(upbeat music) >> Welcome back friends. It's theCUBE LIVE in Las Vegas at the Venetian Expo, covering the first full day of AWS re:Invent 2022. I'm Lisa Martin, and I have the privilege of working much of this week with Dave Vellante. >> Hey. Yeah, it's good to be with you Lisa. >> It's always good to be with you. Dave, this show is, I can't say enough about the energy. It just keeps multiplying as I've been out on the show floor for a few minutes here and there. We've been having great conversations about cloud migration, digital transformation, business transformation. You name it, we're talking about it. >> Yeah, and I got to say the soccer Christians are really happy. (Lisa laughing) >> Right? Because the USA made it through. So that's a lot of additional excitement. >> That's true. >> People were crowded around the TVs at lunchtime. >> They were, they were. >> So yeah, but back to data. >> Back to data. We have a couple of guests here. We're going to be talking a lot with customer challenges, how they're helping to overcome them. Please welcome Kevin Zawodzinski, VP of Sales Engineering at COMMVAULT. >> Thank you. >> And Paul Meighan, Director of Product Management at AWS. Guys, it's great to have you on the program. Thank you for joining us. >> Thanks for having us. >> Thanks for having us. >> Isn't it great to be back in person? >> Paul: It really is. >> Kevin: Hell, yeah. >> You cannot replicate this on virtual, you just can't. It's nice to see how excited people are to be back. There's been a ton of buzz on our program today about Adam's keynote this morning. Amazing. A lot of synergies with the direction, Paul, that AWS is going in and where we're seeing its ecosystem as well. Paul, first question for you. Talk about, you know, in the customer environment, we know AWS is very customer obsessed. Some of the main challenges customers are facing today is they really continue this business transformation, this digital transformation, and they move to cloud native apps. What are some of those challenges and how do you help them eradicate those? >> Well, I can tell you that the biggest contribution that we make is really by focusing on the fundamentals when it comes to running storage at scale, right? So Amazon S3 is unique, distributed architecture, you know, it really does deliver on those fundamentals of durability, availability, performance, security and it does it at virtually unlimited scale, right? I mean, you guys have talked to a lot of storage folks in the industry and anyone who's run an estate at scale knows that doing that and executing on those fundamentals day after day is just super hard, right? And so we come to work every day, we focus on the fundamentals, and that focus allows customers to spend their time thinking about innovation instead of on how to keep their data durably stored. >> Well, and you guys both came out of the storage world. >> Right. >> Yeah, yeah. >> It was a box world, (Kevin laughs) and it ain't no more. >> Kevin: That's right, absolutely. >> It's a service and a service of scale. >> Kevin: Yeah. So architecture matters, right? >> Yeah. >> Yeah. >> Paul, talk a little bit about, speaking of innovation, talk about the evolution of S3. It's been around for a while now. Everyone knows it, loves it, but how has AWS architected it to really help meet customers where they are? >> Paul: Right. >> Because we know, again, there's that customer first focus. You write the press release down the road, you then follow that. How is it evolving? >> Well, I can tell you that architecture matters a lot and the architecture of Amazon S3 is pretty unique, right? I think, you know, the most important thing to understand about the architecture of S3 is that it is truly a regional service. So we're laid out across a minimum of 3 Availability Zones, or AZs, which are physically separated and isolated and have a distance of miles between them to protect against local events like floods and fires and power interruption, stuff like that. And so when you give us an object, we distribute that data across that minimum of 3 Availability Zones and then within multiple devices within each AZ, right? And so what that means is that when you store data with us, your data is on storage that's able to tolerate the failure of multiple devices with no impact to the integrity of your data, which is super powerful. And then again, super hard to do when you're trying to roll your own. So that's sort of a, like an overview of the architecture. In terms of how we think about our roadmap, you know, 90% of our roadmap comes directly from what customers tell us matters, and that's a tenant of how we think about customer obsession at AWS and it really is how we drive a roadmap. >> Right, so speaking of customers Kevin, what are customers asking you guys- >> Yeah. >> for, how does it relate to what you're doing with S3? >> Yeah, it's a wonderful question and one that is actually really appropriate for us being at re:Invent, right? So we got, last three years we've had customers here with us on stage talking about it. First of all, 3 years ago we did a virtual session, unfortunately, but glad to be back as you mentioned, with Coca-Cola and theirs was about scale and scope and really about how can we protect hundreds of thousands of objects, petabyte to data, in a simple and secure way, right. Then last year we actually met with a ACT, Inc. as well and co-presented with them and really talked about how we could protect modern workloads and their modern workloads around whether it was Aurora or as well as EKS and how they continue to evolve as well. And, last but not least it's going to be, this year we're talking with Illinois State University as well about how they're going to continue to grow, adapt and really leverage AWS and ourselves to further their support of their teachers and their staff. So that is really helping us quite a bit to continue to move forward. And the things we're doing, again, with our customer base it's really around, focused on what's important to them, right? Customer obsession, how are we working with that? How are we making sure that we're listening to them? Again, working with AWS to understand how can we evolve together and really ultimately their journeys. As you heard, even with those 3 examples they're all very different, right? And that's the point, is that everybody's at a different point in the journey. They're at a different place from a modernization perspective. So we're helping them evolve, as they're helping us evolve as well, and transform with AWS. >> So very mature COMMVAULT stack, the S3 bucket and all the other capabilities. Paul, you just talked about coming together- >> Right. >> Dave: for your customers. >> Yeah, yeah, absolutely. And just, you know, we were talking the other day, Paul and I were talking the other day, it's been, you know, we've worked with AWS, with integration since 2009, right? So a long time, right? I mean, for some that may not seem like a long time ago, but it is, right? It's, you know, over a decade of time and we've really advanced that integration considerably as well. >> What are some of the things that, I don't know if you had a chance to see the keynote this morning? >> Yeah, a little bit. >> What are some of the things that there was, and in fact this is funny, funny data point for you on data. One of my previous guests told me that Adam Selipsky spent exactly 52 minutes talking about data this morning. 52 minutes. >> Okay. >> That there's a data point. But talk about some of the things that he talked about, the direction AWS is going in, obviously new era in the last year. Talk about what you heard and how you think that will evolve the COMMVAULT-AWS relationship. >> Yeah, I think part of that is about flexibility, as Paul mentioned too, architecture matters, right? So as we evolve and some of the things that we pride ourselves on is that we developed our systems and our software and everything else to not worry about what do I have to build to today but how do I continue to evolve with my customer base? And that's what AWS does, right? And continues to do. So that's really how we would see the data environment. It's really about that integration. As they grow, as they add more features we're going to add more features as well. And we're right there with them, right? So there's a lot of things that we also talk about, Paul and I talk about, around, you know, how do we, like Graviton3 was brought up today around some of the innovations around that. We're supporting that with Auto Scale right now, right? So we're right there releasing, right when AWS releasing, co-developing things when necessary as well. >> So let's talk about security a little bit. First of all, what is COMMVAULT, right? You're not a security company but you're an adjacency to security. It's sort of, we're rethinking security. >> Kevin: Yep. >> including data protection, not a bolt-on anymore. You guys both have a background in that world and I'm sure that resonates. >> Yeah. >> So what is the security play here? What role does COMMVAULT play? I think we know pretty well what role AWS plays, but love to hear, Paul, your thoughts as well on security. >> Yeah, I'll start I guess. >> Go on Paul. >> Okay. Yeah, so on the security side of things, there's a quite a few things. So again, on the development side of things, we do things like file anomaly detection, so seeing patterns in data. We talked a lot about analytics as well in the keynote this morning. We look at what is happening in the customer environment, if there's something odd or out of place that's happening, we can detect that and we'll notify people. And we've seen that, we have case studies about that. Other things we do are simple, simple but elegant. Is with our security dashboard. So we'll use our security dashboard to show best practices. Are they using Multi-Factor Authentication? Are you viewing password complexity? You know, things like that. And allows people to understand from a security landscape perspective, how do we layer in protection with their other systems around security. We don't profess to be the security company, or a security company, but we help, you know, obviously add in those additional layers. >> And obviously you're securing, you know, the S3 piece of it. >> Mmmhmm. >> You know, from your standpoint because building it in. >> That's right. And we can tell you that for us, security is job zero. And anyone at AWS will tell you that, and not only that but it will always be our top priority. Right from the infrastructure on down. We're very focused on our shared responsibility model where we handle security from the hypervisor, or host operating system level, down to the physical security of the facilities in which our services run and then it's our customer's responsibility to build secure applications, right. >> Yeah. And you talk about Graviton earlier, Nitro comes into play and how you're, sort of, fencing off, you know, the various components of the system from the operating system, the VMs, and then that is designed in and that's a new evolution that it comes as part of the package. >> Yeah, absolutely. >> Absolutely. >> Paul, talk a little bit about, you know, security, talking about that we had so many conversations this year alone about the threat landscape and how it's dramatically changing, it's top of mind for everybody. Huge rise in ransomware attacks. Ransomware is now, when are we going to get hit? How often? What's the damage going to be? Rather than, are we going to get hit? It's, unfortunately it's progressed in that direction. How does ensuring data security impact how you're planning the roadmap at AWS and how are partners involved in shaping that? >> Right, so like I said, you know, 90% of our roadmap comes from what customers tell us matters, right? And clearly this is an issue that matters very much to customers right now, right? And so, you know, we're certainly hearing that from customers, and COMMVAULT, and partners like COMMVAULT have a big role to play in helping customers to secure and protect their applications, right? And that's why it's so critical that we come together here at re:Invent and we have a bunch of time here at the show with the COMMVAULT technical folks to talk through what they're hearing from customers and what we're hearing. And we have a number of regular touch points throughout the year as well, right? And so what COMMVAULT gets from the relationship is, sort of, early access and feedback into our features and roadmap. And what we get out of it really is that feedback from that large number of customers who interface with Amazon S3 through COMMVAULT. Who are using S3 as a backup target behind COMMVAULT, right? And so, you know, that partnership really allows us to get close to those customers and understand what really matters to them. >> Are you doing joint engineering, or is it more just, hey here you go COMMVAULT, here's the tools available, go, go build. Can you address that? >> Yeah, no, absolutely. There's definitely joint engineering like even things around, you know, data migration and movement of data, we integrate really well and we talk a lot about, hey, what are you, like as Paul mentioned, what are you seeing out there? We actually, I just left a conversation about an hour ago where we're talking about, you know, where are we seeing placement of data and how does that matter to, do you put it on, you know, instant access, or do you put it on Glacier, you know, what should be the best practices? And we tell them, again, some of the telemetry data that we have around what do we see customers doing, what's the patterns of data? And then we feed that back in and we use that to create joint solutions as well. >> You know, I wonder if we could talk about cloud, you know, optimization of cloud costs for a minute. That's obviously a big discussion point in the hallways with customers. And on your earnings call you guys talked about specifically some customers and they specifically mentioned, for example, pushing storage to lower cost tiers. So you brought up Glacier just then. What are you seeing in the field in that regard? How are customers taking advantage of that? And where does COMMVAULT play in, sort of, helping make that decision? >> You want to take part one or you want me to take it? >> I can take part one. I can tell you that, you know, we're very focused on helping customers optimize costs, however necessary, right? And, you know, we introduced intelligent hearing here at the show in 2019 and since launch it's helped customers to reduce costs by over $750 million, right? So that's a real commitment to optimizing costs on behalf of customers. We also launched, you know, later in 2020, Glacier Deep Archive, which is the lowest cost storage in the cloud. So it's an important piece of the puzzle, is to provide those storage options that can allow customers to match the workloads that are, that need to be on folder storage to the appropriate store. >> Yeah, and so, you know, S3 is not this, you know, backup and recovery system, not an archiving system and, you know, in terms of, but you have that intelligence in your platform. 'Cause when I heard that from the earnings call I was like, okay, how do customers then go about deciding what they can, you know, when it's all good times, like yeah, who cares? You know, just go, go, go. But when you got to tighten the belt, how do you guys? >> Yeah, and that goes back to understanding the data pattern. So some of that is we have intelligence and artificial intelligence and everything else and machine learning within our, so we can detect those patterns, right? We understand the patterns, we learn from that and we help customers right size, right. So ultimately we do see a blend, right? As Paul mentioned, we see, you know, hey I'm not going to put everything on Glacier necessarily upfront. Maybe they are, it all depends on their workloads and patterns. So we use the data that we collect from the different customers that we have to share those best practices out and create, you know, the right templates, so to speak, in ways for people to apply it. >> Guys, great joint, you talked about the joint engineering, joint go to market, obviously a very strong synergistic partnership between the two. A lot of excitement. This is only day one, I can only imagine what's going to be coming the next couple of days. But I have one final question for you, but I have same question for both of you. You had the chance to create your own bumper sticker, so you get a shiny new car and for some reason you want to put a bumper sticker on it. About COMMVAULT, what would it say? >> Yeah, so for me I would say comprehensive, yet simple, right? So ultimately about giving you all the bells and whistles but if you want to be very simple we can help you in every shape and form. >> Paul, what's your bumper sticker say about AWS? >> I would say that AWS starts with the customer and works backwards from there. >> Great one. >> Excellent. Guys- >> Kevin: Well done. >> it's been a pleasure to have you on the program. Thank you- >> Kevin: Thank you. >> for sharing what's going on, the updates on the AWS-COMMVAULT partnership and what's in it for customers. We appreciate it. >> Dave: Thanks you guys. >> Thanks a lot. >> Thank you. >> All right. For our guests and Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live enterprise and emerging tech coverage. (upbeat music)

>> The rapid rise of ransomware attacks has added yet another challenge that business technology executives have to worry about these days. Cloud storage, immutability and air gaps have become a must have arrows in the quiver of organization's data protection strategies. But the important reality that practitioners have embraced is data protection, it can't be an afterthought or a bolt on, it has to be designed into the operational workflow of technology systems. The problem is oftentimes data protection is complicated with a variety of different products, services, software components, and storage formats. This is why object storage is moving to the forefront of data protection use cases because it's simpler and less expensive. The put data get data syntax has always been alluring but object storage historically was seen as this low cost niche solution that couldn't offer the performance required for demanding workloads, forcing customers to make hard trade offs between cost and performance. That has changed. The ascendancy of cloud storage generally in the S3 format specifically has catapulted object storage to become a first class citizen in a mainstream technology. Moreover, innovative companies have invested to bring object storage performance to parody with other storage formats. But cloud costs are often a barrier for many companies as the monthly cloud bill and egress fees in particular steadily climb. Welcome to Secure Storage Hot Takes. My name is Dave Vellante and I'll be your host of the program today, where we introduce our community to Wasabi, a company that is purpose built to solve this specific problem with what it claims to be the most cost effective and secure solution on the market. We have three segments today to dig into these issues. First up is David Friend, the well known entrepreneur, who co-founded Carbonite and now Wasabi. We'll then dig into the product with Drew Schlussel of Wasabi. And then we'll bring in the customer perspective with Kevin Warenda of the Hotchkiss, cool. Let's get right into it. We're here with David Friend, the President and CEO, and co-founder of Wasabi, the hot storage company. David, welcome to theCUBE. >> Thanks, Dave. Nice to be here. >> Great to have you. So look, you hit a home run with Carbonite back when building a unicorn was a lot more rare than it has been in the last few years. Why did you start Wasabi? >> Well, when I was still CEO of Wasabi, my genius co-founder, Jeff Flowers, and our chief architect came to me and said, you know, when we started this company, a state of the art disc drive was probably 500 gigabytes. And now we're looking at eight terabyte, 16 terabyte, 20 terabyte, even hundred terabyte drives coming down the road. And, you know, sooner or later the old architectures that were designed around these much smaller disc drives is going to run out of steam, because even though the capacities are getting bigger and bigger, the speed with which you can get data on and off of a hard drive isn't really changing all that much. And Jeff foresaw a day when the architectures of sort of legacy storage like Amazon S3 and so forth, was going to become very inefficient and slow. And so he came up with a new highly parallelized architecture, and he said, I want to go off and see if I can make this work. So I said, you know, good luck go to it. And they went off and spent about a year and a half in the lab designing and testing this new storage architecture. And when they got it working, I looked at the economics of this and I said, holy cow, we could sell cloud storage for a fraction of the price of Amazon, still make very good gross margins and it will be faster. So this is a whole new generation of object storage that you guys have invented. So I recruited a new CEO for Carbonite and left to found Wasabi because the market for cloud storage is almost infinite, you know? When you look at all the world's data, you know, IDC has these crazy numbers, 120 zettabytes or something like that. And if you look at that as, you know, the potential market size during that data we're talking trillions of dollars, not billions. And so I said, look, this is a great opportunity. If you look back 10 years, all the world's data was on prem. If you look forward 10 years, most people agree that most of the world's data is going to live in the cloud. We're at the beginning of this migration, we've got an opportunity here to build an enormous company. >> That's very exciting. I mean, you've always been a trend spotter and I want to get your perspectives on data protection and how it's changed. It's obviously on people's minds with all the ransomware attacks and security breaches but thinking about your experiences and past observations, what's changed in data protection and what's driving the current very high interest in the topic? >> Well, I think, you know, from a data protection standpoint, immutability, the equivalent of the old worm tapes but applied to cloud storage is, you know, become core to the backup strategies and disaster recovery strategies for most companies. And if you look at our partners who make backup software like VEEAM, Commvault, Veritas, Arcserve, and so forth, most of them are really taking advantage of mutable cloud storage as a way to protect customer data, customers backups from ransomware. So the ransomware guys are pretty clever and they, you know, they discovered early on that if someone could do a full restore from their backups they're never going to pay a ransom. So once they penetrate your system, they get pretty good at sort of watching how you do your backups and before they encrypt your primary data, they figure out some way to destroy or encrypt your backups as well so that you can't do a full restore from your backups, and that's where immutability comes in. You know, in the old days you wrote what was called a worm tape, you know? Write once read many. And those could not be overwritten or modified once they were written. And so we said, let's come up with an equivalent of that for the cloud. And it's very tricky software, you know, it involves all kinds of encryption algorithms and blockchain and this kind of stuff. But, you know, the net result is, if you store your backups in immutable buckets in a product like Wasabi, you can't alter it or delete it for some period of time. So you could put a timer on it, say a year or six months or something like that. Once that date is written, you know, there's no way you can go in and change it, modify it or anything like that, including even Wasabi's engineers. >> So, David, I want to ask you about data sovereignty, it's obviously a big deal. I mean, especially for companies with a presence overseas but what's really is any digital business these days? How should companies think about approaching data sovereignty? Is it just large firms that should be worried about this? Or should everybody be concerned? What's your point of view? >> Well, all around the world countries are imposing data sovereignty laws. And if you're in the storage business, like we are, if you don't have physical data storage in country you're probably not going to get most of the business. You know, since Christmas we've built data centers in Toronto, London, Frankfurt, Paris, Sydney, Singapore and I've probably forgotten one or two. But the reason we do that is twofold. One is, you know, if you're closer to the customer, you're going to get better response time, lower latency and that's just a speed of light issue. But the bigger issue is, if you've got financial data, if you have healthcare data, if you have data relating to security, like surveillance videos and things of that sort, most countries are saying that data has to be stored in country, so you can't send it across borders to some other place. And if your business operates in multiple countries, you know, dealing with data sovereignty is going to become an increasingly important problem. >> So in may of 2018, that's when the fines associated with violating GDPR went into effect and GDPR was like this main spring of privacy and data protection laws. And we've seen it spawn other public policy things like the CCPA and it continues to evolve. We see judgements in Europe against big tech and this tech lash that's in the news in the US and the elimination of third party cookies. What does this all mean for data protection in the 2020s? >> Well, you know, every region and every country, you know, has their own idea about privacy, about security, about the use of, even the use of metadata surrounding, you know, customer data and things to this sort. So, you know, it's getting to be increasingly complicated because GDPR, for example, imposes different standards from the kind of privacy standards that we have here in the US. Canada has a somewhat different set of data sovereignty issues and privacy issues. So it's getting to be an increasingly complex, you know, mosaic of rules and regulations around the world. And this makes it even more difficult for enterprises to run their own, you know, infrastructure because companies like Wasabi where we have physical data centers in all kinds of different markets around the world. And we've already dealt with the business of how to meet the requirements of GDPR and how to meet the requirements of some of the countries in Asia, and so forth. You know, rather than an enterprise doing that just for themselves, if you running your applications or keeping your data in the cloud, you know, now a company like Wasabi with, you know, 34,000 customers, we can go to all the trouble of meeting these local requirements on behalf of our entire customer base. And that's a lot more efficient and a lot more cost effective than if each individual country has to go deal with the local regulatory authorities. >> Yeah. It's compliance by design, not by chance. Okay, let's zoom out for the final question, David. Thinking about the discussion that we've had around ransomware and data protection and regulations. What does it mean for a business's operational strategy and how do you think organizations will need to adapt in the coming years? >> Well, you know, I think there are a lot of forces driving companies to the cloud and, you know, and I do believe that if you come back five or 10 years from now, you're going to see majority of the world's data is going to be living in the cloud. And I think, storage, data storage is going to be a commodity much like electricity or bandwidth. And it's going to be done right, it will comply with the local regulations, it'll be fast, it'll be local. And there will be no strategic advantage that I can think of for somebody to stand up and run their own storage, especially considering the cost differential. You know, the most analysts think that the full all in costs of running your own storage is in the 20 to 40 terabytes per month range. Whereas, you know, if you migrate your data to the cloud like Wasabi, you're talking probably $6 a month. And so I think people are learning how to, are learning how to deal with the idea of an architecture that involves storing your data in the cloud, as opposed to, you know, storing your data locally. >> Wow. That's like a six X more expensive and the clouds more than six X. >> Yeah. >> All right, thank you, David. Go ahead, please. >> In addition to which, you know, just finding the people to babysit this kind of equipment has become nearly impossible today. >> Well, and with a focus on digital business you don't want to be wasting your time with that kind of heavy lifting. David, thanks so much for coming on theCUBE. Great Boston entrepreneur, we've followed your career for a long time and looking forward to the future. >> Thank you. >> Okay, in a moment, Drew Schlussel will join me and we're going to dig more into product. You're watching theCUBE, the leader in enterprise and emerging tech coverage. Keep it right there. (upbeat music)

