyst from the Enterprise Strategy Group. So he's got a real appreciation for independence data, and we're going to dig into some data. You guys, I got to say, Jason, first of all, welcome back to theCUBE. It's great to see you again. >> Yeah, two and a half years, thanks for having me back. >> Yeah, that's right. (Jason laughs) Seems like a blur. >> No doubt. >> But so here's the thing as analysts, you can appreciate this, the trend is your friend, right? and everybody just inundates you with now, ransomware. It's the trend. So you get everybody's talking about the ransomware, cyber resiliency, immutability, air gaps, et cetera. Okay, great. Technology's there, it's kind of like the NFL, everybody kind of does the same thing. >> There's a lot of wonderful buzzwords in that sentence. >> Absolutely, but what you guys have done that's different is you brought in some big time thought leadership, with data and survey work which of course as an analyst we love, but you drive strategies off of this. So you got to, I'll set it up. You got a new study out that's pivoted off of February study of 3,600 organizations, and then you follow that up with a thousand organizations that actually got hit with ransomware. So tell us more about the study and the work that you've done there. >> Yeah, I got to say I have the best job ever. So I spent seven years as an analyst. And when I decided I didn't want to be an analyst anymore, I called VEEAM and said, I'd like to get in the fight and they let me in. But they let me do independent research on their behalf. So it's kind of like being an in-house counsel. I'm an in-house analyst. And for the beginning of this year, in February, we published a report called the Data Protection Trends Report. And it was over 3000 responses, right? 28 countries around the world looking at digital transformation, the effects of COVID, where are they are on BAS and DRS. But one of the new areas we wanted to look at was how pervasive is ransomware? How does that align with BCDR overall? So some of those just big thought questions that everyone's trying to solve for. And out of that, we said, "Wow, this is really worth double clicking." And so today, actually about an hour ago we published the Ransomware Trends Report and it's a thousand organizations all of which have all been survived. They all had a ransomware attack. One of the things I think I'm most proud of for VEEAM in this particular project, we use an independent research firm. So no one knows it's VEEAM that's asking the questions. We don't have any access to the respondents along the way. I wish we did, right? >> Yeah, I bet >> Go sell 'em back up software. But of the thousands 200 were CISOs, 400 were security professionals which we don't normally interact with, 200 backup admins, 200 IT ops, and the idea was, "Okay, you've all been through a really bad day. Tell us from your four different views, how did that go? What did you solve for? What did you learn? What are you moving forward with?" And so, yeah, some great learnings all around helping us understand how do we deliver solutions that meet their needs? >> I mean, there's just not enough time here to cover all this data. And I think I like about it is, like you said, it's a blind survey. You used an independent third party whom I know they're really good. And you guys are really honest about it. It's like, it was funny that the analyst called today for the analyst meeting when Danny was saying if 54% and Dave Russell was like, it's 52%, actually ended up being 53%. (Jason laughs) So, whereas many companies would say 75%. So anyway, what were some of the more striking findings of that study? Let's get into it a little bit. >> So a couple of the ones that were really startling for me, on average about one in four organizations say they have not been hit. But since we know that ransomware has a gestation for around 200 days from first intrusions, so when you have that attack, 25% may be wrong. That's 25% in best case. Another 16% said they only got hit once in the last year. And that means 60%, right on the money got hit more than once per year. And so when you think about it's like that school bully Once they take your lunch money once and they want lunch money, again, they just come right back again. Did you fix this hole? Did you fix that hole? Cool, payday. And so that was really, really scary. Once they get in, on average organizations said 47% of their production data was encrypted. Think about that. So, and we tested for, hey, was it in the, maybe it's just in the ROBO. So on the edge where the tech isn't as good, or maybe it's in the cloud because it's in a broad attack surface. Whatever it is, turns out, doesn't matter. >> So this isn't just nibbling around the edges. >> No. >> This is going straight to the heart of the enterprise. >> 47% of production data, regardless of where it's stored, data center ROBO or cloud, on average was encrypted. But what I thought was really interesting was when you look at the four personas, the security professional and the backup admin. The person responsible for prevention or mediation, they saw a much higher rate of infection than the CSOs and the IT pros, which I think the meta point there is the closer you are to the problem. the worst this is. 47% is bad. it's worse than that. As you get closer to it. >> The other thing that struck me is that a large proportion of, I think it was a third of the companies that paid ransom. >> Oh yeah. >> Weren't able to recover it. Maybe got the keys and it didn't work or maybe they never got the keys. >> That's crazy too. And I think one thing that a lot of folks, you watch the movies and stuff and you think, "Oh, I'm going to pay the Bitcoin. I'm going to get this magic incantation key and all of a sudden it's like it never happened. That is not how this works. And so yeah. So the question actually was did you pay and did it work right? And so 52%, just at half of organization said, yes. I paid and I was able to recover it. A third of folks, 27%. So a third of those that paid, they paid they cut the check, they did the ransom, whatever, and they still couldn't get back. Almost even money by the way. So 24% paid, but could not get back. 19% did not pay, but recovered from backup. VEEAM's whole job for all of 2022 and 23 needs to be invert that number and help the other 81% say, "No, I didn't pay I just recovered." >> Well, in just a huge number of cases they attacked the backup Corpus. >> Yes. >> I mean, that's was... >> 94% >> 