(energizing music) >> Welcome back, everyone to the Cube and Druva special presentation of why ransomware isn't your only problem. I'm John Furrier, host of The Cube. We're here with W. Curtis Preston, Curtis Preston as he is known in the industry, Chief Technical Cult Evangelist at Druva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. >> Happy to be here. >> So we always see each other events now. Events are back, so it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I can get your thoughts, and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's the survey results really, I'd like to say that they surprised me, but unfortunately they didn't. The data protection world has been this way or a while where there's this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been successfully hit by ransomware, paid the ransom and or lost data. And yet the same people that were surveyed, they had the high degrees of confidence in their backup system and you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know has been a while, it's that problem of, you know nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh the backup system's great, because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know, we're good boss, we got this covered. >> Good, it's all good, it's all good. >> Yeah, the fingers crossed, right? So again, this is the reality and as it becomes backup and recovery, which we've talked about many times on The Cube, certainly we have with you before, but now with ransomware also, the other thing is people get ransomware hit multiple times. So it's not only like to get hit once. So you know, this is a constant chasing the tail on some ends, but there are some tools out there that you guys have a solution. And so let's get into that. You know, you have had hands on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, that there was a huge percentage of people that said that they had a you know, a ransomware response, you know in readiness program. And you look at that and how could you be, that higher percentage of people be comfortable with their ransomware readiness program and you know which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as as a person who, you know, has spent my entire career trying to help people successfully recover their data that number I think just hurt me the most is that, because you talked about reinfections. The surest way to guarantee that you get re-attacked and reinfected, is to pay the ransom. This goes back all the way, ransom since the beginning of time, right? Everyone knows if you pay the blackmail all you're telling people is that you pay blackmail. >> And you're in business, you're a good customer. ARR, (indistinct) >> Yeah, exactly. So the fact that, you know 60 what, two thirds, of the people that were attacked by ransomware paid the ransom, that one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, it's super important to get back in recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said the ARR, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change, you're tooling, right? So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things starting with the aspect that I mentioned before that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand you know what, that's a good idea, Curtis why don't you look into that? Right, nobody wants to be-- >> Where's that guy now? He doesn't work here anymore. Yeah, but I hear where you come from. >> Exactly. >> Psychology. >> Yeah, so there's that. But then the second is that because of that no one's looking at the fact that backups are the attack vector, they become the attack vector. And so because they're the attack vector they have to be protected as much if not more than the rest of the environment. The rest of the environment can live off of active directory and you know, things like Okta so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment, why? Because if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, hey, we'll just take out the backup first so they can't backup, so we got the ransomware. It makes sense. >> Yeah, exactly. The largest ransomware group out there the Conti Ransomware Group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored and they are exfiltrating the backups first and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well again, you've got to fully segregate that data. There are, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know with other commercial products. You can take a standard product and put a number of layers of defense on top of it or you can switch to the way Druva does things which is a SAS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the, it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, that's the other thing, is that by storing the data in the cloud, we do and I've said this a few times, that you get to break the laws of physics. And the only way to do that is time travel. And that's what... (chuckles) so yeah, so Druva has time travel. This isn't a criticism, by the way. I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of, what I mean by time travel in that you basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre restoring your data as often as you tell us to do to bring your DR environment up to the current environment as quickly as we can. So that in a disaster recovery scenario which is part of your ransomware response, right? Again, there are many different parts but when you get to actually restoring the data you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics, is you break the laws of time. >> Well, everyone wants to know the next question, and this is the real big question is, are you from the future? >> Yeah. Very much the future. >> What's it like in the future? Back at recovery as a restorer, air gaping everything? >> Yeah. It, well it's a world where people don't have to worry about their backups. I like to use the phrase, get out of the backup business. Just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter and I often make the joke that if I've known how great grandkids were I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah. And what's great about your background is you've got a lot of historical perspective. I've seen that in the ways of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on and got things automated things got to be rocking and rolling. >> Absolutely. Yeah, I do remember again, having worked so hard with many clients over the years, back then we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to you know, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right, to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean security's a big part of it. Data's in the middle of it. All this is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. (bright music)

>> The past 2 1/2 years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This we know. This had several ripple effects on CSO and CIO strategies that were highly visible at the Board of Directors' level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies, and more specifically, CIOs quickly realized that their business resilience strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to "Why Ransomware isn't Your Only Problem," a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today, we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President Phil Goodwin is here to share the highlights of the study and to summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically, and data protection, generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time CUBE alum and Chief Technology Officer at Druva, and Anjan is Vice President and General Manager of Product Management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. But right now I'm going to toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. (upbeat music) >> Bill Goodwin joins me next, the VP of Research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyberattacks massively increasing, the threat landscape changing so much. What is IDC seeing? >> You know, you really hit the top topic that we find from IT organizations as well as business organizations. And really, it's that digital resilience, that ransomware that has everybody's attention, and it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also has accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty, and this is relatively new for 2022, but within IDC we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to have the scale up or scale down on demand nature of cloud. So those are, in a nutshell, kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You can't have IT resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked, and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomers. The other thing about it is it's really a lot like Whac-A-Mole, you know. They attack us in one area and we defend against it so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that is here for the long term and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware? >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it was a little over 500 different individuals across the globe in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries there were 20 different industries represented, they're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, you know, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet, when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than 1/3 of organizations were able to fully recover their data without paying the ransom, and some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't necessarily to be trusted, and so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, wow. On the one hand, people think they're really, really prepared, and on the other hand, the results are absolutely horrible. You know, 2/3 of people having to pay the ransom. So you start to ask yourself, well, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing. You think you're ready, based on the information you have. And these people are smart people, and they're professionals, but oftentimes, you don't know what you don't know. And like I said, the bad guys are always dreaming up new ways to attack us. And so, I think, for that reason, a lot of these have been successful. So that was kind of the key finding to me and kind of the aha moment really in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly 1/2 being the victims of ransomware in the last three years, and then 1/2 of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen, just a matter of when and how often. >> It is a matter, yeah, as you said, it's not if, when, or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services, you know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more, in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You know, you can have on-demand resources. In the old days, when we had disaster recoveries where we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If you're financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts, and that extends the time to recover that they have and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here is? Is it that these IPT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. You don't know what you don't know, and until you get into a specific attack, you know, there are so many different ways that organizations can be attacked. And, in fact, from this research that we found is that, in many cases, data exfiltration exceeds data corruption by about 50%. But when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place, really as a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous. What do you recommend organizations do? You talked to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is going to happen. We've got to make sure that we are truly resilient and proactive? >> Yes, and in fact, what we found from this research is in more than 1/2 of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the lost productivity, it's the loss of revenue. It's the loss of customer faith and goodwill, and organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, you know, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing those issues within their organization. >> So all the way at the top, and critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen a big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable. But what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it, we're just cracking the surface here, Phil. I wish we had more time, but I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that, take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin, and you are watching theCUBE, the leader in live tech coverage. >> We live in a world of infinite data. Sprawling, dispersed, valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats, and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about, different deployments for workloads running on-premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four to five copies of the same data, increasing costs and risk, building to an incoherent mess of complications. Now, imagine a world free from these complexities. Welcome to the the Druva Data Resiliency Cloud, where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resilience. