>>Hey everyone, and welcome back to Las Vegas. Viva Las Vegas, baby. This is the Cube live at AWS Reinvent 2022 with tens of thousands of people. Lisa Martin here with Dave Valante. Dave, we've had some great conversations. This is day one of four days of wall to wall coverage on the cube. We've been talking data. Every company is a data company. Data protection, data resiliency, absolutely table stakes for organizations to, >>And I think ecosystem is the other big theme. And that really came to life last year. You know, we came out of the pandemic and it was like, wow, we are entering a new era. People no longer was the ecosystem worried about it, AWS competing with them. They were more worried about innovating and building on top of AWS and building their own value. And that's really, I think, the theme of the 2020s within the ecosystem. >>And we're gonna be talking about building on top of aws. Two guests join us, two alumni join us. Stephen Manley is here, the CTO of Druva. Welcome back. Jason crat as well is here. CIO and CTO of Summit Carbon Solutions. Guys, great to have you back on the program. >>Thank you. >>Let's start with you giving the audience an understanding of the company. What do you guys do? What do you deliver value for customers? All that good >>Stuff. Yeah, no, for sure. So Summit Carbon is the world's largest carbon capture and sequestration company capturing close to 15 million tons of carbon every year. So it doesn't go into the atmosphere. >>Wow, fantastic. Steven, the, the risk landscape today is crazy, right? There's, there's been massive changes. We've talked about this many times. What are some of the things, you know, ransomware is a, is, I know as you say, this is a, it's not a, if it's gonna happen, it's when it's how frequent, it's what's gonna be the damage. What are some of the challenges and concerns that you're hearing from customers out there today? >>Yeah, you know, it really comes down to three things. And, and everybody is, is terrified of ransomware and justifiably so. So, so the first thing that comes up is, how do I keep up? Because I have so much data in so many places, and the threats are evolving so quickly. I don't have enough money, I don't have enough people, I don't have enough skilled resources to be able to keep up. The second thing, and this ties in with what Dave said, is, is ecosystem. You know, it used to be that your, your backup was siloed, right? They'd sit in the basement and, and you wouldn't see, see them. But now they're saying, I've gotta work with my security team. So rather than hoping the security team stays away from me, how do I integrate with them? How do I tie together? And then the third one, which is on everybody's mind, is when that attack happens, and like you said, it's win and, and the bell rings and they come to me and they say, all right, it's time for you to recover. It's time for, for all this investment we've put in. Am I gonna be ready? Am I going to be able to execute? Because a ransom or recovery is so different than any other recovery they've ever done. So it's those three things that really are top of mind for >>How, so what is the, what are the key differences, if you could summarize? I mean, I >>Know it's so, so the first one is you can't trust the environment you're restoring into. Even with a disaster, it would finish and you'd say, okay, I'm gonna get my data center set up again and I'm gonna get things working. You know, when I try to recover, I don't know if everything's clean yet. I'm trying to recover while I'm still going through incident response. So that's one big difference. A second big difference is I'm not sure if the thing I'm recovering is good, I've gotta scan it. I've gotta make sure what's inside it is, is, is alright. And then the third thing is what we're seeing is the targets are usually not necessarily the crown jewels because those tend to be more protected. And so they're running into this, I need to recover a massive amount of what we might call tier two, tier three apps that I wasn't ready for because I've always been prepared for that tier one disaster. And so, so those three things they go, it's stuff I'm not prepared or covering. It's a flow. I'm not used to having to check things and I'm not sure where I'm gonna recover too when the, when the time comes. >>Yeah, just go ahead. Yeah, that's right. I mean, I think for me, the biggest concern is the blind spots of where did I actually back it up or not. You know, what did I get it? Cuz you, we always protect our e r p, we always protect these sort of classes of tiers of systems, but then it's like, oh, that user's email box didn't get it. Oh, that, you know, that one drive didn't get it. You know, or, or, or whatever it is. You know, the infrastructure behind it all. I forgot to back that up. That to me the blind spots are the scariest part of a ransomware attack. >>And, and if you think about it, some of the most high profile attacks, you know, on the, on the colonial pipeline, they didn't go after the core assets. They went after billing. That's right. But billing brought everything down so they're smart enough to say, right, I'm not gonna take the, the castle head on. Is there is they're that. Exactly. >>And so how do you, I get, I mean you can air gap and do things like that in terms of protecting the, the, the data, the corrupt data. How do you protect the corrupt environment? Like that's, that's a really challenging issue. Is >>It? I don't know. I mean, I'll, I'll you can go second here. I think that what's interesting to me about is that's what cloud's for. You can build as many environments as you want. You only pay for what you use, right? And so you have an opportunity to just reconstruct it. That's why things, everything is code matters. That's why having a cloud partner like Druva matters. So you can just go restore wherever you need to in a totally clean environment. >>So the answer is you gotta do it in the cloud. Yeah. What if it's on prem? >>So if it's on prem, what we see people do is, and, and, and this is where testing and, and where cloud can still be an asset, is you can look and say a lot of those assets I'm running in the data center, I could still recover in the cloud. And so you can go through DR testing and you can start to define what's in your on-prem so that you could make it, you know, so you can make it cloud recoverable. Now, a lot of the people that do that then say, well actually why am I even running this on prem anymore in the first place? I should just move this to the cloud now. But, but, but there are people in that interim step. But, but, but it's really important because you, you're gonna need a clean environment to play in. And it's so hard to have a clean environment set up in a data center cuz it basically means I'm not touching this, I'm just paying for something to sit idle. Whereas cloud, I can spin that up, right? Get a, a cloud foundation suite and, and just again, infrastructures code, spin things up, test it, spin it down. It doesn't cost me money on a daily basis. >>Jason, talk a little bit about how you are using Druva. Why Druva and give us a kind of a landscape of your IT environment with Druva. >>Yeah. You know, so when we first started, you know, we did have a competitor solution and, and, and it was only backing up, you know, we were a startup. It was only backing up our email. And so as you pointed out, the ecosystem really matters because we grew out of email pretty quick as a startup. And we had to have real use cases to protect and the legacy product just wouldn't support us. And so our whole direction, or my direction to my team is back it up wherever it is, you know, go get it. And so we needed somebody in the field, literally in the middle of Nebraska or Iowa to have their laptop backed up. We needed our infrastructure, our data center backed up and we needed our, our SaaS solutions backed up. We needed it all. And so we needed a partner like Druva to help us go get it wherever it's at. >>Talk about the value in, with Druva being cloud native. >>Yeah. To us it's a big deal, right? There's all sorts of products you could go by to go just do endpoint laptop protection or just do SAS backups. For us, the value is in learning one tool and mastering it and then taking it to wherever the data is. To me, we see a lot of value for that because we can have one team focus on one product, get good at it, and drive the value. >>That consolidation theme is big right now, you know, the economic headwinds and so forth. What was the catalyst for you? Was it, is that something you started, you know, years ago? Just it's good practice to do that? What's, >>Well, no, I mean luckily I'm in a very good position as a startup to do define it, you know, but I've been in those legacy organizations where we've got a lot of tech debt and then how do you consolidate your portfolio so that you can gain more value, right? Cause you only get one budget a year, right? And so I'm lucky in, in the learnings I've had in other enterprises to deal with this head on right now as we grow, don't add tech debt, put it in right. Today. >>Talk to us a little bit about the SaaS applications that you're backing up. You know, we, we talk a lot with customers, the shared, the shared responsibility model that a lot of customers aren't aware of. Where are you using that competing solution to protect SaaS applications before driven and talk about Yeah. The, the value in that going, the data protection is our responsibility and not the SA vendor. >>No, absolutely. I mean, and it is funny to go to, you know, it's like Office 365 applications and go to our, our CFO and a leadership and be like, no, we really gotta back it up to a third party. And