94%? >> 94% of the time, one of the first intrusions is to attempt to get rid of the backup repository. And in two thirds of all cases the back repository is impacted. And so when I describe this, I talk about it this way. The ransomware thief, they're selling a product. They're selling your survivability as a product. And how do you increase the likelihood that you will buy what they're selling? Get rid of the life preserver. Get rid of their only other option 'cause then they got nothing left. So yeah, two thirds, the backup password goes away. That's why VEEAM is so important around cloud and disk and tape, immutable at every level. How we do what we do. >> So what's the answer here. We hear things like immutability. We hear terms like air gap. We heard, which we don't hear often, is orchestrated recovery and automated recovery. I wonder if you could get, I want to come back to... So, okay. So you're differentiating with some thought leadership, that's nice. >> Yep. >> Okay, good. Thank you. The industry thanks you for that free service. But how about product and practices? How does VEEAM differentiate in that regard? >> Sure. Now full disclosure. So when you download that report, for every five or six pages of research, the marketing department is allowed to put in one paragraph. It says, this is our answer. They call the VEEAM perspective. That's their rebuttal. To five pages of research, they get one paragraph, 250 word count and you're done. And so there is actually a commercial... >> We're here to buy here in. (chuckles) >> To the back of that. It's how we pay for the research. >> Everybody sells an onset. (laughs) >> All right. So let's talk about the tech that actually matters though, because there actually are some good insights there. Certainly the first one is immutability. So if you don't have a survivable repository you have no options. And so we provide air gaping, whether you are cloud based. So your favorite hyper-scale or one of the tens of thousands of cloud service providers that offer VEEAM products. So you can have, immutability at the cloud layer. You can certainly have immutability at the object layer on-prem or disk. We're happy to use all your favorite DDoS and then tape. It is hard to get more air-gaped and take the tape out drive, stick it on a shelf or stick it in a white van and have it shipped down the street. So, and the fact that we aren't dependent on any architecture, means choose your favorite cloud, choose your favorite disc, choose your favorite tape and we'll make all of 'em usable and defendable. So that's super key Number one. Super key number two there's three. >> So Platform agnostic essentially. >> Yeah. >> Cloud platform agenda, >> Any cloud, any physical, we work happily with everybody. Just here for your data. So, now you know you have at least a repository, which is not affectable. The next thing is you need to know, do you actually have recoverable data? And that's two different questions. >> How do you know? Right, I mean... >> You don't. So one of my colleagues, Chris Hoff, talks about how you can have this Nalgene bottle that makes sure that no water spills. Do you know that that's water? Is it vodka? Is it poison? You don't know. You just know that nothing's spilling out of it. That's an immutable repository. Then you got to know, can you actually restore the data? And so automating test restores every night, not just did the backup log work. Only 16% actually test their backups. That breaks my heart. That means 84% got it wrong. >> And that's because it just don't have the resource or sometimes testing is dangerous. >> It can be dangerous. It can also just be hard. I mean, how do you spend something up without breaking what's already live. So several years ago, VEEAM created the sandbox is what we call a data lab. And so we create a whole framework for you with a proxy that goes in you can stand up whatever you want. You can, if file exists, you can ping it, you can ODBC SQL, you can map the exchange. I mean, you can, did it actually come up. >> You can actually run water through the recovery pipes. >> Yes. >> And tweak it so that it actually works. >> Exactly. So that's the second thing. And only 16% of organizations do. >> Wow. >> And then the third thing is orchestration. So there's a lot of complexity that happens when you recover one workload. There is a stupid amount of complexity happens when you try cover a whole site or old system, or I don't know, 47% of your infrastructure. And so what can you do to orchestrate that to remediate that time? Those are the three things we found. >> So, and that orchestration piece, a number of customers that were in the survey were trying to recover manually. Which is a formula for failure. A number of, I think the largest percentage were scripts which I want you to explain why scripts are problematic. And then there was a portion that was actually doing it right. Maybe it was bigger, maybe it was a quarter that was doing orchestrated recovery. But talk about why scripts are not the right approach. >> So there were two numbers in there. So there was 16% test the ability to recover, 25% use orchestration as part of the recovery process. And so the problem where it is, is that okay, if I'm doing it manually, think about, okay, I've stood back up these databases. Now I have to reconnect the apps. Now I have to re IP. I mean, there's lots of stuff to stand up any given application. Scripts says, "Hey, I'm going to write those steps down." But we all know that, that IT and infrastructure is a living breathing thing. And so those scripts are good for about the day after you put the application in, and after that they start to gather dust pretty quick. The thing about orchestration is, if you only have a script, it's as frequently as you run the script that's all you know. But if you do a workflow, have it run the workflow every night, every week, every month. Test it the same way. That's why that's such a key to success. And for us that's VEEAM disaster recovery orchestra tour. That's a product that orchestrates all the stuff that VEEAM users know and love about our backend recovery engine. >> So imagine you're, you are an Excel user, you're using macros. And I got to go in here, click on that, doing this, sort of watching you and it repeats that, but then something changes. New data or new compliance issue, whatever... >> That got renamed directly. >> So you're going to have to go in and manually change that. How do you, what's the technology