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. Through a true cloud experience built on Amazon Web Services, the Druva platform automates and manages critical daily tasks, giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly. With the Druva Data Resiliency Cloud, your data isn't just backed up, it's ready to be used 24/7 to meet compliance needs and to extract critical insights. You can archive data for long-term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. Druva is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500, costing up to 50% less than the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Druva makes it simple. (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE and the Druva special presentation of "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W Curtis Preston, Curtis Preston, as he's known in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at "Why Ransomware isn't Your Only Problem." Great to see you, thanks for coming on. >> Happy to be here. >> So we always see each other at events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I'd like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here in this survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately, they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit, successfully hit by ransomware, paid the ransom and/or lost data, and yet the same people that were surveyed, they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system, and so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know. "We're good, boss, we got this covered." >> Yeah, it's all good, it's all good. >> And the fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution, and so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, there was a huge percentage of people that said that they had, you know, a ransomware response, you know, and readiness program. And you look at that, and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program, which includes a number of things, right? There's the cyberattack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number, I think, just hurt me the most is that because, you talked about re-infections. The surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail. >> You're in business, you're a good customer >> Yeah, yeah, exactly. >> for ransomware. >> Yeah, so the fact that, you know, 60, what, 2/3 of the people that were attacked by ransomware paid the ransom. That one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back, and even the psychology of the practitioners was, you know, it's super important to get backup and recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change your tooling. So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things, starting with that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand, "You know, that's a good idea, Curtis, why don't you look into that?" Nobody wants to be- >> Where's that guy now? He doesn't work here anymore. Yeah, I hear where you coming from. >> Exactly. >> It's psychology (indistinct) >> Yeah, so there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of Active Directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if that production environment is compromised, now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't backup. So we got the ransomware." It makes sense. >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first, and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it, or you can switch to the way Druva does things, which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. It's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically, what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, because that's the other thing is that by storing the data in the cloud, and I've said this a few times, you get to break the laws of physics, and the only way to do that is time travel. (both laughing) So yes, so Druva has time travel. And this is a Curtisism, by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it, and that's kind of what I mean by time travel, in that you, basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics is you break the laws of time. >> (laughs) Well, all right, everyone wants to know the next question, and this is a real big question is, are you from the future? >> (laughs) Yeah. Very much the future. >> What's it like in the future, backup, recovery? How does it restore? Is it air gapping everything? >> Yeah, well, it's a world where people don't have to worry about their backups. I like to use the phrase get out of the backup business, just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter, and I often make the joke that if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah, and what's great about your background is you've got a lot of historical perspective. You've seen that, the waves of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on. And got to think automated, things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not, that our customers don't have to do all of those things that all of our competitors have to do to, you know, to break, to try to break the laws of physics, I've been fighting the laws of physics my entire career, to get the backup done in the first place, then to secure all the data, and to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> All right, we'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data, and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches, and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva Data Resiliency Cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software as a service model delivers 24/7/365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches, and upgrades for you. Druva also makes zero trust security easy with built-in multifactor authentication, single sign-on, and role-based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built-in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean, unencrypted data from the entire timeframe of the attack. Cyberattacks are a major threat, but you can make protection and recovery easy with Druva. (electronic music) (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE's special presentation with Druva on "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. Our next guests are Stephen Manley, Chief Technology Officer of Druva, and Anjan Srinivas, who is the General Manager and Vice President of Product Management at Druva. Gentlemen, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic. The IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Great to be here, John. >> So what's your thoughts on the survey's conclusion? Obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is, on the one hand, everybody who sees the survey and reads it is going to say, "Well, that's obvious." Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is, it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that they needed to do. A lot of people are even still wondering, when that happens next time, what do I even do? So clearly not very surprising. Clearly, I think it's here to stay, and I think as long as people don't retool for a modern era of data management, this is going to to stay this way. >> Yeah, I hear this all the time in our CUBE conversations with practitioners. It's kind of like the security pro, give me more tools, I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because, you know, people claim that they have tools at crime points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing, but it doesn't seem there's confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first, and Stephen can add to it. What happens is, I think this is a panic buying and they have accumulated this tooling now just because somebody said they could solve your problem, but they haven't had a chance to take a real look from a ground up perspective to see where are the bottlenecks? Where are the vulnerabilities? And which tooling set needs to lie where? Where does the logic need to reside? And what, in Druva, we are watching people do and people do it successfully, is that as they have adopted Druva technology, which is ground up built for the cloud, and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware, and then there's a whole plethora of ecosystem players that kind of combine to really finish the story, so to say, right? So I think this has been a panic buying situation. This is like, "Get me any help you can give me." And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva, and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> Yes, Stephen? >> I was going to say, I mean, one of the the really interesting things in the survey for me, and for a moment, a little more than a moment, it made me think was that the large number of respondents who said, "I've got a really efficient, well-run back environment," who, then, on basically the next question said, "And I have no confidence that I can recover from a ransomware attack." And you scratch your head and you think, "Well, if your backup environment is so good, why do you have such low confidence?" And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture, and let's face it, the disk-based architecture's been around for almost two decades now, in terms of disk-based backup, you can have that tuned to the hilt. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues, you know, really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, "I'm doing the best I can," but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so, yeah. >> Well, that's a great point. Before we get into the customer side I want to get to in second, you know, I interviewed Jaspreet, the founder and CEO many years ago, even before the pandemic, and you mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built kind of backup and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now. It's a huge issue. >> I think, to me there's three things that come up over and over and over again as we talk to people in terms of, you know, being built in cloud, being cloud native, why is it an advantage? The first one is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. The second advantage is the scalability. And you know, this certainly plays into account as your business grows, or, in some cases, as you shrink or repurpose workloads, you're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on premises as much or as little as you want. And then I think the third one is we're seeing, basically, things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is we're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, "Wow, I needed six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks, and it's backed by Druva to make sure it works. >> Anjan, you know, you got the product side, you know, it's a challenging job 'cause you have so many customers asking for things, probably on the roadmap, you probably can go an hour for that one, but I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated, probably on the feature requests, but also structurally as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think, after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in, as Druva, is that we are providing them the cloud operating model and a data protection operating model, combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate, because this is not just about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate in the middle of the war, so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour, while they're just trying to live one day at a time. And unless they really develop this overall security operating model, helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS, and we are going to be continuing to evolve that to further the many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So new workloads, new security capabilities. Love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? You got new workloads, you got the new security needs, what's the disruption impact? 'Cause you want to avoid that. How much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, you know, again, we're willing to put our money where our mouth is, and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say the goal of Druva is to do the job of protecting and securing your data for you so that you, as a customer, don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks, all with SLAs. So everything from your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally, and we're guaranteeing the long-term durability of the data so that if you backup with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there, and the only way for this to work is to have a service that can provide you SLAs across all of the risks, because that means, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. (laughs) People are concerned about it, so great stuff. In the last five minutes, guys, if you don't mind, I'd love to have you share what's on the horizon for Druva? You mentioned the new workloads, Anjan. You mentioned this new security. You're going to shift left. DevOps is now the developer model. They're running IT. Get data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace and the competition? >> Yeah, I think, listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first, from Druva, before they can start to get into much more advanced level of insights and analytics around that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which, I think, is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor, and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build, all the way from a feature level where we have things like (audio distorts) that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security, and that's where my focus is, to go and get those features delivered, and Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure, so, yeah, so John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications, and a lot of those SaaS applications have data. So there's the obvious things, like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because, if you think about it, if someone you know deletes some really important records in Salesforce, that's actually kind of the record of your business. And so, we're looking at more and more SaaS application protection, and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce, or something like Microsoft 365. You do want to look into sandboxing, you want to look into long-term archival, because this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks, because we're seeing across the globe. And then, of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because, let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud, and then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember, John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and then really the power of SaaS as a service, simplicity to kind of continue on, amongst kind of keeping these complex technologies together. >> Anjan, that's a great callout. I was going to mention ease of use and self-service. Big part of the developer and IT experience. Expected. It's the table stakes. Love the analytic angle, I think that brings the scale to the table, and faster time to value to get to learn best practices. But at the end of the day, automation, cross-cloud protection and security to protect and recover. This is huge, and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You have the experts talk about under the hood, the product, the value, the future of what's going on with Druva, and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva Data Resiliency Cloud is the only 100% SaaS data resiliency platform that provides centralized, secure, air gapped, and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyberattacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds, and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup and recovery, but also data resiliency across high value use cases, such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability, and ransomware protection. The Druva Data Resiliency Cloud, your data, always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past 2+ years, a lot of good technology practices have been put into place, but there's much more work to be done, specifically, because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a system's view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. Here we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net, and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching "Why Ransomware isn't Your Only Problem," made possible by Druva, in collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