>> The rapid rise of ransomware attacks has added yet another challenge that business technology executives have to worry about these days, cloud storage, immutability, and air gaps have become a must have arrows in the quiver of organization's data protection strategies. But the important reality that practitioners have embraced is data protection, it can't be an afterthought or a bolt on it, has to be designed into the operational workflow of technology systems. The problem is, oftentimes, data protection is complicated with a variety of different products, services, software components, and storage formats, this is why object storage is moving to the forefront of data protection use cases because it's simpler and less expensive. The put data get data syntax has always been alluring, but object storage, historically, was seen as this low-cost niche solution that couldn't offer the performance required for demanding workloads, forcing customers to make hard tradeoffs between cost and performance. That has changed, the ascendancy of cloud storage generally in the S3 format specifically has catapulted object storage to become a first class citizen in a mainstream technology. Moreover, innovative companies have invested to bring object storage performance to parity with other storage formats, but cloud costs are often a barrier for many companies as the monthly cloud bill and egress fees in particular steadily climb. Welcome to Secure Storage Hot Takes, my name is Dave Vellante, and I'll be your host of the program today, where we introduce our community to Wasabi, a company that is purpose-built to solve this specific problem with what it claims to be the most cost effective and secure solution on the market. We have three segments today to dig into these issues, first up is David Friend, the well known entrepreneur who co-founded Carbonite and now Wasabi will then dig into the product with Drew Schlussel of Wasabi, and then we'll bring in the customer perspective with Kevin Warenda of the Hotchkiss School, let's get right into it. We're here with David Friend, the President and CEO and Co-founder of Wasabi, the hot storage company, David, welcome to theCUBE. >> Thanks Dave, nice to be here. >> Great to have you, so look, you hit a home run with Carbonite back when building a unicorn was a lot more rare than it has been in the last few years, why did you start Wasabi? >> Well, when I was still CEO of Wasabi, my genius co-founder Jeff Flowers and our chief architect came to me and said, you know, when we started this company, a state of the art disk drive was probably 500 gigabytes and now we're looking at eight terabyte, 16 terabyte, 20 terabyte, even 100 terabyte drives coming down the road and, you know, sooner or later the old architectures that were designed around these much smaller disk drives is going to run out of steam because, even though the capacities are getting bigger and bigger, the speed with which you can get data on and off of a hard drive isn't really changing all that much. And Jeff foresaw a day when the architectures sort of legacy storage like Amazon S3 and so forth was going to become very inefficient and slow. And so he came up with a new, highly parallelized architecture, and he said, I want to go off and see if I can make this work. So I said, you know, good luck go to it and they went off and spent about a year and a half in the lab, designing and testing this new storage architecture and when they got it working, I looked at the economics of this and I said, holy cow, we can sell cloud storage for a fraction of the price of Amazon, still make very good gross margins and it will be faster. So this is a whole new generation of object storage that you guys have invented. So I recruited a new CEO for Carbonite and left to found Wasabi because the market for cloud storage is almost infinite. You know, when you look at all the world's data, you know, IDC has these crazy numbers, 120 zetabytes or something like that and if you look at that as you know, the potential market size during that data, we're talking trillions of dollars, not billions and so I said, look, this is a great opportunity, if you look back 10 years, all the world's data was on-prem, if you look forward 10 years, most people agree that most of the world's data is going to live in the cloud, we're at the beginning of this migration, we've got an opportunity here to build an enormous company. >> That's very exciting. I mean, you've always been a trend spotter, and I want to get your perspectives on data protection and how it's changed. It's obviously on people's minds with all the ransomware attacks and security breaches, but thinking about your experiences and past observations, what's changed in data protection and what's driving the current very high interest in the topic? >> Well, I think, you know, from a data protection standpoint, immutability, the equivalent of the old worm tapes, but applied to cloud storage is, you know, become core to the backup strategies and disaster recovery strategies for most companies. And if you look at our partners who make backup software like Veeam, Convo, Veritas, Arcserve, and so forth, most of them are really taking advantage of mutable cloud storage as a way to protect customer data, customers backups from ransomware. So the ransomware guys are pretty clever and they, you know, they discovered early on that if someone could do a full restore from their backups, they're never going to pay a ransom. So, once they penetrate your system, they get pretty good at sort of watching how you do your backups and before they encrypt your primary data, they figure out some way to destroy or encrypt your backups as well, so that you can't do a full restore from your backups. And that's where immutability comes in. You know, in the old days you, you wrote what was called a worm tape, you know, write once read many, and those could not be overwritten or modified once they were written. And so we said, let's come up with an equivalent of that for the cloud, and it's very tricky software, you know, it involves all kinds of encryption algorithms and blockchain and this kind of stuff but, you know, the net result is if you store your backups in immutable buckets, in a product like Wasabi, you can't alter it or delete it for some period of time, so you could put a timer on it, say a year or six months or something like that, once that data is written, you know, there's no way you can go in and change it, modify it, or anything like that, including even Wasabi's engineers. >> So, David, I want to ask you about data sovereignty. It's obviously a big deal, I mean, especially for companies with the presence overseas, but what's really is any digital business these days, how should companies think about approaching data sovereignty? Is it just large firms that should be worried about this? Or should everybody be concerned? What's your point of view? >> Well, all around the world countries are imposing data sovereignty laws and if you're in the storage business, like we are, if you don't have physical data storage in-country, you're probably not going to get most of the business. You know, since Christmas we've built data centers in Toronto, London, Frankfurt, Paris, Sydney, Singapore, and I've probably forgotten one or two, but the reason we do that is twofold; one is, you know, if you're closer to the customer, you're going to get better response time, lower latency, and that's just a speed of light issue. But the bigger issue is, if you've got financial data, if you have healthcare data, if you have data relating to security, like surveillance videos, and things of that sort, most countries are saying that data has to be stored in-country, so, you can't send it across borders to some other place. And if your business operates in multiple countries, you know, dealing with data sovereignty is going to become an increasingly important problem. >> So in May of 2018, that's when the fines associated with violating GDPR went into effect and GDPR was like this main spring of privacy and data protection laws and we've seen it spawn other public policy things like the CCPA and think it continues to evolve, we see judgments in Europe against big tech and this tech lash that's in the news in the U.S. and the elimination of third party cookies, what does this all mean for data protection in the 2020s? >> Well, you know, every region and every country, you know, has their own idea about privacy, about security, about the use of even the use of metadata surrounding, you know, customer data and things of this sort. So, you know, it's getting to be increasingly complicated because GDPR, for example, imposes different standards from the kind of privacy standards that we have here in the U.S., Canada has a somewhat different set of data sovereignty issues and privacy issues so it's getting to be an increasingly complex, you know, mosaic of rules and regulations around the world and this makes it even more difficult for enterprises to run their own, you know, infrastructure because companies like Wasabi, where we have physical data centers in all kinds of different markets around the world and we've already dealt with the business of how to meet the requirements of GDPR and how to meet the requirements of some of the countries in Asia and so forth, you know, rather than an enterprise doing that just for themselves, if you running your applications or keeping your data in the cloud, you know, now a company like Wasabi with, you know, 34,000 customers, we can go to all the trouble of meeting these local requirements on behalf of our entire customer base and that's a lot more efficient and a lot more cost effective than if each individual country has to go deal with the local regulatory authorities. >> Yeah, it's compliance by design, not by chance. Okay, let's zoom out for the final question, David, thinking about the discussion that we've had around ransomware and data protection and regulations, what does it mean for a business's operational strategy and how do you think organizations will need to adapt in the coming years? >> Well, you know, I think there are a lot of forces driving companies to the cloud and, you know, and I do believe that if you come back five or 10 years from now, you're going to see majority of the world's data is going to be living in the cloud and I think storage, data storage is going to be a commodity much like electricity or bandwidth, and it's going to be done right, it will comply with the local regulations, it'll be fast, it'll be local, and there will be no strategic advantage that I can think of for somebody to stand up and run their own storage, especially considering the cost differential, you know, the most analysts think that the full, all in costs of running your own storage is in the 20 to 40 terabytes per month range, whereas, you know, if you migrate your data to the cloud, like Wasabi, you're talking probably $6 a month and so I think people are learning how to deal with the idea of an architecture that involves storing your data in the cloud, as opposed to, you know, storing your data locally. >> Wow, that's like a six X more expensive in the clouds, more than six X, all right, thank you, David,-- >> In addition to which, you know, just finding the people to babysit this kind of equipment has become nearly impossible today. >> Well, and with a focus on digital business, you don't want to be wasting your time with that kind of heavy lifting. David, thanks so much for coming in theCUBE, a great Boston entrepreneur, we've followed your career for a long time and looking forward to the future. >> Thank you. >> Okay, in a moment, Drew Schlussel will join me and we're going to dig more into product, you're watching theCUBE, the leader in enterprise and emerging tech coverage, keep it right there. ♪ Whoa ♪ ♪ Brenda in sales got an email ♪ ♪ Click here for a trip to Bombay ♪ ♪ It's not even called Bombay anymore ♪ ♪ But you clicked it anyway ♪ ♪ And now our data's been held hostage ♪ ♪ And now we're on sinking ship ♪ ♪ And a hacker's in our system ♪ ♪ Just 'cause Brenda wanted a trip ♪ ♪ She clicked on something stupid ♪ ♪ And our data's out of our control ♪ ♪ Into the hands of a hacker's ♪ ♪ And he's a giant asshole. ♪ ♪ He encrypted it in his basement ♪ ♪ He wants a million bucks for the key ♪ ♪ And I'm pretty sure he's 15 ♪ ♪ And still going through puberty ♪ ♪ I know you didn't mean to do us wrong ♪ ♪ But now I'm dealing with this all week long ♪ ♪ To make you all aware ♪ ♪ Of all this ransomware ♪ ♪ That is why I'm singing you this song ♪ ♪ C'mon ♪ ♪ Take it from me ♪ ♪ The director of IT ♪ ♪ Don't click on that email from a prince Nairobi ♪ ♪ 'Cuz he's not really a prince ♪ ♪ Now our data's locked up on our screen ♪ ♪ Controlled by a kid who's just fifteen ♪ ♪ And he's using our money to buy a Ferrari ♪ (gentle music) >> Joining me now is Drew Schlussel, who is the Senior Director of Product Marketing at Wasabi, hey Drew, good to see you again, thanks for coming back in theCUBE. >> Dave, great to be here, great to see you. >> All right, let's get into it. You know, Drew, prior to the pandemic, Zero Trust, just like kind of like digital transformation was sort of a buzzword and now it's become a real thing, almost a mandate, what's Wasabi's take on Zero Trust. >> So, absolutely right, it's been around a while and now people are paying attention, Wasabi's take is Zero Trust is a good thing. You know, there are too many places, right, where the bad guys are getting in. And, you know, I think of Zero Trust as kind of smashing laziness, right? It takes a little work, it takes some planning, but you know, done properly and using the right technologies, using the right vendors, the rewards are, of course tremendous, right? You can put to rest the fears of ransomware and having your systems compromised. >> Well, and we're going to talk about this, but there's a lot of process and thinking involved and, you know, design and your Zero Trust and you don't want to be wasting time messing with infrastructure, so we're going to talk about that, there's a lot of discussion in the industry, Drew, about immutability and air gaps, I'd like you to share Wasabi's point of view on these topics, how do you approach it and what makes Wasabi different? >> So, in terms of air gap and immutability, right, the beautiful thing about object storage, which is what we do all the time is that it makes it that much easier, right, to have a secure immutable copy of your data someplace that's easy to access and doesn't cost you an arm and a leg to get your data back. You know, we're working with some of the best, you know, partners in the industry, you know, we're working with folks like, you know, Veeam, Commvault, Arc, Marquee, MSP360, all folks who understand that you need to have multiple copies of your data, you need to have a copy stored offsite, and that copy needs to be immutable and we can talk a little bit about what immutability is and what it really means. >> You know, I wonder if you could talk a little bit more about Wasabi's solution because, sometimes people don't understand, you actually are a cloud, you're not building on other people's public clouds and this storage is the one use case where it actually makes sense to do that, tell us a little bit more about Wasabi's approach and your solution. >> Yeah, I appreciate that, so there's definitely some misconception, we are our own cloud storage service, we don't run on top of anybody else, right, it's our systems, it's our software deployed globally and we interoperate because we adhere to the S3 standard, we interoperate with practically hundreds of applications, primarily in this case, right, we're talking about backup and recovery applications and it's such a simple process, right? I mean, just about everybody who's anybody in this business protecting data has the ability now to access cloud storage and so we've made it really simple, in many cases, you'll see Wasabi as you know, listed in the primary set of available vendors and, you know, put in your private keys, make sure that your account is locked down properly using, let's say multifactor authentication, and you've got a great place to store copies of your data securely. >> I mean, we just heard from David Friend, if I did my math right, he was talking about, you know, 1/6 the cost per terabyte per month, maybe even a little better than that, how are you able to achieve such attractive economics? >> Yeah, so, you know, I can't remember how to translate my fractions into percentages, but I think we talk a lot about being 80%, right, less expensive than the hyperscalers. And you know, we talked about this at Vermont, right? There's some secret sauce there and you know, we take a different approach to how we utilize the raw capacity to the effective capacity and the fact is we're also not having to run, you know, a few hundred other services, right? We do storage, plain and simple, all day, all the time, so we don't have to worry about overhead to support, you know, up and coming other services that are perhaps, you know, going to be a loss leader, right? Customers love it, right, they see the fact that their data is growing 40, 80% year over year, they know they need to have some place to keep it secure, and, you know, folks are flocking to us in droves, in fact, we're seeing a tremendous amount of migration actually right now, multiple petabytes being brought to Wasabi because folks have figured out that they can't afford to keep going with their current hyperscaler vendor. >> And immutability is a feature of your product, right? What the feature called? Can you double-click on that a little bit? >> Yeah, absolutely. So, the term in S3 is Object Lock and what that means is your application will write an object to cloud storage, and it will define a retention period, let's say a week. And for that period, that object is immutable, untouchable, cannot be altered in any way, shape, or form, the application can't change it, the system administration can't change it, Wasabi can't change it, okay, it is truly carved in stone. And this is something that it's been around for a while, but you're seeing a huge uptick, right, in adoption and support for that feature by all the major vendors and I named off a few earlier and the best part is that with immutability comes some sense of, well, it comes with not just a sense of security, it is security. Right, when you have data that cannot be altered by anybody, even if the bad guys compromise your account, they steal your credentials, right, they can't take away the data and that's a beautiful thing, a beautiful, beautiful thing. >> And you look like an S3 bucket, is that right? >> Yeah, I mean, we're fully compatible with the S3 API, so if you're using S3 API based applications today, it's a very simple matter of just kind of redirecting where you want to store your data, beautiful thing about backup and recovery, right, that's probably the simplest application, simple being a relative term, as far as lift and shift, right? Because that just means for your next full, right, point that at Wasabi, retain your other fulls, you know, for whatever 30, 60, 90 days, and then once you've kind of made that transition from vine to vine, you know, you're often running with Wasabi. >> I talked to my open about the allure of object storage historically, you know, the simplicity of the get put syntax, but what about performance? Are you able to deliver performance that's comparable to other storage formats? >> Oh yeah, absolutely, and we've got the performance numbers on the site to back that up, but I forgot to answer something earlier, right, you said that immutability is a feature and I want to make it very clear that it is a feature but it's an API request. Okay, so when you're talking about gets and puts and so forth, you know, the comment you made earlier about being 80% more cost effective or 80% less expensive, you know, that API call, right, is typically something that the other folks charge for, right, and I think we used the metaphor earlier about the refrigerator, but I'll use a different metaphor today, right? You can think of cloud storage as a magical coffee cup, right? It gets as big as you want to store as much coffee as you want and the coffee's always warm, right? And when you want to take a sip, there's no charge, you want to, you know, pop the lid and see how much coffee is in there, no charge, and that's an important thing, because when you're talking about millions or billions of objects, and you want to get a list of those objects, or you want to get the status of the immutable settings for those objects, anywhere else it's going to cost you money to look at your data, with Wasabi, no additional charge and that's part of the thing that sets us apart. >> Excellent, so thank you for that. So, you mentioned some partners before, how do partners fit into the Wasabi story? Where do you stop? Where do they pick up? You know, what do they bring? Can you give us maybe, a paint a picture for us example, or two? >> Sure, so, again, we just do storage, right, that is our sole purpose in life is to, you know, to safely and securely store our customer's data. And so they're working with their application vendors, whether it's, you know, active archive, backup and recovery, IOT, surveillance, media and entertainment workflows, right, those systems already know how to manage the data, manage the metadata, they just need some place to keep the data that is being worked on, being stored and so forth. Right, so just like, you know, plugging in a flash drive on your laptop, right, you literally can plug in Wasabi as long as your applications support the API, getting started is incredibly easy, right, we offer a 30-day trial, one terabyte, and most folks find that within, you know, probably a few hours of their POC, right, it's giving them everything they need in terms of performance, in terms of accessibility, in terms of sovereignty, I'm guessing you talked to, you know, Dave Friend earlier about data sovereignty, right? We're global company, right, so there's got to be probably, you know, wherever you are in the world some place that will satisfy your sovereignty requirements, as well as your compliance requirements. >> Yeah, we did talk about sovereignty, Drew, this is really, what's interesting to me, I'm a bit of a industry historian, when I look back to the early days of cloud, I remember the large storage companies, you know, their CEOs would say, we're going to have an answer for the cloud and they would go out, and for instance, I know one bought competitor of Carbonite, and then couldn't figure out what to do with it, they couldn't figure out how to compete with the cloud in part, because they were afraid it was going to cannibalize their existing business, I think another part is because they just didn't have that imagination to develop an architecture that in a business model that could scale to see that you guys have done that is I love it because it brings competition, it brings innovation and it helps lower clients cost and solve really nagging problems. Like, you know, ransomware, of mutability and recovery, I'll give you the last word, Drew. >> Yeah, you're absolutely right. You know, the on-prem vendors, they're not going to go away anytime soon, right, there's always going to be a need for, you know, incredibly low latency, high bandwidth, you know, but, you know, not all data's hot all the time and by hot, I mean, you know, extremely hot, you know, let's take, you know, real time analytics for, maybe facial recognition, right, that requires sub-millisecond type of processing. But once you've done that work, right, you want to store that data for a long, long time, and you're going to want to also tap back into it later, so, you know, other folks are telling you that, you know, you can go to these like, you know, cold glacial type of tiered storage, yeah, don't believe the hype, you're still going to pay way more for that than you would with just a Wasabi-like hot cloud storage system. And, you know, we don't compete with our partners, right? We compliment, you know, what they're bringing to market in terms of the software vendors, in terms of the hardware vendors, right, we're a beautiful component for that hybrid cloud architecture. And I think folks are gravitating towards that, I think the cloud is kind of hitting a new gear if you will, in terms of adoption and recognition for the security that they can achieve with it. >> All right, Drew, thank you for that, definitely we see the momentum, in a moment, Drew and I will be back to get the customer perspective with Kevin Warenda, who's the Director of Information technology services at The Hotchkiss School, keep it right there. >> Hey, I'm Nate, and we wrote this song about ransomware to educate people, people like Brenda. >> Oh, God, I'm so sorry. We know you are, but Brenda, you're not alone, this hasn't just happened to you. >> No! ♪ Colonial Oil Pipeline had a guy ♪ ♪ who didn't change his password ♪ ♪ That sucks ♪ ♪ His password leaked, the data was breached ♪ ♪ And it cost his company 4 million bucks ♪ ♪ A fake update was sent to people ♪ ♪ Working for the meat company JBS ♪ ♪ That's pretty clever ♪ ♪ Instead of getting new features, they got hacked ♪ ♪ And had to pay the largest crypto ransom ever ♪ ♪ And 20 billion dollars, billion with a b ♪ ♪ Have been paid by companies in healthcare ♪ ♪ If you wonder buy your premium keeps going ♪ ♪ Up, up, up, up, up ♪ ♪ Now you're aware ♪ ♪ And now the hackers they are gettin' cocky ♪ ♪ When they lock your data ♪ ♪ You know, it has gotten so bad ♪ ♪ That they demand all of your money and it gets worse ♪ ♪ They go and the trouble with the Facebook ad ♪ ♪ Next time, something seems too good to be true ♪ ♪ Like a free trip to Asia! ♪ ♪ Just check first and I'll help before you ♪ ♪ Think before you click ♪ ♪ Don't get fooled by this ♪ ♪ Who isn't old enough to drive to school ♪ ♪ Take it from me, the director of IT ♪ ♪ Don't click on that email from a prince in Nairobi ♪ ♪ Because he's not really a prince ♪ ♪ Now our data's locked up on our screen ♪ ♪ Controlled by a kid who's just fifteen ♪ ♪ And he's using our money to buy a Ferrari ♪ >> It's a pretty sweet car. ♪ A kid without facial hair, who lives with his mom ♪ ♪ To learn more about this go to wasabi.com ♪ >> Hey, don't do that. ♪ Cause if we had Wasabi's immutability ♪ >> You going to ruin this for me! ♪ This fifteen-year-old wouldn't have on me ♪ (gentle music) >> Drew and I are pleased to welcome Kevin Warenda, who's the Director of Information Technology Services at The Hotchkiss School, a very prestigious and well respected boarding school in the beautiful Northwest corner of Connecticut, hello, Kevin. >> Hello, it's nice to be here, thanks for having me. >> Yeah, you bet. Hey, tell us a little bit more about The Hotchkiss School and your role. >> Sure, The Hotchkiss School is an independent boarding school, grades nine through 12, as you said, very prestigious and in an absolutely beautiful location on the deepest freshwater lake in Connecticut, we have 500 acre main campus and a 200 acre farm down the street. My role as the Director of Information Technology Services, essentially to oversee all of the technology that supports the school operations, academics, sports, everything we do on campus. >> Yeah, and you've had a very strong history in the educational field, you know, from that lens, what's the unique, you know, or if not unique, but the pressing security challenge that's top of mind for you? >> I think that it's clear that educational institutions are a target these days, especially for ransomware. We have a lot of data that can be used by threat actors and schools are often underfunded in the area of IT security, IT in general sometimes, so, I think threat actors often see us as easy targets or at least worthwhile to try to get into. >> Because specifically you are potentially spread thin, underfunded, you got students, you got teachers, so there really are some, are there any specific data privacy concerns as well around student privacy or regulations that you can speak to? >> Certainly, because of the fact that we're an independent boarding school, we operate things like even a health center, so, data privacy regulations across the board in terms of just student data rights and FERPA, some of our students are under 18, so, data privacy laws such as COPPA apply, HIPAA can apply, we have PCI regulations with many of our financial transactions, whether it be fundraising through alumni development, or even just accepting the revenue for tuition so, it's a unique place to be, again, we operate very much like a college would, right, we have all the trappings of a private college in terms of all the operations we do and that's what I love most about working in education is that it's all the industries combined in many ways. >> Very cool. So let's talk about some of the defense strategies from a practitioner point of view, then I want to bring in Drew to the conversation so what are the best practice and the right strategies from your standpoint of defending your data? >> Well, we take a defense in-depth approach, so we layer multiple technologies on top of each other to make sure that no single failure is a key to getting beyond those defenses, we also keep it simple, you know, I think there's some core things that all organizations need to do these days in including, you know, vulnerability scanning, patching , using multifactor authentication, and having really excellent backups in case something does happen. >> Drew, are you seeing any similar patterns across other industries or customers? I mean, I know we're talking about some uniqueness in the education market, but what can we learn from other adjacent industries? >> Yeah, you know, Kevin is spot on and I love hearing what he's doing, going back to our prior conversation about Zero Trust, right, that defense in-depth approach is beautifully aligned, right, with the Zero Trust approach, especially things like multifactor authentication, always shocked at how few folks are applying that very, very simple technology and across the board, right? I mean, Kevin is referring to, you know, financial industry, healthcare industry, even, you know, the security and police, right, they need to make sure that the data that they're keeping, evidence, right, is secure and immutable, right, because that's evidence. >> Well, Kevin, paint a picture for us, if you would. So, you were primarily on-prem looking at potentially, you know, using more cloud, you were a VMware shop, but tell us, paint a picture of your environment, kind of the applications that you support and the kind of, I want to get to the before and the after Wasabi, but start with kind of where you came from. >> Sure, well, I came to The Hotchkiss School about seven years ago and I had come most recently from public K12 and municipal, so again, not a lot of funding for IT in general, security, or infrastructure in general, so Nutanix was actually a hyperconverged solution that I implemented at my previous position. So when I came to Hotchkiss and found mostly on-prem workloads, everything from the student information system to the card access system that students would use, financial systems, they were almost all on premise, but there were some new SaaS solutions coming in play, we had also taken some time to do some business continuity, planning, you know, in the event of some kind of issue, I don't think we were thinking about the pandemic at the time, but certainly it helped prepare us for that, so, as different workloads were moved off to hosted or cloud-based, we didn't really need as much of the on-premise compute and storage as we had, and it was time to retire that cluster. And so I brought the experience I had with Nutanix with me, and we consolidated all that into a hyper-converged platform, running Nutanix AHV, which allowed us to get rid of all the cost of the VMware licensing as well and it is an easier platform to manage, especially for small IT shops like ours. >> Yeah, AHV is the Acropolis hypervisor and so you migrated off of VMware avoiding the VTax avoidance, that's a common theme among Nutanix customers and now, did you consider moving into AWS? You know, what was the catalyst to consider Wasabi as part of your defense strategy? >> We were looking at cloud storage options and they were just all so expensive, especially in egress fees to get data back out, Wasabi became across our desks and it was such a low barrier to entry to sign up for a trial and get, you know, terabyte for a month and then it was, you know, $6 a month for terabyte. After that, I said, we can try this out in a very low stakes way to see how this works for us. And there was a couple things we were trying to solve at the time, it wasn't just a place to put backup, but we also needed a place to have some files that might serve to some degree as a content delivery network, you know, some of our software applications that are deployed through our mobile device management needed a place that was accessible on the internet that they could be stored as well. So we were testing it for a couple different scenarios and it worked great, you know, performance wise, fast, security wise, it has all the features of S3 compliance that works with Nutanix and anyone who's familiar with S3 permissions can apply them very easily and then there was no egress fees, we can pull data down, put data up at will, and it's not costing as any extra, which is excellent because especially in education, we need fixed costs, we need to know what we're going to spend over a year before we spend it and not be hit with, you know, bills for egress or because our workload or our data storage footprint grew tremendously, we need that, we can't have the variability that the cloud providers would give us. >> So Kevin, you explained you're hypersensitive about security and privacy for obvious reasons that we discussed, were you concerned about doing business with a company with a funny name? Was it the trial that got you through that knothole? How did you address those concerns as an IT practitioner? >> Yeah, anytime we adopt anything, we go through a risk review. So we did our homework and we checked the funny name really means nothing, there's lots of companies with funny names, I think we don't go based on the name necessarily, but we did go based on the history, understanding, you know, who started the company, where it came from, and really looking into the technology and understanding that the value proposition, the ability to provide that lower cost is based specifically on the technology in which it lays down data. So, having a legitimate, reasonable, you know, excuse as to why it's cheap, we weren't thinking, well, you know, you get what you pay for, it may be less expensive than alternatives, but it's not cheap, you know, it's reliable, and that was really our concern. So we did our homework for sure before even starting the trial, but then the trial certainly confirmed everything that we had learned. >> Yeah, thank you for that. Drew, explain the whole egress charge, we hear a lot about that, what do people need to know? >> First of all, it's not a funny name, it's a memorable name, Dave, just like theCUBE, let's be very clear about that, second of all, egress charges, so, you know, other storage providers charge you for every API call, right? Every get, every put, every list, everything, okay, it's part of their process, it's part of how they make money, it's part of how they cover the cost of all their other services, we don't do that. And I think, you know, as Kevin has pointed out, right, that's a huge differentiator because you're talking about a significant amount of money above and beyond what is the list price. In fact, I would tell you that most of the other storage providers, hyperscalers, you know, their list price, first of all, is, you know, far exceeding anything else in the industry, especially what we offer and then, right, their additional cost, the egress costs, the API requests can be two, three, 400% more on top of what you're paying per terabyte. >> So, you used a little coffee analogy earlier in our conversation, so here's what I'm imagining, like I have a lot of stuff, right? And I had to clear up my bar and I put some stuff in storage, you know, right down the street and I pay them monthly, I can't imagine having to pay them to go get my stuff, that's kind of the same thing here. >> Oh, that's a great metaphor, right? That storage locker, right? You know, can you imagine every time you want to open the door to that storage locker and look inside having to pay a fee? >> No, that would be annoying. >> Or, every time you pull into the yard and you want to put something in that storage locker, you have to pay an access fee to get to the yard, you have to pay a door opening fee, right, and then if you want to look and get an inventory of everything in there, you have to pay, and it's ridiculous, it's your data, it's your storage, it's your locker, you've already paid the annual fee, probably, 'cause they gave you a discount on that, so why shouldn't you have unfettered access to your data? That's what Wasabi does and I think as Kevin pointed out, right, that's what sets us completely apart from everybody else. >> Okay, good, that's helpful, it helps us understand how Wasabi's different. Kevin, I'm always interested when I talk to practitioners like yourself in learning what you do, you know, outside of the technology, what are you doing in terms of educating your community and making them more cyber aware? Do you have training for students and faculty to learn about security and ransomware protection, for example? >> Yes, cyber security awareness training is definitely one of the required things everyone should be doing in their organizations. And we do have a program that we use and we try to make it fun and engaging too, right, this is often the checking the box kind of activity, insurance companies require it, but we want to make it something that people want to do and want to engage with so, even last year, I think we did one around the holidays and kind of pointed out the kinds of scams they may expect in their personal life about, you know, shipping of orders and time for the holidays and things like that, so it wasn't just about protecting our school data, it's about the fact that, you know, protecting their information is something do in all aspects of your life, especially now that the folks are working hybrid often working from home with equipment from the school, the stakes are much higher and people have a lot of our data at home and so knowing how to protect that is important, so we definitely run those programs in a way that we want to be engaging and fun and memorable so that when they do encounter those things, especially email threats, they know how to handle them. >> So when you say fun, it's like you come up with an example that we can laugh at until, of course, we click on that bad link, but I'm sure you can come up with a lot of interesting and engaging examples, is that what you're talking about, about having fun? >> Yeah, I mean, sometimes they are kind of choose your own adventure type stories, you know, they stop as they run, so they're telling a story and they stop and you have to answer questions along the way to keep going, so, you're not just watching a video, you're engaged with the story of the topic, yeah, and that's what I think is memorable about it, but it's also, that's what makes it fun, you're not just watching some talking head saying, you know, to avoid shortened URLs or to check, to make sure you know the sender of the email, no, you're engaged in a real life scenario story that you're kind of following and making choices along the way and finding out was that the right choice to make or maybe not? So, that's where I think the learning comes in. >> Excellent. Okay, gentlemen, thanks so much, appreciate your time, Kevin, Drew, awesome having you in theCUBE. >> My pleasure, thank you. >> Yeah, great to be here, thanks. >> Okay, in a moment, I'll give you some closing thoughts on the changing world of data protection and the evolution of cloud object storage, you're watching theCUBE, the leader in high tech enterprise coverage. >> Announcer: Some things just don't make sense, like showing up a little too early for the big game. >> How early are we? >> Couple months. Popcorn? >> Announcer: On and off season, the Red Sox cover their bases with affordable, best in class cloud storage. >> These are pretty good seats. >> Hey, have you guys seen the line from the bathroom? >> Announcer: Wasabi Hot Cloud Storage, it just makes sense. >> You don't think they make these in left hand, do you? >> We learned today how a serial entrepreneur, along with his co-founder saw the opportunity to tap into the virtually limitless scale of the cloud and dramatically reduce the cost of storing data while at the same time, protecting against ransomware attacks and other data exposures with simple, fast storage, immutability, air gaps, and solid operational processes, let's not forget about that, okay? People and processes are critical and if you can point your people at more strategic initiatives and tasks rather than wrestling with infrastructure, you can accelerate your process redesign and support of digital transformations. Now, if you want to learn more about immutability and Object Block, click on the Wasabi resource button on this page, or go to wasabi.com/objectblock. Thanks for watching Secure Storage Hot Takes made possible by Wasabi. This is Dave Vellante for theCUBE, the leader in enterprise and emerging tech coverage, well, see you next time. (gentle upbeat music)