behind automated orchestration? What's the magic there? >> The magic is a product that we call orchestrator. And so it actually takes all of those steps and you actually define each step along the way. You define the IP addresses. You define the paths. You define where it's going to go. And then it runs the job in test mode every night, every week, whatever. And so if there's a problem with any step along the way, it gives you the report. Fix those things before you need it. That's the power of orchestrator. >> So what are you guys doing with this study? What can we expect? >> So the report came out today. In a couple weeks, we'll release regional versions of the same data. The reason that we survey at scale is because we want to know what's different in a PJ versus the Americas versus Europe and all those different personas. So we'll be releasing regional versions of the data along the way. And then we'll enable road shows and events and all the other stuff that happens and our partners get it so they can use it for consulting, et cetera. >> So you saw differences in persona. In terms of their perception, the closer you were to the problem, the more obvious it was, did you have enough end to discern its pearly? I know that's why you're due the drill downs but did you sense any preliminary data you can share on regions as West getting hit harder or? >> So attack rate's actually pretty consistent. Especially because so many criminals now use ransomware as a service. I mean, you're standing it up and you're spreading wide and you're seeing what hits. Where we actually saw pretty distinct geographic problems is the cloud is not of as available in all segments. Expertise around preventative measures and remediation is not available in all segments, in all regions. And so really geographic split and segment split and the lack of expertise in some of the more advanced technologies you want to use, that's really where things break down. Common attack plane, uncommon disadvantage in recovery. >> Great stuff. I want to dig in more. I probably have a few more questions if you don't mind, I can email you or give you a call. It's Jason Buffington. Thanks so much for coming on theCUBE. >> Thanks for having me. >> All right, keep it right there. You're watching theCUBE's live coverage of VEEAMON 2022. We're here in person in Las Vegas, huge hybrid audience. Keep it right there, be right back. (upbeat music)

>> Announcer: Live from Miami Beach, Florida, it's theCUBE. Covering VeeamON 2019. Brought to you by Veeam. >> Welcome back to the Fontainebleau, Miami, everybody. My name is Dave Vellante, I'm here with my co-host for this segment, Justin Warren. Justin it's great to see you. This is theCUBE, the leader in live tech coverage, day two of our coverage of VeeamON 2019 here in Miami. Jason Buffington, @Jbuff is here, he's the vice president of solution strategy congratulations on the promotion and great to see you again, my friend. >> Thank you very much. >> Dave: And Nathan Hughes who is the IT director at Flex-N-Gate. Great to see you, thanks for coming on. We love to get the customer's perspective, so welcome. >> Great to be here. >> Okay, so, Jason let me start with you. Former analyst, you've been at Veeam now for long enough to A, get promoted, but also, get the Kool-Aid injection, you're wearing the green, and, what are the big trends that you're seeing in the market that are really driving this next era, what do guys call it? Act two of data protection? >> Sure. So, I preached on this even before I joined Veeam that every 10 years or so, when the industry shifts the platform of choice, the data protection vendors almost always reset, right? The people that lead in NetWare don't lead in Windows. The people that lead in Windows didn't lead in Vert. The next wave is we're moving from servers to services. Right, we're going from on prem into cloud and so, and every time the problem is the secret sauce doesn't line up, right? So you got to reinvent yourself each time. And what we saw in the past generations, what we learned from, is, you can't be so busy taking care of your install base that you forget to keep innovating on what that next platform is and so for us, act two is all about cloud. We're going to take everything we know about reliability but we're moving into cloud. The difference is, that in virtualization there was one hero scenario. VMs, right? This time around it's IaaS, it's SaaS, it's PaaS, it's using cloud storage, it's BaaS and DRaaS, there's not a single hero scenario which means we have a lot more innovation to do. That's round two. >> And you made that point today, you used the Archimedes quote, give me a lever and a fulcrum and I'll change the world. You used the analogy of backup as now becoming much more than just backup, it's data protection, it's data management, we're going to get into that. And test some of that with Nathan. So, Nathan, tell us about Flex-N-Gate what does the company do and what does your role as IT director entail? >> Okay, so Flex-N-Gate is a tier one automotive supplier. Which means that we provide parts, most of the things that go into a car besides electronics and glass, to the final automotive makers. So most of the companies that you're familiar with when you go to buy one. >> Okay, so you guys are global, I think you've got what, 24,000 associates worldwide, 64 locations. So what're some of the things that are, fundamental drivers of your business, that are rippling through to your IT strategy? >> Well, our business is varied in the sense that we do a lot of different things in house so, we do, obviously, manufacturing, that's a big part of what we do. And then, even that is broken down into different kinds and then beyond manufacturing we have advanced product development and engineering so we do a lot of that in house. >> Dave: You support it all? >> Yes. >> So you've got diverse lines of business, you've got different roles and personas, you know, engineers versus business people versus finance people. And you got to make 'em all happy. >> We've got to make 'em all happy. >> So, one of the things I love about manufacturing examples, is if you think about it it's the two extremes of high tech and low tech, right? On the low tech side of things you've got this manufacturing floor and it's just producing real stuff, not the zeros and ones that we live with, but real things come off this line. And then you have the engineering and R and D side. Where they're absolutely focused on stuff