(bright inspirational music) >> Welcome back everyone to theCUBE and the Druva special presentation of, "Why Ransomware Isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W. Curtis Preston. Curtis Preston, as you know in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at, "Why Ransomware Isn't Your Only Problem." Great to see you. Thanks for coming on. >> Happy to be here. >> So we always see each other events, now events are back. So it's great to have you here for this special presentation. The White Paper from IDC really talks about this in detail. Like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's... The survey results really I'd like to say that they surprised me, but unfortunately they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit- successfully hit by ransomware, paid the ransom and/or lost data. And yet the same people that were surveyed they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just they don't want to have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know, "We're good boss, we got this covered." >> Good. All good. It's all good. >> Fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once. So, you know, this is a constant chasing the tail on some ends, but there are some tools out there. You guys have a solution. And so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, that there was a huge percentage of people that said that they had a, you know, a ransomware response, you know, and readiness program. And you look at that and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program and a, you know, which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most is that because you talked about re-infections the surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail all you're telling people is that you pay blackmail. >> You're in business, you're a good customer. ALR for ransomware. >> Yeah. So, the fact that, you know, 60, what, two-thirds of the people that were attacked by ransomware paid the ransom. That one statistic just, just hurt my heart. >> Yeah. And I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, super important to get back in recovery. And that's been around for a long time. But now that's an attack vector, okay? And there's dollars involved, like I said, ALR, I'm joking but there's recurring revenue for the for the bad guys if they know you're paying up and if you're stupid enough not to change you're tooling. Right? So again, it works both ways. So, I got to ask you, why do you think so many organizations are unable to successfully respond after an attack? Is it because- they know it's coming. I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things starting with that aspect that I mentioned before that nobody wants to have anything to do with the backup system, right? So, nobody wants to be the one to raise their hand because if you're the one that raises their hand "You know what, that's a good idea, Curtis, why don't you look into that?" Right? Nobody wants to be responsible- >> Where's that guy now? He doesn't work here anymore. Yeah, but I hear where you coming from. Psychology (indistinct). >> Yeah. So there's that. But then the second is that because of that no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector they have to be protected as much, if not more, than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like Okta so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if you, if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, if the production system is compromised then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't back-up. So we got the ransomware." >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. Right? >> Okay, so you guys have a lot of customers They all kind of have the same- this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, There are, and everything about how that data is stored and everything about how that data is created and accessed. There are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it or you can switch to the way Druva does things which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the- it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work with us. You just login and you get all of that. >> I guess how do you break the laws of physics? I guess that's the question here. >> Well, when, because that's the other thing is that by storing the data in the cloud, we do it, and I've said this a few times, that you get to break the laws of physics. And the only way to do that is to, is time travel. And that's what, so yeah. So Druva has time travel. What, and this is a courtisism by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of what I mean by time travel. In that you, basically, you configure your DR, your disaster recovery environment in Druva one time. And then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario which is part of your ransomware response, right? Again, there are many different parts but when you get to actually restoring the data you should be able to just push a button and go. The data should already be restored. And that's the, that's the way that you of physics is you break the laws of time. >> Well, I and everyone wants to know the next question, and this is the real big question is, are you from the future? (light chuckling) >> Yeah. Very much the future. >> What's it like in the future, back-up recovery, how's it restored? Is it air gapping everything? >> Yeah, it, well, it's a world where people don't have to worry about their backups. I like to use the phrase, "get out of the backup business. Just get into the restore business." I, you know, I'm a grandfather now and I love having a granddaughter and I often make the joke that if I'd have known how great grandkids were I would've skipped straight to them. Right? Not possible. Just like this. Recoveries are great. Backups are really hard. So, in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah. And what's great about your background is you've got a lot of historical perspective. I've seen that in the ways of innovation now it's really is about the recovery and real time. So a lot of good stuff going on and got to think automated. Things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to, you know, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right? To air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish that, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it. All this is now mainstream front lines. Great stuff. Curtis, great to have you on, bring that perspective and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> Alright. We'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. (gentle scientific music)

>>From the cube studios in Palo Alto, in Boston, bringing you data driven insights from the cube and ETR. This is breaking analysis with Dave ante. >>When Frank sluman took service, now public many people undervalued the company, positioning it as just a better help desk tool. You know, it turns out that the firm actually had a massive Tam expansion opportunity in it. SM customer service, HR, logistics, security marketing, and service management. Generally now stock price followed over the years, the stellar execution under Slootman and CFO, Mike scar Kelly's leadership. Now, when they took the reins at snowflake expectations were already set that they'd repeat the feet, but this time, if anything, the company was overvalued out of the gate, the thing is people didn't really better understand the market opportunity this time around, other than that, it was a bet on Salman's track record of execution and on data, pretty good bets, but folks really didn't appreciate that snowflake. Wasn't just a better data warehouse that it was building what they call a data cloud, and we've turned a data super cloud. >>Hello and welcome to this. Week's Wikibon cube insights powered by ETR in this breaking analysis, we'll do four things. First. We're gonna review the recent narrative and concerns about snowflake and its value. Second, we're gonna share survey data from ETR that will confirm precisely what the company's CFO has been telling anyone who will listen. And third, we're gonna share our view of what snowflake is building IE, trying to become the defacto standard data platform, and four convey our expectations for the upcoming snowflake summit. Next week at Caesar's palace in Las Vegas, Snowflake's most recent quarterly results they've been well covered and well documented. It basically hit its targets, which for snowflake investors was bad news wall street piled on expressing concerns about Snowflake's consumption, pricing model, slowing growth rates, lack of profitability and valuation. Given the, given the current macro market conditions, the stock dropped below its IPO offering price, which you couldn't touch on day one, by the way, as the stock opened well above that and, and certainly closed well above that price of one 20 and folks express concerns about some pretty massive insider selling throughout 2021 and early 2022, all this caused the stock price to drop quite substantially. >>And today it's down around 63% or more year to date, but the only real substantive change in the company's business is that some of its largest consumer facing companies, while still growing dialed back, their consumption this past quarter, the tone of the call was I wouldn't say contentious the earnings call, but Scarelli, I think was getting somewhat annoyed with the implication from some analyst questions that something is fundamentally wrong with Snowflake's business. So let's unpack this a bit first. I wanna talk about the consumption pricing on the earnings call. One of the analysts asked if snowflake would consider more of a subscription based model so that they could better weather such fluctuations and demand before the analyst could even finish the question, CFO Scarelli emphatically interrupted and said, no, <laugh> the analyst might as well have asked, Hey Mike, have you ever considered changing your pricing model and screwing your customers the same way most legacy SaaS companies lock their customers in? >>So you could squeeze more revenue out of them and make my forecasting life a little bit easier. <laugh> consumption pricing is one of the things that makes a company like snowflake so attractive because customers is especially large customers facing fluctuating demand can dial and their end demand can dial down usage for certain workloads that are maybe not yet revenue producing or critical. Now let's jump to insider trading. There were a lot of insider selling going on last year and into 2022 now, I mean a lot sloop and Scarelli Christine Kleinman. Mike SP several board members. They sold stock worth, you know, many, many hundreds of millions of dollars or, or more at prices in the two hundreds and three hundreds and even four hundreds. You remember the company at one point was valued at a hundred billion dollars, surpassing the value of service now, which is this stupid at this point in the company's tenure and the insider's cost basis was very often in the single digit. >>So on the one hand, I can't blame them. You know what a gift the market gave them last year. Now also famed investor, Peter Linsey famously said, insiders sell for many reasons, but they only buy for one. But I have to say there wasn't a lot of insider buying of the stock when it was in the three hundreds and above. And so yeah, this pattern is something to watch our insiders buying. Now, I'm not sure we'll keep watching snowflake. It's pretty generous with stock based compensation and insiders still own plenty of stock. So, you know, maybe not, but we'll see in future disclosures, but the bottom line is Snowflake's business. Hasn't dramatically changed with the exception of these large consumer facing companies. Now, another analyst pointed out that companies like snap, he pointed to company snap, Peloton, Netflix, and face Facebook have been cutting back. >>And Scarelli said, and what was a bit of a surprise to me? Well, I'm not gonna name the customers, but it's not the ones you mentioned. So I, I thought I would've, you know, if I were the analyst I would've follow up with, how about Walmart target visa, Amex, Expedia price line, or Uber? Any of those Mike? I, I doubt he would've answered me anything. Anyway, the one thing that Scarelli did do is update Snowflake's fiscal year 2029 outlook to emphasize the long term opportunity that the company sees. This chart shows a financial snapshot of Snowflake's current business using a combination of quarterly and full year numbers in a model of what the business will look like. According to Scarelli in Dave ante with a little bit of judgment in 2029. So this is essentially based on the company's framework. Snowflake this year will surpass 2 billion in revenues and targeting 10 billion by 2029. >>Its current growth rate is 84% and its target is 30% in the out years, which is pretty impressive. Gross margins are gonna tick up a bit, but remember Snowflake's cost a good sold they're dominated by its cloud cost. So it's got a governor. There has to pay AWS Azure and Google for its infrastructure. But high seventies is a, is a good target. It's not like the historical Microsoft, you know, 80, 90% gross margin. Not that Microsoft is there anymore, but, but snowflake, you know, was gonna be limited by how far it can, how much it can push gross margin because of that factor. It's got a tiny operating margin today and it's