(gentle music) >> High profile cyber attacks like the SolarWinds hack, the JBS meat and the Florida municipality breach, have heightened awareness of how exposed, critical infrastructure has become. Because the pandemic has shifted employees to remote modes of work, hackers now have a much easier target to fish for credentials and exploit less secure home networks. Take the recent Log4j vulnerability, that's yet another example, of how hackers can take advantage of weak links in the chain. Now data storage companies have an important role to play in fighting cyber crime. Ultimately, they provide the equivalent of a bank vault if you will, and are responsible for storing and protecting the data that cyber criminals are targeting to steal or encrypt, in an effort to hold companies hostage, in a ransomware attack. Now in an effort to help customers understand how to protect themselves from such vulnerabilities, and how one storage company is addressing these challenges, the Cube is hosting this special presentation InfiniGuard Cyber Resilience: New Cybercrime Solutions. And we're going to speak with Eric Herzog, who's the Chief Marketing Officer of Infinidat, and then we'll bring in Stan Wysocki who is the president of Mark III Systems who is either an expert in IT infrastructure and artificial intelligence. First, let me welcome Eric Herzog back to the Cube, hello, Eric. >> Great, Dave, thank you very much, always love talking to you and the Cube, about leading edge technology solutions for end users. >> Alright let's do it. So, first we want to address the transformation and big business progress of Infinidat. New CEO, he's injected new management, new head of marketing obviously, Phil Bullinger is really been focused on accelerating the company's original vision, and doing so, Eric, in the typically unconventional style of Infinidat, you just put out a press release, capping 2021, can you set the stage for us, and give us the business update? >> Sure, so of course we summarized our 2021 results. What a very, very strong year. What a very, very strong year. We increased our bookings over 40% year to year. Even in Q4, we increased our bookings over 68%. And over 25% of the fortune 50 use an Infinidat solution, either our InfiniBox, or InfiniBox SSA, all flash array, or our Infiniguard, which is the focus of the launch we're doing today, on February 9th. >> Yeah, so I always said that Infinidat is one of the best kept secrets in the storage business. So let's talk about that hard news, what you launched on February 9th, and why it's important. >> Well, what we've done is we've got a high end enterprise purpose-built backup appliance, the InfiniGuard. We made some substantial advances in that. The key is focused on cyber resilience with what we call our infinisafe technology. Infinisafe incorporates a number of subsets, of cyber resilience from immutable snapshots, to logical air gapping, to fenced isolated networks, to almost instantaneous recovery for your backup data sets. In addition, we also dramatically improved the performance of the backup and recovery, which means, for example, if a backup window was taking three hours, now the backup window on that primary backup dataset could take only an hour and a half, which of course, as we all know backup dramatically impacts the performance of your primary applications, your primary servers, and your primary storage. So we've done both the cyber resilience aspect and then, on modern data protection, making sure that the backup and recovery are faster, for a traditional backup workload. >> So tell us a little bit more about Infinisafe, and specifically, Eric I'm interested in how it's different from other solutions, don't make me a liar, I had said, you guys always kind of take nonconventional approaches so tell us, add a little color to Infinisafe and how is it really unique from competitors? >> Sure, well Infinisafe incorporates as I mentioned, several different aspects. First of all, the immutable snapshots. So immutable snapshots can not be deleted, they cannot be altered, you cannot accelerate the rate, you can set the rate of immutable stuff, do I want to do it once a day? Do I want to do it twice a day? And obviously if a hacker could get in, you could accelerate that. Our immutable snaps are physically separated from the management schema. So the inside of an Infiniguard, we have what we call a data dedupe appliance, and that data dedupe engine, it goes ahead and it applies data reduction technology, to that back up data set. But we've divorced the immutable snapshots from the management of what we now call a DDE. So the DDE has kind of access of giving you that gap, that logical gap between the management schema of a DDE, and of course the immutable snapshot. We also combine that with this air gap technology, you've got the immutability and the air gap, which is local in that instance, but we also can do it remotely. So we can replicate from one Infiniguard in data center A, to a different Infiniguard in data center B. You then can configure that backup data set with the same immutable snapshot, and the same length, one day, half a day, six hours, whatever you choose, and then of course it'll have that same capability. The third thing we've done is very unique. We have a fenced isolated network to perform forensics. So, if the Cube has a cyber or malware attack, you need to make sure that once you've cleaned it up, off the primary storage, the primary servers, that you recover, a known good data set. So we set up this isolated fence network in which to perform that forensic analysis, to give you the appropriate good recover point. However, unlike many of our competitors, we can do it with a single InfiniBox. Some of our competitors, right on their websites say, you need two of their purpose-built backup appliances, to do cyber resilience. Meaning, twice the CapEx and twice the OpEx, which we can do with a single Infiniguard solution. And then lastly is our near instantaneous recovery. As you know, we're recovering backup data sets. We can make between 15 and 30 minutes time, the backup data set fully accessible to the backup admin or the storage admin to use their Commvault, their Veeam, their Veritas, their IBM Spectrum Protect, or whatever their backup software is, to do recovery from the InfiniGuard box, back to the primary storage using of course the backup software that they created the original dataset with. That is very unique. When you look out in the industry and look at, whether it be purpose-built backup competitors, or whether you look at primary storage competitors, almost no one talks about the speed of their recovery, and the one or two that do, talk about recovering the data set. We recover the entire environment. We are ready to go, and the backup admin, if they were, for example, Commvault, Veeam or Veritas, they could immediately start the backup, as soon as we did our recovery, which again, takes between 15 and 30 minutes, independent of the data set size. That could be 50 terabytes, it could be a petabyte, it could be two petabytes. And even two petabytes of data can be available in 15 to 30 minutes. And then of course, the backup admin can restore from that backup dataset. Very powerful and very unique in those aspects. >> Whilst the reason why this is so important is like I said, it's like the bank vault, because hackers are going to go after that backup corpus that's where the gold is, that's where all the data is. So this all really sounds good. But there's more than Infinisafe in this launch. What else should we know? >> Well, the other thing we've done is dramatically improved the performance of the purpose-built backup plants at the core. So for example, the last time we publicly announced our numbers, we were at 74 terabytes an hour, now we're 180 terabytes an hour. So of course, as we all know, when you do a backup, it impacts the performance of the primary applications, the primary servers and the primary storage. So if that backup window was taking three hours, now that we've more than doubled the performance, you could be up to 50% better. So a three hour backup window, if that's what the dataset took to be backed up, now we can get that down to an hour and a half or even faster. So that of course minimizes the impact on primary storage, primary applications, and of course your primary storage, making it much, much more efficient, from a backup perspective, and of course less impact on the primary applications, the primary servers, and primary storage. >> So I've talked to a number of Infinidat customers, they're very loyal and kind of passionate. So I wonder if you could kind of put that perspective on this discussion. The impact that InfiniGuard, this announcement, that's going to have for your customers, paint a picture as to how it's going to change their business. >> Sure, so let me give you an example. One of our customers is a cloud service buyer, in North America, they focus only on healthcare. So here's a couple of key benefits that they got. First of all, they use our integration with two different backup vendors. They don't have one, they have two. So we're tightly integrated with our backup software partners. They got a 40% cost savings on CapEX, compared to the previous vendor that they had. And, they used to be able to do 30,000 backup per day, now they can do 90,000 backup a day. And by the way, that's all with the previous version of InfiniGuard, not the version we just announced on the 9th. One of our other customers, which is in AMEA and they happened to be an energy company, they were using purpose-built backup from the other vendor, and they had 14 of them, seven in data center one, and seven in data center two. With InfiniGuard, they've got one in data center one, and one in data center two. So 14 purpose-built backup appliances consolidated down into two. And on top of that, those purpose-built backup appliances from the other vendor actually had a couple recovery failures, where they were not able to recover the data. They've been installed for a year now, they've had zero recovers, zero recovery failures, whereas the previous vendor had some. And lastly, let's talk about a large global fortune financial services. So, one of the biggest in the industry, their cost savings from their previous vendor was 46%. In addition, when you look at their cyber resilience design, they were using one of those vendors that probably talks about needing two system products to do their cyber resiliency. They again were able to take those two systems out, and use one InfiniGuard solution. Again, reducing both their capital expenditure, two going to one. And then the operational expenditure, they only have to manage one InfiniGuard versus two of the other guys appliances. Those are just three examples all over the world. One in cloud service providing, one in the energy space, and one a global fortune 500 financial services company. Just some real world examples. And all those by the way, Dave, were before the enhancements of Infinisafe, and before the additional performance we've added in the launch of InfiniGuard on February 9th. >> So like I'm just kind of sketching out the business case, you know, put my CFO hat on. So you're lowering costs cause you're consolidating, so that means I need less hardware and software. But also there's probably labor costs associated with that. If I could do it faster with less resources, I got less stuff to manage. You're accelerating the backup time, so that frees up resources that I can apply elsewhere, recovery, you know, is really important. So I'm inferring faster recovery, all this lowers my risk, and then I can sort of calculate the probability of having data loss, and then what that means to my business. Am I getting that right? >> Yeah, yeah. And in fact, the other impact is on your primary service and your primary storage. If the backup window shrinks, then you're not slowing down that SAP app, that Oracle app, you know, that SQL app, whatever you're running, whether that be the financials, whether that be your logistics, whether it be your manufacturing system, every time you turn on that backup, to do that backup, that backup window slows you down. So cutting that in half has an impact on the real-world application side, which obviously most storage guys, you know, it's hard for us to quantify. But you are taking the impact of backup, and basically reducing it, if you will shrinking the backup window, so their primary applications don't get hammered as much by the backup while they're still trying to run that SAP, that Oracle or that SQL workload. >> And you're not a backup software vendor, so I have optionality there. I can pretty much choose all the popular, you know. >> Absolutely, so Veeam, Veritas, Commvault, IBM Spectrum Protect, all the majors. And in fact, one of the players I mentioned, as you were talking about the end-users, they use two different backup packages, two of 'em. So, two of the major vendors that I named, we work with them just within one account. So, we're very flexible, the user picks what they want from a backup software perspective, and we can work with anything. So, whatever they want to use, is fine with us. We integrate with all of them, we have integration, for example, also with VMware, for vVols and other aspects in container integration, so you know, whether it be our purpose-built backup appliance, InfiniGuard, or what we do with the InfiniBox, we always make sure we integrate with the surrounding environment. 'Cause storage is not an island, storage needs to exist in your data center, or your hybrid cloud data center, or what you're doing for containers. So we make sure we have integration with our InfiniBox, our InfiniBox SSA, all flash. And of course the product we're enhancing today, the InfiniGuard. >> Yeah, integration is super important in the enterprise. Enterprises want solutions, they're busy. (laughs) They don't have unlimited budget to go, you know, plugging stuff together. So, okay Eric, we got to leave it there. Thank you so much. >> Great, thank you very much Dave. Always love talking to the Cube. >> Okay, in a moment Stan Wysocki is coming in. He's the president of Mark III Systems. He's going to join us for a drill down on how InfiniGuard is impacting customers. You're watching the Cube, your global leader, in enterprise tech coverage. (gentle music)

(gentle music) >> High profile cyber attacks like the SolarWinds hack, the JBS meat and the Florida municipality breach, have heightened awareness of how exposed, critical infrastructure has become. Because the pandemic has shifted employees to remote modes of work, hackers now have a much easier target to fish for credentials and exploit less secure home networks. Take the recent Log4j vulnerability, that's yet another example, of how hackers can take advantage of weak links in the chain. Now data storage companies have an important role to play in fighting cyber crime. Ultimately, they provide the equivalent of a bank vault if you will, and are responsible for storing and protecting the data that cyber criminals are targeting to steal or encrypt, in an effort to hold companies hostage, in a ransomware attack. Now in an effort to help customers understand how to protect themselves from such vulnerabilities, and how one storage company is addressing these challenges, the Cube is hosting this special presentation InfiniGuard Cyber Resilience: New Cybercrime Solutions. And we're going to speak with Eric Herzog, who's the Chief Marketing Officer of Infinidat, and then we'll bring in Stan Wysocki who is the president of Mark III Systems who is either an expert in IT infrastructure and artificial intelligence. First, let me welcome Eric Herzog back to the Cube, hello, Eric. >> Great, Dave, thank you very much, always love talking to you and the Cube, about leading edge technology solutions for end users. >> Alright let's do it. So, first we want to address the transformation and big business progress of Infinidat. New CEO, he's injected new management, new head of marketing obviously, Phil Bullinger is really been focused on accelerating the company's original vision, and doing so, Eric, in the typically unconventional style of Infinidat, you just put out a press release, capping 2021, can you set the stage for us, and give us the business update? >> Sure, so of course we summarized our 2021 results. What a very, very strong year. What a very, very strong year. We increased our bookings over 40% year to year. Even in Q4, we increased our bookings over 68%. And over 25% of the fortune 50 use an Infinidat solution, either our InfiniBox, or InfiniBox SSA, all flash array, or our Infiniguard, which is the focus of the launch we're doing today, on February 9th. >> Yeah, so I always said that Infinidat is one of the best kept secrets in the storage business. So let's talk about that hard news, what you launched on February 9th, and why it's important. >> Well, what we've done is we've got a high end enterprise purpose-built backup appliance, the InfiniGuard. We made some substantial advances in that. The key is focused on cyber resilience with what we call our infinisafe technology. Infinisafe incorporates a number of subsets, of cyber resilience from immutable snapshots, to logical air gapping, to fenced isolated networks, to almost instantaneous recovery for your backup data sets. In addition, we also dramatically improved the performance of the backup and recovery, which means, for example, if a backup window was taking three hours, now the backup window on that primary backup dataset could take only an hour and a half, which of course, as we all know backup dramatically impacts the performance of your primary applications, your primary servers, and your primary storage. So we've done both the cyber resilience aspect and then, on modern data protection, making sure that the backup and recovery are faster, for a traditional backup workload. >> So tell us a little bit more about Infinisafe, and specifically, Eric I'm interested in how it's different from other solutions, don't make me a liar, I had said, you guys always kind of take nonconventional approaches so tell us, add a little color to Infinisafe and how is it really unique from competitors? >> Sure, well Infinisafe incorporates as I mentioned, several different aspects. First of all, the immutable snapshots. So immutable snapshots can not be deleted, they cannot be altered, you cannot accelerate the rate, you can set the rate of immutable stuff, do I want to do it once a day? Do I want to do it twice a day? And obviously if a hacker could get in, you could accelerate that. Our immutable snaps are physically separated from the management schema. So the inside of an Infiniguard, we have what we call a data dedupe appliance, and that data dedupe engine, it goes ahead and it applies data reduction technology, to that back up data set. But we've divorced the immutable snapshots from the management of what we now call a DDE. So the DDE has kind of access of giving you that gap, that logical gap between the management schema of a DDE, and of course the immutable snapshot. We also combine that with this air gap technology, you've got the immutability and the air gap, which is local in that instance, but we also can do it remotely. So we can replicate from one Infiniguard in data center A, to a different Infiniguard in data center B. You then can configure that backup data set with the same immutable snapshot, and the same length, one day, half a day, six hours, whatever you choose, and then of course it'll have that same capability. The third thing we've done is very unique. We have a fenced isolated network to perform forensics. So, if the Cube has a cyber or malware attack, you need to make sure that once you've cleaned it up, off the primary storage, the primary servers, that you recover, a known good data set. So we set up this isolated fence network in which to perform that forensic analysis, to give you the appropriate good recover point. However, unlike many of our competitors, we can do it with a single InfiniBox. Some of our competitors, right on their websites say, you need two of their purpose-built backup appliances, to do cyber resilience. Meaning, twice the CapEx and twice the OpEx, which we can do with a single Infiniguard solution. And then lastly is our near instantaneous recovery. As you know, we're recovering backup data sets. We can make between 15 and 30 minutes time, the backup data set fully accessible to the backup admin or the storage admin to use their Commvault, their Veeam, their Veritas, their IBM Spectrum Protect, or whatever their backup software is, to do recovery from the InfiniGuard box, back to the primary storage using of course the backup software that they created the original dataset with. That is very unique. When you look out in the industry and look at, whether it be purpose-built backup competitors, or whether you look at primary storage competitors, almost no one talks about the speed of their recovery, and the one or two that do, talk about recovering the data set. We recover the entire environment. We are ready to go, and the backup admin, if they were, for example, Commvault, Veeam or Veritas, they could immediately start the backup, as soon as we did our recovery, which again, takes between 15 and 30 minutes, independent of the data set size. That could be 50 terabytes, it could be a petabyte, it could be two petabytes. And even two petabytes of data can be available in 15 to 30 minutes. And then of course, the backup admin can restore from that backup dataset. Very powerful and very unique in those aspects. >> Whilst the reason why this is so important is like I said, it's like the bank vault, because hackers are going to go after that backup corpus that's where the gold is, that's where all the data is. So this all really sounds good. But there's more than Infinisafe in this launch. What else should we know? >> Well, the other thing we've done is dramatically improved the performance of the purpose-built backup plants at the core. So for example, the last time we publicly announced our numbers, we were at 74 terabytes an hour, now we're 180 terabytes an hour. So of course, as we all know, when you do a backup, it impacts the performance of the primary applications, the primary servers and the primary storage. So if that backup window was taking three hours, now that we've more than doubled the performance, you could be up to 50% better. So a three hour backup window, if that's what the dataset took to be backed up, now we can get that down to an hour and a half or even faster. So that of course minimizes the impact on primary storage, primary applications, and of course your primary storage, making it much, much more efficient, from a backup perspective, and of course less impact on the primary applications, the primary servers, and primary storage. >> So I've talked to a number of Infinidat customers, they're very loyal and kind of passionate. So I wonder if you could kind of put that perspective on this discussion. The impact that InfiniGuard, this announcement, that's going to have for your customers, paint a picture as to how it's going to change their business. >> Sure, so let me give you an example. One of our customers is a cloud service buyer, in North America, they focus only on healthcare. So here's a couple of key benefits that they got. First of all, they use our integration with two different backup vendors. They don't have one, they have two. So we're tightly integrated with our backup software partners. They got a 40% cost savings on CapEX, compared to the previous vendor that they had. And, they used to be able to do 30,000 backup per day, now they can do 90,000 backup a day. And by the way, that's all with the previous version of InfiniGuard, not the version we just announced on the 9th. One of our other customers, which is in AMEA and they happened to be an energy company, they were using purpose-built backup from the other vendor, and they had 14 of them, seven in data center one, and seven in data center two. With InfiniGuard, they've got one in data center one, and one in data center two. So 14 purpose-built backup appliances consolidated down into two. And on top of that, those purpose-built backup appliances from the other vendor actually had a couple recovery failures, where they were not able to recover the data. They've been installed for a year now, they've had zero recovers, zero recovery failures, whereas the previous vendor had some. And lastly, let's talk about a large global fortune financial services. So, one of the biggest in the industry, their cost savings from their previous vendor was 46%. In addition, when you look at their cyber resilience design, they were using one of those vendors that probably talks about needing two system products to do their cyber resiliency. They again were able to take those two systems out, and use one InfiniGuard solution. Again, reducing both their capital expenditure, two going to one. And then the operational expenditure, they only have to manage one InfiniGuard versus two of the other guys appliances. Those are just three examples all over the world. One in cloud service providing, one in the energy space, and one a global fortune 500 financial services company. Just some real world examples. And all those by the way, Dave, were before the enhancements of Infinisafe, and before the additional performance we've added in the launch of InfiniGuard on February 9th. >> So like I'm just kind of sketching out the business case, you know, put my CFO hat on. So you're lowering costs cause you're consolidating, so that means I need less hardware and software. But also there's probably labor costs associated with that. If I could do it faster with less resources, I got less stuff to manage. You're accelerating the backup time, so that frees up resources that I can apply elsewhere, recovery, you know, is really important. So I'm inferring faster recovery, all this lowers my risk, and then I can sort of calculate the probability of having data loss, and then what that means to my business. Am I getting that right? >> Yeah, yeah. And in fact, the other impact is on your primary service and your primary storage. If the backup window shrinks, then you're not slowing down that SAP app, that Oracle app, you know, that SQL app, whatever you're running, whether that be the financials, whether that be your logistics, whether it be your manufacturing system, every time you turn on that backup, to do that backup, that backup window slows you down. So cutting that in half has an impact on the real-world application side, which obviously most storage guys, you know, it's hard for us to quantify. But you are taking the impact of backup, and basically reducing it, if you will shrinking the backup window, so their primary applications don't get hammered as much by the backup while they're still trying to run that SAP, that Oracle or that SQL workload. >> And you're not a backup software vendor, so I have optionality there. I can pretty much choose all the popular, you know. >> Absolutely, so Veeam, Veritas, Commvault, IBM Spectrum Protect, all the majors. And in fact, one of the players I mentioned, as you were talking about the end-users, they use two different backup packages, two of 'em. So, two of the major vendors that I named, we work with them just within one account. So, we're very flexible, the user picks what they want from a backup software perspective, and we can work with anything. So, whatever they want to use, is fine with us. We integrate with all of them, we have integration, for example, also with VMware, for vVols and other aspects in container integration, so you know, whether it be our purpose-built backup appliance, InfiniGuard, or what we do with the InfiniBox, we always make sure we integrate with the surrounding environment. 'Cause storage is not an island, storage needs to exist in your data center, or your hybrid cloud data center, or what you're doing for containers. So we make sure we have integration with our InfiniBox, our InfiniBox SSA, all flash. And of course the product we're enhancing today, the InfiniGuard. >> Yeah, integration is super important in the enterprise. Enterprises want solutions, they're busy. (laughs) They don't have unlimited budget to go, you know, plugging stuff together. So, okay Eric, we got to leave it there. Thank you so much. >> Great, thank you very much Dave. Always love talking to the Cube. >> Okay, in a moment Stan Wysocki is coming in. He's the president of Mark III Systems. He's going to join us for a drill down on how InfiniGuard is impacting customers. You're watching the Cube, your global leader, in enterprise tech coverage. (gentle music)

(gentle upbeat music) >> Hello, everyone, and welcome to theCUBE's coverage of Commvault Connections 21. My name is Dave Vellante and I'll be hosting the program today. I want to start with a bit of an assessment on the keynotes that we heard this morning, but before I get into that, I want to set the framework for thinking about Commvault as a company. This company has been around for a long time, since the late 1980s, but really came into prominence in the client server era and it has ridden numerous waves, including network backup and recovery, data management, and now cloud data services. It's a company with more than $700 million in revenue and a market value of nearly $3 billion. Since coming on as CEO, Sanjay Mirchandani has embarked on moving the company towards a subscription model, focusing on optionality for on premises, hybrid and cloud workloads. It's launch of metallic and data management as a service are two components that underpin the strategy. At his keynote earlier today, Mirchandani drew on his experience as both a former CIO and current CEO roles to connect with his audience. His major themes hit on data, the value of data, and the imperative to get control of your data. Of course, data protection has become a fundamental component of digital transformations. For years, data protection was an afterthought or a bolt on, but today, organizations are forced to think about their digital stacks in their entirety, which means they have to build resilience into their platforms from the start. Mirchandani said that if we embrace, manage, and properly protect data, it will become the defining disruptive difference for an organization. But he talked about the gap between what the business wants to do and what the technology teams are actually equipped to do and when it comes to data, I couldn't agree more. He called this the business integrity gap and I'll come back to that. He also put out some fun facts and I'll share those here. According to IDC, 64 zettabytes of data was created and replicated in 2020. That's the equivalent of 2 trillion 4K movies. That's a lot of data. Gardner says by 2025, 85% of business will be delivered through SAS applications. Sophos, the security firm, estimates that the average cost of a ransomware attack is approaching nearly $2 million. The security company Proofpoint did a survey and 64% of surveyed CSOs felt that they were at risk of a material cyber attack in the next 12 months. I'm surprised that number was so, so low. I think the other 36% are busy responding to a cyber attack. Coming back to Sanjay's business integrity gap. Here's how I see it. Data by its very nature is distributed, decentralized, and it's becoming more so with hybrid connections, multicloud installations, and edge use cases. This is only going to accelerate in the future. As such, organizations need to rethink their approaches to getting value from data. Instead of building monolithic data architectures and hyper-specialized technical data teams, organizations are beginning to empower lines of business and domain owners to take end-to-end responsibility for data ownership. The underlying technology platform is becoming an operational detail that serves the data owners, where data protection and governance is computationally automated in a federated model. So the policy is centralized, but the implementation of that policy is done by software. This means that data governance, security, privacy, access, and policy are all adjudicated wherever possible by software and our automated, irrespective of physical location. Data silos are not just a technology problem. They're a symptom of flawed organizational constructs, steeped in the notion that highly technical data specialists and centralized teams should be the stewards of the data and serve multiple lines of business simultaneously, without proper business context. Now, this is changing. Data is being used to create a new class of products and services that can be directly or indirectly monetized, or drive other value, for instance, like saving lives. It's about the organizational mission. Now in this sense, data is undergoing a renaissance, where the responsibility for end-to-end data ownership is being distributed and decentralized, where highly specialized technical teams are becoming enablers for generalists that reside within the lines of business, i.e., those who are building data products and services. This is not shadow IT. It's decentralized management with federated governance. Now, by rethinking the data management paradigm, the responsibility for good data protection policy transcends technical teams and becomes a priority for the entire organization. To that end, Commvault laid out its strategy to deliver a comprehensive set of intelligent data services, spanning data protection, security, compliance, governance, data transformation, and data insights. In my view, a huge part of Commvault's strategy lies in automation. That's a key ingredient of cloud and any cloud strategy. In other words, supporting cloud native and cloud-like data management capabilities that can be programmatically deployed, secured, managed, and governed, and applied across an organization's sprawling data empire. The world of enterprise technology is complex and the winning technology companies are going to be those that can abstract the underlying complexity and assist organizations to implement sound data management practices, irrespective of data location, in the most efficient way. So as you hear the stories and examples here at Commvault Connections, you can decide for yourself if the company is on the right track and if what you hear aligns with your digital business skill goals. So let's now get a practitioner's perspective and hear how the CSO is thinking about data protection. Up next is Dave Martin, Chief Information Security Officer at ADP. You're watching theCUBE. (gentle upbeat music)