that comes out of some engineer's head into a computer, which is truly unique data, so, one of the things I love about the story is, talk about the downtime challenges you have around the manufacturing floor. Because I learned some things when we first met, that I think is phenomenal when it comes to manufacturing things that I didn't realize. >> Sure. So, we have a lot of different kinds of manufacturing environments. Some of them are more passive and some of them are more active. The most active environments are, a form of manufacturing known as sequencing. And it's sort of where you bring final assembly of parts together right before they go to the customer. The way that customers order up parts these days, it's not like they used to back in the 70s and 80s. Where they would warehouse huge volumes of everything on their site and then just draw it down if they needed it. And you just kept the queue full. Now they want everything just in time delivery. So they basically want parts to come to the line right when they're needed and actually in the order they're needed. So, a final car maker, they're not necessarily making, 300 of the same thing in a row, they're going to make one of this in blue and one of that in red and they're all going to be sequenced behind each other, one right after the other on the assembly line. And they want the parts from the suppliers to come in the exact right order for that environment. So, the challenge with that from our perspective is that we have trucking windows that are between 30, maybe 60 minutes on the high end, and if anything goes badly, you can put the customer down. And now you're talking about stopping production at Ford, Chrysler, GM, whatever. And that's a lot of money and a lot of other suppliers impacted. >> Dave: So this is a data problem isn't it? >> Yeah, it definitely is. And it's an interesting point, 'cause, you talk about sequencing. Veeam has their own sequence about how customers use the product and they start with backup, everything starts with backup, and then they move further to the right so that you get, ideally, to fully automated data protection. So, what are you actually using Veeam for today? And where do you see yourself going with Veeam? >> So, right now, we're using Veeam primarily as backup and recovery. It's how we started with it. We came from another product that was, great conceptually, but in the real world it had terrible reliability and its performance was very poor as time went on and so, when Veeam came on the scene it was a breath of fresh air because we got to the place where we knew that what we had was dependable, it was reliable. We got to understand how the product worked and to improve the way that we'd implemented it. And so, one of the key features in Veeam that really actually excited us, especially in those sequencing environments are these instant recovery options, right? So, we were used to the idea of having to write down a VM out of snapshot storage. And then being put in a position where it might take an hour, two hours, three hours before you could get that thing back online now, or again, to be able to launch that right out of snapshot storage was a blessing in the industry we're in. >> Yeah, did you see the tech demo yesterday where they were showing off how you could do an instant recovery directly from cloud storage? >> Yes, yeah. >> Did that get you excited? >> Yes. That is exciting. >> Are you using cloud at the moment or is this something that you're looking to move towards? >> Cloud is something we're sort of investigating but it's not something that we're actively utilizing right now. >> So this instance recovery, you guys obviously make a big deal out of that, I was talking to Danny Allan yesterday offline about it. He claims it's unique in the industry. And I asked him a question, I said specifically, if you lose the catalog, can I actually get the data back? And he said yes. And I'm like, that sounds like magic. So, so I guess my question to maybe both of you is, instant, how instant? And how does it actually work? (he laughs) >> It just works, isn't that? >> It just works! >> It's just magic, new tagline? >> I guess we don't have to get into the weeds but when you say, when I hear instant recovery, we're talking like, (fingers clicking) instantaneous recovery with, very short RTOs? >> To us what that means is that in practice, we can expect to have a VM from snapshot data back into production in about a five minute window. >> Dave: Five minutes? Okay. >> And that is sufficient for our needs in any environment. >> Okay, so now we're talking RTO, right? And then, what about, so we said 64 sites across the world, 24,000 associates, is Veeam your enterprise wide data protection strategy or are you rolling it out now? Where are you at? >> Yes, no. Veeam, we started with it in a handful of key sites. And we were using it to specifically back up SharePoint and a few other platforms. But once we understood what the product was capable of, and we were sort of reaching the end of our rope with this former product, yeah, we began an active roll out and we've now had Veeam in our facilities for five, six years. >> So you swept the floor of that previous product. And how complicated was it for you to move from the legacy product to Veeam? >> It was a challenge just rethinking the way that we do things, the previous product, one thing that it really had going for it, if this could be considered a positive, I guess, is that it was very very simple to set up. So, you could take an entry level IT administrator and they just next, next, next, next, next. And it would do all the things that they needed it to do. But the problem was that in the real world, that was sort of the Achilles' Heel, because, it meant that it wasn't very well customized and it meant also that, the way that they've developed that product, it became performance, it had poor performance. >> So the reason I ask that question is because, so many times customers are stuck. And it's like they don't want to move, because it's a pain. But the longer they go, the more costly it is, down the road. So I'm always looking to IT practitioners like, advice that you would give in terms of others, things that you might do differently if you had a mulligan, I don't know, maybe you would've started sooner, or maybe there were some things that you'd do differently. What would you advise? >> Yeah, I mean, if we'd understood, the whole context of what was happening with that other product, we