targeting 20% in 2029. So that would be 2 billion. And you would certainly expect it's operating leverage in the out years to enable much, much, much lower SGNA than the current 54%. I'm guessing R and D's gonna stay healthy, you know, coming in at 15% or so. >>But the real interesting number to watch is free cash flow, 16% this year for the full fiscal year growing to 25% by 2029. So 2.5 billion in free cash flow in the out years, which I believe is up from previous Scarelli forecast in that 10, you know, out year view 2029 view and expect the net revenue retention, the NRR, it's gonna moderate. It's gonna come down, but it's still gonna be well over a hundred percent. We pegged it at 130% based on some of Mike's guidance. Now today, snowflake and every other stock is well off this morning. The company had a 40 billion value would drop well below that midday, but let's stick with the 40 billion on this, this sad Friday on the stock market, we'll go to 40 billion and who knows what the stock is gonna be valued in 2029? No idea, but let's say between 40 and 200 billion and look, it could get even ugly in the market as interest rates rise. >>And if inflation stays high, you know, until we get a Paul Voker like action, which is gonna be painful from the fed share, you know, let's hope we don't have a repeat of the long drawn out 1970s stagflation, but that is a concern among investors. We're gonna try to keep it positive here and we'll do a little sensitivity analysis of snowflake based on Scarelli and Ante's 2029 projections. What we've done here is we've calculated in this chart. Today's current valuation at about 40 billion and run a CAGR through 2029 with our estimates of valuation at that time. So if it stays at 40 billion valuation, can you imagine snowflake grow into a 10 billion company with no increase in valuation by the end, by by 2029 fiscal 2029, that would be a major bummer and investors would get a, a 0% return at 50 billion, 4% Kager 60 billion, 7%. >>Kegar now 7% market return is historically not bad relative to say the S and P 500, but with that kind of revenue and profitability growth projected by snowflake combined with inflation, that would again be a, a kind of a buzzkill for investors. The picture at 75 billion valuation, isn't much brighter, but it picks up at, at a hundred billion, even with inflation that should outperform the market. And as you get to 200 billion, which would track by the way, revenue growth, you get a 30% plus return, which would be pretty good. Could snowflake beat these projections. Absolutely. Could the market perform at the optimistic end of the spectrum? Sure. It could. It could outperform these levels. Could it not perform at these levels? You bet, but hopefully this gives a little context and framework to what Scarelli was talking about and his framework, not with notwithstanding the market's unpredictability you're you're on your own. >>There. I can't help snowflake looks like it's going to continue either way in amazing run compared to other software companies historically, and whether that's reflected in the stock price. Again, I, I, I can't predict, okay. Let's look at some ETR survey data, which aligns really well with what snowflake is telling the street. This chart shows the breakdown of Snowflake's net score and net score. Remember is ETS proprietary methodology that measures the percent of customers in their survey that are adding the platform new. That's the lime green at 19% existing snowflake customers that are ex spending 6% or more on the platform relative to last year. That's the forest green that's 55%. That's a big number flat spend. That's the gray at 21% decreasing spending. That's the pinkish at 5% and churning that's the red only 1% or, or moving off the platform, tiny, tiny churn, subtract the red from the greens and you get a net score that, that, that nets out to 68%. >>That's an, a very impressive net score by ETR standards. But it's down from the highs of the seventies and mid eighties, where high seventies and mid eighties, where snowflake has been since January of 2019 note that this survey of 1500 or so organizations includes 155 snowflake customers. What was really interesting is when we cut the data by industry sector, two of Snowflake's most important verticals, our finance and healthcare, both of those sectors are holding a net score in the ETR survey at its historic range. 83%. Hasn't really moved off that, you know, 80% plus number really encouraging, but retail consumer showed a dramatic decline. This past survey from 73% in the previous quarter down to 54%, 54% in just three months time. So this data aligns almost perfectly with what CFO Scarelli has been telling the street. So I give a lot of credibility to that narrative. >>Now here's a time series chart for the net score and the provision in the data set, meaning how penetrated snowflake is in the survey. Again, net score measures, spending velocity and a specific platform and provision measures the presence in the data set. You can see the steep downward trend in net score this past quarter. Now for context note, the red dotted line on the vertical axis at 40%, that's a bit of a magic number. Anything above that is best in class in our view, snowflake still a well, well above that line, but the April survey as we reported on May 7th in quite a bit of detail shows a meaningful break in the snowflake trend as shown by ETRS call out on the bottom line. You can see a steady rise in the survey, which is a proxy for Snowflake's overall market penetration. So steadily moving up and up. >>Here's a bit of a different view on that data bringing in some of Snowflake's peers and other data platforms. This XY graph shows net score on the vertical axis and provision on the horizontal with the red dotted line. At 40%, you can see from the ETR callouts again, that snowflake while declining in net score still holds the highest net score in the survey. So of course the highest data platforms while the spending velocity on AWS and Microsoft, uh, data platforms, outperforms that have, uh, sorry, while they're spending velocity on snowflake outperforms, that of AWS and, and Microsoft data platforms, those two are still well above the 40% line with a stronger market presence in the category. That's impressive because of their size. And you can see Google cloud and Mongo DB right around the 40% line. Now we reported on Mongo last week and discussed the commentary on consumption models. >>And we referenced Ray Lenchos what we thought was, was quite thoughtful research, uh, that rewarded Mongo DB for its forecasting transparency and, and accuracy and, and less likelihood of facing consumption headwinds. And, and I'll reiterate what I said last week, that snowflake, while seeing demand fluctuations this past quarter from those large customers is, is not like a data lake where you're just gonna shove data in and figure it out later, no schema on, right. Just throw it into the pond. That's gonna be more discretionary and you can turn that stuff off. More likely. Now you, you bring data into the snowflake data cloud with the intent of driving insights, which leads to actions, which leads to value creation. And as snowflake adds capabilities and expands its platform features and innovations and its ecosystem more and more data products are gonna be developed in the snowflake data cloud and by data products. >>We mean products and services that are conceived by business users. And that can be directly monetized, not just via analytics, but through governed data sharing and direct monetization. Here's a picture of that opportunity as we see it, this is our spin on our snowflake total available market chart that we've published many, many times. The key point here goes back to our opening statements. The snowflake data cloud is evolving well beyond just being a simpler and easier to use and more elastic cloud database snowflake is building what we often refer to as a super cloud. That is an abstraction layer that companies that, that comprises rich features and leverages the underlying primitives and APIs of the cloud providers, but hides all that complexity and adds new value beyond that infrastructure that value is seen in the left example in terms of compressed cycle time, snowflake often uses the example of pharmaceutical companies compressing time to discover a drug by years. >>Great example, there are many others this, and, and then through organic development and ecosystem expansion, snowflake will accelerate feature delivery. Snowflake's data cloud vision is not about vertically integrating all the functionality into its platform. Rather it's about creating a platform and delivering secure governed and facile and powerful analytics and data sharing capabilities to its customers, partners in a broad ecosystem so they can create additional value. On top of that ecosystem is how snowflake fills the gaps in its platform by building the best cloud data platform in the world, in terms of collaboration, security, governance, developer, friendliness, machine intelligence, etcetera, snowflake believes and plans to create a defacto standard. In our view in data platforms, get your data into the data cloud and all these native capabilities will be available to you. Now, is that a walled garden? Some might say it is. It's an interesting question and <laugh>, it's a moving target. >>It's definitely proprietary in the sense that snowflake is building something that is highly differentiatable and is building a moat around it. But the more open snowflake can make its platform. The more open source it uses, the more developer friendly and the great greater likelihood people will gravitate toward snowflake. Now, my new friend Tani, she's the creator of the data mesh concept. She might bristle at this narrative in favor, a more open source version of what snowflake is trying to build, but practically speaking, I think she'd recognize that we're a long ways off from that. And I also think that the benefits of a platform that despite requiring data to be inside of the data cloud can distribute data globally, enable facile governed, and computational data sharing, and to a large degree be a self-service platform for data, product builders. So this is how we see snow, the snowflake data cloud vision evolving question is edge part of that vision on the right hand side. >>Well, again, we think that is going to be a future challenge where the ecosystem is gonna have to come to play to fill those gaps. If snowflake can tap the edge, it'll bring even more clarity as to how it can expand into what we believe is a massive 200 billion Tam. Okay, let's close on next. Week's snowflake summit in Las Vegas. The cube is very excited to be there. I'll be hosting with Lisa Martin and we'll have Frank son as well as Christian Kleinman and several other snowflake experts. Analysts are gonna be there, uh, customers. And we're gonna have a number of ecosystem partners on as well. Here's what we'll be looking for. At least some of the things, evidence that our view of Snowflake's data cloud is actually taking shape and evolving in the way that we showed on the previous chart, where we also wanna figure out where snowflake is with it. >>Streamlet acquisition. Remember streamlet is a data science play and an expansion into data, bricks, territory, data, bricks, and snowflake have been going at it for a while. Streamlet brings an open source Python library and machine learning and kind of developer friendly data science environment. We also expect to hear some discussion, hopefully a lot of discussion about developers. Snowflake has a dedicated developer conference in November. So we expect to hear more about that and how it's gonna be leveraging further leveraging snow park, which it has previously announced, including a public preview of programming for unstructured data and data monetization along the lines of what we suggested earlier that is building data products that have the bells and whistles of native snowflake and can be directly monetized by Snowflake's customers. Snowflake's already announced a new workload this past week in security, and we'll be watching for others. >>And finally, what's happening in the all important ecosystem. One of the things we noted when we covered service now, cause we use service now as, as an example because Frank Lupin and Mike Scarelli and others, you know, DNA were there and they're improving on that service. Now in his post IPO, early adult years had a very slow pace. In our view was often one of our criticism of ecosystem development, you know, ServiceNow. They had some niche SI uh, like cloud Sherpa, and eventually the big guys came in and, and, and began to really lean in. And you had some other innovators kind of circling the mothership, some smaller companies, but generally we see sluman emphasizing the ecosystem growth much, much more than with this previous company. And that is a fundamental requirement in our view of any cloud or modern cloud company now to paraphrase the crazy man, Steve bomber developers, developers, developers, cause he screamed it and ranted and ran around the stage and was sweating <laugh> ecosystem ecosystem ecosystem equals optionality for developers and that's what they want. >>And that's how we see the current and future state of snowflake. Thanks today. If you're in Vegas next week, please stop by and say hello with the cube. Thanks to my colleagues, Stephanie Chan, who sometimes helps research breaking analysis topics. Alex, my is, and OS Myerson is on production. And today Andrew Frick, Sarah hiney, Steven Conti Anderson hill Chuck all and the entire team in Palo Alto, including Christian. Sorry, didn't mean to forget you Christian writer, of course, Kristin Martin and Cheryl Knight, they helped get the word out. And Rob ho is our E IIC over at Silicon angle. Remember, all these episodes are available as podcast, wherever you listen to search breaking analysis podcast, I publish each week on wikibon.com and Silicon angle.com. You can email me directly anytime David dot Valante Silicon angle.com. If you got something interesting, I'll respond. If not, I won't or DM me@deteorcommentonmylinkedinpostsandpleasedocheckoutetr.ai for the best survey data in the enterprise tech business. This is Dave Valante for the insights powered by ETR. Thanks for watching. And we'll see you next week. I hope if not, we'll see you next time on breaking analysis.