>>Mhm. Mhm. >>We're here with the Cube covering Calm Vault Connections 21. We're gonna look at the data protection space and how cloud computing has advanced the way we think about backup recovery and protecting our most critical data. Ranga Rajagopalan, who is the vice president of products at Con vault and Stephen Orban, who's the General manager of AWS marketplace and control services gents. Welcome to the cube. Good to see you. >>Thank you. Always A pleasure to see you here >>steve. Thanks for having us. Very >>welcome, Stephen, let's start with you. Look the cloud has become a staple of digital infrastructure. I don't know where we'd be right now without being able to access enterprise services I. T. Services remotely. Um But specifically how our customers looking at backup and recovery in the cloud, is it a kind of a replacement for existing strategies? Is it another layer of protection? How are they thinking about that? >>Yeah. Great question. David again, thank thanks for having me. And I think you know, look if you look back to 15 years ago when the founders of AWS had the hypothesis that many enterprises governments and developers we're gonna want access to on demand pay as you go I. T. Resources in the cloud. Uh None of us would have been able to predict that it would have Matured and um you know become the staple that it has today over the last 15 years. But the reality is that a lot of these enterprise customers, many of whom have been doing their own IT infrastructure for the last 10, 20 or multiple decades do have to kind of figure out how they deal with the change management of moving to the cloud. And while a lot of our customers um will initially come to us because they're looking to save money or costs, almost all of them decided to stay and go big because of the speed at which they are able to innovate on behalf of their customers and when it comes to storage and backup, that just plays right into where they're headed. And there's a variety of different techniques that customers use, whether it be, you know, a lift and shift for a particular set of applications or a data center where they do very much. Look at how can they replace the backup and recovery that they have on premises in the cloud using solutions like, but we're partnering with console to do or completely reimagining their architecture for net new developments that they can really move quickly for their customers. Um and and completely developing something brand new, where it is really a, you know, a brand new replacement and innovation for for for what they've done in the past. >>Great, thank you, Stephen Rachael, I want to ask you about the d were digital. Look, if you're not a digital business today, you're basically out of business. So, my question to you is how have you seen customers change the way they think about data protection during what I call the forced March to digital over the last 18, 19 months or customers, you know, thinking about data protection differently today >>definitely Dave and and thank you for having me and steven. Pleasure to join you on this cube interview first going back to stevens comments can't agree more. Almost every business that we talked with today has a cloud first strategy, a cloud transformation mandate and you know, the reality is back to your digital comment. There are many different paths to the hybrid multi cloud and different customers. You know, there are different parts of the journey. So I still was saying most often customers at least in the data protection perspective start the conversation by thinking here have all these tips. Can I start using cloud as my air gap long term retention target and before they realized they start moving their workloads into the cloud and none of the backup and record yesterday's are going to change. So you need to continue protecting the clothes, which is where the cloud native data protection comes in and then they start innovating around er, can I use cloud as media sites so that you know, I don't need to meet in the other side. So this year is all around us. Cloud transformation is all around us and and the real essence of this partnership between AWS and calm vault is essentially to dr and simplify all the paths to the club regardless of whether you're going to use it as a storage started or you know, your production data center, all your dear disaster recovery site. >>Yeah, it really is about providing that optionality for customers. I talked to a lot of customers and said, hey, our business resilience strategy was really too focused on D. R. I've talked to all the customers at the other end of the spectrum said we don't even have a D. R. Strategy now, we're using the cloud for that. So it's really all over the map and you want that optionality. So steven and then go ahead. >>Please, ransomware plays a big role in many of these considerations that greatly. It's unfortunately not a question of whether you're going to be hit by ransomware, it's almost we can like, what do you do when you're hit by ransomware and the ability to use the clothes scaled immediately, bring up the resources, use the cloud backups has become a very popular choice simply because of the speed with which you can bring the business back to normal our patients. The agility and the power that cloud brings to the table. >>Yeah, ransomware is scary. You don't, you don't even need a high school diploma to be a ransomware ist you can just go on the dark web and by ransomware as a service and do bad things and hopefully you'll end up in jail. Uh Stephen we know about the success of the AWS marketplace, uh you guys are partnering here. I'm interested in how that partnership, you know, kind of where it started and how it's evolving. >>Yeah, happy to highlight on that. So, look when >>we when we started >>Aws or when the founders of aws started aws, as I said 15 years ago we we realized very early on that while we were going to be able to provide a number of tools for customers to have on demand access to compute storage, networking databases that many, particularly enterprise and government government customers still use a wide range of tools and solutions from hundreds, if not in some cases thousands of different partners. I mean I talked to enterprises who literally use thousands of of different vendors to help them deliver their solutions for their customers. So almost 10 years ago, we're almost at our 10 year anniversary for AWS marketplace, we launched the first substantiation of AWS marketplace which allowed builders and customers to find try buy and then deploy third party software solutions running on amazon machine instances also noticed as armies natively right in their AWS and cloud accounts to complement what they were doing in the cloud. And over the last nearly 10 years we've evolved quite a bit to the point where we support software and multiple different packaging types, whether it be amazon machine instances, containers, machine learning models and of course SAS and the rise of software as a service. So customers don't have to manage the software themselves. But we also support data products through the AWS Data exchange and professional services for customers who want to get services to help them integrate the software into their environments. And we now do that across a wide range of procurement options. So what used to be pay as you go amazon machine instances now includes multiple different ways to contract directly, customer can do that directly with the vendor with their channel partner or using kind of our public e commerce capabilities. And we're super excited, um, over the last couple of months we've been partnering with calm vault to get their industry leading backup and recovery solutions listed on AWS marketplace, which is available for our collective customers now. So not only do they have access to convulse awesome solutions to help them protect against ransomware as we talked about and to manage their backup and recovery environments, but they can find and deploy that directly in one click right into their AWS accounts and consolidate their building relationship right on the AWS and voice. And it's been awesome to work with with Rhonda and the product teams and convo to really, um, expose those capabilities where converts using a lot of different AWS services to provide a really great native experience for our collective customers as they migrate to the cloud. >>Yeah, the marketplace has been amazing. We've watched it evolve over the past decade and, and, and it's a, it's a key characteristic of everybody has a cloud today. We're a cloud to butt marketplaces unique uh, in that it's the power of the ecosystem versus the resources of one and Ringo. I wonder from, from your perspective, if you could talk about the partnership with AWS from your view and then specifically you've got some hard news, I wonder if you could talk about that as well. >>Absolute. So the partnership has been extended for more than 12 years. Right. So aws and Commonwealth have been bringing together solutions that help customers solve the data management challenges and everything that we've been doing has been driven by the customer demand that we seek. Right customers are moving their workloads in the cloud. They're finding new ways of deploying their workloads and protecting them. Um, you know, earlier we introduced cloud native integration with the EBS API which has driven almost 70% performance improvements in backup and restores. And when you look at huge customers like coca cola who have standardized on AWS um, combo. That is the scale that they want to operate in. You manage around 1 50,000 snapshots 1200 ec, two instances across six regions. But with just one resource dedicated for the data management strategy. Right? So that's where the real built in integration comes into play and we've been extending it to make use of the cloud efficiencies like our management and auto scale and so on. Another aspect is our commitment to a radically simple customer experience and that's, you know, I'm sure Stephen would agree it's a big month for at AWS as well. That's really together with the customer demand which brought us together to introduce com ball into the AWS marketplace exactly the way Stephen described it. Now the heart announcement is coming back up and recovery is available in native this marketplace. So the exact four steps that Stephen mentioned, find, try buy and deploy everything simplified through the marketplace So that our aws customers can start using far more back of software in less than 20 minutes. A 60 year trial version is included in the product through marketplace and you know, it's a single click buy, we use the cloud formation templates to deploy. So it becomes a super simple approach to protect the AWS workloads and we protect a lot of them. Starting from easy to rds dynamodb document DB um, you know, the containers, the list just keeps going on. So it becomes a very natural extension for our customers to make it super simple to start using convert data protection for the w >>well the con vault stack is very robust. You have extremely mature stack. I want, I'm curious as to how this sort of came about and it had to be customer driven. I'm sure where your customers saying, hey, we're moving to the cloud, we had a lot of workloads in the cloud, we're calm vault customer. That intersection between calm vault and AWS customers. So again, I presume this was customer driven. but maybe you can give us a little insight and add some color to that. >>Everything in this collaboration has been customer driven. We were earlier talking about the multiple paths to chlorine vapor example and still might probably add more color from his own experience at our jones. But I'll bring it to reference Parsons who's a civil engineering leader. They started with the cloud first mandate saying we need to start moving all our backups to the cloud but we have wanted that bad actors might find it easy to go and access the backups edible is um, Conwell came together with the security features and com well brought in its own authorization controls and now we have moved more than 14 petabytes of backup data into the club and it's so robust that not even the backup administrator and go and touch the backups without multiple levels of authorization. Right. So the customer needs, whether it is from a security perspective performance perspective or in this case from a simplicity perspective is really what is driving this. And and the need came exactly like that. There are many customers who have no standardized on it because they want to find everything through the AWS marketplace. They want to use their existing, you know, the AWS contracts and also bring data strategy as part of that so that that's the real um, driver behind this. Um, Stephen and I hope actually announced some of the customers that I actively started using it. You know, many notable customers have been behind this uh, innovation, don't even, I don't know, I wanted to add more to that. >>I would just, I would, I would just add Dave, you know, look if I look back before I joined a W S seven years ago, I was the C I O at dow jones and I was leading a a fairly big cloud migration there over a number of years. And one of the impetus is for us moving to the cloud in the first place was when Hurricane Sandy hit, we had a real disaster recovery scenario in one of our New Jersey data centers um, and we had to act pretty quickly convert was, was part of that solution. And I remember very clearly Even back then, back in 2013, they're being options available to help us accelerate are moved to the cloud and just to reiterate some of the stuff that Rhonda was talking about consoles, done a great job over the last more than a decade, taking features from things like EBS and S three and EC two and some of our networking capabilities and embedding them directly into their services so that customers are able to more quickly move their backup and recovery workloads to the cloud. So each and every one of those features was as a result of, I'm sure combo working backwards from their customer needs just as we do at >>AWS >>and we're super excited to take that to the next level to give customers the option to then also by that right on their AWS invoice on AWS marketplace. >>Yeah, I mean, we're gonna have to leave it there steven, you've mentioned several times the sort of the early days of back then we were talking about gigabytes and terabytes and now we're talking about petabytes and beyond. Guys. Thanks so much. I really appreciate your time and sharing the news with us. >>Dave. Thanks for having us. >>All right. Keep it right there more from combat connections. 21. You're watching the >>cube. Mm hmm.

(upbeat music) >> Welcome to Commvault Connections. My name is Dave Vellante, and we're going to dig into the changing security landscape and look specifically at ransomware and what steps organizations can take to better protect their data, their applications and their people. As you know cyber threats continue to escalate. In the past 19 months, we've seen a major shift in CISO strategies, tactics and actions as a direct result of the trend toward remote work, greater use of the cloud and the increased sophistication of cyber criminals. In particular, we've seen a much more capable well-funded and motivated adversary than we've ever seen before, stealthy techniques like living off the land, island hopping through the digital supply chain, self-forming malware and escalations in ransomware attacks, necessitate vigilant responses. And we're super pleased today to be joined by Dave Martin who's a global chief security officer at ADP. Dave, welcome, good to see you. >> Thanks for having me today. >> It's our pleasure. Okay, let's get right into it, it's a great topic. I mean, ADP, we're talking about people's money. I mean, it doesn't get more personal and sensitive than that, maybe healthcare, but money is right there on the priority list. But maybe you could start by telling us a bit about your role at the company, how you fit into the organization with your colleagues, like the the CIO, the CDO, maybe describe that a bit if you would. >> Yeah, absolutely. So we're somewhat unusual and both structure and we, one of the ways is we are, I have a very converged organization. So my responsibility extends from both the physical protection of kind of buildings, our associates, travel safety through fraud that we see in attempted in our products all the way through to a more traditional chief security officer in the cyberspace. And the other thing that's a little bit unusual is rather than reporting into a technology organization. I actually report into our chief administrative officer. So my peers in that organization are legal compliance. So it's a great position to be in the organization. And I've had various different reports during my career. And there's always a lot of debate with my peers about where's the best place to report and I think they always come back to, it's not really where you report, it's about those relationships that you mentioned. So how do you actually collaborate and work with the chief data officer, the CIO, the head of product, the product organization, and how do you use that to create this kind of very dynamic angel force to defend against the threats we face today? >> Yeah, now, so let's just want to clarify for the audience. So when you talk about that converged structure, oftentimes if I understand what your point is that the network team might be responsible for some of the physical security or the network security, that's all under sort of one roof in your organization, is that correct? >> So a lot of the controls and operations, something like firewalls is out in the CIO organization, but the core responsibility and accountability, whether it's protecting the buildings, the data centers, the data in our applications, the kind of the back office of all the services that we use to deliver value to our clients and kind of the same things that everyone has, the ERP environments now, all of that, protecting those environments rolls up to my team from an accountability and governance business. >> Got it, so, I mean, as I was saying upfront, I mean the acceleration, we all talk about that acceleration that compression, the force marched to digital that SolarWinds hack. It was like a Stuxnet moment to me 'cause it's signaled almost this new level of escalation by cyber criminals and that had send a shockwave through your community, I wonder you could, if you could talk about at a high level, how did that impact the way that CISOs think about cyber attacks or did it? >> I think we're very used to watching the outside world kind of adversaries don't stand still our businesses don't stand still, so we're constantly having to evolve. So it's just another call to action. How do we think about what we just saw and then how do we kind of realign the controls that we have and then how do we think about our program going forward that we need to address? >> Yeah, so we've seen, when we talk to other CISOs, your colleagues, they tell us, we've made a big sort of budget allocation toward endpoint security, cloud, identity access management and obviously focus on a flatter network. And of course, ransomware, how have you shifted priorities as a result of sort of the last, the pandemic 19 months? >> Yeah, we're definitely seeing that shift in kind of the necessity of working from home and we are kind of thinking by what tools do we need to get to our associates to really make them successful. And then also keep the integrity of our data and the availability of our services in that new model. And so we've made that shift in technology and controls, reinforced a lot of things that we already had. One thing thinking about the supply chain change that we saw out of SolarWinds is thinking about ransomware defense prior to that was very much around aligning the defenses within the perimeter of your network within the cloud environments. And I really thinking about where do I outside that environment where do I exchange files from, what connectivity do I have with partners and suppliers? What services do they provide to support us as an enterprise? And what's going to happen if they're not there at a minimum but then what happens if they had some kind of attack that can actually drive some of this malware and spread into the network or via some of those file transfer, make sure we'd really sure shored up the controls in that area but the response is actually part of that. How am I going to react when I hear from even a client, we're a very customer service focused company, we want to do whatever we can to help. And the instinct of one of our frontline associates say, Hey, send me that Excel file, I'll take care of it. So now yet we still want to help that client through, but we want to think through a little bit more before we start sharing an office file back and forth between two environments, one of which we know to be confident. >> Right, that's interesting what you're saying about the change in just focus on the perimeter to the threats within, without et cetera, because you don't even need a high school degree or diploma to be a ransomware attacker these days, you could go on the dark web. And if you're a bad, bad person, you can hire ransomware as a service. If you have access to a server credentials, you can do bad things and hopefully you'll end up in handcuffs, but that's a legitimate threat today, which is relatively new in the way in which people are escalating, whether it's crypto ransoms, et cetera, really do necessitate new thinking around or ransomware. So I wonder if you could talk a little bit more about the layered approach that you might take, the air gapping, be interested to understand where Commvault fits in to the portfolio, if you will. >> Sure and really it's thinking about this in depth. You're not going to be able to protect or recover everything so really understand, first of all, that if what is most important to be able to maintain service, what data do you do you need to protect and have available, armed with that now you can go through the rest of the NIST Cybersecurity Framework, the main thing you're doing the best for prevention, for the detection and response in that area. And then you kind of really interesting when we get to the recovery phase, both from a Commvault perspective and in many attacks where we really want to focus on prevention, but ultimately we'll likely to see a scenario even in some small part of our environment, where some kind of attack is effective and now we're back at that recovery step. And we don't want that to be the first time we're testing those backgrounds, we don't want to be the first time that we figured out that those backups have been on the network the whole time, and they can't be used for recovery. So partnering with everyone in the environment we talk about it takes a village to defend against this kind of threat, getting everyone engaged, the experts in each of these fields to make sure that we're thinking they understand this threat and how real it is and what their role is going to be in setting up that protection and defense, and then come that dark day that we all hope will never happen, when do you need them? When do you need them to be doing so that you can get back to a restoration and effective operation point as soon as possible. >> Yeah, hope for the best plan for the worst. So it's a big part of that is education. And of course the backup corpus is an obvious target because everything's in there. But before we get into sort of the best practice around that, I wanted to ask you about your response because one of the things that we've seen is that response is increasingly have to be stealthy so that you don't necessarily alert the attackers that you know that they're inside. Is that sort of a new trend and how do you approach that? >> Yeah, I mean, it's always a balance depending on the type of data and the type of attack as to kind of how can violent and swift. And obviously you have to be able to protect the environment, protect the integrity of the data, and then also balance again this kind of tipping off the attacker which could potentially make things worse. So always a conversation depending on the different threat type, you're going to have to go through. And it really helps to have some of those conversations up front, to have tabletops, not just at a technical level, to make sure that you're walking through the steps of a response to make it as seamless and quick and effective as possible, but also having that conversation with leadership team and even the board around the kind of decisions they're going to have to make and make sure that you wherever possible use scenarios to figure out what are some of those actions that are likely to be taken and also empower some teams. It's really important to be able to act autonomously and quickly, you don't want to be at 2:00 AM kind of looking for the CEO or kind of the executive team to get them out there to make a decision. Some of these decisions need to be made very quickly and very effectively, and you can only do that with empowered upfront and sometimes even automated processes to do them. >> Dave, describe what you mean by tabletops. I presume you're talking to a top-down view versus sort of being in the weeds but add some color to that please. >> Yeah, definitely it literally is kind of getting everyone around the table and at ADP at least once per year, we actually get the full executive team together and challenge them with a scenario, making sure that they're working through the problem. They know what each of their roles are at the table. And I am lucky to have a fantastic leadership team. We're actually very practiced. We've done this often enough now that they really pull apart really hard problems and think about what that decision is going to mean to me, so come that dark day, if it ever does, they're not kind of challenged by the never thought, they don't know, they've understand the technical background of why being asked to make the decision or the limitations of what their responses may be. >> So a lot of people and process goes into this always the case, but let's talk a little bit about the tech, I mentioned the backup Corpus is an obvious target before, what are some of the best tech practices in terms of protecting, whether it's that backup corpus, other data, air gaps, maybe you could give us some guidance on that front. >> Sure, we're not going to be able to protect everything. So focus on those favorite children is the best advice up front to think about the the critical components that enable you to bring things up, easy to go focus on that critical data and that most important app that everyone in the company understands. But all of that and cannot even start if you don't have the foundation, the network's not up and running, the authentication services is not up and running. So it's good to get a focus in some elements and practice on technical tabletop setting of how do you go through recovering an active directory forest back to a known, trusted state? Because that's one of the foundations you're going to need to build anything else back up on. On the backup side is make sure that you don't use the same credentials that your backup administrators use everyday, ensure there's only the smallest number of people have access to be able to control the backpacks, if at all possible and Commvault and many backup solutions, now make sure they're using a second-factor authentication to be able to get into those systems, and also make sure that some of the backups that you have are kind of offline, air gaps can be touched. And then also you think about the duration. You talked about the attackers being very smart and determine, they know how enterprises prepare and respond. So think about how long you're retaining them and where you're retaining some of the backups, not just incremental as to be able to fully restore a system, basically from bare metal or from that climate. >> And you're using Commvault software to manage some of this capability, is that right? I'm sure you have a bevy of tooling. >> Yeah, we have a wide range of tooling but yeah we are a certainly a combo farmer, >> And somebody said, a consultant said to me today Dave, I'm thinking about advising my clients that their air gap process should be air gapped. In other words, they should have sort of a separate remote removed from the mainstream process just for extra protection and I was like, okay, that's kind of interesting, but at the same time then do they have the knowledge to get back to a low RPO state? What do you think about about that approach? >> So the challenges of any kind of recovery and control design is like making sure that you're not making things overly complex and introducing other issues and also other exposures, if you're moving out of your normal control environment, that you have a 24 by 7, 365 set of monitoring, the more creative you get your plans are in danger of kind of having control erosion and visibility to that other state. But it is really important to think about, even at the communication level is in this kind of attack, you may not be able to rely on email, kind of Teams, all the common services that you have. So how are you actually going to communicate with this village it's going to take to recover, to be able to work through the process. So that's definitely an area that I would advocate for having offline capabilities to be able to have people react, gather, respond, plan and control the recovery even though the main enterprise may not be currently. >> I wonder if I could pick your brain on another topic, which is zero trust prior to the pandemic. A lot of times people would roll their eyes like it's a buzzword but it's kind of become a mandate where people are now talking about eliminating credentials to talking about converging identity access management, and governance and privilege access management. I mean, what are those some of the sea changes you see around so-called zero trust. >> Yeah, I think kind of zero trust has become that kind of call-to-action buzzword. These concepts that are embodied in zero trust journey are ones that have been around for forever and least privilege and it's how we think about you can't go buy a product that I like I'm just implemented zero trust. How do you think strategically about where you take your starting point and then go on this journey to kind of increase the various tools that start to limit, improve the segmentation not only from a network standpoint, from a service standpoint, from an identity standpoint and make sure you're embracing concepts like persona so that you start to break up the, may not get to zero trust anytime soon, but you're able to get less and less trust in that model. And to think about it in many different worlds, think about your product access. If you're a service provider company like we are, as well as kind of the internal employee context. So there is many elements, it's a complex journey. It's not something you're going to buy off the shelf and go implement but it's one that you're going to have to again partner with those other stakeholders that you have because there's user experience and client experience components of this journey, some of which are actually quite positive. You mentioned passwordless as one of those components in the gym certainly something that actually has a better user experience and also can offer a better security and freedom from the traditional passwords that you've come to love to hate. >> Dave, I know you're tight on time. I got two more questions for you. One is what is the CISO's number one challenge. >> Wow, that's getting enough sleep, now, really is, just staying hard with that business environment, that threat environment and the available tool sets and making sure that we're constantly working with those partners that we keep describing to chat that course to the future so that we're, this is a race that doesn't have a finish line. The marathon gets a little bit longer every year and bringing my peers on and making them understand that it's easy to get fatigued and say, ah, we thought we were done when we when we finished this initiative. It's just keeping everyone's energy up and focus on a very long mode. >> One A in that question if I may is many organizations lack the talent to be able to do that. You may not, you may have a firmer, but the industry as a whole really lacks the skills and the talent, and really, that's why they're looking to automation. How acute do you see that talent shortage? >> It's definitely there. And I think it's important to realize the back to that village concept, everybody has a play here. So what is a smaller available talent born in the security industry is we've really got to be that call-to-action, we've got to explain why this is important. We've got to be the consultants that kind of lead through what changes are we going to need to make to be successful? It's tempting to say, oh, they'll never do that. They're like, we've got to do it ourselves. We will never be successful. And just being the security team that tries to do everything, it's bringing everyone along for the journey. And part of that is just going to be this constant socialization and education of what they need to do and why it's so important. And then you really will build a great partnership. >> My last question, I was kind of been keeping a list of Dave's best practice. I saw obviously the layered approach, you want to get to that NIST framework. There's a lot of education involved. You've got to partner with your colleagues, the tabletops, executive visibility. So everybody knows what their role is, kind of the do your job, you've got to build zero trust. You can't just buy zero trust off the shelf and so that was my kind of quick list. Am I missing anything? >> I think that's pretty good. And then just in that partnership this is a tiring kind of hard thing to do and kind of just bringing everyone along, they can help you do so much, especially if you explained to them how it's going to make that product better, how it's going to make that client experience better, how it's going to make the CIO, the internal associate experience better, that this isn't just about adding friction into an already challenging environment. >> Like frontline healthcare workers, the SecOps pros are heroes day-to-day, you don't necessarily hear a lot about the work they're doing but Dave we really appreciate you coming on and sharing some of the best practices. And thank you for the great work that you guys are doing out there and best of luck. >> Thanks for the exchange, it has been a pleasure. >> All right, and thank you for watching everybody. This is Dave Vellante for theCUBE, keep it right there. (upbeat music)