would've moved sooner. And the one thing that I will say about Veeam is, it's not click and point. It does involve a little more setup. But the Veeam team is excellent when it comes to support. So there's nothing to fear in that category because they stand behind their product and it's very easy to get qualified technicians to help you out. >> Is that by design? >> I don't know if it's. Well, the being great to work with, yes, that's by design. >> Yeah, but I mean. >> I was talking to Danny yesterday and asked about the interface thing. Because there is always that tension between making it really really simple to use but then it doesn't have any knobs to change when you need to. >> That's what I'm asking. >> But it can't be too complex either. >> Our gap actually comes a little bit later in the process, right? So, you asked earlier about, in what ways do you use Veeam? And we think about Veeam as a progression, right? So, everybody if they're using Veeam at all, they're using it for Veeam backup and replication and because foundationally, until you can protect your stuff, right? Until you can reliably do that, all the other stuff that you'd like to do around data management is aspirational and unattainable at best, right? So, we think the journey comes in at yeah, it is pretty easy, to go next, next, next, finish. Just a few tweaks, right? To get backup going. But then when you go beyond that, now there's a whole range of other things you can do, right? So Danny, I'm sure, talked about DataLabs yesterday. The orchestration engine, those are not, next, next, next, finish. But anything that's worthwhile takes a little bit of effort, right? So as we pivot from, now that you've solved backup, then you can do those other things and that's where we really start going back into something which is really more expertise driven. >> Well, and it's early days too and as you get more data and more experience you can begin to automate things. >> Yeah, absolutely. So Justin was asking, Nathan, where the direction is. Today it's really backup. You've seen the stages where, talking about full automation. Is that something that, is on the horizon, it is sort of near term, midterm, longterm? >> I mean, coming to the conference, our experience with backup, or Veeam, is primarily backup and recovery operations but, I've seen a lot of things in the last few days that have piqued my interest. Particularly when it comes to the cloud integration. That's being actively baked into the product now. And, some of the automated, API stuff, that's being built into the product. Any place where I can get to where we simplify our procedures for recovery, that's a plus. So I'm really excited about the idea of the virtual labs, being able to actively test backup on a regular basis without human intervention and have reporting out of that. Those are things that I don't see in any other product that's out there. >> You know, there's another piece of the innovation that we should think through, and, so we've talked about the sequencing side which is where we focus on RTO, how fast can you get back and running again? And when you and I talked earlier, the example that we worked on was think of a zipper, right? You've got the bumpers coming in to a line of cars and if either side slows down, everything breaks, and at the end, by the way, is the truck, right? And everything has to come at the same time at the same rate, if there's downtime on either side of the source, you're done. But that's an RTO problem. The engineering side, for high tech, is an RPO problem, right? You have unique stuff coming out of somebody's brain into a PC and it'll never come out that way again. And so, when we look at backup and replication, that should be the next pieces to go on. And then as you mentioned, DataLabs becomes really interesting and orchestration, so. >> Well speaking of human brains, and you kind of touched on it, Nathan, that you came here to learn some things and you've learned things from different sessions. So, what is it about coming to VeeamON that is worth the time for IT practitioners like yourself? >> I think it's all those, I mean we were talking about Veeam, doing backup and recovery operations, fairly straightforwardly, in terms of getting in, but once you see some of this stuff here at a conference like this, you get a better sense of all the more, elaborate aspects of the product. And, you wouldn't get that >> See the possibilities. >> I think, if you were just sitting in front of it using it conventionally, this is a good place to really learn the depth and the level that you can go with it. >> And you're like most of your peers here, is that right, highly virtualized, is that right? Lot of Microsoft apps. And, they say, mid-sized global organization, actually kind of bumping up into big. >> Nathan: Sure. >> Yeah, cool. I asked about the data problem before, it sounds like the zipper's coming together, that's some funky math that you got to figure out to make sure everything's there. So, talk about the data angle. How important data is to your organization, we know much data's growing, data's the new oil, all those promides but, what about your organization specifically as it relates to a digital strategy? It's a buzzword that we hear a lot but, does it have meaning for you, and what does it mean? >> Data is vital in any organization. I mean, we were referencing earlier, how you've got low tech in manufacturing, or at least people think of it as lower tech. And then high tech in R and D, and how those things merge together in a single company. But the reality is all of that is data driven, right? Even when you go to the shop floor, all your scheduling, all your automation equipment, all this stuff is talking and it's all laying down data. You're putting rivets in the parts, you're probably taking pictures of that now with imagers when you're in manufacturing. And you do that so that if you get 300 bad ones you can see exactly when that started and what happened at the machine level, right? So, >> That's a good one. >> We're just constantly collecting massive volumes of new data, and being able to store that reliably is everything. >> Well, and the reason I'm asking is you guys have been around for a while and your a highly distributed organization so, in the old days, even still today, you'd build, you'd get a server for an application, you'd harden that application, you'd secure that box and the application running on it, you'd lock the data inside and, my