>>Good morning live from Las Vegas. It's the Q with AWS reinvent 2021. This is our fourth day of coverage. The third full day of the conference. Lisa Martin here with Dave Nicholson. Dave, we had had a tremendous number of conversations. In fact, we've two live sets over a hundred guests on the program, and I have another web. I've got two Dave's for you for the price of one. Dave trader joins us the field CSO client advisor at Presidio. We're going to be talking about ransomware and security, Dave, welcome to the program. Thank you for having me. So it's looking at your background. You've got a very cool background. You hold numerous cybersecurity certifications, including CIS SP you've received numerous endorsements from the department of Homeland security, the FBI and NSA. And in 2018, you graduated from the FBI's CSO academy in Quantico. Wow. Yeah, it sounds like he's a man with a very special set of skills. I think you're right. I think you're right. One of the things that we have seen the cybersecurity landscape has changed dramatically in the last year and a half 22 months or so. I was reading some stats ransomware and the check happens delivery once every 11 seconds. It's now a matter of when not, if talk to us about some of the things that you're seeing, the threat landscape, changing ransomware as a service what's going on. >>The last part that you mentioned was ransomware as a service is key. The access to be able to launch a tax has become so simplified that the, the, the, uh, the attacker level doesn't have to be sophisticated. Really. You can get down to the 100 level brand new hackers that are just getting into the space. They can go to a help desk and they can purchase ransomware, and they can run this ransomware that has the comes with quality assurance, by the way. And if they didn't run correctly, they've got a help desk support system. That'll help them run this in a, you know, as a criminal enterprise. Um, the access is really what is, what has made this so prevalent, and it really exacerbated the problem to the massive scale that we're seeing today. Yeah. >>And of course, we're only hearing about the big ones, you know, re you know, Conti colonial pipeline. But as I mentioned, an attack occurring every 11 seconds, I also was reading the first half of calendar, 21, that ransomware was up nearly 11 X. So the trajectory it's going the wrong way, it's going up into the right and the way that we don't want it to go, are they becoming more brazen? Is it easier? Ransomware is the surface, but also they're able to be paid in Bitcoin and that's less traceable. >>Yeah. So, um, exponential is not even fair, right? Cause it, that's not even a fair assessment because that up and right, it's just, it's been so pervasive that we just see that continued growth. Uh, you know, there's how, you know, different ways and how we're going to stop that. And what we're, what we're doing from a national perspective is all coming into play and what we're going to do about it. You know? So the, one of the things that I'm seeing, that's kind of new is the taunting aspect. So the taunting aspect is, uh, you know, they've been in your network for a little while, the dwell times extended and they're collecting intelligence, but what they're doing is, you know, they used to let you, after they would present you with the ransomware note, they would let you kind of circle the wagons. And then you would come to a decision point as an organization. >>Is, am I going to pay or am I not well? And they would give you a little bit of time to deliberate. Well, now during your deliberation time, they're actually sending texts to the CEO and the CFO and there's, and they're, they're, they're showcasing their, their, uh, technical prowess and that they've got you, they own you at that point. And they're, they're texting on your personal device. And they're saying, you should go ahead and pay us, or we're going to make this worse. The taunting aspect is even twisting the knife and it's, uh, you know, out of box isn't even from a criminal aspect, I expect that to be out of bounds, no >>Crazy. And of course, you know, some of the things that we've seen, um, uh, the, the white houses, counter ransomware initiative, a coalition of 30 countries aimed to ramp up global efforts to attack that it's like, are you seeing cyber crime with the rise and the proliferation, you think there's gonna be more regulations and organizations that are going to be having to deal with? What do you think? Some of the things that we're going to see on that legal? >>Yeah. So we have to, we have to leverage compliance, and there's a lot of really great frameworks out there today that we are leveraging. And there's, there's good methodology on how to stop this. The issue is it's the adoption and really the, the, the knowledge, the subject matter expertise, and really that consultant side, that's the message that I try and get out to, to, to our customers and our clients. And I'm trying to really get them to understand what that evolution looks like and what, what is needed in each discipline, because there's various disciplines across the board and you almost have to have them all, um, you know, in order to be able to stop ransomware and solve for that ransomware problem. And I do think the regulation is going to be key. I also think that I need some air support from not only the federal government, but our internet service providers and, and we as a free country, we need to be careful of, you know, on, on some of that, some of those fronts. But I, I, I still think that I would appreciate, you know, my ISP doing a little bit of block and tackle for me, you know, and helping me out, even though I want the freedom to do and be able to do whatever I want. I still like them to say, you know, we're gonna block known that because, you know, it would just be nice to have a little bit of support even on that side. So how does >>An ISP prevent me from panning out my password and being fooled in a, in a, in a phishing attack is the, is the question that, is, that, is that still a real issue? >>So I wouldn't put that. I wouldn't put that on the ISP. I would put that more on the end point and some personal responsibility, right. Knowing, and I do, I do stress that a little bit, but relatively early >>Morning sarcasm in my bag. >>Yeah. So I do put that on, but there, but there are tremendous partners that I work with that are able to do that and automate a lot of that for you. And I need to make it simple, but simple as hard. And that's what you know is, especially in cybersecurity, we want to make it simple for it and really be able to remove the threat to the end user and protect the user. But in order to do that, there's a ton of things on a ton of sophistication and innovation that happens in the background. And we really need to be able to showcase how that's done. And, um, I, it's, obviously I'm excited about it, but we need more people that are able to just specialize in this. We need more good guys that are able to come in and help us on this front. >>I also think we need to break down some barriers for on the competition with, you know, market share and the partners we need to, we need to kind of elevate the conversation a little bit and we all need to work together because we're all in the same boat when it comes to how we're being attacked. Um, you know, from a national perspective on a global scale. And I think that if we elevate the conversation, our collective, uh, mindset in that, that, that, that, uh, that, that mind share is going to be able to really help us innovate and, and put a stop to this. >>So then how is Presidio and AWS, how are you helping them until you get to it? Ransomware and mitigation can talk to us about that. How are you going to be helping, especially there's cyber security skills gap that's gone on like five years. >>Sure. Yeah. That skills gap is going to continue to, we're going to continue to see that grow as well. And we're efforting that on many fronts, but I'm really excited about the ransomware mitigation kit that got, uh, unveiled yesterday. Um, I got a call earlier this year from, uh, AWS and, and, uh, we basically, the question was posed to me, you know, what are we going to do about this is from an AWS perspective, what can we do? Um, you know, cause th the cyber adversaries are, uh, are, are relatively unchecked and, and, and their attitude is what are you going to do about it? So AWS posed the question, what are we going to do about it? And what we came up with was, you know, as, as an isolated organization, or as an isolated discipline as with like a managed detection and response or endpoint protection, um, that silo could not by itself accomplish and the solve to eliminate ransomware or to make a dent in eliminate ransomware. >>So what we had to do was combine disciplines, and we reached over to BCDR disaster recovery and, and, and, and our backup teams. And we said, let's put together endpoint protection, MDR, and let's, let's merge the two of these. And let's automate that. So that what happens is, is when we detect the ransomware attack, there's, there's a specific indicators of compromise that happened in the attack, the end point protection, which is CrowdStrike in our case can see that and can notify that, and then can tell the backup and recovery team, Hey, we know that this is a, this is an indicator of compromise. We know that this system is, has been owned. And then there's an inflection point where we can ask the user if they want to manually intervene, or if they want us to automate that and intervene for them. So it really keeps production going full-time and, uh, it doesn't, it takes away the cyber adversaries ability to hold our data hostage. So this is an, it was this one, and I don't use PI verbally, uh, frequently, but this is a monumental, uh, uh, evolution of what, of what we're going to see and how to prevent ransomware. >>Wow. I was reading that, that ransomware is backups, or you talked about backup, the backup backup attacks are on the rise as well. How can organizations, how can they work with Presidio in AWS? You described this as monumental kind of game-changing, how can they work with you guys to, to implement this technology so that we can start dialing down the threats? >>Yeah. So we would love to, we would love to hear from you, right? Give us a, give us a call. Um, but, uh, our teams, you know, with, with CloudEndure and AWS CloudEndure and CrowdStrike and what they've really come up with, and, and you have to have these two things ahead of time. So I sit on our critical incident response team, and, you know, I, I do work with, you know, the, the bureau as often as I can on attribution, but you have to have