(lighthearted music) >> We're here now with Manoj Nair, who's the general manager of Metallic and Dave Totten CTO with Microsoft. And we're going to talk about some of the announcements that we heard earlier today and what Metallic and Microsoft are doing to meet customer needs around cyber threats and ensuring secure cloud data management. Gentlemen, welcome to theCUBE. Good to see you. >> Thanks Dave. >> Thank you. >> Hey Manoj, let me start with you. We heard early this morning, Dave Totten was here, David Noe, talk a lot about security. Has the conversation changed, how has it changed when you talk to customers, Manoj? What's top of mind. >> Yeah, thank you, Dave. And thank you, Dave Totten. You know, great conversation earlier. Dave, you and I have talked about this in the past, right? Security long a big passion of mine. You know, having lived through nation state attacks in the past and all that. We're seeing those kinds of techniques really just getting mainstream, right? Ransomware has become a mainstream problem in the scourge in our lives. Now, when you look at it from a lens of data and data management, data protection, backup, all of this was very much a passive you know, compliance centric use case. It was pretty static you know, put it in tapes, haul it all over. And what has really changed with this ransomware and cybercrime change rate is data, which is now your most precious asset, is under attack. So now you see security teams, just like you talked with Dave Martin, from ADP earlier, they are looking for that bridge between SecurityOps and ITOps. That data management solution needs to do more. It needs to be part of an active conversation, you know? Not just, you know, recovery readiness. Can you ensure that, are you testing that, is it recoverable? That is your last mile of defense. So then you get questions like that from security teams. You get you know, the need for doing more, signals. Can I get better signals from my data management stack to tell me I might be under attack? So what we're seeing in the conversation is the need to have more active conversations around data management and the bridge between ITOps and SecurityOps is really becoming paramount for our customers. >> Yeah, Dave Totten I mean, I often say that I think data protection used to be this bolt on. Now it's a fundamental component of the digital business stack. Anything you would add to what Manoj just said. >> Yeah, I would just say exactly that. Data is an asset, right? We talked about it a lot about the competitive advantage that customers are now realizing that no longer is IT considered sort of this cost center element. We need to be able to leverage our interactions with customers, with partners, with supply chains, with manufacturers, we need to be able to leverage that to sort of create differentiation and competitive advantage in the marketplace. And so if you think about it, as that way as the fuel for economic profitability and business growth, you would do everything in your power to secure it, to support it, to make sure you had access to it, to make sure that you didn't have you know, bad intent users accessing it. And I think we're seeing that shift with customers as they think more about how to be more efficient with their investments in information technology and then how just to make sure that they protect the lifeblood of their businesses. >> Yeah, and that just makes it harder because the adversary is very capable. They're coming in through the digital supply chain. So it's complicated. And so Dave and maybe Manoj, you can comment as well after, Microsoft and Commvault, you guys have been working together for decades and so you've seen a lot of the changes, a lot of the waves. So I'm curious as to how the partnership has evolved. You've got a recent strategic announcement around Azure with Metallic. Dave, take us through that. >> Yeah, I mean you know, Commvault and Microsoft aren't newlyweds, we've been together now for 25 plus years. We send each other anniversary gifts, all that good stuff. And you know, listen, there's a couple things that are key to our relationship. One, we started believing in each other's engineering organizations, right? We hire the best, we train and retain the best. And we both put a lot of investment behind our infrastructure and the ability to work together to really innovate at real time, rapid speeds. Two, we use Commvault products so you know, there's no greater I think, advantage that if a major supplier or platform partner like Microsoft uses your products. We've used it for years in our Xbox group to support and store the data for a hundred million XBox live users. And we're very avid with it with our data centers, our access to Azure data centers, our Microsoft office products. And so we use Commvault services as well. And through that mutual relationship you know, obviously Commvault has seen the ins and outs of what's great about our services and where we're continuing to build and invest. And so they've been able to really you know, dedicate a team of engineers and architects to support all that Azure as a platform, as a service can provide. And then how to take the best of those features and build it into their own first party products. I think when you get close enough to somebody for so many years right, 25 plus years, you figure out what they're great at and you learn to take those advantages like Commvault has with Microsoft and Azure and use it to your advantage, right? To build the best in class product that Metallic actually is. And you're right, the announcement this week it feels culminating, it feels like it's a major milestone in first off, industry innovation but also in our relationship. But it's really not that big of a step change from what we've been doing and building and innovating on for the past you know, 25 years. >> Yeah so Manoj, that's got to be music to your ears. Because you come at it with this rich data protection stack, Microsoft there's so many capabilities. One of the courses, which is Azure. It's like the secret weapon, it's become the secret weapon. How do you think about that relationship, Manoj? >> Absolutely Dave said it right. We are strong partners, 25 years, founding in Western Commvault, mutual customers, partnership. You know, really when you look at it from a customer lens, what our customers have appreciated, over the last year of that strengthening of that partnership basically the two pillars of Commvault the leader of data protection, or you know, for the last 25 years, 10 out of 10 in the Gartner MQ comes together with Azure, the enterprise secure cloud leader in creating Metallic. Metallic, now with 1,000 plus customers around the world, there's a reason they trust it. It's now become part of how they protect their Office 365. No workload left behind, which is very unique, you know? So what we have architected together and now we're taking it to the next phase, our joint partners, right? Our joint customers, that those are some of the things that are really changing in terms of how we're accelerating the partnership. >> Manoj, you and I have talked about ransomware a lot, we did a special segment a while back on that. The adversary is very capable. And you know, I put in the chat this morning, at Commvault Connections, you don't even need a high school diploma to be a ransomwarist. You can go on the dark web, you can buy ransomware as a service. All you need is access to a server and you can stick you know, some malware on it. So you know, it's very, very dangerous times. What is it about data management as a service that makes it a good fit right now from a customer perspective to solve this problem? >> Absolutely. Bad guys, real life, or in the cyber world, they have some techniques. First thing they do in a ransomware is you go after the exits. What are the exit doors? Now you back up data, they know that that backup data can be used to recover. So they go and try to defeat the backup products in that environment. That's number one game that changes with data management as a service. Your data management data protection environment is not inside your environment. Chances to do two simultaneous penetrations to try and anything is possible. But now you've got an additional layer of recovery readiness because that control plane secured on top of Microsoft, Azure, 3,500 security professionals, FedRAMP high standard only data management and service entity to get it. As one of our customers said, "A unicorn in the wild", that is what you have as your data management environment. So if something bad happens, worst case, this environment is ready. Our enterprise customers are starting to understand that this is becoming a big reason to shift to this model. You know, then it's okay if you're not ready to shift the entire model, you're given the easy button of just air gapping of your data. So if you're an existing Commvault customer, appliance, software, anything, secure air gap Metallic cloud storage on hardened Azure Blob protected jointly by us, start there. And finally things like active directory. Talk about shutting the exit path, right? Take that down, your entire environment is not accessible. We make it easy for you to recover that. And because of our partnership, we're able to get it for free to every one of our customers. Go protect your active directory environment using (speaks faintly) kind of three big reasons that we're seeing that entire conversation shift in the minds of our customers. >> Yeah, thank you for that. That's a no brainer. Dave, how do Metallic and Microsoft fit together? Where's the you know, kind of value chain if you will, when it comes to dealing with cyber protection or ransomware recovery, how are your customers thinking about that? >> Yeah well, first it's a shared responsibility model, right? When you've got the best in class platform like Azure with built in protections, scalable data centers all over the global footprint. But then also we spend 10 plus billion dollars a year in security and defense and our own data center environments, right? And so I always find it inspiring when companies believe that their investments in security and platform protection is going to do the job. That's true, that used to be true. Now with Azure, you can take advantage of this global scale and secure you know, footprint of investment that a company like Microsoft has done to really set your heart at ease. Now, what do you do with your actual applications and who has access to it, and how do you actually integrate like Manoj was talking about down to the individual or the individual account that's trying to get access to your environment? Well, that's where Commvault comes in at that point of attack or at that point of an actual data element. So if you've got that environment within Commvault system backed by the umbrella of the Azure security infrastructure, that's how the two sort of compliment each other. And again, it's about shared responsibility, right? We want every customer that leverages Azure to make sure that they know it's secure, it's protected. We've got a mechanism to protect your best interests. Commvault has that exact same mission statement, right? To make sure that every single element that comes into contact with their products is protected, is secure, is trustworthy. You know, I got a long lesson, long, long time ago, early in my career that says you can goof up a product feature, you can goof up the color scheme on a website but if you lose a customer's data or somebody trust, you never get it back. And so we don't take our relationships with customers very lightly. And I think our committed and joint responsibility to delight and support our customers is what has led to this partnership being so successful over the past couple of decades. >> Great, thank you, Dave. And so Manoj, I was saying earlier that data protection has become a fundamental component of your digital business stack. So that sounds good but what should customers be doing to make data protection and data management, a business value driver versus just a liability or exposure or cost factor that has to be managed? What do you think about that? >> No, and then David added earlier, right? It's no longer a liability. In fact it is you know, someone said data is the new oil, right? It is your crown jewels. You got to to start with thinking about an active data protection strategy, not you know, thinking about passive tools and looking at it in terms of a compliance or I need to keep the data around. So that's the number one part is like, how do I have something that protects all my workloads and everyone has a different pace of transformation. So unless you know, you're a company that just got created, you have environments that are on-prem, on the edge, in CoLOS, public cloud. You got you know, SaaS applications, all of those have a critical data that needs to come together. Look for breadth of data protection, something that doesn't leave your workloads behind. Siloed solutions, create a Swiss cheese that create light for the attackers to go after those gaps. You don't want to look for that, you know? And then finally trust. I mean you know, what are the pillars of trust that the solution is built on? You got to figure out how your teams can get to doing more productive things rather than patching systems. You know, making sure that the infrastructure is up. As Dave said you know, we invest a ton jointly in securing this infrastructure. Trust that and leverage that as a differentiator rather than trying to duplicate all of that. So those are some of the you know, key things. And you know, look for players who understand that hybrid is here, give you different entry points. Don't force you know, the single single mode of operation. Those are the things we have built to make it easier for our customers to have a more active data management strategy. >> Dave, Todd, I'll give you the last word we got to go but I want to hit on this notion of zero trust. It used to be a buzz word now it's mainstream. There's so much that this discussion, is it Prudentialist access? Every access is treated maybe as privileged but what does zero trust mean to you in less than a minute? >> Yeah you know, trust but verify, right? Every interaction you have with your infrastructure, with your data, with your applications and you do it at the identity level. We care about identity and we know that that's the core of how people are going to try and access infrastructure. Used to be protect the perimeter. The analogy I always use is we have locks on our houses. Now the bad guys are everywhere. They're getting inside our houses and they're not immediately taking things, they're hiding in the closet and they're popping out three weeks later before anybody knows it. And so being able to actually manage, measure, protect every interaction you have with your infrastructure and do it at the individual or application level, that's what zero trust is all about. So don't trust any interaction, make sure that you pass that authorization through with every ask. And then make sure you protect it from the inside out. >> Great stuff. Okay guys, we've got to leave it there. Thanks so much for the time today. All right next, right after a short break, we're headed into the CXL Power Panel to hear what's on the minds of the executives as it relates to data management in the digital era. Keep it right there, you're watching theCUBE. (lighthearted music)

(Techno music plays in intro) >> We're here with theCUBE covering Commvault Connections 21. And we're going to look at the data protection space and how cloud computing has advanced the way we think about backup, recovery and protecting our most critical data. Ranga Rajagopalan who is the Vice President of products at Commvault, and Stephen Orban who's the General Manager of AWS Marketplace & Control Services. Gents! Welcome to theCUBE. Good to see you. >> Thank you, always a pleasure to see you Dave. >> Dave, thanks for having us. Great to be here. >> You're very welcome. Stephen, let's start with you. Look, the cloud has become a staple of digital infrastructure. I don't know where we'd be right now without being able to access enterprise services, IT services remotely, Um, but specifically, how are customers looking at backup and recovery in the cloud? Is it a kind of a replacement for existing strategies? Is it another layer of protection? How are they thinking about that? >> Yeah. Great question, Dave. And again, thanks. Thanks for having me. And I think, you know, look. If you look back to 15 years ago, when the founders of AWS had the hypothesis that many enterprises, governments, and developers were going to want access to on demand, pay as you go, IT resources in the cloud. None of us would have been able to predict that it would have matured and, um, you know become the staple that it has today over the last 15 years. But the reality is that a lot of these are enterprise customers. Many of whom have been doing their own IT infrastructure for the last 10, 20 or or multiple decades do have to kind of figure out how they deal with it. The change management of moving to the cloud, and while a lot of our customers will initially come to us because they're looking to save money or costs. Almost all of them decide to stay and go big because of the speed at which they're able to innovate on behalf of their customers. And when it comes to storage and backup, that just plays right into where they're headed and there's a variety of different techniques that customers use. Whether it be, you know, a lift and shift for a particular set of applications. Or a data center or where it, where they do very much look at how can they replace the backup and recovery that they have on premises in the cloud using solutions like what we're partnering with Commvault to do. Or completely re-imagining their architecture for net new developments that they can really move quickly for, for their customers and, and completely developing something brand new, where it is really a, um, you know a brand new replacement and innovation for, for, for what they've done in the past. >> Great. Thank you, Stephen. Ranga, I want to ask you about the D word, digital. Look, if you're not a digital business today, you're basically out of business. So my question to you Ranga is, is how have you seen customers change the way they think about data protection during what I call the forced March to digital over the last 18, 19 months? Are customers thinking about data protection differently today? >> Definitely Dave, and and thank you for having me and Stephen pleasure to join you on this CUBE interview. First, going back to Stephen's comments, can't agree more. Almost every business that we talk with today has a cloud first strategy, a cloud transmission mandate. And, you know, the reality is back to your digital comment. There are many different paths to the hybrid micro cloud. And different customers. You know, there are different parts of the journey. So as Stephen was saying, most often customers, at least from a data protection perspective. Start the conversation their thinking, hey, I have all these tapes, can I start using cloud as my air gap, long-term retention target. And before they realize they start moving their workloads into the cloud, and none of the backup and recovery facilities are going to change. So you need to continue protecting the cloud, which is where the cloud meta data protection comes in. And then they start innovating around DR Can I use cloud as my DR sites so that, you know, I don't need to meet in another site. So this is all around us, cloud transmissions, all around us. And, and the real essence of this partnership between AWS and Commvault is essentially to drive, and simplify all the paths to the cloud Regardless of whether you're going to use it as a storage target or, you know, your production data center or your DR. Disaster Recovery site. >> Yeah. So really, it's about providing that optionality for customers. I talked to a lot of customers and said, hey, our business resilience strategy was really too focused on DR. I've talked to all the customers at the other end of the spectrum said, we didn't even have a DR strategy. Now we're using the cloud for that. So it's a, it's really all over the map and you want that optionality. So Stephen, >> (Ranga cuts in) >> Go ahead, please. >> And sorry. Ransomware plays a big role in many of these considerations as well, right? Like, it's unfortunately not a question of whether you're going to be hit by ransomware. It's almost become like, what do you do when you're hit by ransomware? And the ability to use the cloud scale to immediately bring up the resources. Use the cloud backers has become a very popular choice simply because of the speed with which you can bring the business back to normal operations. The agility and the power that cloud brings to the table. >> Yeah. Ransomware is scary. You don't, you don't even need a high school degree diploma to be a ransomware-ist. You could just go on the dark web and buy ransomware as a service and do bad things. And hopefully you'll end up in jail. Stephen, we know about the success of the AWS Marketplace. You guys are partnering here. I'm interested in how that partnership, you know, kind of where it started and how it's evolving. >> Yeah. And happy to highlight on that. So look, when we, when we started AWS or when the founders of AWS started AWS, as I said, 15 years ago. We realized very early on that while we were going to be able to provide a number of tools for customers to have on demand access to compute storage, networking databases, that many particularly, enterprise and government government customers still use a wide range of tools and solutions from hundreds, if not in some cases, thousands of different partners. I mean, I talked to enterprises who who literally used thousands of of different vendors to help them deliver those solutions for their customers. So almost 10 years ago, we're almost at our 10 year anniversary for AWS Marketplace. We launched the first instantiation of AWS Marketplace, which allowed builders and customers to find, try, buy, and then deploy third-party software solutions running on Amazon Machine Instances, also known as AMI's. Natively, right in their AWS and cloud accounts to compliment what they were doing in the cloud. And over the last, nearly 10 years, we've evolved quite a bit. To the point where we support software in multiple different packaging types. Whether it be Amazon Machine Instances, containers, machine learning models, and of course, SAS and the rise of software as a service, so customers don't have to manage the software themselves. But we also support a data products through the AWS data exchange and professional services for customers who want to get services to help them integrate the software into their environments. And we now do that across a wide range of procurement options. So what used to be pay as you go Amazon Machine Instances now includes multiple different ways to contract directly. The customer can do that directly with the vendor, with their channel partner or using kind of our, our public e-commerce capabilities. And we're super excited, um, over the last couple of months, we've been partnering with Commvault to get their industry leading backup and recovery solutions listed on AWS Marketplace. Which is available for our collective customers now. So not only do they have access to Commvault's awesome solutions to help them protect against ransomware, as we talked about and, and to manage their backup and recovery environments. But they can find and deploy that directly in one click right into their AWS accounts and consolidate their, their billing relationship right on the AWS invoice. And it's been awesome to work with with Ranga and the, and the product teams at Commvault to really expose those capabilities where Commvault's using a lot of different AWS services to, to provide a really great native experience for our collective customers as they migrate to the cloud. >> Yeah. The Marketplace has been amazing. We've watched it evolve over the past decade and it's just, it's a key characteristic of cloud. Everybody has a cloud today, right? Ah, we're a cloud too, but Marketplace is unique in, in, in that it's the power of the ecosystem versus the resources of one. And Ranga, I wonder if from your perspective, if you could talk about the partnership with AWS from your view, and and specifically you've got some hard news. Would, if you could, talk about that as well. >> Absolutely. So the partnership has been extending for more than 12 years, right? So AWS and Commvault have been bringing together solutions that help customers solve the data management challenges and everything that we've been doing has been driven by the customer demand that we see, right. Customers are moving their workloads to the cloud. They are finding new ways of deploying the workloads and protecting them. You know, earlier we introduced cloud native integration with the EBS AVI's which has driven almost 70% performance improvements in backup and restore. When you look at huge customers like Coca-Cola, who have standardized on AWS and Commvault, that is the scale that they want to operate on. They manage around one through 3,000 snapshots, 1200 easy, two instances across six regions, but with just one resource dedicated for the data management strategy, right? So that's where the real built-in integration comes into play. And we've been extending it to make use of the cloud efficiencies like power management and auto-scale, and so on. Another aspect is our commitment to a radically simple customer experience. And that's, you know, I'm sure Stephen would agree. It's a big mantra at AWS as well. That's really, together, the customer demand that's brought us together to introduce combo into the AWS Marketplace, exactly the way Stephen described it. Now the hot announcement is calmer, backup and recovery is available in AWS Marketplace. So the exact four steps that Stephen mentioned: find, try, buy, and deploy everything simplified to the Marketplace so that our AWS customers can start using our more backup software in less than 20 minutes. A 60 day trial version is included in the product through Marketplace. And, you know, it's a single click buy. We use the cloud formation templates to deploy. So it becomes a super simple approach to protect the AWS workloads. And we protect a lot of them starting from EC2, RDS DynamoDB, DocumentDB, you know, the, the containers, the list just keeps going on. So it becomes a very natural extension for our customers to make it super simple, to start using Commvault data protection for the AWS workloads. >> Well, the Commvault stack is very robust. You have an extremely mature stack. I want to, I'm curious as to how this sort of came about? I mean, it had to be customer driven, I'm sure. When your customers say, hey, we're moving to the cloud, we had a lot of workloads in the cloud. We're a Commvault customer, that intersection between Commvault and AWS customer. So, so again, I presume this was customer driven, but maybe you can give us a little insight and add some color to that, Ranga. >> Every everything, you know, in this collaboration has been customer driven. We were earlier talking about the multiple paths to cloud and a very good example, and Stephen might probably add more color from his own experience at Dow Jones, but I I'll, I'll bring it to reference Parsons. Who's, you know, civil engineering leader. They started with the cloud first mandate saying, we need to start moving all our backups to the cloud, but we averted that bad actors might find it easy to go and access the backups. AWS and Commvault came together with AWS security features and Commvault brought in its own authorization controls. And now we are moved more than 14 petabytes of backup data into the cloud, and it's sort of as that, not even the backup administrators can go and patch the backups without multiple levels of authorization, right? So the customer needs, whether it is from a security perspective, performance perspective, or in this case from a simplicity perspective is really what is driving us and, and the need came exactly like that. There are many customers who have now standardized on AWS, they want to find everything related to this Marketplace. They want to use their existing, you know, the AWS contracts and also bring data strategy as part of that. So that, that's the real driver behind this. Stephen and I were hoping that we could actually announce some of the customers that have actively started using it. You know, many notable customers have been behind this innovation. And Stephen I don't know if you wanted to add more to that. >> I would just, I would just add Dave, you know, like if I look back before I joined AWS seven years ago, I was the CIO at Dow Jones. And I was leading a, a fairly big cloud migration there over a number of years. And one of the impetuses for us moving to the cloud in the first place was when Hurricane Sandy hit, we had a real disaster recovery scenario in one of our New Jersey data centers. And we had to act pretty quickly. Commvault was, was part of that solution. And I remember very clearly, even back then, back in 2013, there being options available to help us accelerate our move to the cloud. And, and just to reiterate some of the stuff that Ranga was talking about, you know, Commvault's done a great job over the last, more than a decade. Taking features from things like EBS, and S3, and TC2 and some of our networking capabilities and embedding them directly into their services so that customers are able to, you know, more quickly move their backup and recovery workloads to the cloud. So each and every one of those features was, is a result of, I'm sure, Commvault working backwards from their customer needs just as we do at AWS. And we're super excited to take that to the next level, to give customers the option to then also buy that right on their AWS invoice on AWS Marketplace. >> Yeah. I mean, we're going to have to leave it there. Stephen you've mentioned this several times, there's sort of the early days of AWS. We went back then we were talking about gigabytes and terabytes, and now we're talking about petabytes and beyond. Guys thanks so much. We really appreciate your time and sharing the news with us. >> Dave, thanks for having us. >> All right, keep it right there more from Commvault Connections 21, you're watching theCUBE.