they're like, but why? >>It's >>In the cloud, right? And so there's a lot of instruction I have to provide to my peers and, and, and my users to help them understand why these things matter. And, and, and it works out really well because we can show value really quick when anything happens. And now we get, I mean, even in SharePoint, people will come to us to restore things when they're fully empowered to do it. But my team's faster. And so we can just get it done for them. And so it's an extra from me, it's an extra SLA or never service level I can provide to my internal customers that, that gives them more faith and trust in my organization. >>How, how are the SEC op teams and the data protection teams, the backup teams, how are they coming together? Is is, is data protection backup just morphing into security? Is it more of an adjacency? What's that dynamic like? >>So I'd say right now, and, and I'll be curious to hear Jason's organization, but certainly what we see broadly is, you know, the, the teams are starting to work together, but I wouldn't say they're merging, right? Because, you know, you think of it in a couple of ways. The first is you've got a production environment and that needs to be secured. And then you've got a protection environment. And that protection environment also has to be secured. So the first conversation for a lot of backup teams is, alright, I need to actually work with the security team to make sure that, that my, my my backup environment, it's air gapped, it's encrypted, it's secured. Then I think the, the then I think you start to see people come together, especially as they go through, say, tabletop exercises for ransomware recovery, where it's, alright, where, where can the backup team add value here? >>Because certainly recovery, that's the basics. But as there log information you can provide, are there detection pieces that you can offer? So, so I think, you know, you start to see a partnership, but, but the reality is, you know, the, the two are still separate, right? Because, you know, my job as a a protection resiliency company is I wanna make sure that when you need your data, it's gonna be there for you. And I certainly want to, to to follow best secure practices and I wanna offer value to the security team, but there's a whole lot of the security ecosystem that I want to plug into. I'm not trying to replace them again. I want to be part of that broader ecosystem. >>So how, how do you guys approach it? Yeah, >>That's interesting. Yeah. So in my organization, we, we are one team and, and not to be too cheesy or you know, whatever, but as Amazon would say, security is job one. And so we treat it as if this is it. And so we never push something into production until we are ready. And ready to us means it's got a security package on it, it's backed up, the users have tested it, we are ready to go. It's not that we're ready just be to provide the service or the thing. It's that we are actually ready to productionize this. And so it's ready for production data and that slows us down in some cases. But that's where DevOps and this idea of just merging everything together into a central, how do we get this done together, has worked out really well for us. So, >>So it's really the DevOps team's responsibility. It's not a separate data protection function. >>Nope. Nope. We have specialists of course, right? Yeah, yeah. Because you need the extra level, the CISSPs and those people Yeah, yeah. To really know what they're doing, but they're just part of the team. Yeah. >>Talk about some of the business outcomes that you're achieving with Druva so far. >>Yeah. The business outcomes for me are, you know, I meet my SLAs that's promising. I can communicate that I feel more secure in the cloud and, and all of my workloads because I can restore it. And, and that to me helps everybody in my organization sleep well, sleep better. We are, we transport a lot of the carbon in a pipeline like Colonial. And so to us, we are, we are potential victims of, of a pipe, a non pipeline group, right? Attacking us, but it's carbon, you know, we're trying to get it outta atmosphere. And so by protecting it, no matter where it is, as long as we've got internet access, we can back it up. That provides tons of value to my team because we have hundreds of people in the field working for us every day who collect data and generate it. >>What would you say to a customer who's maybe on the fence looking at different technologies, why dva? >>You know, I think, you know, do the research in my mind, it'll win if you just do the research, right? I mean, there might be vendors that'll buy you nice dinners or whatever, and those are, those are nice things, but the, the reality is you have to protect your data no matter where it is. If it's in a SaaS application, if it's in a cloud provider, if it's infrastructure, wherever it is, you need it. And if you just go look at the facts, there it is, right? And so I, I'd say be objective. Look at the facts, it'll prove itself. >>Look at the data. There you go. Steven Druva recently announced a data resiliency guarantee with a big whopping financial sum. Talk to us a little bit about that, the value in it for your customers and for prospects, >>Right? So, so basically there's, there's really two parts to this guarantee. The first is, you know, across five different SLAs, and I'll talk about those, you know, if we violate those, the customers can get a payout of up to 10 million, right? So again, putting, putting our money where our mouth is in a pretty large amount. But, but for me, the exciting part, and this is, this is where Jason went, is it's about the SLAs, right? You know, one of Drew's goals is to say, look, we do the job for you, we do the service for you so you can offer that service to your company. And so the SLAs aren't just about ransomware, some of them certainly are, you know, that, that you're going to be able to recover your data in the event of a ransomware attack, that your data won't get exfiltrated as part of a ransomware attack. >>But also things like backup success rates, because as much as recovery matters a lot more than backup, you do need a backup if you're gonna be able to get that recovery done. There's also an SLA to say that, you know, if 10 years down the road you need to recover your data, it's still recoverable, right? So, so that kind of durability piece. And then of course the availability of the service because what's the point of a service if it's not there for you when you need it? And so, so having that breadth of coverage, I think really reflects who Druva is, which is we're doing this job for you, right? We want to make this this service available so you can focus on offering other value inside your business. And >>The insurance underwriters, if they threw holy water on >>That, they, they, they were okay with it. The legal people blessed it, you know, it, you know, the CEO signed off on it, the board of directors. So, you know, it, and it, it's all there in print, it's all there on the web. If you wanna look, you know, make sure, one of the things we wanted to be very clear on is that this isn't just a marketing gimmick that we're, we're putting, that we're putting substance behind it because a lot of these were already in our contracts anyway, because as a SAS vendor, you're signing up for service level agreements anyway. >>Yeah. But most of the service level agreements and SaaS vendors are crap. They're like, you know, hey, you know, if something bad happens, you know, we'll, we'll give you a credit, >>Right? >>For, you know, for when you were down. I mean, it's not, you never get into business impact. I mean, even aws, sorry, I mean, it's true. We're a customer. I read define print, I know what I'm signing up for. But, so that's, >>We read it a lot and we will not, we don't really care about the credits at all. We care about is it their force? Is it a partner? We trust, we fight that every day in our SLAs with our vendors >>In the end, right? I mean this, we are the last line of defense. We are the thing that keeps the business up and running. So if your business, you know, can't get to his data and can't operate, me coming to you and saying, Dave, I've got some credits for you after you, you know, after you declare bankruptcy, it'll be great. Yeah, that's not a win. >>It's no value, >>Not helpful. The goal's gotta be, your business is up and running cuz that's when we're both successful. So, so, so, you know, we view this as we're in it together, right? We wanna make sure your business succeeds. Again, it's not about slight of hand, it's not about, you know, just, just putting fine print in the contract. It's about standing up and delivering. Because if you can't do that, why are we here? Right? The number one thing we hear from our customers is Dr. Just works. And that's the thing I think I'm most proud of is Druva just works. >>So, speaking of Juva, just working, if there's a billboard in Santa Clara near the new offices about Druva, what's, what's the bumper sticker? What's the tagline? >>I, I, I think, I think that's it. I think Druva just works. Keeps your data safe. Simple as that. Safe and secure. Druva works to keep your data safe and secure. >>Saved me. >>Yeah. >>Truva just works. Guys, thanks so much for joining. David, me on the program. Great to have you back on the cube. Thank you. Talking about how you're working together, what Druva is doing to really putting, its its best foot forward. We appreciate your insights and your time. Thank >>You. Thanks guys. It's great to see you guys. Likewise >>The show for our guests and Dave Ante. I'm Lisa Martin, you're watching the Cube, the leader in enterprise and emerging tech coverage.