question is, can, the backup approach, the data protection approach, the data management, or whatever we want to call it, can it help solve that data silo problem? Is that part of the strategy or is it just too early for that? >> I'm, sorry, I'm going to get you to repeat that question in a slightly different way. >> Yeah so, am I correct that you've got data in silos from all the years and years and years of building up applications and-- >> I mean, we have-- >> And can you use something like Veeam to help unify that data model? >> Draw that all together? Yeah. I think a lot of that has, it's more on the hosting side, right? So it depends on how those systems were rolled out originally and all that kind of thing. But yeah, as we've moved towards Veeam, we've necessarily rebuilt some of those systems in such a way that they are more aggregated and that Veeam can pick them up in an integrated kind of way. >> You see that as a common theme? Veeam as one of the levers of the fulcrum to new data architecture? >> We're getting there, so here's the trick. So, first you got to solve for basic protection, right? But the next thing along the way to really get towards data management is you got to know what you got, right? You got to know what's actually in those zeros and ones. And so, some of the things that you've already seen from us are around what we do around GDPR compliance, some of the things we do around sanitization of data for DevOps scenarios and reuse scenarios. All of that opens up a box of, okay, now that the data is curated. Now that it's ingested into our system, what else can you do with it? You know, when I talk to C-level execs, what I tell them is, data protection, no matter who it comes from, including Veeam, is really expensive if the only thing you do is put that data in a box and wait for bad things to happen, right? Now the good news is, bad things are going to happen, so you're going to get ROI. But better is don't just leave your data in a box, right? Do other stuff with that data, unlock the value of it and some of that value comes in, now that I'm more aware of it, let's reduce some of the copies, let's reduce some of the compliance mandates. Let's only put data that has sovereignty requirements where it goes, but to do all of that, you got to know what you got. >> Go ahead, please. >> There was some impressive demo yesterday about exactly that, so, we have the data. You can use the API to script it and you can do all kinds of, basically, you're limited by your imagination. So it's going to be fascinating to see what customers do with it once they've put it in place, they've got their data protected. And then they start playing with things, come to a conference like this and learn, ooh, I might just give that a try on my data when I get back home. >> That's right. >> We'll give the customer the last word, Nathan. Impressions of VeeamON 2019? >> It's been great. And like I say, if you're a company that's been using Veeam even for a while, and you have your entry level setup for backup and recovery and I think there's a lot of, probably, companies out there that use Veeam in that kind of way, this is a great place to have a better understanding of all that's available to you in that product. And there's a lot more than just meets the eye. >> And it's fun, good food, fun people. Thanks you guys for coming on, really appreciate it. >> Yeah, thank you. >> Alright, keep it right there, buddy, we'll be back with our next guest, you're watching theCUBE, Dave Vellante, Justin Warren, and Peter Burris is also here. VeeamON 2019, we'll be right back. (electronic music)

(mellow music) >> Announcer: Live, from New Orleans, it's theCUBE, covering Veeam ON, 2017, brought to you by Veeam. >> We're back at the big easy, this is theCUBE, the leader in live tech coverage Dave Valente with Stu Miniman, Jason Buffington, long time CUBE guest and lead analyst at ESG, Jason, great to see you again. >> Thanks for having me >> @JBuff you're welcome, it's always a pleasure. You are an icon in this business. Ratmeyer today on theCUBE brought you up, said my friend, Jason Buffington, made an observation about the industry, and it's great to see you again. >> Thank you. >> So, you got some good play in the keynotes this morning, you guys just recently did a study that you spearheaded, talking about the availability gap, tell us about that research. >> So, 24 countries, a little under 1100 enterprises. So all organizations, over 1000 employees, and what we wanted to look at was how often are you down, how much does it cost when you're down, what are the differences between what the business expects of you, versus what you can actually deliver. Right, and by the way, that's the definition of the gap. Right, so the business expects that we cannot tolerate more than 30 minutes of downtime, and yet your fail over window is two hours. You have the availability gap. If the business says I cannot tolerate more than an hour of data loss, but you only backup once per night, you have a protection gap, right. So, looking at those gaps between the business expectations, and what IT can deliver, via whatever tools they're using, it was an unbiased panel, is what we went off and quantified. There were some really interesting numbers in there. >> Were you able to go to the same firm and ask of business people and IT people at the same firm? >> No, in this case what we did is we looked for IT decision makers who were familiar with the data protection processes they were using, and as well as being able to speak to business issues. So kind of look for the director IT, VP IT, someone who already has the business grade conversation. Probably the person who is being held accountable by the business units when IT fails to deliver. >> Do you think that, we've had a bunch of conversations with the practitioners today about what's the business conversation like, "well we go to the business" "and say how much data are you willing to lose." "Well none!" and then they go back and say >> There's a price for that >> There's a price for that, right. And most are not doing charge backs, some are doing show backs, so it's up to IT to say okay, look, we know they can't afford it. We can't afford it, so this is the level of service that we're going to give them. Do you think that's where the availability gap exists? Or is it because people have the wrong architecture, the wrong processes? >> I think it's more the former than the latter. I did a breakout session on this