(upbeat music) >> Hello everyone. This is Dave Vellante with theCUBE. On October 28th, we'll be attending Commvault Connections '21. This is a premier industry event and it's focused on hybrid data services. The broadcast will be live from Commvault's Tinton Falls HQ. Now the agenda is packed with educational inspirational keynote speakers. For example, Dave Martin will be speaking. He is in the global chief security office at ADP, Stephen Orban of AWS and Dave Taunton of Microsoft will be sharing insights. And of course Commvault CEO Sanjay Mirchandani, he's a long-time guest of theCUBE and a rare example of a CIO transitioning to a CEO role and having excellent success with Commvault transformation. These sessions that are referencing will engage you on topics like ransomware, SaaS, and hybrid cloud, and more there's something for every data professional. And by attending, you have the chance to have an exclusive consultation with the dev team at Commvault, which is always a hot ticket item. Now you can catch all the action live on SiliconANGLE and thecube.net so go right now, register for connections '21, it takes less than a minute. I just did it. We'll see you there. (upbeat music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Techniques to protect sensitive data have evolved over thousands of years literally. The pace of modern data protection is rapidly accelerating and presents both opportunities and threats for organizations. In particular, the amount of data stored in the cloud combined with hybrid work models, the clear and present threat of cyber crime, regulatory edicts and the ever expanding edge and associated use cases should put CXOs on notice that the time is now to rethink your data protection strategies. Hello, and welcome to this week's Wikibon theCUBE Insights powered by ETR. In this Breaking Analysis, we're going to explore the evolving world of data protection and share some information on how we see the market changing in the competitive landscape for some of the top players. Steve Kenniston AKA the Storage Alchemist shared a story with me and it was pretty clever. Way back in 4,000 BC the Sumerians invented the first system of writing. Now they used clay tokens to represent transactions at that time. Now, to prevent messing with these tokens, they sealed them in clay jars to ensure that the tokens or either data would remain secure with an accurate record, let's call it quasi immutable and lived in a clay vault. Since that time, we've seen quite an evolution in data protection. Tape, of course, was the main means of protecting data, backing data up during most of the mainframe era and that carried into client server computing, which really accentuated and underscored the issues around backup windows and challenges with RTO, Recovery Time Objective and RPO, Recovery Point Objective, and just overall recovery nightmares. Then in the 2000s data reduction made displace backup more popular and push tape into an archive last resort media data domain then EMC now Dell still sell many purpose built backup appliances as do others as a primary backup target disc base. The rise of virtualization brought more changes in backup and recovery strategies as a reduction in physical resources squeezed the one application that wasn't under utilizing compute i.e backup. And we saw the rise of Veeam, the cleverly named company that became synonymous with data protection for virtual machines. Now the cloud has created new challenges related to data sovereignty, governance latency, copy creep, expense, et cetera but more recently cyber threats have elevated data protection to become a critical adjacency to information security. Cyber resilience to specifically protect against ransomware attacks as the new trend being pushed by the vendor community as organizations are urgently looking for help with this insidious threat. Okay, so there are two major disruptors that we're going to talk about today, the cloud and cyber crime, especially around ransoming your data. Every customer is using the cloud in some way, shape or form. Around 76% are using multiple clouds that's according to a recent study by HashiCorp. We've talked extensively about skill shortages on theCUBE and data protection and security concerns are really key challenges to address given that skill shortage is a real talent gap in terms of being able to throw people at solving this problem. So what customers are doing they're either building out or they're buying, really mostly building abstraction layers to hide the underlying cloud complexity. So, what this does, the good news is it simplifies provisioning and management but it creates problems around opacity. In other words, you can't see sometimes what's going on with the data, these challenges fundamentally become data problems in our view. Things like fast, accurate, and complete backup recovery, compliance, data sovereignty, data sharing, I mentioned copy creep, cyber resiliency, privacy protections these are all challenges brought to fore by the cloud, the advantages, the pros and the cons. Now, remote workers are especially vulnerable and as clouds expand rapidly data protection technologies are struggling to keep pace. So let's talk briefly about the rapidly expanding public cloud. This chart shows worldwide revenue for the big four hyperscalers, as you can see we projected they're going to surpass $115 billion in revenue in 2021, that's up from 86 billion last year. So it's a huge market, it's growing in the 35% range. The interesting thing is last year, 80 plus billion dollars in revenue but a 100 billion dollars was spent last year by these firms in CapEx. So they're building out infrastructure for the industry. This is a gift to the balance of the industry. Now to date legacy vendors and their surrounding community have been pretty defensive around the cloud, "Oh, not everything is going to move to the cloud, it's not a zero sum game we here." And while that's all true the narrative was really kind of a defense posture and that's starting to change as large tech companies like Dell, IBM, Cisco, HPE, and others see opportunities to build on top of this infrastructure. You certainly see that with Arvind Krishna's comments at IBM, Cisco obviously leaning in from a networking and security perspective. HPE using language that is very much cloud-like with its GreenLake strategy. And of course, Dell is all over this. Let's listen to how Michael Dell is thinking about this opportunity when he was questioned on theCUBE by John Furrier about the cloud. Play the clip. >> Well, clouds are infrastructure, right? So you can have a public cloud, you can have an edge cloud, a private cloud, a Telco cloud, a hybrid cloud, multicloud, here cloud, there cloud, everywhere cloud, cloud. Yet, they'll all be there, but it's basically infrastructure. And how do you make that as easy to consume and create the flexibility that enables everything. >> Okay, so in my view, Michael nailed it, the cloud is everywhere. You have to make it easy and you have to admire the scope of his comments. We know this guy, he thinks big, right? He said enables everything. What he's basically saying is that, technology is at the point where it has the potential to touch virtually every industry, every person, every problem, everything. So let's talk about how this informs the changing world of data protection. Now, we've seen with the pandemic there's an acceleration toward digital and that has caused an escalation if you will, in the data protection mandate. So essentially what we're talking about here is the application of Michael Dell's cloud everywhere comments. You've got on-prem, private clouds, hybrid clouds, you've got public clouds across AWS, Azure, Google, Alibaba, really those big four hyperscalers. You got many clouds that are popping up all over the place, but multicloud to that HashiCorp data point, 75, 76%, and then you now see the cloud expanding out to the edge, programmable infrastructure heading out to the edge. So the opportunity here to build the data protection cloud is to have the same experiences across all these estates with automation and orchestration in that cloud, that data protection cloud if you will. So think of it as an abstraction layer that hides that underlying complexity, you log into that data protection cloud it's the same experience. So you've got backup, you've got recovery, you can handle bare-metal, you can do virtualized backups and recoveries, any cloud, any OS, out to the edge, Kubernetes and container use cases, which is an emerging data protection requirement and you've got analytics, perhaps you've got PII, Personally Identifiable Information protection in there. So the attributes of this data protection cloud, again, it abstracts the underlying cloud primitives, takes care of that. It also explodes cloud native technologies. In other words, it takes advantage of whether it's machine learning, which all the big cloud players have expertise in, new processor models things like Graviton and other services that are in the cloud natively. It doesn't just wrap it's on-prem stack in a container and shove it into the cloud, no, it actually re architects or architects around those cloud native services and it's got distributed metadata to track files and volumes and any organizational data irrespective of location. And it enables sets of services to intelligently govern in a federated governance manner while ensuring data integrity and all this is automated and orchestrated to help with the skills gap. Now, as it relates to cyber recovery, air gap solutions must be part of the portfolio, but managed outside of that data protection cloud that we just briefly described. The orchestration and the management must also be gapped if you will, otherwise, you don't have an air gap. So all of this is really a cohort to cyber security or your cybersecurity strategy and posture, but you have to be careful here because your data protection strategy could get lost in this mess. So you want to think about the data protection cloud as again, an adjacency or maybe an overlay to your cybersecurity approach, not a bolt on it's got to be fundamentally architectured from the bottom up. And yes, this is going to maybe create some overheads and some integration challenges but this is the way in which we think you should think about it. So you'll likely need a partner to do this, again, we come back to the skills gap if were seeing the rise of MSPs, managed service providers and specialist service providers, not public cloud providers, people are concerned about lock-in and that's really not their role. They're not high touch services company, probably not your technology arms dealer, excuse me, they're selling technology to these MSPs. So the MSPs, they have intimate relationships with their customers. They understand their business and specialize in architecting solutions to handle these difficult challenges. So let's take a look at some of the risk factors here and dig a little bit into the cyber threat that organizations face. This is a slide that, again, the Storage Alchemists, Steve Kenniston shared with me, it's based on a study that IBM funds with the Panama Institute, which is a firm that studies these things like cost of breaches and has for many, many, many years. The slide shows the total cost of a typical breach within each dot and on the Y-axis and the frequency in percentage terms on the horizontal axis. Now it's interesting, the top two are compromised credentials and fishing, which once again proves that bad user behavior trumps good security every time. But the point here is that the adversary's attack vectors are many and specific companies often specialize in solving these problems often with point products, which is why the slide that we showed from Optiv earlier, that messy slide looks so cluttered. So it's a huge challenge for companies, and that's why we've seen the emergence of cyber recovery solutions from virtually all the major players. Ransomware and the SolarWinds hack have made trust the number one issue for CEOs and CSOs and boards of directors, shifting CSO spending patterns are clear. Shifting largely because they're catalyzed by the work from home. But outside of the moat to endpoint security identity and access management, cloud security, the horizontal network security. So security priorities and spending are changing that's why you see the emergence of disruptors like we've covered extensively, Okta, Crowdstrike, Zscaler. And cyber resilience is top of mind and robust solutions are required and that's why companies are building cyber recovery solutions that are most often focused on the backup corpus because that's a target for the bad guys. So there is an opportunity, however to expand from just the backup corpus to all data and protect this kind of 3-2-1, or maybe it's 3-2-1-1, three copies, two backups, a backup in the cloud and one that's air gapped. So this can be extended to primary storage, copies, snaps, containers, data in motion, et cetera, to have a comprehensive data protection strategy. Customers as I said earlier, increasingly looking to manage service providers and specialists because of that skills gap and that's a big reason why automation is so important in orchestration. And automation and orchestration I'll emphasize on the air gap solutions should be separated physically and logically. All right, now let's take a look at some of the ETR data and some of the players. This is a chart that we like to show often, it's a X, Y axis, and the Y-axis is net score, which is a measure of spending momentum and the horizontal axis is market share. Now market share is an indicator of pervasiveness in the survey. It's not spending market share, it's not market share of the overall market, it's a term that ETR uses. It's essentially market share of the responses within the survey set, think of it as mind share. Okay, you've got the pure plays here on this slide in the storage category, there is no data protection or backup category so what we've done is we've isolated the pure plays or close to pure plays in backup and data protection. Notice that red line, that red line is kind of our subjective view of anything that's over that 40% line is elevated, you can see only rubric in the July survey is over that 40% line. I'll show you the ends in a moment. Smaller ends, but still rubric is the only one. Now look at Cohesity and rubric in the January, 2020. So last year pre-pandemic Cohesity and Rubrik they've come well off their peaks for net score. Look at Veeam, Veeam having studied this data for the last say 24 plus months, Veeam has been Steady Eddie. It is really always in the mid to high 30s, always shows a large shared end so it's coming up in the survey, customers are mentioning Veeam and it's got a very solid net score. It's not above that 40% line but it's hovering just below consistently, that's very impressive. Commvault has steadily been moving up. Sanjay Mirchandani has made some acquisitions, he did the Hedvig acquisition. They launched metallic that's driving cloud affinity within a Commvault large customer base so it's a good example of a legacy player, pivoting and evolving and transforming itself. Veritas continues to underperform in the ETR surveys relative to the other players. Now, for context, let's say add IBM and Dell to the chart. Now just note, this is IBM and Dell's full storage portfolio. The category in the taxonomy at ETR is all storage. Okay, this previous slide I isolated on the pure plays, but this now adds in IBM and Dell. It probably representative of where they would be, probably Dell larger on the horizontal axis than IBM, of course and you could see the spending momentum in accordingly. So you could see that in the data chart that we've inserted. So smaller ends for Rubrik and Cohesity, but still enough to pay attention, it's not like one or two when you're 20 plus, 15 plus, 25 plus you can start to pay attention to trends. Veeam again is very impressive. Its net score is solid, it's got a consistent presence in the dataset, it's clear leader here. SimpliVity is small but it's improving relative to last several surveys and we talked about Commvault. Now, I want to emphasize something that we've been hitting on for quite some time now and that's the renaissance that's coming in compute. Now we all know about Moore's law, the doubling of transistor density every two years, 18 to 24 months and that leads to a doubling of performance in that time frame. X86, that X86 curve is in the blue and if you do the math, this is expressed in trillions of operations per second. The orange line is a representative of Apple's A series culminating in the A-15 most recently, the A series is what Apple is now... It's the technology basis for what's inside, and one the new Apple laptops, which is replacing Intel. That's that orange line there we'll come back to that. So go back to the blue line for a minute. If you do the math on doubling performance every 24 months, it comes out to roughly 40% annual improvement in processing power per year. That's now moderated. So Moore's law is waning in one sense so we wrote a piece Moore's law is not dead so I'm sort of contradicting myself there, but the traditional Moore's law curve on X86 is waning. It's probably now down to around 30%, low 30s, but look at the orange line. Again, using the A series as an indicator, if you combine the CPU, the NPU, which is the neural processing unit, XPU, pick whatever PU you want, the accelerators, the DSPs, that line is growing at a 100% plus per year. It's probably more accurately around 110% a year. So there's a new industry curve occurring and it's being led by the Arm ecosystem. The other key factor there you see in a lot of use cases, a lot of consumer use cases Apple is an example but you're also seeing it in things like Tesla, Amazon with AWS Graviton, the Annapurna acquisition, building out Graviton and Nitro that's based on Arm. You can get from design to tape out in less than two years Whereas the Intel cycles we know they've been running it four to five years now, maybe Pat Gelsinger is compressing those, but Intel is behind. So, organizations that are on that orange curve are going to see faster acceleration, lower cost, lower power, et cetera. All right, so what's the tie to data protection? I'm going to leave you with this chart. Arm has introduced it's confidential compute architecture, and is ushering in a new era of security and data protection. Zero Trust is the new mandate and what Arm has done with what they call realms is create physical separation of the vulnerable components by creating essentially physical buckets to put code in and to put data in separate from the OS. Remember the OS is the most valuable entry point for hackers or one of them because it contains privileged access and it's a weak link because of things like memory leakages and vulnerabilities. And malicious code can be placed by bad guys within data in the OS and appear benign even though it's anything but. So in this architecture, all the OS does is create API calls to the realm controller. That's the only interaction. So it makes it much harder for bad actors to get access to the code and the data. And importantly, very importantly, it's an end-to-end architecture so there's protection throughout if you're pulling data from the edge and bringing it back to on-prem and the cloud you've got that end-to-end architecture and protection throughout. So the link to data protection is that backup software vendors need to be the most trusted of applications. Backup software needs to be the most trusted of applications because it's one of the most targeted areas in the cyber attack. Realms provide an end-to-end separation of data and code from the OS and is a better architectural construct to support Zero Trust and confidential computing and critical use cases like data protection/backup and other digital business apps. So our call to action is backup software vendors you can lead the charge. Arm is several years ahead at the moment, head of Intel in our view. So you got to pay attention to that, research that, we're not saying over rotate, but go investigate that. And use your relationships with Intel to accelerate its version of this architecture or ideally the industry should agree on common standards and solve this problem together. Pat Gelsinger told us in theCUBE that if it's the last thing he's going to do in his industry life he's going to solve this security problem. That's when he was at VMware. Well, Pat you're even in a better place to do it now, you don't have to solve it yourself, you can't and you know that. So while you're going about your business saving Intel, look to partner with Arm I know it sounds crazy to use these published APIs and push to collaborate on an open source architecture that addresses the cyber problem. If anyone can do it, you can. Okay, that's it for today. Remember, these episodes are all available as podcasts all you got to do is search Breaking Analysis podcast, I publish weekly on Wikibon.com and SiliconANGLE.com. Or you can reach me at dvellante on Twitter, email me at Dave.Vellante@SiliconANGLE.com. And don't forget to check out ETR.plus for all the survey and data action. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching everybody, be well and we'll see you next time. (upbeat music)

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is braking analysis with Dave Vellante. >> Techniques to protect sensitive data have evolved over thousands of years, literally. The pace of modern data protection is rapidly accelerating and presents both opportunities and threats for organizations. In particular, the amount of data stored in the cloud combined with hybrid work models, the clear and present threat of cyber crime, regulatory edicts, and the ever expanding edge and associated use cases should put CXOs on notice that the time is now to rethink your data protection strategies. Hello, and welcome to this week's Wikibon Cube Insights powered by ETR. In this breaking analysis, we're going to explore the evolving world of data protection and share some information on how we see the market changing in the competitive landscape for some of the top players. Steve Kenniston, AKA the Storage Alchemist, shared a story with me, and it was pretty clever. Way back in 4000 BC, the Sumerians invented the first system of writing. Now, they used clay tokens to represent transactions at that time. Now, to prevent messing with these tokens, they sealed them in clay jars to ensure that the tokens, i.e the data, would remain secure with an accurate record that was, let's call it quasi, immutable, and lived in a clay vault. And since that time, we've seen quite an evolution of data protection. Tape, of course, was the main means of protecting data and backing data up during most of the mainframe era. And that carried into client server computing, which really accentuated and underscored the issues around backup windows and challenges with RTO, recovery time objective and RPO recovery point objective. And just overall recovery nightmares. Then in the 2000's data reduction made disk-based backup more popular and pushed tape into an archive last resort media. Data Domain, then EMC, now Dell still sell many purpose-built backup appliances as do others as a primary backup target disc-based. The rise of virtualization brought more changes in backup and recovery strategies, as a reduction in physical resources squeezed the one application that wasn't under utilizing compute, i.e, backup. And we saw the rise of Veem, the cleverly-named company that became synonymous with data protection for virtual machines. Now, the cloud has created new challenges related to data sovereignty, governance, latency, copy creep, expense, et cetera. But more recently, cyber threats have elevated data protection to become a critical adjacency to information security. Cyber resilience to specifically protect against attacks is the new trend being pushed by the vendor community as organizations are urgently looking for help with this insidious threat. Okay, so there are two major disruptors that we're going to talk about today, the cloud and cyber crime, especially around ransoming your data. Every customer is using the cloud in some way, shape, or form. Around 76% are using multiple clouds, that's according to a recent study by Hashi Corp. We've talked extensively about skill shortages on theCUBE, and data protection and security concerns are really key challenges to address, given that skill shortage is a real talent gap in terms of being able to throw people at solving this problem. So what customers are doing, they're either building out or they're buying really mostly building abstraction layers to hide the underlying cloud complexity. So what this does... The good news is it's simplifies provisioning and management, but it creates problems around opacity. In other words, you can't see sometimes what's going on with the data. These challenges fundamentally become data problems, in our view. Things like fast, accurate, and complete backup recovery, compliance, data sovereignty, data sharing. I mentioned copy creep, cyber resiliency, privacy protections. These are all challenges brought to fore by the cloud, the advantages, the pros, and the cons. Now, remote workers are especially vulnerable. And as clouds span rapidly, data protection technologies are struggling to keep pace. So let's talk briefly about the rapidly-expanding public cloud. This chart shows worldwide revenue for the big four hyperscalers. As you can see, we projected that they're going to surpass $115 billion in revenue in 2021. That's up from 86 billion last year. So it's a huge market, it's growing in the 35% range. The interesting thing is last year, 80-plus billion dollars in revenue, but 100 billion dollars was spent last year by these firms in cap ex. So they're building out infrastructure for the industry. This is a gift to the balance of the industry. Now to date, legacy vendors and the surrounding community have been pretty defensive around the cloud. Oh, not everything's going to move to the cloud. It's not a zero sum game we hear. And while that's all true, the narrative was really kind of a defensive posture, and that's starting to change as large tech companies like Dell, IBM, Cisco, HPE, and others see opportunities to build on top of this infrastructure. You certainly see that with Arvind Krishna comments at IBM, Cisco obviously leaning in from a networking and security perspective, HPE using language that is very much cloud-like with its GreenLake strategy. And of course, Dell is all over this. Let's listen to how Michael Dell is thinking about this opportunity when he was questioned on the queue by John Furrier about the cloud. Play the clip. So in my view, Michael nailed it. The cloud is everywhere. You have to make it easy. And you have to admire the scope of his comments. We know this guy, he thinks big. He said, "Enables everything." He's basically saying is that technology is at the point where it has the potential to touch virtually every industry, every person, every problem, everything. So let's talk about how this informs the changing world of data protection. Now, we all know, we've seen with the pandemic, there's an acceleration in toward digital, and that has caused an escalation, if you will, in the data protection mandate. So essentially what we're talking about here is the application of Michael Dell's cloud everywhere comments. You've got on-prem, private clouds, hybrid clouds. You've got public clouds across AWS, Azure, Google, Alibaba. Really those are the big four hyperscalers. You got many clouds that are popping up all their place. But multi-cloud, to that Hashi Corp data point, 75, 70 6%. And then you now see the cloud expanding out to the edge, programmable infrastructure heading out to the edge. So the opportunity here to build the data protection cloud is to have the same experiences across all these estates with automation and orchestration in that cloud, that data protection cloud, if you will. So think of it as an abstraction layer that hides that underlying complexity, you log into that data protection cloud, it's the same experience. So you've got backup, you've got recovery, you can handle bare metal. You can do virtualized backups and recoveries, any cloud, any OS, out to the edge, Kubernetes and container use cases, which is an emerging data protection requirement. And you've got analytics, perhaps you've got PII, personally identifiable information protection in there. So the attributes of this data protection cloud, again, abstracts the underlying cloud primitives, takes care of that. It also explodes cloud native technologies. In other words, it takes advantage of whether it's machine learning, which all the big cloud players have expertise in, new processor models, things like graviton, and other services that are in the cloud natively. It doesn't just wrap it's on-prem stack in a container and shove it into the cloud, no. It actually re architects or architects around those cloud native services. And it's got distributed metadata to track files and volumes and any organizational data irrespective of location. And it enables sets of services to intelligently govern in a federated governance manner while ensuring data integrity. And all this is automated and an orchestrated to help with the skills gap. Now, as it relates to cyber recovery, air-gap solutions must be part of the portfolio, but managed outside of that data protection cloud that we just briefly described. The orchestration and the management must also be gaped, if you will. Otherwise, (laughs) you don't have an air gap. So all of this is really a cohort to cyber security or your cybersecurity strategy and posture, but you have to be careful here because your data protection strategy could get lost in this mess. So you want to think about the data protection cloud as again, an adjacency or maybe an overlay to your cybersecurity approach. Not a bolt on, it's got to be fundamentally architectured from the bottom up. And yes, this is going to maybe create some overheads and some integration challenges, but this is the way in which we think you should think about it. So you'll likely need a partner to do this. Again, we come back to the skill skills gap if we're seeing the rise of MSPs, managed service providers and specialist service providers. Not public cloud providers. People are concerned about lock-in, and that's really not their role. They're not high-touch services company. Probably not your technology arms dealer, (clear throat) excuse me, they're selling technology to these MSPs. So the MSPs, they have intimate relationships with their customers. They understand their business and specialize in architecting solutions to handle these difficult challenges. So let's take a look at some of the risk factors here, dig a little bit into the cyber threat that organizations face. This is a slide that, again, the Storage Alchemists, Steve Kenniston, shared with me. It's based on a study that IBM funds with the Panmore Institute, which is a firm that studies these things like cost of breaches and has for many, many, many years. The slide shows the total cost of a typical breach within each dot and on the Y axis and the frequency in percentage terms on the horizontal axis. Now, it's interesting. The top two compromise credentials and phishing, which once again proves that bad user behavior trumps good security every time. But the point here is that the adversary's attack vectors are many. And specific companies often specialize in solving these problems often with point products, which is why the slide that we showed from Optiv earlier, that messy slide, looks so cluttered. So there's a huge challenge for companies. And that's why we've seen the emergence of cyber recovery solutions from virtually all the major players. Ransomware and the solar winds hack have made trust the number one issue for CIOs and CISOs and boards of directors. Shifting CISO spending patterns are clear. They're shifting largely because they're catalyzed by the work from home. But outside of the moat to endpoint security, identity and access management, cloud security, the horizontal network security. So security priorities and spending are changing. And that's why you see the emergence of disruptors like we've covered extensively, Okta, CrowdStrike, Zscaler. And cyber resilience is top of mind, and robust solutions are required. And that's why companies are building cyber recovery solutions that are most often focused on the backup corpus because that's a target for the bad guys. So there is an opportunity, however, to expand from just the backup corpus to all data and protect this kind of 3, 2, 1, or maybe it's 3, 2, 1, 1, three copies, two backups, a backup in the cloud and one that's air gaped. So this can be extended to primary storage, copies, snaps, containers, data in motion, et cetera, to have a comprehensive data protection strategy. And customers, as I said earlier, are increasingly looking to manage service providers and specialists because of that skills gap. And that's a big reason why automation is so important in orchestration. And automation and orchestration, I'll emphasize, on the air gap solutions should be separated physically and logically. All right, now let's take a look at some of the ETR data and some of the players. This is a chart that we like to show often. It's a X-Y axis. And the Y axis is net score, which is a measure of spending momentum. And the horizontal axis is market share. Now, market share is an indicator of pervasiveness in the survey. It's not spending market share, it's not market share of the overall market, it's a term that ETR uses. It's essentially market share of the responses within the survey set. Think of it as mind share. Okay, you've got the pure plays here on this slide, in the storage category. There is no data protection or backup category. So what we've done is we've isolated the pure plays or close to pure plays in backup and data protection. Now notice that red line, that red is kind of our subjective view of anything that's over that 40% line is elevated. And you can see only Rubrik, and the July survey is over that 40% line. I'll show you the ends in a moment. Smaller ends, but still, Rubrik is the only one. Now, look at Cohesity and Rubrik in the January 2020. So last year, pre-pandemic, Cohesity and Rubrik, they've come well off their peak for net score. Look at Veeam. Veeam, having studied this data for the last say 24 hours months, Veeam has been steady Eddy. It is really always in the mid to high 30s, always shows a large shared end, so it's coming up in the survey. Customers are mentioning Veeam. And it's got a very solid net score. It's not above that 40% line, but it's hovering just below consistently. That's very impressive. Commvault has steadily been moving up. Sanjay Mirchandani has made some acquisitions. He did the Hedvig acquisition. They launched Metallic, that's driving cloud affinity within Commvault's large customer base. So it's good example of a legacy player pivoting and evolving and transforming itself. Veritas, it continues to under perform in the ETR surveys relative to the other players. Now, for context, let's add IBM and Dell to the chart. Now just note, this is IBM and Dell's full storage portfolio. The category in the taxonomy at ETR is all storage. Just previous slide, I isolated on the pure plays. But this now adds in IBM and Dell. It probably representative of where they would be. Probably Dell larger on the horizontal axis than IBM, of course. And you could see the spending momentum accordingly. So you can see that in the data chart that we've inserted. So some smaller ends for Rubrik and Cohesity. But still enough to pay attention, it's not like one or two. When you're 20-plus, 15-plus 25-plus, you can start to pay attention to trends. Veeam, again, is very impressive. It's net score is solid, it's got a consistent presence in the dataset, it's clear leader here. SimpliVity is small, but it's improving relative to last several surveys. And we talked about Convolt. Now, I want to emphasize something that we've been hitting on for quite some time now. And that's the Renaissance that's coming in compute. Now, we all know about Moore's Law, the doubling of transistor density every two years, 18 to 24 months. And that leads to a doubling of performance in that timeframe. X86, that x86 curve is in the blue. And if you do the math, this is expressed in trillions of operations per second. The orange line is representative of Apples A series, culminating in the A15, most recently. The A series is what Apple is now... Well, it's the technology basis for what's inside M1, the new Apple laptops, which is replacing Intel. That's that that orange line there, we'll come back to that. So go back to the blue line for a minute. If you do the math on doubling performance every 24 months, it comes out to roughly 40% annual improvement in processing power per year. That's now moderated. So Moore's Law is waning in one sense, so we wrote a piece Moore's Law is not dead. So I'm sort of contradicting myself there. But the traditional Moore's Law curve on x86 is waning. It's probably now down to around 30%, low 30s. But look at the orange line. Again, using the A series as an indicator, if you combine then the CPU, the NPU, which neuro processing unit, XPU, pick whatever PU you want, the accelerators, the DSPs, that line is growing at 100% plus per year. It's probably more accurately around 110% a year. So there's a new industry curve occurring, and it's being led by the Arm ecosystem. The other key factor there, and you're seeing this in a lot of use cases, a lot of consumer use cases, Apple is an example, but you're also seeing it in things like Tesla, Amazon with AWS graviton, the Annapurna acquisition, building out graviton and nitro, that's based on Arm. You can get from design to tape out in less than two years. Whereas the Intel cycles, we know, they've been running it four to five years now. Maybe Pat Gelsinger is compressing those. But Intel is behind. So organizations that are on that orange curve are going to see faster acceleration, lower cost, lower power, et cetera. All right, so what's the tie to data protection. I'm going to leave you with this chart. Arm has introduced it's confidential, compute architecture and is ushering in a new era of security and data protection. Zero trust is the new mandate. And what Arm has it's done with what they call realms is create physical separation of the vulnerable components by creating essentially physical buckets to put code in and to put data in, separate from the OS. Remember, the OS is the most valuable entry point for hackers or one of them because it contains privileged access, and it's a weak link because of things like memory leakages and vulnerabilities. And malicious code can be placed by bad guys within data in the OS and appear benign, even though it's anything but. So in this, all the OS does is create API calls to the realm controller. That's the only interaction. So it makes it much harder for bad actors to get access to the code and the data. And importantly, very importantly, it's an end-to-end architecture. So there's protection throughout. If you're pulling data from the edge and bringing it back to the on-prem or the cloud, you've got that end to end architecture and protection throughout. So the link to data protection is that backup software vendors need to be the most trusted of applications. Backup software needs to be the most trusted of applications because it's one of the most targeted areas in a cyber attack. Realms provide an end-to-end separation of data and code from the OS and it's a better architectural construct to support zero trust and confidential computing and critical use cases like data protection/backup and other digital business apps. So our call to action is backup software vendors, you can lead the charge. Arm is several years ahead at the moment, ahead of Intel, in our view. So you've got to pay attention to that, research that. We're not saying over rotate, but go investigate that. And use your relationships with Intel to accelerate its version of this architecture. Or ideally, the industry should agree on common standards and solve this problem together. Pat Gelsinger told us in theCUBE that if it's the last thing he's going to do in his industry life, he's going to solve this security problem. That's when he was at VMware. Well, Pat, you're even in a better place to do it now. You don't have to solve it yourself, you can't, and you know that. So while you're going about your business saving Intel, look to partner with Arm. I know it sounds crazy to use these published APIs and push to collaborate on an open source architecture that addresses the cyber problem. If anyone can do it, you can. Okay, that's it for today. Remember, these episodes are all available as podcasts. All you got to do is search Braking Analysis Podcast. I publish weekly on wikibond.com and siliconangle.com. Or you can reach me @dvellante on Twitter, email me at david.vellante@siliconangle.com. And don't forget to check out etr.plus for all the survey and data action. This is Dave Vellante for theCUBE Insights, powered by ETR. Thanks for watching, everybody. Be well, and we'll see you next time. (gentle music)