(soft upbeat music) >> The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know. This had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cyber security strategies. And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President, Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time (indistinct) and chief technology officer at Druva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. Right now I'm going to toss it to Lisa Martin, another one of the hosts, for today's program. Lisa, over to you. (soft upbeat music) >> Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that ransomware that has everybody's attention. And it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also was accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, that we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it >> Inextricably linked. And it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience, for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomwares. The other thing about it is, it's really a lot like Whack-A-Mole. They attack us in one area, and we defend against it, so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded, "I don't think so, because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable the bad guys aren't going to just fade into the night without giving it a lot of fight." So I really think that ransomware is one of those things that is here for the long term, and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was in a worldwide study, it was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, is a little over 500 different individuals across the globe, in North America, select countries in Western Europe as well as several in Asia-Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attack successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't necessarily to be trusted. And so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared, and on the other hand, the results are absolutely horrible. Two thirds of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to... kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready, based on the information you have, and these people are smart people and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason a lot of these have been successful. So that was kind of the key finding to me in kind of the "aha" moment, really, in this whole thing, Lisa. >> That's a massive disconnect, with the vast majority saying, "We have a cyber recovery playbook," yet, nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience, as we said, this is a matter of this is going to happen, just a matter of when and how often? >> It is a matter, yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on-demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you had double the infrastructure if your financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on-demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have, and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >> So what do you think the big issue here is? Is it that these IT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know and until you get into a specific attack... there are so many different ways that organizations can be attacked. And in fact, from this research that we found, is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high probability of recovery, things like that, those are the kinds of things that organizations have to put into place, really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think, "We are prepared, we've got a playbook," yet so many are are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, "Hey guys, across every industry we are vulnerable, this is going to happen, we've got to make sure that we are truly resilient and proactive"? >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the the consequences of ransomware it's not just the ransom, it's the lost productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CISO, whoever it is, they're extremely concerned about this. And I can tell you they are fully engaged in addressing these issues within their organization. >> So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on premises aren't going away, so that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge, is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here, Phil. I wish we had more time. But I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. (gentle music)

>> All right, we'll be back in a moment. We'll have Stephen Manly, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. The attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva data resiliency cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations. Which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software is a service model delivers 24/7 365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches and upgrades for you. Druva also makes zero trust security easy with built in multi-factor authentication, single sign on and roll based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean unencrypted data from the entire timeframe of the attack. Cyber attacks are a major threat, but you can make protection and recovery easy with Druva. (upbeat music) >> Welcome back everyone to theCUBE special presentation with Druva on Why Ransomware Isn't Your Only Problem. I'm John Furrier, host of theCUBE. Our next guest are Stephen Manly's, Chief Technology Officer of Druva and Anjan Srinivas, who is the general manager and Vice President of Product Management at Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic the IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment, I really appreciate it. Thanks for coming on. >> Great to be here John. >> So what's your thoughts on the survey's conclusion, obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems. Disruption, I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is on the one hand everybody who sees the survey, who reads it's is going to say, well, that's obvious. Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into. But one of the things that I hear on a daily basis from the customers is it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping it ideally from all the tooling that needed to do. A lot of people are even still wondering when that happens next time what do I even do? So clearly not very surprising. Clearly I think it's here to stay. And I think as long as people don't retool for a modern era of data management, this is going to stay this way. >> Yeah, I mean, I hear this whole time in our CUBE conversations with practitioners. It's kind of like the security program, give me more tools I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side because people claim that they have tools at fine points of recovery opportunities but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? Because I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing but it doesn't seem as confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first and Stephen can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said it could solve your problem. But they haven't had a chance to take a relook from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities and which tooling set needs to lie where, where does the logic need to reside. And what at Druva of we are watching people do and people do it successfully, is that as they have adopted Druva technology which is ground up built for the cloud, and really built in a way which is driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware. And then there is a whole plethora of ecosystem players that kind of combine to really really finish the story so to say, right? So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> I was going to say I mean, one of the really interesting things in this survey for me and for a moment, little more than a moment it made me think was the large number of respondents who said, I've got a really efficient well run back up environment. Who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well, if your backup environment is so good, why do you have such low confidence? And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture and let's face it, the disbase architecture has been around for almost two decades now in terms of disbased backup. You can have that tune to the help, that can be running as efficiently as you want it. But it was built before the ransomware attacks, before all these cyber issues really started hitting companies. And so I have this really well run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, I'm doing the best I can, but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Well, that's a great point. And before we get into the customer side I want to get to in second. I interviewed Jaspreet, the founded and CEO many years ago even before the pandemic and you mentioned modern. You guys have always had the cloud with Druva, this is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? Because that's a great point. A lot of stuff was built kind of back up and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now is a huge issue. >> I think to me there's three things that come up over and over and over again as we talk to people in terms of being built in cloud, being cloud native, why isn't an advantage? The first one is security and ransomware. And we can go deeper but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And this certainly plays into account as your business grows or in some cases as you shrink or repurpose workloads you're only paying for what you use. But it also plays a big role again when you start thinking of ransomware recoveries because we can scale your recovery in cloud on premises as much or as little as you want. And then I think the third one is we're seeing basically things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being SaaS service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, wow, I need it six months in the lab before I upgrade it and it's an 18 month, 24 month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >> That says it. Anjan, you got the product side, it's a challenging job 'cause you have so many customers asking for things probably on the roadmap you probably go hour for that one. But I want to get your thoughts on what you're hearing and seeing from customers. we just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing, what's the key customer need? How are you guys responding? >> Yeah, actually I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now, where we come in as Druva is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate. Because this is just not about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate we're in the middle of the war so to say, right? The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour while they're just trying to live one day at a time. And unless they really develop this overall security operating model helped by cloud native technologies like Druva that is really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure not just beyond backups, beyond just the data protection that we all know of into this kind of this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS. And we are going to be continuing to evolve that to further many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So the new workloads, the new security capabilities. Love that, good call out there. Stephen there's still the issue of the disruption side of it. You guys have a guarantee, there's a cost to ownership as you get more tools. Can you talk about that angle of it? Because you got new workloads, you got the new security needs, what's the disruption impact? Because you won't avoid that, how much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, again, we're willing to put our money where our mouth is and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say, the goal of Druva is to do the job of protecting and securing your data for you. So that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from your data is going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally. And we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover it 30 years from now, that data is going to be recovered. So we wanted to really attack the end to end risks that affect our customers. Cybersecurity is a big deal but it is not the only problem out there. And the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great point. Ransomware isn't the only problem, that's the title of this presentation. But it's a big one and people concerned about it so great stuff. And the last five minutes guys if you don't mind, I'd love to have you share what's on the horizon for Druva. You mentioned the new workloads Anjan, you mentioned this new security hearing shift left, DevOps is now the developer model, they're running IT. Yet data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching and how are you guys putting that together to stay ahead in the marketplace and the competition? >> I think listening to our customers, what we realize is they need help with the public cloud number one. I think that's a big wave of consumption. People are consolidating their data centers moving to the public cloud. They need help in expanding data protection which becomes the basis of a lot of the security operating model that I talked about. They need that first from Druva