these ahead of time. So your, your, your, your, uh, critical response plan needs to be in place. And if you have the two things that we, that we've really put a lot of effort into over the last eight months, if you've got CrowdStrike and you've got cloud on, on the backend, we can establish all of those, um, and, and really set this up for you to eliminate that threat. And, and that's what we're excited to showcase this week, and, you know, in the coming months, and we're going to, and we've also got additional things in additional features that we plan to add to that in the, in the coming months, Dave, >>Your thoughts on the partnership between private industry and government entities. Uh, you mentioned that the level of sophistication to engage in this bad behavior doesn't necessarily have to be the, have to rise to the level of state sponsored. Um, but can we do this in the private sector, by ourselves? What are your, what are your sort of philosophical? >>I will give you my, I will give you a statistic on this and it will, it'll be self-explanatory. But, um, 80% of our critical infrastructure in the United States is privately held. So we're unique in that perspective, we aren't like some other countries where they can just mandate the requirement that the government will control critical infrastructure. It's privately held here in the United States. So you almost have to invite the federal government to come in, even though you are a critical infrastructure, they still have to be invited to come help you. And that partnership is key in order to be able to defend yourself, but also to defend the nation. Our power grids are our water sources. I mean, you'll see those are private private companies, but we need that federal help. And I try and evangelize that partnership. I mean, you know, there's always the, um, you know, when you think about working with federal agencies, like the, like the FBI, um, there's a little bit of hesitation and you're not really quite sure. >>I will tell you that those, those men and women are, um, uh, they're amazing. They're amazing to work with they're, they're really good at what they do. And, and you're certainly it's a partnership and they have a whole division set up there's the office of the private sector is designed to have these conversations and help you prepare. And then in the unfortunate instance where you might have an attack there, right. They're trying to figure out who did that to you, you know, and, and you're a victim, you're a victim of a federal crime at that point. And they, they treat you with such care and, you know, they're, uh, they do such a great job. So I think we have to engage them in order to, and we should actually be able to help them with the technology and how, and make it easier for them to do their job, but something I'm also very interested in. >>Talk to me about your interests as the last question, in terms of what's going to go on here, we are wrapping up 2021 entering 2022, which hopefully will be a much better year for on many fronts, including the decrease in ransomware. What are some of the things that you're excited about? There's so much technology, there's so much opportunity and innovation going on with AWS and its partner ecosystem. What excites you, what opportunities do you see as we head into 2020? Yeah. >>So I do see some, I do see some threats that are going to evolve. Um, ransomware is certainly going to be more of the same until we get this out in this new methodology and what we've built until that becomes widely adopted. I think we, you know, we're not going to make a dent in the numbers that we're seeing just yet, but I'm hoping that that will change when, you know, when the industries do start to adopt that. The other thing that I'm seeing is I think operational technology is going to take a hit in 2022 because the bad guys have started to figure out how, um, you know, that, that, that, that operational technology is not as, uh, it's not front and center. And it's not top of mind for a lot of CSOs. So they're, they're targeting that weakness and going after that. So I think we really need to brace for that and, and really, uh, get in front of that. Uh, so that's one of the things that I'm prepping for is really the operational IOT conversation, and then how I can help, uh, organizations and even, even home users, you know, with some of the stuff that you've got, you know, maybe in your own home that could be used again, >>Right? Cause that work from anywhere is going to persist for quite some time. Dave, thank you so much for joining Dave Nicholson and me on the program this morning, talking about what's going on in the threat landscape ransomware, but also this monumental shift and from, from a technology and a partnership perspective that Presidio and AWS are doing to help customers and every industry, private and public sector. We appreciate your insights. Thank you >>For having me. Thanks >>For being here. Very Dave and Dave I'm Lisa you're watching the cube, the global leader in live tech coverage.

>>Live from San Diego, California. It's the cube covering to clock in cloud native con brought to you by red hat, the cloud native computing foundation and its ecosystem Marsh. >>Welcome back. This is the cubes coverage of coupon, cloud-native con 2019 here in San Diego. I'm Stu Miniman co-hosting for three days with John Troyer to my left and happy to welcome back to the program. Two of our cube alumni to my right is Robert Christiansen who is the vice president of strategy and office of the CTO with the IP group to see you. And sitting next to him is Kumar Sri Conti, SVP and CTO of that hybrid it group at HPE Kumar. Great to see you. Thank you very much. Thank you John. Good to be back here. Yes, hot off the presses. HP had a big announcement today. Uh, really unveiling it. Full container platform. Uh, Kumar, maybe it help us frame and understand, uh, what that is and why that wants here at at the show. Thank you. Is too good, too good to see John and it's very nice to be back on the cube. >>Yeah, we are very excited. We made an announcement, a HV container platform as we sat in the presser lays and various conversations. This is built on a proven technologies. HP has acquired a few companies in the past which includes my company blue data map. Our blue data has been in the container technology for more than five years. We have containers running specifically for the spa workloads like big data and AML and we brought those technologies together to give the customers the choice of 100% coupon. It has to run both stateful and stateless workloads under the same pane of glass and we are very excited about this opportunity and we have actually talked to a lot of customers and the most important in addition to all of that is the, we also integrated the map, our technology, which is one of the very so robust and sophisticated data store that gives you a persistency for the containers. >>Kumar, John and I were coming out of the keynote and saying, if you're brand new in this environment, Oh my gosh, there's just so many projects and so many pieces. You know, when I think back, you know, who helped me along the way, uh, one of the pieces you picked up with CTP, cloud technology partner and you're talking about specific applications. So you know, really building those bridges to where customers are and helping them give us, if you could some of those key use cases where you're finding that that cloud native philosophy and where customers are, are looking for HPS help. Robert and I spend a lot of time over the last few months internally and talking to the customers. Our thesis is the, all the low hanging fruit applications have mode. It's actually the most difficult applications, both stateful and stateless applications. So customers are asking and say, we want to standardize, we want to have a abstract platform and Gouverneur does is it? And, but we wanted to have a platform that gives us the board hybrid opportunity. I wanted to be able to run the on prem >>when necessary, also on the public cloud. And I wanted to be able to have a same platform to run both stateful answered as application. Yeah. And that's, that's a really interesting point because what Kumar's really, really looking at is that the only way that an enterprise has been using the path that modernization has been been a public cloud, uh, trajectory. Okay. And they really haven't had anything on premises that gave them the set of services necessary to get parody between the two. And what we're finding and you know, been been involved with public cloud since 2010 right? So hundreds and hundreds of engagements, the portion that they thought they were going to move to cloud is substantially dropped the actual number of applications versus now those are going to stay on prem. And we were looking at each other and we're saying, Hey, this is a trifecta of opportunities with the containers coming in and the normalization of Kubernetes as the unified pass platform, the abstraction of bullying all the way down to bare metal, right? >>And giving those clients that true native architectures where they are not having to pay what we consider excessive prices to be putting in that, that world right there and then allowing that monetization practice to happen. So you've got to start with that platform, that, that container platform, and to do it in the way that the motion is going right now in the world today that's consistent with the public cloud. This is really important that you have to have consistency in your development environments, whether they're public or private. And that's where we believe is important. So Robert, you're seeing enterprises develop that. It sounds like you're seeing enterprises develop that operational experience and operational expertise, process development, independent of where their workloads are running. Well, that's the goal. Okay. Yeah, yeah. Well, right now they're siloed. Right? Okay. You've got a public operating model and you've got a private operating model. >>Right? And there's some people that tried to stitch this stuff together, but it's really difficult. What we're looking to do is given consistent plain across, all right? And when you have a consistent plane, a control point across all, no matter where you put your clusters and a management frame around it, now you have the ability to build an operating model that's consistent to go forward. Okay. So you know, we've been at the show for four years. I interviewed Joe beta, uh, and, and Joe says, he said, look, you know, Kubernetes, it's not a magic layer. It does not all of a sudden say add Coobernetti's in it and everything works every hair there. No, it's a very thin layer. I'm glad he said that. Washing