(upbeat music) >> We are entering a new era of cyber attacks. The SolarWinds hack it underscored a rising and very disturbing trend. Namely that tunneling in through an organization's supply chain. And you're hearing terms like island hopping and living off the land to becoming mainstream in the world of cybersecurity. And we're going to talk a little bit about ransomware and cyber with Manoj Nair, who is the GM of Metallic, a Commvault Company. And Tim Carben, is a Principal Systems Engineer with Mitchell International. Gents welcome. Thanks so much for coming on. Talk to me about this very important topic. So, Tim, I got to start with you, you're the practitioner. You got to fight this battle every day. You heard me upfront it feel like we are entering a new era. The adversary is highly capable, very well-funded. How are you thinking about changes in protecting your data and creating things like air gaps and what are you doing to solve this problem? >> I think the most important part. And this is just to start off with is patching, everything up to date. Most of the time someone's getting in, or most of the time one of these viruses is replicating between the different systems. It's due to unpatched environments. And then number two is training. If your resources don't know, not to click on something or to hover over something to look at it. Then, you are just going to be exposing your environment over and over and over again. But when it all boils down to it, and it comes back to what I'm doing in the data protection world in the backup and recovery, I have to look at not only how am I going to get this data back. Because if a system gets encrypted we are going to look for recovery first. That's it, look for recovery first. But we also need to make sure that our environment is protected. Lock down our media agents. Lock down our storage that we're connected to. And like you had mentioned before use an air gap. And no one... I mean, everyone's been moving away from tape and it's understandable. There's a lot of resource utilization involved. There's a lot of people that you need in there in your data center, moving things around. And it's a robotic machine, you have to rely on. Not only that, but recovery times can be slow. What I found is Commvault is gone out there and they've offered us SaaS storage. This SaaS storage is somewhere else. We could be in AWS. We could be in Azure. We could be in GCP but we can still connect to this SaaS storage. And we never have to worry about someone having access to a data center and getting to our tapes. We don't have to worry about someone having tenant access and deleting our backups off of a particular tenant. Which is something that we are going to see in the future if it's not out there already. So, there's a lot that we have to do and protecting ourselves is very important. And Commvault is making it a lot easier. >> Thank you, Tim. So, Manoj I mean, these things have probably been around for a while but we're seeing really sort of, I talked about mainstream and a couple of things that are really disturbing. We're seeing this malware come in and they're self forming. They're creating different signatures but we're also seeing this idea of living off the land very stealthily using your own tools against you. And then really disturbingly, we're seeing when you discover... When a victim discovers that they're being attacked and they respond... Their incident response is triggering a very aggressive counter attack by the hackers. Where they've already exfiltrated really sensitive data. Then they'll then they... And they've been stealing and making monetizing your data. And then they'll just encrypt it, hold it for ransom, threaten to release that sensitive data if you don't let them keep going. It's really, really disturbing. What's your perspective on this raising the bar that the bad guys have done and how we can keep pace? >> Yeah, Dave. I lived through the nation state attack that happened in 2012. The front door seat was at RSA as part of the leadership team. And at that time it was considered a this is a very unique and it's an advanced persistent threat. It took the resources of one of the biggest nations of the world to mount something like that. And fast forward, eight, nine years later, we're seeing that these kinds of techniques have now been mainstreamed. You've got a lot of people who are figuring out not just... They may not even care about your data but they know you care about your data. So they're not trying to exfiltrate the data maybe to look for sensitive data and monetize it. That's just harder. Why not take it directly from you. In Q1 of 2021, the average ransomware ransom went up 43%. It's like 250K or something. That's just the ransom. And we saw now that it's impacting day-to-day lives. You saw the long lines of the gas things gas pumps on the East coast a weekend before last and as somebody who had a ransomware attack as the news story say they'd paid for the ransom. And that was the recovery after paying 5 million was slow. So they had to go and figure out how to recover from the backups. And that was not fast enough. So defense in depth is something that has really been the mantra and just like protecting a home, you're not just looking at putting an alarm on the front door. You have sensors on your windows. You have a fire alarm. You've got to say if you got different things too in terms of really thinking through different trends. And Tim hit on a couple of those things. You really think about what is my weak link? What is my vulnerability? That vulnerability is now your software supply chain. So you're thinking about who am I buying things from? Are they taking care of stuff because they are now a new vector? And that's kind of the biggest I would say new thing that has not been mainstream. Like a lot of these techniques are getting mainstream but the fact that a software supply chain itself that is being deployed in mass is now vulnerable? And that will be monetized. It might've started with the nation state doing that but then you'll get the... People trying to take it for ransom. They'll start weaponizing those same vulnerabilities. So really that data and making sure that your crown jewels you have a very safe way of protecting them. And it's not just... You need to practice in readiness of that. Like any system. Just having that there it's not good enough, like can I detect issues? What is the ecosystem that's part of? How is my identity tracking who has got access to that? We've seen a lot of interesting things as part of why we started creating services like a air gap service in the cloud. The customer doesn't have to worry about managing credentials because even those were getting compromised. People were stealing the credentials to go delete the backup. So, the steps keep leaping forward. There's a lot of money going in the research and development of malware. And the industry in partnership with customers and partnership with local and federal authorities are going to have to figure out how to tackle this together. >> Yeah. So Tim, you don't mean Commvault, you don't think of being the cybersecurity space specifically, but those worlds are coming together the data protection and security space. And I would imagine for you as a practitioner it's challenging because you don't have a blank chequebook. I mean, yes, you can spend... You have to spend on cyber but you have all these... You talked about digital transformation in an earlier discussion that we had and you've got to figure out, how do I apply AI and automation? You've got a talent gap. I mean, you can't hire people that have the skills because you just can't keep throwing people at the problem. So, you don't have this unlimited budget. I saw a stat there's a company it's Cybersecurity Ventures. They said by 2025 we'll lose $10.5 trillion annually to cyber attacks. And I think if I look at it, who's ever numbers. You look at IDC I think has one of the higher numbers out there. It's like a hundred billion that we spend each year on cyber. So it's infinitesimal compared to the value that the bad guys are extracting. So, how are you dealing with that complexity, fragmented security tooling lack of talent turnover? I mean, all this stuff and the budget challenges. How do you deal with all that? >> It's... And I do not want to use this word, but it's as easy as research and staying on top of everything. Everyone knows, you update your virus definitions. You keep that up-to-date. You close your firewall holes. You have denies at the very end of every firewall. You make sure you keep track of these small things. At the same time, you leverage utilities that make it easier for you to do your job. The Commvault iDA has a feature that keeps track of changes or modifications on a server. So if I have a server, that's actively getting hit with a ransomware. Commvault reports me in a word and tells me, "Hey, we have had this many files modified within this time period. Look at it right now." So, on top of everything else we have because it's not a replacement for our virus protection but it does help us. And it does keep track of things in Commvault, as well as a lot of other companies out there, are doing some great things in closing up small little gaps and adding little features that could really help us move forward in the future. And keep us more protected, I guess I should say. >> Yeah. Well Manoj, I mean the backup Corpus is a sort of the last line of defense. It's also could be a first point of attack because all the valuable data is in there. So, I'll give you the last word here on the segment. Thanks for doing this with me guys. How do you think the industry needs to approach this? It's not a... You can't go on it alone. You definitely need to collaborate. Your final thoughts. >> Yeah, collaborate, share risk factors, making sure that systems are connected and they're not siloed. And that will really make sure our customers are getting the best out of all of us. And you have to build an intelligence of the product anything static. Just like you said, you need to backup the cyber crown jewels or they're going to go after that. So, your backup systems need to have AIML. They need to be able to detect any kind of suspicious activity. You can't just kind of code it in and just expect that what you thought would work in the lab is how it's going to behave. So, but it's a... And in general unless there's a bigger penalty in terms of the response to these kinds of attacks, as long as they keep getting paid, they're going to keep doing this thing. So you got to follow the money is a simple work. Let's take that a rich ecosystem, that's funding them and replace it with a tight partnership between companies and the customers and partners and governments. >> Guys. Well, I mean, the equation is pretty simple. Value equals benefit over cost. If you can increase the denominator for the bad guys it'll lower their ROI and that's kind of your job. And so keep up the good work, gents. Thanks so much for coming to theCUBE and talking to me about this very important topic. Really appreciate it. >> Thank you. Thank you for having us. >> And thank you for watching this CUBE Conversation. This is Dave Vellante. We'll see you next time. (upbeat music)

(upbeat music) We are entering a new era of cyber attacks. The SolarWinds hack has underscored a rising and very disturbing trend, namely that tunneling in through an organization's supply chain. And you're hearing terms like island hopping and living off the land it becoming mainstream in the world of cybersecurity. And we're going to talk a little bit about ransomware and cyber with Manoj Nair who is the GM of Metallic, a Commvault company. And Tim Carben, as a Principal Systems Engineer with Mitchell International. Gents, welcome. Thanks so much for coming on and talking to me about this very important topic. So, you know, Tim, I got to start with you, you're the practitioner, you got to fight this battle every day. You heard me upfront, it feels like we're entering a new era, the adversary is highly capable, very well-funded. How are you thinking about changes in protecting your data and creating things like air gaps. What are you doing to solve this problem? >> I think the most important part, and this is just to start off with, is patching everything up to date. Most of the time someone's getting in, or most of the time one of these viruses is replicating between the different systems it's due to unpatched environments. And then number two is training. If your resources don't know not to click on something, or to hover over something, to look at it, then you are just going to be exposing your environment over and over and over again. But when it all boils down to it, and it comes back to what I'm doing in the data protection world, in the backup and recovery, I have to look at not only how am I going to get this data back, because if a system gets encrypted we are going to look for recovery first. That's it. Look for recovery first, but we also need to make sure that our environment is protected, lock down our media agents, lock down our storage that we're connected to, and like you had mentioned before, use an air gap. Everyone's been moving away from tape and it's understandable. There's a lot of resource utilization involved. There's a lot of people that you need in there in your data center, moving things around, and it's a robotic machine you have to rely on. Not only that, but recovery times can be slow. What I found is Commvault has gone out there and they've offered us SaaS storage. This SaaS storage is somewhere else. We could be in AWS, we could be in Azure, we could be in GCP but we can still connect to the SaaS storage. And we never have to worry about someone having access to our data center and getting to our tapes. We don't have to worry about someone having tenant access and deleting our backups off of a particular tenant, which is something that we are going to see in the future, if it's not out there already. So there's a lot that we have to do and protecting ourselves is very important and Commvault is making it a lot easier. >> Thank you, Tim. So, these things have probably been around for a while but we're seeing really, I talk about mainstream, and a couple of things that are really disturbing, and we're seeing these malware come in and they're self forming, they're creating different signatures. But we're also seeing this idea of living off the land very stealthily using your own tools against you. And then, really disturbingly, we're seeing when a victim discovers that they're being attacked and they respond, their incident response is triggering a very aggressive counter attack by the hackers, where they've already exfiltrated really sensitive data, they've been stealing and making monetizing your data. And then they'll just encrypt it, hold it for ransom, threaten to release that sensitive data, if you don't let them keep going. It's really, really disturbing. What's your perspective on this raising the bar that the bad guys have done and how we can keep pace? >> And Dave. I lived through the nation-state attack that happened in 2012. The front door seat I was at RSA as part of the leadership team. And, at that time it was considered this is a very unique and it's an advanced, persistent threat. It took the resources of one of the biggest nations of the world to mount something like that. And fast forward, eight, nine years later we're seeing that these kinds of techniques have now been mainstreamed. You've got a lot of people who are figuring out not just that. They may not even care about your data, but they know you care about your data. So they're not trying to exfiltrate the data maybe to look for sensitive data and monetize it. That's just harder. Why not take it directly from you? In Q1 of 2021 the average ransomware ransom went up 43%. It's like $250k or something. That's just the ransom. And we saw now that it's impacting day-to-day lives. You saw the long lines of the gas tanks, gas pumps on the East Coast. You know, the weekend before last. And here's somebody who had a ransomware attack. As the news story say, they'd paid for the ransom. And that was the recovery after paying 5 million was slow, so they had to go and figure out how to recover from the backups. And that was not fast enough. So, you know, defense in depth is something that has really been the mantra, and just like protecting a home, you're not just looking at putting in an alarm on the front door, you have sensors on your windows, you have a fire alarm. You got to see if you got different things too, in terms of really thinking through different threats. And Tim hit on a couple of those things, right? You really think about what is my weak link, what is my vulnerability? That vulnerability is now your software supply chain. So you're thinking about whom am I buying things from? Aren't they taking care of stuff because they are now a new backdoor. And that's kind of the biggest, I would say new thing, that has now been mainstreamed. Like a lot of these techniques are getting mainstream, but the fact that a software supply chain itself that has being deployed in mass is now vulnerable, and that will be monetized. It might've started with the nation-state doing that, but then you'll get people trying take you for ransom will start weaponizing those same vulnerabilities. So really that data and making sure that your crown jewels you have a fail-safe way of protecting them. And it's not just, you know, you need to practice the readiness of that. Like any system, just having that there is not good enough, like, can I detect issues? What is the ecosystem that's part of? How is my identity tracking who has got access to that? We've seen a lot of interesting things and is part of why we started creating services like a air gap service in the cloud. The customer doesn't have to worry about managing credentials, because even those were getting compromised. People were stealing the credentials to go delete the backup. So that the steps keep moving forward. There's a lot of money going in the research and development of malware. And the industry, in partnership with customers and partnership with local and federal authorities, are going to have to figure out how to tackle this together. >> Yeah. So Tim, Commvault. You don't think of it being in the cybersecurity space specifically, but those worlds are coming together, the data protection and security space. And I would imagine for you as a practitioner it's challenging because you don't have a blank checkbook. I mean, yes, you can spend, you have to spend on cyber, but you have all these, you talked about digital transformation in an earlier discussion that we had, and you've got to figure out, okay how do I apply AI and automation? You've got a talent gap. I mean, you can't hire people that have the skills because you just can't keep throwing people at the problem. So, so you don't have this unlimited budget. I saw a stat, there's a company, it's cyber security ventures, they said, "by 2025 we will lose $10.5 trillion annually to cyber attacks." And I think if I look at whosever numbers, you look at IDC, I think has one of the higher numbers out there, It's like 100 billion that we spend each year on cyber. So it's infinitesimal compared to the to the value that the bad guys are extracting. So how are you dealing with that complexity, fragmented, you know, security tooling, lack of talent, turnover I mean, all this stuff, and the budget challenges. How do you deal with all that? >> I do not want to use this word, but it's as easy as research, and staying on top of everything. Everyone knows you update your virus definitions. You keep that up-to-date. You close your firewall holes. You have denies at the very end of every firewall. You make sure you keep track of these small things. At the same time, you leverage utilities that make it easier for you to do your job. The Commvault iDA has a feature that keeps track of changes or modifications on a server. So if I have a server that's actively getting hit with a ransomware, Commvault reports me an alert and tells me , "Hey, we have had this many files modified within this time period. Look at it right now." So on top of everything else we have, because it's not a replacement for our virus protection, but it does help us. And it does keep track of things. And Commvault, as well as a lot of other companies out there are doing some great things in closing up small little gaps, in adding little features that could really help us move forward in the future, and keep us more protected, I guess I should say. >> Yeah. I mean the backup corpus is sort of the last line of defense. So it also could be a first point of attack because all the valuable data is in there. So I'll give you the last word here on the segment. Thanks for doing this with me, guys. How do you think the industry needs to approach this? It's not, you can't go and lead alone. You definitely need to collaborate. Your final thoughts. >> Collaborate, share risk factors, making sure that systems are connected and they're not siloed. And that will really make sure our customers are getting the best out of all of us. And you have to build an intelligence of the product. Anything static, just like you said, if the backup is the crown jewel how are they're going to go after that? So your backup systems need to have AI/ML. They need to be able to detect any kind of suspicious activity. You can't just kind of code it in and just expect that what you thought would work in the lab is how it's going to behave. And in general, unless there's a bigger penalty in terms of the response to these kinds of attacks, as long as they keep getting paid, they're going to keep doing this thing. So you got to follow the money is a simple work. Let's take that rich ecosystem that's funding them, and replace it with a tight partnership between companies and customers and partners and garments. >> Guys. Well, the equation is pretty simple. Value equals benefit over cost. If you can increase the denominator for the bad guys it'll lower their ROI, and that's kind of your job. So keep up the good work, gents. Thanks so much for coming to the Cube and talking to me about this very important topic. I really appreciate it. >> Thank you. >> Thank you. >> And thank you for watching this Cube Conversation. This is Dave Vellante. We'll see you next time. (quirky music)

>> Commvault was an idea that incubated as a project inside of bell labs, one of the most prestigious research and development organizations in the world, back in the day. It became an official company in 1996, and Commvault just celebrated its 25th anniversary. As such, Commvault has had to reinvent itself many times over the past two and a half decades. From riding the waves of the very early PC networking era, to supporting a rich set of solutions for the evolving enterprise. This includes things like cloud computing, ransomware disaster, recovery, security compliance, and pretty much all things data protection and data management. And with me to talk about the company, its vision for the future, with also a voice of the customer. Three great guests, Isabel Geese is the Chief Marketing Officer of Commvault, Manoj Nair is the GM of Metallic, and Tim Carben is a principal systems engineer with Mitchell International. Folks, welcome to the Commvault power panel. Come inside the cube. It's awesome to have you. >> Great to be here Dave. >> All right. First of all, I got to congratulate you celebrating 25 years. That's a long time, not a lot of tech companies make it that far and are still successful and relevant. So Isabelle, maybe you could start off. What do you think has been the driving factor for your ability to kind of lead through the subsequent technological waves that I alluded to upfront? >> So well, 25 years is commendable but we are not counting success in number of years we're really counting success in how many customer we've helped over those years. And I will say what has been the driving mater for us as who that has been innovating with our customers. You know, we were there every step of the way, when they migrate to hybrid cloud. And now as they go to multi cloud in a post COVID world, where they have to win gold you know, distributed workforce, different types of workloads and devices, we are there too. We have that workload as well. So the innovation keep coming in, thanks to us listening to our customer. And then adding needs that change over the last 25 years and probably for the next 25 as well. You know, we, we want to be here for customer who think that data is an asset, not a liability. And also making sure that we offer them a broad range of use cases to book why things simple because the word is getting too complex for them. So let's take the complexity on us. >> Thank you for that. So Manoj, you riffed on the cube before about, you know putting on the, the binoculars and looking at the future. So let's talk about that. Where do you see the future for this industry? What are some of the key driving factors that matter. >> Dave it's great to be back on the Cube. You know, we see our industry no different than lots of other industries. The SAS model is rapidly being adopted. And the reason is, you know customers are looking for simplicity simplicity not just in leveraging, you know the great technology that Commvault has built but in the business model and the experience. So, you know, that's one of the fastest growing trends that started in consumer apps and other applications, other B to B apps. And now we're seeing it in core infrastructure like data management, data protection. They're also trying to leverage their data better, make sure it's not fragmented. So, how do you deliver more intelligent services? You know, securing the data insights from the beta, transforming the data and that combination, you know our ability to do that in a multi-cloud world like Isabel said, now with increasing edge work loads. Sometimes, you know, our customers say their data centers are the new edge too. So you kind of have this, you know, data everywhere, workloads everywhere, yet the desire to deliver that with a holistic experience, we call it the power of bank. The ability to manage your data and leverage the data with the simple lesson without compromise. And that's really what we're seeing as part of the future. >> Okay. Manoj I to come back to you and double click on that but I want to introduce Tim to the conversation here. You bring in the voice of the customer, as they say. Tim, my understanding is Mitchell has been a Commvault customer since the mid two thousands. So tell us why Commvault? What has kept you with the company for more than 15 years? >> Yeah! It was what, 2006 when we started and really when it all boils down to it, it's just as Isabel said, innovation. At Mitchell we're always looking to stay ahead of the trend. And, you know, just to like was mentioned earlier data is the most important part here. Commvault provides us peace of mind to protect and manage our data. And they do data protection for all of our environments, right now. We've been a partner to help enable our digital transformation including SAS and cloud adoption. When we start talking about the solutions we have, I mean we of course started in 2006. I mean, this was version six, if I remember right, this predates me at the company. Upgraded to seven, eight, nine. We brought in 10, brought in 11, brought in hyper scale and then moved on to bring in the Metallic. And Commvault provides the reason for this. I guess I should say is, Commvault provides a reliable backup but most importantly, recovery, rapid recovery. That's what gives me confidence. That's what helps me sleep better at night. So when I started looking at SAS, as a differentiator to protect our 036 environments or 065 environments. Metallic was a natural choice, and the one thing I wanted to add to that is it came out cheaper than us building it ourselves. When you take into account resources, as well as compute and storage. So again, just a natural choice. >> Yeah. As the saying goes, back up is one thing, recoveries everything. Isabel you know we've seen the SAS suffocation of the enterprise, particularly, you know from the app side. You came from Salesforce. So you, the company that is the poster child for SAS. But my question is what's catalyzing this shift and why do you think data protection is ready to make the move? >> Well, there's so many good things about SAS. You know, you remember when people started moving to the cloud and transforming their CapEx into OPEX, well SAS bring yet another level of benefits. I.T, we know always has to do more with less. And so SAS allows you to, once you set up you've got all the software upgrades automatically without you know, I think it's smart work. You can better manage your cash flow because you pay as you grow. And also you have a faster time to value. So all of this at help, the fast adoption and I will tell you today, I don't think there is a single customer who doesn't have at least one SAS application because they have things of value of this. Now, when it comes to backup and recovery, everybody's at different stages you still have on premise, you have cloud, they have SAS and workloads devices. And so what we think was the most important was to offer a raw choice of delivery model. Being able to support them if they want software subscription, if they want an integrated appliance or easy one as SAS. As a service model, and also some of our partners are actually delivering this in a more custom and managed way as well. So offering choice because everybody is at a different stage on this journey when it comes to data management and protection, I actually, you know I think team is the example of taking full advantage or this broad choice. >> Well, you mentioned Tim that you leaned into Metallic. We have seen the SAS everywhere. We used to have a email server, right? I mean, (laughing) on prem, that just doesn't happen anymore. But how was Mitchell International thinking about SAS? Maybe you could share your, from your customer perch, what you're seeing. >> Well, What's interesting about this is Mitchell is been providing SAS for a long time. We are a technology company and we do provide solutions, SAS solutions to our customers. And this makes it so important to be able to embrace it because we know the value behind it. We're providing that to our customers. And when I look at what Commvault is doing I know that Commvault is doing the same thing. They're providing the SAS model as a value to their customers. And it's so important to go with this because we keep our environments cutting edge. As GDPR says, you need to have a cutting edge environment. And if you don't, if you cannot check that box you do not move forward. Commvault has that. And this is one less thing that I have to worry about when choosing Metallic to do my backup of O365. >> So thank you for that, Tim. So Manoj, thinking about what you just heard from Isabel and Tim, you know kind of fitting into a company's cloud or hybrid cloud, more importantly strategy, you were talking before about this. And in other words, it's not an either or, it's not a zero sum game. It's simpatico, if you will. I wonder if you could elaborate. >> Yeah. The power of band Dave I'm very proud of that. You know, when I think of the power of band I think of actually folks like Tim, our customers and Commonwealth first, right. And, really that need for choice. So for example, you know customers on various different paths to the cloud, we kind of homogenize it and say, they're on a cloud journey or they're on a digital transformation journey but the journey looks different. And so part of that, and as Isabella was saying is really the ability to meet them where they are in that journey. So for example, do you, go in there and say, "Hey, you know what I'm going to be some customers 100% multi-cloud or single cloud even. And that includes SaaS applications and my infrastructure running as a service." So there's a natural fit there saying great all your data protection. You're not going to be running software appliances for that. So you've got to data protection, data management as a service that Metallic is able to offer across the whole estate. And that's, you know, that's probably a small set of customers, but rapidly growing. Then you see a lot more customers were saying I'm going to do away as you're talking about with the email server, I'm going to move to Office 365 leverage the power of Teams. And there's a shared responsibility model there which is different than an on-prem data protection use case. And so they're, they're able to just add on Metallic to the existing Commvault environment whether it's a Commvault software or hyper-scale and connect the two. So it's a single integrated experience. And then you kind of go to the other end of the spectrum and say "great" customers' all in on a SaaS delivered data protection, as you know and you hear a lot from a lot of your guests and we hear from our customers, there's still a lot of data sitting out there. you know 90 plus percent of workloads in data centers, increasing edge data workloads. And if you were to back up one of those data workloads and say that the only copy can be in the cloud, then that would take like a 10 day recovery SLA. You know, we have some competent users who say that then that's what they have. Our flexibility, our ability to kind of bring in the hyper-scale deployment and just, you know dock it into Metallic and have a local copy instant recovery, SLA, remote backup copy in the cloud for ransomware or your worst case scenario. That's the kind of flexibility. So all those are scenarios we're really seeing with our customers. And that's kind of really the power of mandates. Very unique part of our portfolio. Companies can have portfolio products but to have a single integrated offering with that flexibility, that kind of depending on the use case you can start here and grow into a different point. That's really the unique part of the power event. >> Yeah, yeah. 10 day RTO just doesn't cut it, but Tim, maybe maybe you could weigh in here. Why, what was the catalyst for you adopting Metallic and maybe you could share what was the business impact there? >> Well, the catalyst and impact obviously two different things. The catalyst, when we look at it, there was a lot of what are we going to do with this? We have an environment, we need to back it up and how are we going to approach this? So we looked at it from a few different standpoints and of course, when it boils down to it one of the major reasons was the financial. But when we started looking at everything else that we have available to us and the flexibility that Commvault has in rolling out new solutions, this really was a no brainer, at this point. We are able to essentially back up new features and new products, as soon as they're available. within our Metallic environment we are running the activate. We are running the, the self-service for the end users, to where they can actually recover their own files. We are adding the teams into it to be able to recover and perform these backups for teams. And I want to step aside really quick and mention something about this because I'd been with, you know, Metallic for a long time and I'd been waiting for this. We've been waiting for an ability to do these backups and anyone I know, Manoj knows that I've been waiting for it. And you know, Commvault came back to me a while back and they said, we just have to wait for the API. We have to wait for Microsoft to release it. Well, I follow the news. I saw Microsoft released the API and I think it may have been two days later that Commvault reached out to me and said, Hey we got it available. Are you ready to do this? And that sort of turned around, that sort of flexibility, being on top of new applications with that, with Salesforce, that is, you know just not necessarily the reason why I adopted Metallic but one of those things that puts a smile on my face because I adopted Metallic. >> Well, that's an interesting story. I mean, you get the SDKs and if you're a leader you get them, you know, you can put the resources on it and you're ready when, when the product comes to GA. Manoj, I wonder if we could talk about just the notion of backing up a SAS. Part of the announcements today included within Metallica included backup and, and offerings for dynamics 365. But my question is why support dynamics specifically in in SAS apps generally? I mean, customers might say, doesn't my SAS provider protect my data. Why do I need a third party? And, and the second part of that question is why Commvault? >> Dave, a great question as always. I'll start with the second part of the question. It's really three words, the shared responsibility model, and, you know, a lot of times our customers, as they go into the cloud model they really start understanding that there is something, that you're getting a lot of advantages that certain things you don't have to do. But the shared responsibility model is what every cloud and SAS provider will indoctrinate in it's in desolate. And certainly the application data is owned by the customer. And the meaning of that is not something that, you know some SAS provider can understand. And so that requires specialized skills. And that's a partnership where we've done this now very successfully with Microsoft and LG 65. We've added support for Salesforce, And we see a rapid customer adoption because of that shared responsibility model, If you have a, some kind of an admin issue as we have seen in the news somebody changed their team setting and then lost all their chat. Then that data is discoverable. And you, the customer, responsible for making sure that data is discoverable or ransomware attacks. Again, covering that SAS data is your responsibility because the attack could be coming in from your instance, not from the SAS provider. So those are the reasons dynamics is, you know one of the fastest growing SAS applications from a business applications perspective out there. And as we looked at our roadmap and you look at at the right compliment. What is arriving by the agency, we're seeing this part of a Microsoft's business application suite growing, you know, millions of users out there and it's rapidly growing. And it's also integrated with the rest of the Microsoft family. So we're now, you know, proud to say that we support all three Microsoft clouds by Microsoft 365 dynamics. Those applications are increasingly degraded so we're seeing commonality in customer base and that's a business critical data. And so customers are looking to manage the data, have solutions that they can be sure they can leverage, it's not just protecting data from worst-case scenarios. In the case of some of the apps like dynamics we offer a support, like setting up the staging environment. So it's improving productivity off the application admins and that's really kind of that the value we're bringing able to bring to the table. >> Yeah. You know, that shared responsibility model. I'm glad you brought that up because I think it's oftentimes misunderstood but when you talk to CSOs, they understand it well. They'll tell you the shared responsibility is my responsibility. You know, maybe the cloud provider who will secure the the object storage bucket for the physical space, but it's, it's on me. So that's really important. So thank you for that. Isabelle, last question. The roadmap, you know how do you see Commvaults, Metallic, SAS portfolio evolving? what can you tell us? >> Oh, well, it has a big strategic impact on Commvault for sure, first because all of our existing customer as you mentioned earlier, 25 years, it's a lot of customer will have somehow some workload as SaaS. And so the ability without adding more complexity without adding another vendor just to be able to protect them in one take, and as teams, they bring a smile to his face is really important for us. The second is also a lot of customer come toCommvault from Metallic. This is the first time they enter the Commvault community and Commvault family and as they start protecting their SaaS application they realize that they could leverage the same application to protect their on-premise, data as well. So back to the power of hand and without writing off their past investments, you know going to the cloud at the pace they want. So from that perspective, there is a big impact on our customer community that quickened that Metallic brings. I don't know Manojs' way too humble, but, you know he doubled his customers every quarter. And, you know, we have added 24 countries to the portfolio, to the product. So we see a rapid adoption. And so obviously back to your question, we see the impacts of Metallic growing and growing fast because of the market demand because of the rapid innovation. We can take the Commvault technology and put it in the SaaS model and our customers really like it. So I'm very excited. I think it's going to be, you know, a great innovation, a great positive impact for customers and our new customer will welcome it, which by the way I think half, Manoj correct me but I think half of the Metallic customer at Commvault and the other half are new to our family. So, so they're very bullish about this. And it's just the beginning, as you know we all 25 year old or sorry, 25 year young and looking forward to the next 25. >> Well, I can confirm, you know we have a data partner, survey partner ETR enterprise technology research, and I was looking at the Commvault data and it shows within the cloud segment, when you cut the data by cloud, you're actually accelerating the spending momentum is accelerating. And I think it's a function of, you know some of the acquisitions you've made some of the moves. You made an integration. So congratulations on 25 years and you know you're riding the correct wave. Isabel, Manoj, Tim thanks so much for coming in the cube. It was great to have you. >> Thank you. >> Thank you Dave. >> I really appreciate it. >> And thank you everybody for watching. This is Dave Volante for the Cube. We'll see you next time.