before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer which I think is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor. And look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build all the way from a feature level where we have things like recycle bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it. But also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights and security. And that's where my focus is to go and get those features delivered. And Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure. So John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds if not thousands of SaaS applications. And a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce. Because if you think about it, if someone deletes some really important records in Salesforce, that's actually kind of the record of your business. And so we're looking at one more SaaS application protection and really getting deep in that application awareness. It's not just about backup and recovery. When you look at something like a Salesforce or something like a Microsoft 365, you do want to look into sandboxing, you want to look into long term archival. Because this is the new record of the business, what used to be in your on-premises databases that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous. So that customers, again, I want to do the job for them, we'll do all the tuning, we'll do all the management for them. To be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff, Anjan. >> And remember John, I think all this while keeping things really easy to consume, consumer grade UI, APIs. And during the power of SaaS as a service simplicity to kind of continue on amongst kind of keeping these complex technologies together. >> Anjan, that's a great call out. I was going to mention ease of use and self-service, big part of the developer and IT experience expected it's a table stakes, love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But at the end of the day, automation, cross cloud protection and security to protect and recover. This is huge and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You got the experts talk about the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Allante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva data resiliency cloud is the only 100% SaaS data resiliency platform that provides centralized, secure air gapped and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyber attacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup up and recovery, but also data resiliency across high value use cases such as e-discovery, sensitive data governance, ransomware and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability and ransomware protection. The Druva data resiliency cloud, your data always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past two plus years, a lot of good technology practices have been put into place. But there's much more work to be done, specifically because the frequency of attacks is on the rise and the severity of lost, stolen or inaccessible data is so much higher today. Business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a systems view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed/accuracy of recovery. We hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net and you'll see all the content. Or you can go to druva.com. There are tons of resources available including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching Why Ransomware Isn't Your Only Problem made possible by Druva. A collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

(energizing music) >> Welcome back, everyone to the Cube and Druva special presentation of why ransomware isn't your only problem. I'm John Furrier, host of The Cube. We're here with W. Curtis Preston, Curtis Preston as he is known in the industry, Chief Technical Cult Evangelist at Druva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. >> Happy to be here. >> So we always see each other events now. Events are back, so it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I can get your thoughts, and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's the survey results really, I'd like to say that they surprised me, but unfortunately they didn't. The data protection world has been this way or a while where there's this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been successfully hit by ransomware, paid the ransom and or lost data. And yet the same people that were surveyed, they had the high degrees of confidence in their backup system and you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know has been a while, it's that problem of, you know nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh the backup system's great, because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know, we're good boss, we got this covered. >> Good, it's all good, it's all good. >> Yeah, the fingers crossed, right? So again, this is the reality and as it becomes backup and recovery, which we've talked about many times on The Cube, certainly we have with you before, but now with ransomware also, the other thing is people get ransomware hit multiple times. So it's not only like to get hit once. So you know, this is a constant chasing the tail on some ends, but there are some tools out there that you guys have a solution. And so let's get into that. You know, you have had hands on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, that there was a huge percentage of people that said that they had a you know, a ransomware response, you know in readiness program. And you look at that and how could you be, that higher percentage of people be comfortable with their ransomware readiness program and you know which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as as a person who, you know, has spent my entire career trying to help people successfully recover their data that number I think just hurt me the most is that, because you talked about reinfections. The surest way to guarantee that you get re-attacked and reinfected, is to pay the ransom. This goes back all the way, ransom since the beginning of time, right? Everyone knows if you pay the blackmail all you're telling people is that you pay blackmail. >> And you're in business, you're a good customer. ARR, (indistinct) >> Yeah, exactly. So the fact that, you know 60 what, two thirds, of the people that were attacked by ransomware paid the ransom, that one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, it's super important to get back in recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said the ARR, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change, you're tooling, right? So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things starting with the aspect that I mentioned before that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand you know what, that's a good idea, Curtis why don't you look into that? Right, nobody wants to be-- >> Where's that guy now? He doesn't work here anymore. Yeah, but I hear where you come from. >> Exactly. >> Psychology. >> Yeah, so there's that. But then the second is that because of that no one's looking at the fact that backups are the attack vector, they become the attack vector. And so because they're the attack vector they have to be protected as much if not more than the rest of the environment. The rest of the environment can live off of active directory and you know, things like Okta so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment, why? Because if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, hey, we'll just take out the backup first so they can't backup, so we got the ransomware. It makes sense. >> Yeah, exactly. The largest ransomware group out there the Conti Ransomware Group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored and they are exfiltrating the backups first and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well again, you've got to fully segregate that data. There are, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know with other commercial products. You can take a standard product and put a number of layers of defense on top of it or you can switch to the way Druva does things which is a SAS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the, it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, that's the other thing, is that by storing the data in the cloud, we do and I've said this a few times, that you get to break the laws of physics. And the only way to do that is time travel. And that's what... (chuckles) so yeah, so Druva has time travel. This isn't a criticism, by the way. I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of, what I mean by time travel in that you basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre restoring your data as often as you tell us to do to bring your DR environment up to the current environment as quickly as we can. So that in a disaster recovery scenario which is part of your ransomware response, right? Again, there are many different parts but when you get to actually restoring the data you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics, is you break the laws of time. >> Well, everyone wants to know the next question, and this is the real big question is, are you from the future? >> Yeah. Very much the future. >> What's it like in the future? Back at recovery as a restorer, air gaping everything? >> Yeah. It, well it's a world where people don't have to worry about their backups. I like to use the phrase, get out of the backup business. Just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter and I often make the joke that if I've known how great grandkids were I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah. And what's great about your background is you've got a lot of historical perspective. I've seen that in the ways of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on and got things automated things got to be rocking and rolling. >> Absolutely. Yeah, I do remember again, having worked so hard with many clients over the years, back then we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to you know, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right, to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean security's a big part of it. Data's in the middle of it. All this is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. (bright music)

>> The past 2 1/2 years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This we know. This had several ripple effects on CSO and CIO strategies that were highly visible at the Board of Directors' level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies, and more specifically, CIOs quickly realized that their business resilience strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to "Why Ransomware isn't Your Only Problem," a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today, we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President Phil Goodwin is here to share the highlights of the study and to summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically, and data protection, generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time CUBE alum and Chief Technology Officer at Druva, and Anjan is Vice President and General Manager of Product Management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. But right now I'm going to toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. (upbeat music) >> Bill Goodwin joins me next, the VP of Research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyberattacks massively increasing, the threat landscape changing so much. What is IDC seeing? >> You know, you really hit the top topic that we find from IT organizations as well as business organizations. And really, it's that digital resilience, that ransomware that has everybody's attention, and it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also has accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty, and this is relatively new for 2022, but within IDC we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to have the scale up or scale down on demand nature of cloud. So those are, in a nutshell, kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You can't have IT resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked, and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomers. The other thing about it is it's really a lot like Whac-A-Mole, you know. They attack us in one area and we defend against it so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that is here for the long term and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware? >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it was a little over 500 different individuals across the globe in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries there were 20 different industries represented, they're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, you know, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet, when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than 1/3 of organizations were able to fully recover their data without paying the ransom, and some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't necessarily to be trusted, and so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, wow. On the one hand, people think they're really, really prepared, and on the other hand, the results are absolutely horrible. You know, 2/3 