report earlier today. There was a great question in Q & A, why is it backup is still broken? Why is it no one can fix these gaps? And, what I offered them was that there's a lot of folks that just underestimate backup. They think of it as a cost center. They think it's always broken. Well, backup is not broken, the problem is if we were all still using Windows server 2003 physical boxes and exchange and sequel were still on pram and file was just that, we'd have solved backup ten years ago, right. But every time that you modernize production, it forces a modernization of protection. If you do it reactively, it's because you put in this brand new shiny flex pod or v-block or whatever, and figured out oh that legacy backup doesn't work. If you do it proactively, then you're catching up with things. But the problem is if you underestimate the importance of that, you get these gaps, right? So, what I counseled to the room that I was in was the first thing you have to do is you have to stop talking about data protection, even availability as an IT problem. It is a business impact cause, period. Right, so the first thing you want to do is you want to get all the tech out of the conversation. So, I offer a formula up, I published a book back in 2010, and there's a free chapter. I'll get it to you, so you can put in online, but I basically breakdown the cost of downtime into four values. There's the cost of lost data, there's the cost of lost productivity, right. So there's time down and time you have to repeat. And you can equate those to R2 and RPO. But a parentheses around those and times what's the human cost plus the profitability cost. And that's overly simple, but the point is if you know how long you're down, if you know how much data you will have lost, multiply that times how many butts and seats are sitting idle and how much did the inside sales department not sell that hour, right. That tells you cost of outage. And then all you have to do at that point, and there's no tack in that, right. It's just what is your RPO in real, what's your RTO in real, how much do your humans cost, how much does your department lose? If you have those four things, you know how much the problem is. Then, all you have to do is just go back to your system log and say how many times did that happen this year. If you do that, you've turned an IT problem into a business problem. Anytime I get a hold of C-level executives, the first thing I talk to them about availability is downtime is not in your budget, right. The idea of doing nothing costs you money. That's not in your budget and I guarantee of you did a data protection and availability solution, that will cost you less to your bottom line than the downtime that's unplanned that you have not budgeted for. >> Jason, Ratmere in the keynote this morning talked about the last ten years and they launched a new logo, talked a lot about cloud and physical and the next 10 years. What's your take on the message? Veeam just changed the leadership up a little bit. Are they in a transitional phase? Where are they positioned for kind of that next wave? >> So, the whole market's kind of in a transitional phase. So, I've been in data protection for 28 years. The only thing I've done since before getting out of school. Every time that we've had a major IT platform shift, the leaders in data protection have not made that jump, right. I started when we were doing mid-range, going to netware and over to Windows. >> That was what Ratmeyer was saying today. I didn't want to steal your thunder, so I'm glad you've brought this up. He noted that you had observed this, so carry on. >> Yeah so in times passed, we went went from physical to virtual servers, those leaders didn't make the jump and Veeam did, right. Veeam kind of took the crown on that for this whole last run. Our platform is shifting again, right. Now the difference this time around is and by the way the reason that most people don't make the jump is because whatever made you great from a technology perspective the last time around, doesn't apply to the new platform, right. So, NLMs didn't apply to Windows, agents didn't apply to hosts. We're now moving into cloud, but it's not a cloud, right. Some folks want IS, some want SAS. Neither of those use the same approaches that Veeam's secret sauce for host-based protection will carry for. So, the industry is in kind of a flux, and the other thing which is different this time around is when I was helping people move on to Windows NT, the presumption was we we're going to shutdown all the netware when we were done, right. For most of us, as we move into virtual machines, the presumption was we'd get rid of the metal on the way out. In this case though, cloud is not necessarily the end state, the end state is hybrid. Some data will be on pram, most of that data will be virtualized, some of it will still be physical. Right, the data that's in the cloud. Some of it will just be cloud stores, some of it will be the IS hosted VM, some of it will be SAS. But that's not because it's a prolonged transition, it's because we shouldn't be talking about migration, we should be talking about agility, where some data starts in the cloud and comes home. Other data starts on pram and moves, or from cloud to cloud. Because of that multi-cloud hybrid architecture, if that's the new end state for what IT is going to be delivering on, then the rules change. There is no secret sauce that carries from the last generation over. Certainly, Veeam's going to continue to be thought of as the virtualization data protection solution. But, if you think about they've added agents for physical, they've added cloud-based support on the back end. They announced more support for Office 365 and SAS. They're not a virtualization only play anymore. So, the market is going to have to take a reset, where everybody is unified, the difference is you've got the legacy folks that are unified and trying to catch up on virtualization features. And you've got Veeam, who is unified, where their virtualization is their strong suit, and cloud hosted and physical are the catch ups. So they're flying in opposite directions. >> So, you're saying that Veeam's secret sauce doesn't and virtualization doesn't necessarily carry over, however, they're making moves that will allow them to bridge, is that right? >> Absolutely, so unlike everyone else, who is in that virtualization wave, who solved the end protection and then happily got sold for their IP and you don't know those