(Upbeat Music) >> Commvault was an idea that incubated as a project inside of Bell Labs, one of the most prestigious research and development organizations in the world, back in the day. It became an official company in 1996, and Commvault just celebrated its 25th anniversary As such, Commvault has had to reinvent itself many times over the past two and a half decades from riding the waves of the very early PC networking era to supporting a rich set of solutions for the evolving enterprise. This includes things like cloud computing, ransomware, disaster recovery, security compliance, and pretty much all things data protection and data management. And with me to talk about the company, its vision for the future with also a voice of the customer are three great guests. Isabelle Guis is the Chief Marketing Officer of Commvault, Manoj Nair is the GM of Metallic, and Tim Carben is a Principal Systems Engineer with Mitchell International. Folks, welcome to the Commvault power panel. Come inside theCUBE. It's awesome to have you. [Isabelle] Great to be here today. >> All right. First of all, I got to congratulate you celebrating 25 years. That's a long time, not a lot of tech companies make it that far and are still successful and relevant. So Isabelle, maybe you could start off. What do you think has been the driving factor for your ability to kind of lead through the subsequent technological waves that I alluded to upfront? >> So well, 25 years is commendable but we are not counting success in number of years. We're really counting success in how many customers we've helped over those years. And I will say what has been the driving matter for us as who that, has been innovating with our customers. You know, we were there every step of the way when they migrate to hybrid cloud. And now as they go to multi-cloud in a post COVID world where they have to win gold you know, distributed workforce, different types of workloads and devices, we all there too. We assess workload as well. So the innovation keep coming in, thanks to us listening to our customer and then, adding needs that change over the last 25 years and probably for the next 25 as well. You know, we want to be here for customer was thinking that data is an asset, not a liability. And also making sure that we offer them a broad range of use cases to quote why things simple because the world is getting too complex for them. So let's take the complexity on us. >> Thank you for that. So Manoj, you've riffed on the cube before about, you know putting on the binoculars and looking at the future. So, let's talk about that. Where do you see the future for this industry? What are some of the key driving factors that matter? >> It's great to be back on theCUBE. You know, we see our industry no different than lots of other industries. The SaaS Model is rapidly being adopted. And the reason is, you know customers are looking for simplicity, simplicity not just in leveraging, you know the great technology that Commvault has built, but in the business model and the experience. So, you know, that's one of the fastest growing trends that started in consumer apps and other applications, other B to B apps. And now we're seeing it in core infrastructure like data management, data protection. They're also trying to leverage their data better. Make sure it's not fragmented. So how do you deliver more intelligent services? You know, securing the data, insights from the data, transforming the data, and that combination, you know, our ability to do that in a multi-cloud world like Isabelle said, now with increasing edge work loads. Sometimes, you know, our customers say their data centers has a new edge too. So you kind of have this, you know, data everywhere workloads everywhere, yet the desire to deliver that with a holistic experience, we call it the 'power of bank'; the ability to manage your data and leverage the data with the simple lesson without compromise. And that's really what we're seeing as part of the future. >> Okay. I don't know if all want to come back to you and double click on that, but I want to introduce Tim to the conversation here. You bring in the voice of the customer, as they say. Tim, my understanding is Mitchell has been a Commvault customer since the mid-2000s. So, tell us why Commvault, what has kept you with the company for more than 15 years? >> Yeah, we are, it was what, 2006 when we started. And really what it all boils down to it, it's just as Isabel said, innovation. At Mitchell, we're always looking to stay ahead of the trend. And, you know, just to like was mentioned earlier, data is the most important part here. Commvault provides us peace of mind to protect and manage our data. And they do data protection for all of our environments right now. We've been a partner to help in navel our digital transformation including SaaS and cloud adoption. When we start talking about the solutions we have, I mean we of course started in 2006. I mean, this was version version 6 if I remember right. This predates me at the company. Upgraded to seven, eight, nine, we brought in ten, brought in eleven, brought in HyperScale, and then moved on to bring in the Metallic. And Commvault provides the reason for this. I guess I should say is, Commvault provides a reliable backup but most importantly, recovery. Rapid recovery. That's what gives me confidence. That's what helps me sleep better at night. So when I started looking at SaaS as a differentiator to protect our 036 environments or 065 environments, Metallic was a natural choice. And the one thing I wanted to add to that is, it came out cheaper than us building it ourselves. When you take into account resources as well as compute and storage. So again, just a natural choice. >> Yeah. As the saying goes back up as one thing, recovery's everything. Isabelle. Yeah, we've seen the SaaSification of the enterprise. Particularly, you know from the app side. You came from Salesforce. So you, the company that is the poster child for SaaS. But my question is what's catalyzing this shift and why do you think data protection is ready to make the move? >> Well, there's so many good things and that's that. As you know, you remember when people started moving to the cloud and transforming their CAPEX into OPEX. Well SaaS bring yet another level of benefits. IT, we know always has to do more with less. And so SaaS allows you to, once you set up, you've got all the software upgrades automatically without you know, I think it's, why it works. You can better manage your cash flow, because you pay as you grow. And also you have a faster time to value. So all of this at help, the fast adoption and I will tell you today I don't think there is a single customer who doesn't have at least one SaaS application because they have things of value of this. Now, when it comes to backup and recovery everybody's at different stages. You still have On-Premises, you have cloud, there's SaaS, there's Workloads devices. And so what we think was the most important was to offer a broad choice of delivery model being able to support them if they want a software subscription, if they want an integrated appliance, or if they want SaaS as a service model, and also some of our partners actually delivering this in a more custom and managed way as well. So offering choice, because everybody is at a different stage on this journey. When it comes to data management and protection, I actually, you know, I think team is the example of taking full advantage of this bold choice. >> Well, you mentioned Tim that you leaned into Metallic. We have seen the SaaS everywhere. We used to have a email server, right? I mean, you know, On-Prem, that just doesn't happen anymore. But how was Mitchell International thinking about SaaS? Maybe you could share your, from your customer perch, what you're seeing. >> Well, what's interesting about this is, Mitchell is been providing SaaS for a long time. We are a technology company and we do provide solutions, SaaS solutions, to our customers. And this makes it so important to be able to embrace it because we know the value behind it. We're providing that to our customers. And when I look at what Commvault is doing I know that Commvault is doing the same thing. They're providing the SaaS Model as a value to their customers. And it's so important to go with this because we keep our environments cutting edge. As GDPR says, You need to have a cutting edge environment. And if you don't, if you cannot check that box you do not move forward. Commvault has that. And this is one less thing that I have to worry about when choosing Metallic to do my backup of O365. >> So thank you for that, Tim. So Manoj, thinking about what you just heard from Isabelle and Tim, you know, kind of fitting into a company's cloud or hybrid cloud, more importantly, strategy, you were talking before about this. "And", in other words, it's not an either or it's not a zero sum game. It's simpatico, if you will. I wonder if you could elaborate. >> Yeah, no The Power of And, Dave, I'm very proud of that. You know, when I think of The Power of And I think of actually folks like Tim, our customers and Commonwealth first, right. And, and really that, that need for choice. So for example, you know, customers on various different paths to the cloud we kind of homogenize it and say, they're on a cloud journey or they're on a digital transformation journey, but each journey looks different. And so part of that, "And", as Isabella was saying, is really the ability to meet them where they are in that journey. So for example, you know, do you, go in there and say, Hey, you know what, I'm going to be some customers 100% multi-cloud or single cloud even. And that includes SaaS applications and my infrastructure running as a service. So there's a natural fit there saying great all your data protection. You're not going to be running software appliances for that. So you've got to data protection, data management as a service that Metallic is the able to offer across the whole S state. And that's, you know, that's probably a small set of customers, but rapidly growing. Then you see a lot more customers were saying I'm going to do away as you're talking about but the emails are where I'm going to move to office 365, leverage the power of teams. And there's a Shared Responsibility Model there which is different than an On-Prem data protection use case. And so they're, they're able to just add on Metallic to the existing Commonwealth environment, whether it's a Commonwealth software or HyperScale, and connect the two. So it's a single integrated experience. And then you kind of go to the other end of the spectrum and say, great customers all in on a SaaS delivered data protection, as you know, and you hear a lot from a lot of your guests and we hear from our customers, there's still a lot of data sitting out there, you know, 90 plus percent of workloads and data centers increasing edge data workloads. And if you were to back up one of those data workloads and say that the only copy can be in the cloud, then that would take like a 10 day recovery isolation. You know, we have some competitors who say that then that's what they have. Our flexibility, our ability to kind of bring in the Hyper-Scale deployment and just, you know, dock it into Metallic, and have a local copy, instant recovery, SLA, remote, you know, backup copy in the cloud for ransomware, or your worst case scenario. That's the kind of flexibility. So all those are scenarios we're really seeing with our customers. And that's kind of really the power advantage. A very unique part of our portfolio, but, you know, companies can have portfolio products, but to have a single integrated offering with that flexibility, that kind of, depending on the use case, you can start here and grow into a different point. That's really the unique part of the power event. Yeah, 10 day RTO just doesn't cut it, but Timmy, maybe you could weigh in here. Why, What was the catalyst for you adopting Metallic and maybe you could share what was the business impact there? >> Well, the catalyst and impact, obviously two different things. The catalyst, when we look at it, there was a lot of what are we going to do with this? We have an environment, we need to back it up, and how are we going to approach this? So we looked at it from a few different standpoints, and of course, when it boils down to it, one of the major reasons was the financial. But when we started looking at everything else that we have available to us and the flexibility that Commvault has in rolling out new solutions, this really was a no brainer at this point. We are able to essentially back up new features and new products, as soon as they're available. Within our Metallic environment, we are running the activate. We are running the the self-service for the end users to where they can actually recover their own files. We are adding the teams into it to be able to recover and perform these backups for teams. And I want to step aside really quick and mentioned something about this because I'd been with, you know, Metallic for a long time and I'd been waiting for this. We've been waiting for an ability to do these backups and anyone I know Manoj knows that I've been waiting for it. And you know, Commvault came back to me a while back and they said, we just have to wait for the API. We have to wait for Microsoft releases. Well, I follow the news. I saw Microsoft released the API, and I think it may have been two days later. Good. Commvault reached out to me and said, Hey we got it available. Are you ready to do this? And that sort of turned around that sort of flexibility being on top of new applications with that, with Salesforce, that is, you know, just not necessarily the reason why I adopted Metallic but one of those things that puts a smile on my face because I adopted Metallic. >> Well, that's an interesting story. I mean, you get the SDKs and if you're a leader you get them, you know, you can put the resources on it and you're ready when, when the product, you know, comes to GA. Manoj, I wonder if we could talk about just the notion of backing up SaaS, part of the announcements today included within Metallic included backup and offerings for Dynamics 365. But my question is why support Dynamics specifically in SaaS apps generally? I mean, customers might say, doesn't my SaaS provider protect my data? Why do I need a third party? And, and the second part of that question is why Commvault? >> Dave a great question as always. I'll start with the second part of the question. It's really three words the Shared Responsibility Model. And, you know, a lot of times our customers as they go into the cloud model they really start understanding that there is something that you're getting a lot of advantages the certain things you don't have to do, but the Shared Responsibility Model is what every cloud and SaaS provider will indoctrinate in its S&As. And certainly the application data is owned by the customer. And the meaning of that is not something that, you know, some SaaS provider can understand. And so that requires specialized skills. And that's a partnership. We've done this now very successfully with Microsoft and LG 65, we've added support for Salesforce, and we see a rapid customer adoption because of that Shared Responsibility Model. If you have, some kind of, an admin issue as we have seen in the news somebody changed their team setting and then lost all their chat. And then that data is discoverable. And you, the customer is responsible for making sure that data is discoverable or ransomware attacks. Again, recovering that SaaS data is your responsibility because the attack could be coming in from your instance not from the SaaS provider. So those are the reasons. Dynamics is, you know, one of the fastest growing SaaS applications from a business applications perspective out there. And as we looked at our roadmap, and you look at at the right compliment, what is the right adjacency, we're seeing this part of Microsoft's Business Application Suite growing, you know, as millions of users out there and it's rapidly growing. And it's also integrated with the rest of the Microsoft family. So we're now, you know, proud to say that we support all three Microsoft clouds, Microsoft Azure, or 365, Dynamics. Those applications are increasingly integrated so we're seeing commonality in customer base and that's a business critical data. And so customers are looking to manage the data, have solutions that they can be sure they can leverage. It's not just protecting data from worst-case scenarios. In the case of some of the apps like Dynamics, we offer a support, like setting up the staging environment. So it's improving productivity of the application admins, and that's really kind of that the value we're bringing able to bring to the table. >> Yeah. You know, that Shared Responsibility Model. I'm glad you brought that up because I think it's oftentimes misunderstood but when you talk to CSOS, they understand it well. They'll tell you the shared responsibility is my responsibility. You know, maybe the cloud provider will secure the object storage bucket for the physical space, but it's on me. So that's really important. So thank you for that. Isabelle, last question, the roadmap, you know, how do you see Commvault's, Metallic SaaS portfolio evolving? What can you tell us? >> Oh, well, it's, it has a big strategic, you know, impact on Commvault for sure on the first portfolio first because of all of our existing customers as you mentioned earlier, 25 years, it's a lot of customers are somehow some workload as SaaS. And so the ability without, you know, adding more complexity without adding another vendor just to be able to protect them in one take, and as teams they bring a smile to his face is really important for us. The second is also a lot of customers come to Commvault for Metallic. This is the first time enter the Commvault community and Commvault family. And as they start protecting their assessed application they realize that they could leverage the same application to protect their own premised data as well. So back to The Power of And, and without writing off their past investments, you know, going to the cloud at the pace they want. So from that perspective, there is a big impact on our customer community the thing is that Metallic it brings I don't know Manoj is way too humble, but, you know, he don't go to this customer every quarter. And, you know, we have added 24 countries to the portfolio, to the product. So we see a rapid adoption. And so obviously back to your question, we see the impacts of Metallic growing and growing fast because of the market demand, because of the rapid innovation we can take the Commvault technology and put it in the SaaS model and our customers really like it. So I'm very excited. I think it's going to be, you know, a great innovation, a great positive impact for customers, and our new customers we're welcoming, which by the way I think half, Manoj correct me, but I think half of the Metallic customer at Commvault and the other half are new to our family. So, they're very bullish about this. And it's just the beginning, as you know, we are 25 years old, or sorry, 25 years young, and looking forward to the next 25. >> Well, I can confirm, you know, we have a data partner survey, partner ETR, Enterprise Technology Research, and I was looking at the Commvault data and it shows within the cloud segment, when you cut the data by cloud, you're actually accelerating, the spending momentum is accelerating. And I think it's a function of, you know, some of the acquisitions you've made, some of the moves you made in integration. So congratulations on 25 years and you know, you're riding the correct wave, Isabelle, Manoj, Tim, thanks so much for coming in theCUBE. It was great to have you. >> Thank you. >> Thank you Dave. >> I really appreciate it. >> And thank you everybody for watching. This is Dave Vellante for theCUBE. We'll see you next time. (Upbeat Music)

(bright instrumental music) >> Well, thank you for joining us here as we continue our series of CUBE Conversations on the AWS Startup Showcase. John Walls here on theCUBE again, glad to have you with us. We're joined by a couple of guests today. I'd like to introduce them to you. I'm joined by Venkat Krishnamachari who's the Co-Founder and CEO of MontyCloud, and, Venkat, good to see you today, sir. Thanks for being with us. >> Good to see you, John. >> And also with us is Kandice Hendricks. Who's the delivery architect at GreenPages and, Kandice, thank you for your time as well today. >> Thank you. >> But, Venkat, I'd like you to lead off a little bit just for our viewers who aren't too familiar with MontyCloud. Share with us a little bit about the origins of your company and the services that you're providing. >> Sure thing John, thank you for taking the time. MontyCloud is an autonomous cloud operations company. our origins rest in thinking about our customers from a cloud perspective on what can cloud do for customers. We've been in the enterprise background workspace for a long time. Me and my team members, we have been part of larger companies like Microsoft, AWS, Commvault. So in our journey, what we understood is anytime there is a technology shift that's happening, customers that are able to leverage that technology in a simpler way, are able to innovate better. We realize cloud is so powerful, but sort of complex. We figure it's a, with great power comes great responsibility. And with cloud there's a lot of shared responsibilities that come to customers. We asked this question, how can we help our customers deliver on their part of the shared responsibility in a much easier way than the current situation is, so they can innovate faster and move their business forward. So MontyCloud was born out of understanding larger platform shifts that happen around us all the time, and how we can help customers thrive on that environment. >> We're talking about customers and it's kind of these conundrums that they find themselves in as they're trying to make these big shifts and they have a lot of concerns. GreenPages, one of your clients, and Kandice, I'd like you to come in and maybe tell us a little bit about GreenPages and then I'm going to shift over to how you got to MontyCloud and about that relationship. But first off just give me the 30,000 foot level on GreenPages. >> GreenPages being also a consulting firm working with our clients to solve complex issues as well for security compliance and any of the cloud adoption migration needs. We've been in business since 1992 and I've had the pleasure to work with MontyCloud for quite some time now. I know I've been here just a few years at GreenPages and have been with MontyCloud from the start. And it's just such an awesome team work that we have together solving some of those issues for our clients. >> Venkat touched on a few of those, and they're concerns that I'm sure you share with many other companies, you know, about compliance studies of operation, about TCCO, right? You've got a lot of things on your plate. What were your concerns and what were your goals that you took to MontyCloud and you said, we want to get here, help us. >> So Green Page just started out like as more of VMware player, really strong in the VMware marketplace and it slowly adopted into a CSP and offering more cloud native solutions and problems. But one of the things that really drove us to MontyCloud was their skill levels was far beyond what we could provide as consultants. Like we had the administrative skills but not as strong on the development side and MontyCloud just shines when it comes to the development side and really assisting us and being a great partner with what we need to achieve those goals with our clients. >> So, Venkat, the autonomous CloudOps, this transformation toward this service that you're providing, take that in pieces, if you would, about just how that has evolved and how you define autonomous, in this case, and what are those components? >> Sure thing, thank you, Kandice. It's been fantastic working with GreenPages as well. So, John, I'll take a small example of how GreenPages as a partner, you know, we look at them as a partner in a way to help customers. What Kandice is alluding to is the cloud development aspects. What we figured is MSPs, IT departments across large scale enterprises, all of them are trying to get their internal teams to consume the cloud better and modernize their infrastructure, and build intelligent applications. In all three aspects, we learned that there's undifferentiated amount of heavy development that every team has to do. We started thinking about how can we automate that, and when we say, hey, we can develop for our customers, we truly develop an autonomous approach. Our platform automates those development aspects for customers such that when a customer wants to go to cloud, wants to set up the guardrails, want to set up their self-service provisioning and get to intelligent applications, for every layer, we have developed a repeatable, reusable platform that fills the gap, like the gap that Kandice was pointing out, is the gap in cloud skills and cloud knowledge and cloud development skills. We augment our platform, which fills the gap, and also the tooling gap that comes along with cloud, both of that we've been able to work with partners like GreenPages, and several customers and give them the power of cloud automation with a platform approach back to them. That's what we've been specializing on. >> Venkat, when you talk to a customer and not just GreenPages but customers in general, are there common concerns? Are there challenges that everybody seems to have or think, you know, big buckets security would be one compliance is a cost, obviously, but what is it that you hear from customers, and then in turn, how do you then transform your company, or to meet their needs? How have you kind of reconfigured your approach to address those concerns? >> Sure thing, John. See, our platform is called MontyCloud DAY2. Here's why, or maybe that background might help. We know, day one mindset matters when it comes to digital transformation and technology adoption. But what we also know from experience is day two comes after day one, and most customers are under prepared for the cloud operations that they need to deliver. Ever wonder why large companies, such as Amazon AWS is able to operate a massive data center with just few people? Is able to deliver global scale services with fewer engineers behind it? The power of automation that large companies use is not readily available to customers who are also consuming the cloud. So we looked at that problem space and said, how do we help? And what we learned from hundreds of customers conversations is that there are three things that seem to matter and three things that digital transformation leaders are doing better. We understood those three important things and started automating them. So every customer that's taking the cloud journey can benefit from it. The three things we gathered are, first, most customers are trying to do undifferentiated heavy lifting when it comes to consuming the cloud. For that, they are looking to simplify deployments. Leaders in the space are simplifying deployments, enabling their builders, developers, to move fast without them worrying about the underlying infrastructure. So simplifying deployment is a number one thing that we have understood that's important to solve. The second thing is visibility. Having a visibility into what the cloud footprint is automatically puts leaders in a spot where they can ask questions about, now that I got visibility, what's my compliance posture? What's my security posture? Where do I spend money? Where do I save money? All of that rests on top of a continuous visibility framework. So leaders do that really well. The third thing we understood from customers that they do well is keep an eye on day two, keep an eye towards reducing the total cost of cloud operations, not just the cloud bill. You see, when you go to the cloud, initially is you test the water with couple of applications, things work and businesses grow. Now, the consumption grows higher. You really want to have more and more cloud powered workloads which means the footprint is going to go larger. What we don't want is as the cloud footprint grows, you don't want the cloud bill to be inconsistently growing. You don't want to security compliance and operational overheads to grow along with the cloud footprint. You want those lines trends to drop while the footprint grows, which means the approach that leadership position that customers take is how do I think about my total cost of cloud operations, and who can help? So these are the three areas we spent time understanding and automating. That's the approach we take, John. >> So, Kandice, back when Venkat was talking about Day2 I saw you smile a little bit, right? 'Cause I think you do have this kind of like now what moment, right? You've given me all these great capabilities. We have a whole new tech, our life is great, now what? You know, what happens tomorrow? Day two, which I think is genius. So let's look at GreenPages. What was your day two experience or your now what experience in terms of now that you've been handed this bright, new, shiny well-oiled machine, if you will, concerns that you had about maintaining, sustainability, about adding new apps, adding new services, microservices, all these things, that might be, you know, with different technologies that weren't there before? >> Right, so I'm very familiar with MontyCloud DAY2 platform and it's incredible, especially for the small businesses, it's really trying to adopt that enterprise level automation and simplicity. So that's what DAY2 provides. What our relationship with GreenPages has enhanced is their ability to improve and innovate on their DAY2 platform, because a lot of the projects that we've worked together as a team have built the ground, you know, some of the refactoring and the enhancements of their DAY2 platform which they've had for quite some time So our partnership in that development has helped drive some of the underlying functionality of the DAY2 platform, if that makes sense. >> Sure, and, Venkat, as we know, cost is key, and that is the bottom line, right? You know, help me be more efficient, help me be more compact, but help me save money, right? So at the end of the day, how have you addressed that? How are you providing these additional values at lowered costs in terms of what the client can see at the end of the day? >> That's a great question, John There's a little bit of fogginess in cost, right? What we repeatedly see is cost of cloud bills but cloud bills are usually shockers. People are not getting used to that yet. The consumption economics has changed the capex model to opex model. While that is great, if you don't understand where you're spending the cost, that's a challenge. There's a whole slew of startups and companies helping understand the cloud bill. We took an approach of not just the cloud bill being the problem, right? That is a challenge of a skill gap. Customers wanting to go to cloud need to go hire a lot of specialized talent. That's hard to combine, to get their cloud operations started the right way. We've seen customers go into cloud and only realize this is not working. It's the Wild Wild West in terms of growth. So they do a V2 version of their own cloud again. So we see challenges, whether it's a skill gap that's adding to cost. Then there is cloud bill, obviously. Then there's a tooling gap. Traditional solutions that are not built for the cloud and built in the cloud, don't lend themselves very well for cloud operations. Security is a good example. Compliance is a good example. Ongoing routine automations is a good example. In all three cases what we find customers repeatedly do is they have a chance of either building it themselves, which is expensive and hard to maintain, or they go after specialized tooling, which again brings you the host of integration problems. We looked at it and said, how do we help customers use cloud native tooling? For example, there are no third party agents in MontyCloud DAY2. There is no need to go buy a third party security or compliance or governance tool. We looked at cloud native offerings from Amazon, for example, and we automated them at a higher order and put that power back in the customer's hands. Which means what our customers were able to do is from connecting to MontyCloud, to setting up a cloud operations that is continuously going to reduce the total cost of operations. They can go from zero to that state in couple of days by themselves, within hours, they'll be productive, and they don't have to go close the skill gap. They don't have to buy a third party tooling, and then ongoing basis, they're going to get all the benefits of what AWS provides, in terms of cost optimization, which our platform can contextualize and give it in the customer's hands. So there are many layers you have to cut cost and understanding that's very important to us. And it's been very helpful to talk to our customers and innovate on all the layers on their behalf. >> Well, you certainly, I think you've hit all the big pieces, right? If you've lowered the costs, full visibility, simple deployment, it's a winning combination, and congratulations on that, and thank you both. It sounds like you've got a pretty good thing going, GreenPages and MontyCloud, and we wish you continue to success down the road. Thank you both for joining us here on theCUBE. >> Thank you, John. >> Thank you, Kandice, thank you, John. >> You've been watching theCUBE conversation here on AWS Startup Showcase. I'm John Walls, your host, and thank you for joining us. We'll see you next time around. (gentle instrumental music)