my car from that happened on top. Right. If flip problem just rubbed Coobernetti's on it and get better. So Kumar, help us understand kind of the HPE stack if you work and what you put together and therefore it will be an enabler for customers in your application. Thank you. That's a very, very well said and I joke that Gouverneur does, we'll wash your car and post to read and babysit. And um, so I think he enjoys the ride, a lot of wisdom there. So what we found is, uh, content has an ensemble persistence always problem per se. So if I want, if >>I have a database running and my container goes away, we also notice that you want to make sure your endpoints are well secured and you want to expose only things what you want in the thing. We also found out that customers are more interested in applications and are giving me just the engine and the tires. I need to go from point a to point B. What blue data has done is actually it actually automates all your deployments of applications. We announced that product in September, so what what what this continent platform does is bring all these pieces together so the customers to be able to move to the deploy man and not worry about whether I have tires or I have an engine or not. In addition, I would like to find out that, I think Antonio talked about it the hour Sammo we want to come to the customers and it's the best possible lowest cost workload per application. >>This is why we think better metals are very, very, very important. Running containers on bare metal will Remos techs and and there is an, and we've been running better minerals in on bare metal containers in the blue data for almost five years. One of the things I think I wanted to add to that because I, you, you were guys saying, Hey, deploying Kubernetes and just add a little bit on top of that and it's all fine, right? I thought that was a great comment. Um, a lot of our clients are literally talking about container sprawl, right? It don't take anything to go to cncf.org and pull down could the Kubernetes distro launch it out there? And I've got a bunch of stuff running. They're popping up faster than all the shadow it did when the cloud, the public cloud started coming up, right? So you have this, this, um, motion that's uncontrolled, and if you're an enterprise and you're and governance and you're trying to put your arms around a global infrastructure that you want to be able to put your arms around that, more importantly, you may have one group running 1.15. >>You may have another group 0.1, 1.8. You may have two other groups that have an older version that's into production right now, and you have them all independently running. And then you need to maintain a multitenancy across all of that and then separate those. Okay. You have to have a system that does that. And so the container HP container platform does that. This is a huge differentiating with consistent data layer underneath and that, that abstraction between the two and that governance around it is so much bigger than what we consider just Kubernetes on its own and that world comfort zone. Right, right. >>Well, I, I to play on that, right. Uh, we used to say, talk about paths a lot, right? And then a lot of words were spilled. I, I, what I love about some of the work here is that it comes from actual use, you know, proven in production use cases, years of work, you, the rough edges, the, the, the sharp, the, the cuts on your hands. Um, so that's actually great. All open source also and, and, and contributed back to the community. Also. Interesting. There is a, um, you know, but as so as folks, and there's many ways of getting Kubernetes raw, Kubernetes, Kubernetes with pieces, uh, in this room right here. So, you know, an interesting set of technologies that you've put together that with, for ease of use and for, for governance and you know, at the, from the business, from the ops layer, from the, from the dev layer. >>Um, but there is a difference of speed sometimes of uh, of uh, you know, the, what the enterprise wants to move Kubernetes these releases every quarter. And you know, I and you know, the other projects released at their own pace. So in this open source philosophy, uh, and the HPE as a partner with the, you know, point next and, and you know, support is your middle name kind of, uh, you know, how do you, how do you marry the, the, the speed of the cloud native technologies and all of the open source, uh, collaboration with, with kind of the enterprise on the enterprise side and help them? >>Yeah, very good question. I think Robert Weiner, there's one other focus for us is we didn't want to provide, I think before the injury you are talking about the curator Cuban or that we are supporting a hundred percent covenant is open source. So Robert says, I am a developer. I want 1.19 and Stu says I want do I have a 1.17 because I'm stable on that. You can have both the clusters along with the blue data, Epic controller clusters in the same pane of glass. Now you can run big data applications, you can run your cloud narrative, you can run your cloud narrative because you are on 1.19 so that is our goal. So when the CNCF releases newer versions obviously that we will support it. And then as you pointed out, HP support is the middle lame. We have a point next organization we have a CDP. So we will help the customers and we will obviously support certain versions and make sure when somebody gives a call and help the customers. And so we want to give that flexibility so that the developers can deploy whatever the native new versions that are coming up under the umbrella of HP container. It's this Epic layer that's providing some of the multitenancy and governance and controls. >>Exactly right. So this, you know, if you look at the, the, the CNCF, uh, roadmap, they're their grid, right? And you see where Coobernetti's lands in that one piece. There's all these surrounding pieces like that. There's lots and lots of vendors here that have pieces of it, right? But it takes a system, right? And you know that, and then it takes an operating model around that. Then it takes a deployment and governance model around that, right? And then you have, so there's so much more that the enterprise world acquires to make this a legitimate platform that can be scaled. >>One thing that I would like to add it, I don't want to underplay the, the, the value of a persistent proven data layer that has been there for 10 years with the map, our map around some of the best and largest databases in the world. And we are now bringing those two together. It's a, it's a very, very profound and very, very useful for the, for the enterprises. You know, Robert, you were emphasizing the consistency that needs to happen, uh, explained to how that fits in with your partnerships with all the public clouds. Uh, because you know, you hear a very different Coobernetti's message if you go to the Google show versus the Azure versus AWS. And I see HPE know at all of them. >>That's absolutely true. So, you know, I was the CTO with cloud technology partners, right? So I joined in 2013 and it was, um, our, our whole world was how do we work with the three hyperscalers to bring some consistency across them, right? You know, and you have operating models that are different for all three. I mean, what runs on AWS in a certain way is going to run differently on Azure. What's going to be running differently in GCP, right? So the tooling, all that, all the pieces are different. You go pull that back on prem. Now you have a whole different conversation as well. So what we know is that you have to have a unification of behavioral control systems in place before, wherever you deploy your clusters, wherever those are going to be like that. So what we know is is that the tagging nomenclature, the tagging is key to all of this operational models. >>All your tools are gonna be using tagging. And when you go into existing environments, taggy will be inconsistent between, even with inside AWS will be consistent, inconsistent with an Azure. So you have to have a mapping. So what we have as part of our GreenLake offering that would come in together with this is we have a unification tagging layer that bridges that gap and unifies that into a consistent nomenclature and control plane that gives you a basis to have an operating model. This is a, this only gets exposed until you start having 2050 102 hundred clusters out there. And everybody goes, how do I put my arms around this? So it's very important that that, that's just one piece of it. But operating model, operating model, operating model, I keep going back to this every time. There's a bunch of people here can spin up manage clusters all day long and some of them doing better than others, but unless you surround it and you surround it with the stuff that he's talking about is a consistent data layer, persistent and a consistent management system of all these people's behaviors, you're going to get just an unbelievable out of control platform. >>Yup. Kumar, I'd love your viewpoint as to just the overall maturity of this ecosystem and where does HPE see their role as to, you know, we talked about, you know, data and you know, everything that's changing. I heard a lot in the keynote this morning about, >>uh, some of the progress that's being made, but I'd love your viewpoint there. HP is a legend in the Valley as you know. I mean, they've done every, we, all engineering calculator starts with HV calculator. HP recognize they missed a couple of transitions in the industry. And I think there's a new leadership with, uh, with our, with the Robert and me and other other key leaders recognizes this is a great opportunity for us. We see this window to help the customers. Make the modern digitalization transition the applications, taking the monolithic applications, doing microservices. You can. In fact, Robert and I was talking to a bank and they told us they have 6,000 applications built so far. They have micro service, four of them and, and, and we have actually what, what, what we believe with this application is you can actually run your monolithic applications in a container platform while you are figuring it right. So what we see is helping the customers make the digital transition and making sure that they have, they make, they go down this journey. That's what we see. Kumar, Robert, thank you so much for the updates. Congratulations on the launch. I look forward to seeing your presence. Thanks for having and cube. I allow Q. yeah. Thanks Jeff. Again, look for next time. Okay. All right. Bye. Thanks so much for John Troyer. I'm Stu Miniman. Lots more in our three days wall to wall coverage here at cube colon cloud native con 2019 thanks for watching. Fuck you..