of people having to pay the ransom. So you start to ask yourself, well, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing. You think you're ready, based on the information you have. And these people are smart people, and they're professionals, but oftentimes, you don't know what you don't know. And like I said, the bad guys are always dreaming up new ways to attack us. And so, I think, for that reason, a lot of these have been successful. So that was kind of the key finding to me and kind of the aha moment really in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly 1/2 being the victims of ransomware in the last three years, and then 1/2 of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen, just a matter of when and how often. >> It is a matter, yeah, as you said, it's not if, when, or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services, you know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more, in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You know, you can have on-demand resources. In the old days, when we had disaster recoveries where we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If you're financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts, and that extends the time to recover that they have and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here is? Is it that these IPT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. You don't know what you don't know, and until you get into a specific attack, you know, there are so many different ways that organizations can be attacked. And, in fact, from this research that we found is that, in many cases, data exfiltration exceeds data corruption by about 50%. But when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place, really as a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous. What do you recommend organizations do? You talked to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is going to happen. We've got to make sure that we are truly resilient and proactive? >> Yes, and in fact, what we found from this research is in more than 1/2 of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the lost productivity, it's the loss of revenue. It's the loss of customer faith and goodwill, and organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, you know, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing those issues within their organization. >> So all the way at the top, and critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen a big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable. But what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it, we're just cracking the surface here, Phil. I wish we had more time, but I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that, take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin, and you are watching theCUBE, the leader in live tech coverage. >> We live in a world of infinite data. Sprawling, dispersed, valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats, and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about, different deployments for workloads running on-premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four to five copies of the same data, increasing costs and risk, building to an incoherent mess of complications. Now, imagine a world free from these complexities. Welcome to the the Druva Data Resiliency Cloud, where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resilience. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. Through a true cloud experience built on Amazon Web Services, the Druva platform automates and manages critical daily tasks, giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly. With the Druva Data Resiliency Cloud, your data isn't just backed up, it's ready to be used 24/7 to meet compliance needs and to extract critical insights. You can archive data for long-term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. Druva is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500, costing up to 50% less than the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Druva makes it simple. (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE and the Druva special presentation of "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W Curtis Preston, Curtis Preston, as he's known in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at "Why Ransomware isn't Your Only Problem." Great to see you, thanks for coming on. >> Happy to be here. >> So we always see each other at events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I'd like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here in this survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately, they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit, successfully hit by ransomware, paid the ransom and/or lost data, and yet the same people that were surveyed, they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system, and so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know. "We're good, boss, we got this covered." >> Yeah, it's all good, it's all good. >> And the fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution, and so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, there was a huge percentage of people that said that they had, you know, a ransomware response, you know, and readiness program. And you look at that, and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program, which includes a number of things, right? There's the cyberattack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number, I think, just hurt me the most is that because, you talked about re-infections. The surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail. >> You're in business, you're a good customer >> Yeah, yeah, exactly. >> for ransomware. >> Yeah, so the fact that, you know, 60, what, 2/3 of the people that were attacked by ransomware paid the ransom. That one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back, and even the psychology of the practitioners was, you know, it's super important to get backup and recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change your tooling. So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things, starting with that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand, "You know, that's a good idea, Curtis, why don't you look into that?" Nobody wants to be- >> Where's that guy now? He doesn't work here anymore. Yeah, I hear where you coming from. >> Exactly. >> It's psychology (indistinct) >> Yeah, so there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of Active Directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if that production environment is compromised, now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't backup. So we got the ransomware." It makes sense. >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first, and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it, or you can switch to the way Druva does things, which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. It's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically, what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, because that's the other thing is that by storing the data in the cloud, and I've said this a few times, you get to break the laws of physics, and the only way to do that is time travel. (both laughing) So yes, so Druva has time travel. And this is a Curtisism, by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it, and that's kind of what I mean by time travel, in that you, basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics is you break the laws of time. >> (laughs) Well, all right, everyone wants to know the next question, and this is a real big question is, are you from the future? >> (laughs) Yeah. Very much the future. >> What's it like in the future, backup, recovery? How does it restore? Is it air gapping everything? >> Yeah, well, it's a world where people don't have to worry about their backups. I like to use the phrase get out of the backup business, just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter, and I often make the joke that if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah, and what's great about your background is you've got a lot of historical perspective. You've seen that, the waves of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on. And got to think automated, things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not, that our customers don't have to do all of those things that all of our competitors have to do to, you know, to break, to try to break the laws of physics, I've been fighting the laws of physics my entire career, to get the backup done in the first place, then to secure all the data, and to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> All right, we'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data, and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches, and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva Data Resiliency Cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software as a service model delivers 24/7/365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches, and upgrades for you. Druva also makes zero trust security easy with built-in multifactor authentication, single sign-on, and role-based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built-in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean, unencrypted data from the entire timeframe of the attack. Cyberattacks are a major threat, but you can make protection and recovery easy with Druva. (electronic music) (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE's special presentation with Druva on "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. Our next guests are Stephen Manley, Chief Technology Officer of Druva, and Anjan Srinivas, who is the General Manager and Vice President of Product Management at Druva. Gentlemen, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic. The IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Great to be here, John. >> So what's your thoughts on the survey's conclusion? Obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is, on the one hand, everybody who sees the survey and reads it is going to say, "Well, that's obvious." Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is, it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that they needed to do. A lot of people are even still wondering, when that happens next time, what do I even do? So clearly not very surprising. Clearly, I think it's here to stay, and I think as long as people don't retool for a modern era of data management, this is going to to stay this way. >> Yeah, I hear this all the time in our CUBE conversations with practitioners. It's kind of like the security pro, give me more tools, I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because, you know, people claim that they have tools at crime points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing, but it doesn't seem there's confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first, and Stephen can add to it. What happens is, I think this is a panic buying and they have accumulated this tooling now just because somebody said they could solve your problem, but they haven't had a chance to take a real look from a ground up perspective to see where are the bottlenecks? Where are the vulnerabilities? And which tooling set needs to lie where? Where does the logic need to reside? And what, in Druva, we are watching people do and people do it successfully, is that as they have adopted Druva technology, which is ground up built for the cloud, and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware, and then there's a whole plethora of ecosystem players that kind of combine to really finish the story, so to say, right? So I think this has been a panic buying situation. This is like, "Get me any help you can give me." And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva, and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> Yes, Stephen? >> I was going to say, I mean, one of the the really interesting things in the survey for me, and for a moment, a little more than a moment, it made me think was that the large number of respondents who said, "I've got a really efficient, well-run back environment," who, then, on basically the next question said, "And I have no confidence that I can recover from a ransomware attack." And you scratch your head and you think, "Well, if your backup environment is so good, why do you have such low confidence?" And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture, and let's face it, the disk-based architecture's been around for almost two decades now, in terms of disk-based backup, you can have that tuned to the hilt. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues, you know, really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, "I'm doing the best I can," but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so, yeah. >> Well, that's a great point. Before we get into the customer side I want to get to in second, you know, I interviewed Jaspreet, the founder and CEO many years ago, even before the pandemic, and you mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built kind of backup and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now. It's a huge issue. >> I think, to me there's three things that come up over and over and over again as we talk to people in terms of, you know, being built in cloud, being cloud native, why is it an advantage? The first one is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. The second advantage is the scalability. And you know, this certainly plays into account as your business grows, or, in some cases, as you shrink or repurpose workloads, you're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on premises as much or as little as you want. And then I think the third one is we're seeing, basically, things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is we're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, "Wow, I needed six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks, and it's backed by Druva to make sure it works. >> Anjan, you know, you got the product side, you know, it's a challenging job 'cause you have so many customers asking for things, probably on the roadmap, you probably can go an hour for that one, but I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated, probably on the feature requests, but also structurally as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think, after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in, as Druva, is that we are providing them the cloud operating model and a data protection operating model, combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate, because this is not just about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate in the middle of the war, so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour, while they're just trying to live one day at a time. And unless they really develop this overall security operating model, helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS, and we are going to be continuing to evolve that to further the many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So new workloads, new security capabilities. Love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? You got new workloads, you got the new security needs, what's the disruption impact? 'Cause you want to avoid that. How much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, you know, again, we're willing to put our money where our mouth is, and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say the goal of Druva is to do the job of protecting and securing your data for you so that you, as a customer, don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks, all with SLAs. So everything from your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally, and we're guaranteeing the long-term durability of the data so that if you backup with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there, and the only way for this to work is to have a service that can provide you SLAs across all of the risks, because that means, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. (laughs) People are concerned about it, so great stuff. In the last five minutes, guys, if you don't mind, I'd love to have you share what's on the horizon for Druva? You mentioned the new workloads, Anjan. You mentioned this new security. You're going to shift left. DevOps is now the developer model. They're running IT. Get data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace and the competition? >> Yeah, I think, listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first, from Druva, before they can start to get into much more advanced level of insights and analytics around that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which, I think, is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor, and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build, all the way from a feature level where we have things like (audio distorts) that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security, and that's where my focus is, to go and get those features delivered, and Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure, so, yeah, so John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications, and a lot of those SaaS applications have data. So there's the obvious things, like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because, if you think about it, if someone you know deletes some really important records in Salesforce, that's actually kind of the record of your business. And so, we're looking at more and more SaaS application protection, and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce, or something like Microsoft 365. You do want to look into sandboxing, you want to look into long-term archival, because this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks, because we're seeing across the globe. And then, of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because, let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud, and then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember, John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and then really the power of SaaS as a service, simplicity to kind of continue on, amongst kind of keeping these complex technologies together. >> Anjan, that's a great callout. I was going to mention ease of use and self-service. Big part of the developer and IT experience. Expected. It's the table stakes. Love the analytic angle, I think that brings the scale to the table, and faster time to value to get to learn best practices. But at the end of the day, automation, cross-cloud protection and security to protect and recover. This is huge, and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You have the experts talk about under the hood, the product, the value, the future of what's going on with Druva, and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva Data Resiliency Cloud is the only 100% SaaS data resiliency platform that provides centralized, secure, air gapped, and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyberattacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds, and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup and recovery, but also data resiliency across high value use cases, such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability, and ransomware protection. The Druva Data Resiliency Cloud, your data, always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past 2+ years, a lot of good technology practices have been put into place, but there's much more work to be done, specifically, because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a system's view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. Here we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net, and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching "Why Ransomware isn't Your Only Problem," made possible by Druva, in collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention, and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment. And, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered. Sometimes it's not. So you look at that and you go, Wow. On, on the one hand, people think they're really, really prepared, and on the other hand, the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue. It's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, It's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact, we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that, Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching the Cube, the leader in live tech coverage. >>We live in a world of infinite data, sprawling, dispersed valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about different deployments for workloads running on premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four of five copies of the same data, increasing costs and risk building to an incoherent mess of complications. Now imagine a world free from these complexities. Welcome to the dr. A data resiliency cloud where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resili. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. >>Through a true cloud experience built on Amazon web services, the DR A platform automates and manages critical daily tasks giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly with the dr A data resiliency cloud, your data isn't just backed up, it's ready to be used 24 7 to meet compliance needs and to extract critical insights. You can archive data for long term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. DVA is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500 costing up to 50% less in the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Dr. A makes it simple. >>Welcome back everyone to the cube and the drew of a special presentation of why ransomware isn't your only problem. I'm John Furrier, host of the Cube. We're here with w Curtis Preston. Curtis Preston, he known in the industry Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. >>Happy to be here. >>So we always see each other events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I to get your thoughts and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >>Yeah, I think it's the, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately they didn't. The, the, the, the data protection world has been this way for a while where there's this, this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit successfully, hit by ransomware, paid the ransom and, and, and or lost data. And yet the same people that were surveyed, they had to high degrees of confidence in their backup system. And I, you know, I, I could, I could probably go on for an hour as to the various reasons why that would be the case, but I, I think that this long running problem that as long as I've been associated with backups, which you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And, and people often just, they, they, they don't wanna have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh, the backup system's great, because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >>It's funny, you know, we're good boss, we got this covered. Good, >>It's all good, it's all good, >>You know, and the fingers crossed, right? So again, this is the reality and, and, and as it becomes backup and recovery, which we've talked about many times on the cube, certainly we have with you before, but now with ransomware also, the other thing is people get ransomware hit multiple times. So it's not, not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution. And so let's get into that. You know, you have had hands on backup experience. What are the points that surprised you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >>Well, I would say that the, the, the one part in the survey that surprised me the most was people that had a huge, you know, that there, there was a huge percentage of people that said that they had a, a, a, you know, a a a ransomware response, you know, in readiness program. And you look at that and you, how could you be, you know, that high percentage of people be comfortable with their ransomware readiness program and a, you know, which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so your, you believe that your company was ready for that, and then you go, and I, I think it was 67% of the people in the survey paid the ransom, which as, as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most is that because you, you talked about re infections, the surest way to guarantee that you get rein attacked and reinfected is to pay the ransom. This goes back all the way ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail and >>You're in business, you're a good customer arr for ransomware. >>Yeah. So the, the fact that, you know, 60 what two thirds of the people that were attacked by ransomware paid the ransom. That one statistic just, just hurt my heart. >>Yeah. And I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, it's super important to get back in recovery and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, the arr joking, but there's recurring revenue for the, for the bad guys if they know you're paying up and if you're stupid enough not to change, you're tooling, right? So, so again, it works both ways. So I gotta ask you, why do you think so many are unable to successfully respond after an attack? Is it because they know it's coming? I mean, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding and successfully to this? >>I I think it's a, it's a litany of thing starting with the, that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if, if you're the one that raises their hand, you know what, that's a good idea, Curtis, why don't you look into that? Right. Nobody, nobody wants to be, Where's >>That guy now? He doesn't work here anymore. Yeah, but I I I hear where you come from exactly. Psychology. >>Yeah. So there, there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They, they, they become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate for from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if you, if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then you've, if, if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I, and I just don't think that people are thinking about that. Yeah. You know, and they're using the same backup techniques that they've used for many, many years. >>So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, Hey, we'll just take out the backup first so they can backup. So we got the ransomware it >>Makes Yeah, exactly. The the largest ransomware group out there, the KTI ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. >>Okay, so you guys have a lot of customers, they all kind of have the same this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >>Well, again, you, you've got to fully segregate that data. There are, and, and everything about how that data is stored and everything about how that data's created and accessed. There are ways to do that with other, you know, with other commercial products, you can take a, a, a standard product and put a number of layers of defense on top of it, or you can switch to the, the way Druva does things, which is a SAS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the, the, it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the, the way juva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work with us. You just log in and you get all of that. >>I guess how do, how do you break the laws of physics? I guess that's the question here. >>Well, when, because that's the other thing is that by storing the data in the cloud, we, we do, and I've said this a few times, that you get to break the laws of physics and the, the only way to do that is to, is time travel and what, that's what it, so yeah, so Druva has time travel. What, and this is a criticism by the way. I don't think this is our official position, but Yeah. But the, the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of what I mean by time travel in that you basically, you configure your dr your disaster recovery environment in, in DVA one time. And then we are pre restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go the, the data should already be restored. And that's the, i that's the way that you break the laws of physics is you break the laws of time. >>Well, I, everyone wants to know the next question, and this is the real big question, is, are you from the future? >>Yeah. Very much the future. >>What's it like in the future? Backup recovery as a restore, Is it air gaping? Everything? >>Yeah. It, it, it, Well it's a world where people don't have to worry about their backups. I I like to use the phrase, get outta the backup business. Just get into the ReSTOR business. I I, you know, I'm, I'm a grandfather now and I, and I love having a granddaughter and I often make the joke that if I don't, if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about >>Backups. Yeah. And what's great about your background is you've got a lot of historical perspective. You've seen that been in the ways of innovation now it's really is about the recovery and real time. So a lot of good stuff going on. And God think automated thingss gotta be rocking and rolling. >>Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to, you know, to, to break, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I, I wish that, I wish everybody had that ability. >>Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream front lines. Great stuff Chris, great to have you on, bring that perspective and thanks for the insight. Really >>Appreciate it. Always happy to talk about my favorite subject. >>All right, we'll be back in a moment. We'll have Steven Manley, the cto and on John Shva, the GM and VP of Product Manage will join me. You're watching the cube, the leader in high tech enterprise coverage. >>Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability, scans, patches and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released after an attack. Recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the DR A data resiliency cloud on your side. The DR A platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. >>Our software as a service model delivers 24 7 365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches and upgrades for you. DVA also makes zero trust security easy with builtin multifactor authentication, single sign-on and role-based access controls in the event of an attack. Druva helps you stop the spread of ransomware and quickly understand what went wrong. With builtin access insights and anomaly detection, then you can use industry first tools and services to automate the recovery of clean unencrypted data from the entire timeframe of the attack. Cyber attacks are a major threat, but you can make protection and recovery easy with dva. >>Welcome back everyone to the Cubes special presentation with DVA on why ransomware isn't your only problem. I'm John er, host of the Cube. Our next guest are Steven Manley, Chief Technology Officer of dva and I, John Trini VAs, who is the general manager and vice president of product management and Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic, the IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >>Great to be here John. >>So what's your thoughts on the survey's conclusion? I've obviously the resilience is huge. Ransomware is continues to thunder away at businesses and causes a lot of problems. Disruption, I mean just it's endless ransomware problems. What's your thoughts on the con conclusion? >>So I'll say the, the thing that pops out to me is, is on the one hand, everybody who sees the survey, who reads, it's gonna say, well that's obvious. Of course ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But, but I think when you dig deeper and there and there's a lot of subtleties to look into, but, but one of the things that, that I hear on a daily basis from the customers is it's because the problem keeps evolving. It, it's not as if the threat was a static thing to just be solved and you're done because the threat keeps evolving. It remains top of mind for everybody because it's so hard to keep up with with what's happening in terms of the attacks. >>And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping it away from all the tooling that needed to do. A lot of people are even still wondering when that happens next time, what do I even do? So clearly not very surprising. Clearly I think it's here to stay and I think as long as people don't retool for a modern era of data management, this is going to stay this >>Way. Yeah, I mean I hear this whole time and our cube conversations with practitioners, you know there, it's kind of like the security pro give me more tools, I'll buy anything that comes in the market. I'm desperate. There's definitely attention but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because you know, people claim that they have tools at fine points of, of recovery opportunities but they can't get there. So it seems to be that there's a confidence problem here in the market. What, how do you guys see that? Cuz I think this is where the rubber meets the road with ransomware cuz it's, it is a moving train, it's always changing but it doesn't seem as confidence. Can you guys talk about that? What's your reaction? >>Yeah, let me jump in first and Steven can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said could solve your problem, but they haven't had a chance to take a re-look from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities and which tooling set needs to lie? Where, where does the logic need to recite and what in Drew we are watching people do and people do it successfully, is that as they have adopted through our technology, which is ground up built for the cloud and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware. >>And then there's a whole plethora of ecosystem players that kind of combine to really really finish the story so to say, right? So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and tried to identify the right set of ecosystem to really bring together to solve it meaningfully. >>Steven, >>I was gonna say, I mean one, one of the, one of the really interesting things in the survey for me and, and, and for a moment, little more than a moment, it made me think was that the large number of respondents who said I've got a really efficient well run backup environment, who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well if your backup environment is so good, why do you have such low confidence? And, and, and I think that's the moment when we, we dug deeper and we realized, you know, if you've got a traditional architecture and let's face the dis base architecture's been around for almost two decades now in terms of dis based backup, you can have that tune to the help that can be running as efficiently, efficiently as you want it, but it was built before the ransomware attacks before, before all these cyber issues, you know, really start hitting companies. And so I have this really well run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying I'm doing the best I can, but as Angen pointed out, the architecture, the tooling isn't there to support what, what problems I need to solve today. Yeah, >>Great point. And so yeah, well that's a great point. Before we get into the customer side, I wanna get to in second, you know, I interviewed Jare, the the founder CEO many years ago, even before the pandemic. You mentioned modern, you guys have always had the cloud, which r this is huge. Now that you're past the pandemic, what is that modern cloud edge you guys have? Cuz that's a great point. A lot of stuff was built kind of Beckham recovery bolted on, not really kind of designed into the, the current state of the infrastructure and the cloud native application modern environment we're seeing. Right? Now's a huge issue >>I think. I think it's, it's to me there's, there's three things that come up over and over and over again as, as we talk to people in terms of, you know, being built in cloud, being cloud native, why is an advantage? The first one is, is security and ransomware. And, and, and we can go deeper, but the most obvious one that always comes up is every single backup you do with DVA is air gap offsite managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And you know this, this certainly plays into account as your, your business grows or in some cases as you shrink or repurpose workloads, you're only paying for what you use. >>But it also plays a a big role again when you start thinking of ransomware recoveries because we can scale your recovery in cloud on premises as much or as little as you want. And then I think the third one is we're seeing a basically things evolving new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SA service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting, you know, the customer doesn't have to say, Wow, I need it six months in the lab before I upgrade it and it's an 18 month, 24 month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >>That says on John, you know, you got the, the product side, you know, it's challenging job cuz you have so many customers asking for things probably on the roadmap you probably go hour for that one. But I wanna get your thoughts on what you're hearing and seeing from customers. You know, we just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated on the, probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing, what's the key customer need? How are you guys responding? >>Yeah, actually I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges because we see customers and help customers who are getting challenge by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in as rua is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate because this is just not about a piece of technology. >>On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on but innovating faster with faster, with less. And that has been this age old problem, do more with less. But in this, in this whole, they're like trying to innovate in the middle of the war so to say, right, the war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at a hundred miles per hour while they're just, you know, trying to live one day at a time. >>And unless they really develop this overall security operating model helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this kind of this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with now. Drew is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC two offering to protect EC two virtual machines back in aws and we are gonna be continuing to evolve that to further many services that public cloud software cuz our customers are really kind of consuming them at breakneck speed. >>So the new workloads, the new security capabilities. Love that. Good, good call out there. Steven, this still the issue of the disruption side of it, you guys have a guarantee there's a cost of ownership as you get more tools. Can you talk about that angle of it? Because this is, you got new workloads, you got the new security needs, what's the disruption impact? Cause you know, you won't avoid that. How much is it gonna cost you? And you guys have this guarantee, can you explain that? >>Yeah, absolutely. So, so Dr launched our 10 million data resiliency guarantee. And, and for us, you know, there were, there were really two key parts to this. The first obviously is 10 million means that, you know, again we're, we're we're willing to put our money where our mouth is and, and that's a big deal, right? That that, that we're willing to back this with the guarantee. But then the second part, and, and, and this is the part that I think reflects that, that sort of model that Angen was talking about, we, we sort of look at this and we say the goal of DVA is to do the job of protecting and securing your data for you so that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from, you know, your