brands anymore. In this case, Veeam has continually looked at what else do people need, let's go do that. So, 4 or 5 years ago they added snapshot support, which wasn't necessary, but added more scenarios. Then, they added tape, who adds tape in 2015? Right, but they did because they recognized that people needed tape out, and since then they've added cloud, a couple different versions of cloud. This week they announced continuous data protection. Now, I'm glad no one from SNIA is around, cause they have a very prescriptive definition of what CDP is supposed to look like, and this isn't exactly that, so it's really more like KCDP, Kind of CDP, kind of thing. But, they continue to arrow the edges. They added physical support, those agents walls will allow them for IS hosted. They're not unified anymore, and that forward motion, but the moment they've got coming off of the first strategy, that's what's going to keep them moving forward for the next ten years. >> What makes is not KCDP, and makes it pure CDP? Just an infinite granularity or? >> Well, if you ask SNIA folks, they would tell you it's not just about infinite granularity on the protection, it's also infinite recoverability on the way back. So every single microsecond, so-- >> Stu: That's CRR isn't it? >> Yeah, think more like sequel does with every given transaction, could we go back to a given point. >> You need a data base to be involved, to actually get there. >> Yeah, but again, what I think is interesting is it's not just about backup, so in the availability report we talked about the gap between how little downtime that an organization can tolerate, versus just backup can't meet that goal. You can't recover fast enough if the only thing you're going to do is restore from backup. So, being able to integrate snapshots, being able to have replication, which shrinks down that data loss window considerably, that's how you meet the rest of the story, that backup alone can't do. And kudos to Veeam for doing it. >> Jason, how should we think about some of these emerging players who are actually in Veeam's ecosystem? Like Rubric or Cohesity, or Datos. Datos is not here, These sort of new, emerging, they don't want to call themselves backup players, they want to call themselves data protection or availability. How should we think about those emerging players? >> So, I have a category in a slide. I put them all in the category that I lovingly call the disrupters, right, because it forces you to reconsider the conversation. If you kind of step back and I could put Veeam and some of the other legacy unified enterprise class data protection products in one category, and what all of them are saying is let's take the backups that you know and trust us with. We're going to add indexing, we're going to add orchestration, we're going to help you do more with your data along the way. The end result is what the industry is calling copy data management. What else can you do with that data, which is otherwise dormant, sitting away in a store. What the disrupter category would tell you, is instead of starting with backup, and trying to evolve it forward, start with new storage. Think of the things you could do with a new paradigm for storage. >> So, the storage that would automatically know where the footprints are, that would automatically back you up along the way, that would automatically allow for copy data management type scenarios. So, again, it's two ways to get there. There's the backup first approach, and building on who you trust, then, there's the, if you want to start over again, have I got a deal for you. And that's going to be really interesting. For the rest of 2017 and 2018, the whole space of copy data management, copy data virtualization, copy data fill in the blank, that whole idea of good, better, best. Good, keep all your data as long as you need. Better, and get rid of it a moment longer. Then best, what else can you do with it. Analytics, testing, reporting, et cetera. That'll be an interesting market to watch, and one that now that Veeam is broad enough, will start to play in now as the year moves forward. >> Jason, like us, you go to a lot of these conferences. You've been to the Veeam on trail, which was our first one here. For the audience it's not here. What differentiates this show from some of the other ones you go to. What excites you about the community, the show itself, anything surrounding it? >> Sure, Veeam has a wonderful sense of community that most of the other vendors have just not been able to capitalize on. You know, there's certainly, there are many many thousands of IT professionals that have made their career out of this storage platform, or that backup software platform, et cetera. And, they're all good for support. Veeam has somehow cracked that code like Microsoft MVPs. The difference between a post-sale's we'll help you if you want, to a pre-sale's advocates. They literally have a green army walking around on this floor, who is delighted to tell anybody who will listen how Veeam saved their bacon, gave them back their weekend, et cetera. That energy of community, that's what's different about not only Veeam ON, it's also what's different about like a Veeam party at Vmworld or a Microsoft event. That culture and community, they've tapped something special there, and it shows in their results. >> Alright, we've got to wrap there, but I'll give you the last word, any upcoming research we should be paying attention to, or you want to promote a little bit? >> Sure, my blog within ESG is technicaloptimist.com. I do primary research on a whole bunch of things. Next ones coming out are on data protection modernization. So, why are people staying put or changing. If so, why or why not, and then what features matter most. So that's the next one that'll come out for me, and then over the summer I'm going to look at appliances as form factor, there's a lot of those to look at this week. What the affect of the DVA and the VM are having in the market, and then also more on the availability study. What we did for Veeam was so interesting ESG is going to go and take a few other angles and look at it some more. >> Awesome, great research agenda you've got upcoming. We will be looking for that, so, Jason, thanks very much, it was a pleasure to see you. >> Thanks for having me. >> You're welcome, alright, keep it right there buddy. We'll be back, with our next guest at theCUBE. We're live from Veeam ON, 2017 in New Orleans, We'll be right back. (upbeat music)