>> live from San Francisco, celebrating 10 years of high tech coverage. It's the Cube covering Veum World 2019 brought to you by IBM Wear and its ecosystem partners. >> Welcome back to the Cube. It's the Emerald 2019 our 10th year water wall coverage. Three days, two sets, lots of content. Instrument of my co host is Justin Warren. And one of the big stories coming into the show is VM Wear actually went on an acquisition spree. A hold number of acquisitions. Boston based Carbon Black over $2 billion Pivotal brought back into the fold for also, you know, around that ballpark of money on Happy to Welcome to the program. One of those acquisitions, such and Conti, is sitting to my right. He's the co founder of Hana is also a professor at Stanford University. Thank you so much for joining us and joining us. Also for the segment. Shakeri Air, the executive vice president general manager of Telco Edge Cloud at VM Wear, Shaker said, Yes, there's a lot of acquisitions not to play favorites, but maybe this is his favorite. No question about it. All right. Eso such in, you know, boy, you know the Paolo Alto Stanford connection. We were thinking back, You know, the Founders Of'em where, of course, you know came from Stanford. Many acquisitions over the year, including the mega next era acquisition. You know, quite a few years ago, I came out of Stanford. Give us what was the genesis in the Why of Hana. >> It's actually interesting Stanford Connection to So I've been a faculty at Stanford for the last 10 years on dhe. I have seen the SD and moment very close on up front on one of the dirty secrets of S. T M says it makes the netbooks programmable, but someone still has to write the programs on. So that's usually a very complex task on the pieces beyond the company was, Can we use the eye to learn how to program the network rather than humans having to program the network to do management or optimization? So the division really waas can be built? A network that learned how to optimize itself learns how to manage itself on the technology we're building. Is this a pipeline that basically tries to deliver on that for mobile? >> It's great, Sachin, you know, my background is networking and it feels like forever. We've been hooking well. We need to get people from the cli over to the gooey. But we know in today's rightly complex world, whether it's a I or just automation, humans will not be able to keep up with it. And, you know, we know that that's where a lot of the errors would happen is when we entered humans into doing some of this. So what are some of the key drivers that make this solution possible today that, you know, it might not have been able to do done when when one train was first rolling out the first S t n? >> Yeah, talk about it in three dimensions. The one is, Why do we need it today? Right on. Then what is being what is happening that is enabling this today, right? So, apart from what I talked about Stu and I think the other big driver is, the way I like to think about it is that the Internet is going from a means of consumption to a means of control and interaction. So, increasingly, the application to BC driving the next big decade, our very way of controlling things remotely or the network like a self driving car, or be in interacting but very highly rich visual content like E. R. India. So the applications are becoming a lot more demanding on the Net. At the same time, the network is going through a phase off, opening up on becoming disaggregated network complexity is increasing significantly. So the motivation behind the company and why I thought that was the right time to start the company was these two friends are gonna collide with five coming along the applications that are driving five g and then at the complexity increasing our five. So that's why we started the company. What actually is enabling. This is the fact that we have seen a lot of progress with the eye over the last few years. It hasn't really. It hadn't really been applied at scale to networks and specifically mobile that book. So we definitely saw no, actually there, but increasingly, ah, lot of the infrastructure that is being deployed there was more and more telemetry available. There was more and more data becoming available and that also obviously feet this whole engine. So I think the availability of all of these Big Data Technologies Maur data coming in from the network and the need because of these applications and that complexity. I think there's a perfect confluence >> that there's lots of lots of II floating around at the moment, and there's different flavors of it as well. So this machine learning there's Aye aye, sir. When when you say that there's there's a I behind this What? What particular kind of machine learning or a Y you're using to drive these networks? >> This a few different techniques because the problems we solve our anomaly detection off. Then problems are happening in the network predicting how network conditions are going to evolve. For example, predicting what your devices throughput is gonna be the next 30 seconds. We're also learning how to control the knobs in the neck using AI ai techniques. So each of these has different classes of the eye techniques. So, for example, for control we're using reinforcement learning, which is the same technique that Google used to kind of been on alphago. How do you learn how to play a game basically, but area the game you're playing it optimizing the network. But for the others, it's a record of neural networks to do predictions on Time series data. So I think it's a combination of techniques I wouldn't get to wherever the techniques. It's ultimately. But what is the problem you're trying to solve? And then they picked the right technique to solve it, >> and so on that because the aye aye is actually kind of stupid in that it doesn't know what they wouldn't. What an optimized network looks like. We have to show it what that is. So what? How do you actually train these systems to understand? But what is an optimized network? What? How does how does that tell you? Define this is what my network optimal state should be. >> So that's a great question, because in networking like that, any other discipline that wants to use the eye. There's not a lot of label data. What is the state I want to end up at what is a problem state or what is a good state? All of this is labels that someone has to enter, and that's not available axe kid, and we're never gonna be able to get it at the scale we wanted. So one of our secret sauce is if you will, is semi supervised learning but basic ideas that we're taking a lot of domain knowledge on using that domain knowledge to figure out what should be the right features for these models so that we can actually train these models in a scalable fashion. If you just throw it a lot of data any I model, it just does not converge. Hardly constructive features on the other thing is, how do I actually define what are good kind of end state conditions? What's a good network? And that's coming from domain knowledge to That's how we're making I scale for the stomach. >> I mean, overall, I would say, as you look at that, some of the parameters in terms of what you want to achieve are actually quite obvious things like fewer dropped calls for a cellular network. You know, that's good. So figuring out what the metrics need to be and what the tuning needs before the network, that's where Hana comes in in terms of the right people. >> All right, so shake her. Give us a little bit of an understanding as to where this fits into the networking portfolio. You know, we heard no we heard from Patty or two ago. You know what would have strong push? Networking is on the NSX number. Speaks for itself is what's happening with that portfolio? >> No, absolutely. In fact, what we're doing here is actually broader than networking. It's sort off very pertinent to the network off a carrier. But that is a bulk off their business, if you will. I think if you sort of go back and look at the emirs of any any, any vision, this is the notion of having any cloud in any application land on any cloud and then any device connected to those applications on that any cloud side we are looking at particularly to cloud pools, one which we call the Telco cloud and the other is the edge cloud. And both of these fortuitously are now becoming sort of transforming the context of five G. So in one case, in the telco cloudy or looking at their core and access networks, the radio networks, all of this getting more cloud ified, which essentially leads toe greater agility in service deployment, and then the edge is a much more distributed architecture. Many points over which you can have compute storage network management and security deployed. So if you now think about the sort of thousands off nodes on dhe virtualized clouds, it is just impossible to manage this manual. So what you do need is greater. I mean, orders of magnitude, greater automation in the ability to go and manage and infrastructure like this. So, with our technology now enhanced by Johanna in that network portfolio in the Telco Edge Cloud portfolio, were able to go back to the carriers and tell them, Look, we're not just foundational infrastructure providers. We can also then help you automate help you get visibility into your networks and just help you overall manager networks better for better customer expedience and better performance. >> So what are some of the use coasters that you see is being enabled by five G? There's a lot of hype about five short the moment and not just five jail. So things like WiFi six. Yeah, it would appear to me that this kind of technique would work equally well for five g Your wife. I short a WiFi six. So what are some of the use cases? You see these thieves service providers with Toko Edge clouds using this for? Yeah, So I think overall, first of all, I'd >> say enterprise use cases are going to become a pretty prominent part off five, even though a lot off the buzz and hype ends up being about consumers and how much bandwidth and data they could get in or whether five chicken passing preys or not. But in fact, things like on premise radio on whether that is private. Lt it's 40 or five t. These are the kinds of Uschi cases that were actually quite excited about because these could be deployed literally today. I mean, sometimes they're not regulated. You can go in with, like, existing architectures. You don't need to wait for standardization to break open a radio architecture. You could actually do it, Um, and >> so this sort off going in and >> providing connectivity on an enterprise network that is an enhanced state off where it is today. We've already started that journey, for example, with yellow cloud and branch networking. Now, if we can take that toe a radio based architecture for enterprise networking, So we think, ah, use case like that would be very prominent. And then based on edge architectures distributed networks now becoming the next generation Cdn is an example. That's another application that we think would be very prominent. And then I think, for consumers just sort of getting things like gaming applications off on edge network. Those are all the kinds of applications that would consume this sort off high skill, reliability and performance. >> Can you give a little sketch of the company pre acquisition, you know, is the product all g eight? How many customers you? Can you say what you have there? Sure >> it does us roughly three years old. The company itself so relatively young. We were around 33 people total. We had a product that is already deployed with chairman Telcos. So it is in production deployment with Chairman Telco Ondas in production trials with a couple of other tier one telcos. So we built a platform to scale to the largest networks in the world on If I, if I were to summarize it, be basically can observe, makes sense or in real time about every user in the network, what their experiences like actually apply. I modeled on top of that to optimize each user's expedience because one of the vision bee had was the network today is optimized for the average. But as all off our web expedience personalized netbook experiences, not personalized can be build a network Very your experiences personalized for you for the applications, your running on it. And this was kind of a foundation for that. >> I mean, we In fact, as we've been deploying our telco Cloud and carrier networks, we've also been counting roughly how many subscribers are being served up. Today we have over 800 million subscribers, and in fact, I was talking to someone and we were talking about that does. Being over 10% off the population of the world is now running on the lack of memory infrastructure. And then along comes Johanna and they can actually fine tune the data right down to a single subscriber. Okay, so now you can see the sort of two ends of the scale problem and how we can do this using a I. It's pretty powerful. Excellent. >> So So if we have any problems with our our service fighters, b tech support and I love to hear from both of you, you know what this acquisition position means for the future of the places and obviously VM wear global footprint. A lot of customers and resource is. But you know what I mean to your team in your product. >> I mean, definitely accelerating how quickly we can now start deploying. This and the rest of the world be as a small company, have very focused on a few key customers to prove the technology we have done that on. I think now it's the face to scale it on. Repeat it across a lot of other customers, but I think it also gives us a broader canvas to play that right. So we were focused on one aspect of the problem which is around, if you will, intelligence and subscriber experience. But I think with the cloud on but the orchestration products that are coming out of the ember, we can now start to imagine a full stock that you could build a network of full carrier network code off using using remote technology. So I think it's a broad, more exciting, actually, for us to be able to integrate not just the network data but also other parts of the stock itself. And >> it strikes me that this probably isn't just limited to telcos, either. The service providers and carriers are one aspect of this bit particularly five G and things like deployments into factory automation. Yes, I can see a lot of enterprise is starting to become much in some ways a little bit like a tell go. And they would definitely benefit from this >> kind of thing. Yeah, I mean, in fact, that's the basis of our internal even bringing our telco and EJ and I ot together and a common infrastructure pool. And so we're looking at that. That's the capability for deploying this type of technology across that. So you're exactly right, >> Checker want to give you the last word, you know, Telco space, you know? And then, obviously the broader cloud has been, you know, a large growth area. What, you want people taking away from the emerald 2019 when it comes to your team? >> Yeah, I think. To me, Calico's have a tremendous opportunity to not just be the plumbing and networking providers that they can in fact, be both the clowns of tomorrow as well as the application providers of tomorrow. And I think we have the technology and both organically as well as through acquisitions like Ohana. Take them there. So I'm just super excited about the journey. Because I think while most of the people are talking about five D as this wave, that is just beginning for us, it's just a perfect coming together on many of these architectures that is going to take telcos into a new world. So we're super excited about taking them. >> Shaker. Thank you so much for joining against auction. Congratulations and good luck on the next phase of you and your team's journey along the way. Thank you. Thank you for Justin. Warren comes to Minutemen, Stay with us. Still a bit more to go for VM World 2019 and, as always, thank you for watching the Cube.