data's gonna be recoverable in the case of a ransomware attack. >>Okay, that's good. Of course for it to be recoverable, we're also guaranteeing, you know, your backup, your backup success rate. We're also guaranteeing the availability of the service. You know, we're, we're guaranteeing that the data that we're storing for you can't be compromised or leaked externally and you know, we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover 30 years from now, that data's gonna be recovered. So we wanted to really attack the end to end, you know, risks that, that, that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there and the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SAS vendor, we're doing the job for you so you're buying results as opposed to technology. >>That's great. Great point. Ransomware isn't the only problem that's the title of this presentation, but is a big one. People concerned about it. So great stuff. In the last five minutes guys, if you don't mind, I'd love to have you share what's on the horizon for dva. You mentioned the new workloads on John, you mentioned this new security hearing shift left DevOps is now the developer model, they're running it get data and security teams now stepping in and trying to be as vo high velocity as possible for the developers and enterprises. What's on the horizon, Ava? What trends is the company watching and how are you guys putting that together to stay ahead in the marketplace and the competition? >>Yeah, I think listening to our customers, what we realize is they need help with the public cloud. Number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first from before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which I think is very unique to thwa because only we can look at multiple tenants, multiple customers because we are a SAS vendor and look at insights and give them best practices and guidances and analytics that nobody else can give. >>There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need, what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are gonna build all the way from a feature level where we have things like recycle bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights and security and that's where my focus is to go and get those features delivered and Steven can add a few more things around services that Steven is looking to build in launch. >>Sure. So, so yeah, so, so John, I think one of the other areas that we see just an enormous groundswell of interest. So, so public cloud is important, but there are more and more organizations that are running hundreds if not thousands of SaaS applications and a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365 Google workspace, but we're also seeing a lot of interest in protecting Salesforce because if you think about it, you know, if you, if if someone you know deletes some really important records in Salesforce, that's, that's actually actually kind of the record of your business. And so, you know, we're looking at more and more SaaS application protection and, and really getting deep in that application awareness. It's not just about backup and recovery. When you look at something like, like a sales force or something like Microsoft 365, you do wanna look into sandboxing, you wanna, you wanna look into long term archival because again, this is the new record of the business, what used to be in your on premises databases that all lives in cloud and SaaS applications now. >>So that's a really big area of investment for us. The second one, just to echo what, what engine said is, you know, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them, will do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your, your data up more cleanly, you're gonna be a lot less worried and a lot less exposed from that attack happens. So we want to be able to again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline. We've got to deliver value to our customers, not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >>That's great stuff. Run John. >>And remember John, I think all this while keeping things really easy to consume consumer grade UI APIs and the, the really, the power of SaaS as a service simplicity to kind of continue on amongst kind of keeping these complex technologies together. >>Aj, that's a great call out. I was gonna mention ease of use is and self-service, big part of the developer and IT experience expected, it's the table stakes, love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But the end of the day automation, cross cloud protection and security to protect and recover. This is huge and this is big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of of the product. Thanks for coming on. Appreciate it. >>Thank you very much. >>Okay, there it is. You got the experts talking about under the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Ante will give you some closing thoughts on the subject here you're watching the cube, the leader in high tech enterprise coverage. >>As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The dr. A Data Resiliency Cloud is the only 100% SAS data resiliency platform that provides centralized, secure air gapped and immutable backup and recovery. With dva, your data is safe with multiple layers of protection and is ready for fast recovery from cyber attack, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds and your business critical SaaS applications. Druva is the only 100% SAS fender that can manage, govern, and protect data across multiple clouds and business critical SAS applications. It supports not just backup and recovery, but also data resiliency across high value use cases such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale storage optimization, data immutability and ransomware protection. The DVA data resiliency cloud your data always safe, always ready. Visit druva.com today to schedule a free demo. >>One of the big takeaways from today's program is that in the scramble to keep business flowing over the past two plus years, a lot of good technology practices have been put into place, but there's much more work to be done specifically because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher. Today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a systems' view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. You know, we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you gotta do is go to the cube.net and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching why Ransomware isn't your only problem Made possible by dva, a collaboration with IDC and presented by the Cube, your leader in enterprise and emerging tech coverage.

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva, and Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment and, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered, sometimes it's not. So you look at that and you go, Wow. On, on the one hand people think they're really, really prepared and on the other hand the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue, it's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that. Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching The Cube, the leader in live tech coverage.

(bright inspirational music) >> Welcome back everyone to theCUBE and the Druva special presentation of, "Why Ransomware Isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W. Curtis Preston. Curtis Preston, as you know in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at, "Why Ransomware Isn't Your Only Problem." Great to see you. Thanks for coming on. >> Happy to be here. >> So we always see each other events, now events are back. So it's great to have you here for this special presentation. The White Paper from IDC really talks about this in detail. Like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's... The survey results really I'd like to say that they surprised me, but unfortunately they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit- successfully hit by ransomware, paid the ransom and/or lost data. And yet the same people that were surveyed they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just they don't want to have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know, "We're good boss, we got this covered." >> Good. All good. It's all good. >> Fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once. So, you know, this is a constant chasing the tail on some ends, but there are some tools out there. You guys have a solution. And so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, that there was a huge percentage of people that said that they had a, you know, a ransomware response, you know, and readiness program. And you look at that and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program and a, you know, which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most is that because you talked about re-infections the surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail all you're telling people is that you pay blackmail. >> You're in business, you're a good customer. ALR for ransomware. >> Yeah. So, the fact that, you know, 60, what, two-thirds of the people that were attacked by ransomware paid the ransom. That one statistic just, just hurt my heart. >> Yeah. And I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, super important to get back in recovery. And that's been around for a long time. But now that's an attack vector, okay? And there's dollars involved, like I said, ALR, I'm joking but there's recurring revenue for the for the bad guys if they know you're paying up and if you're stupid enough not to change you're tooling. Right? So again, it works both ways. So, I got to ask you, why do you think so many organizations are unable to successfully respond after an attack? Is it because- they know it's coming. I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things starting with that aspect that I mentioned before that nobody wants to have anything to do with the backup system, right? So, nobody wants to be the one to raise their hand because if you're the one that raises their hand "You know what, that's a good idea, Curtis, why don't you look into that?" Right? Nobody wants to be responsible- >> Where's that guy now? He doesn't work here anymore. Yeah, but I hear where you coming from. Psychology (indistinct). >> Yeah. So there's that. But then the second is that because of that no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector they have to be protected as much, if not more, than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like Okta so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if you, if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, if the production system is compromised then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't back-up. So we got the ransomware." >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. Right? >> Okay, so you guys have a lot of customers They all kind of have the same- this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, There are, and everything about how that data is stored and everything about how that data is created and accessed. There are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it or you can switch to the way Druva does things which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the- it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work with us. You just login and you get all of that. >> I guess how do you break the laws of physics? I guess that's the question here. >> Well, when, because that's the other thing is that by storing the data in the cloud, we do it, and I've said this a few times, that you get to break the laws of physics. And the only way to do that is to, is time travel. And that's what, so yeah. So Druva has time travel. What, and this is a courtisism by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of what I mean by time travel. In that you, basically, you configure your DR, your disaster recovery environment in Druva one time. And then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario which is part of your ransomware response, right? Again, there are many different parts but when you get to actually restoring the data you should be able to just push a button and go. The data should already be restored. And that's the, that's the way that you of physics is you break the laws of time. >> Well, I and everyone wants to know the next question, and this is the real big question is, are you from the future? (light chuckling) >> Yeah. Very much the future. >> What's it like in the future, back-up recovery, how's it restored? Is it air gapping everything? >> Yeah, it, well, it's a world where people don't have to worry about their backups. I like to use the phrase, "get out of the backup business. Just get into the restore business." I, you know, I'm a grandfather now and I love having a granddaughter and I often make the joke that if I'd have known how great grandkids were I would've skipped straight to them. Right? Not possible. Just like this. Recoveries are great. Backups are really hard. So, in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah. And what's great about your background is you've got a lot of historical perspective. I've seen that in the ways of innovation now it's really is about the recovery and real time. So a lot of good stuff going on and got to think automated. Things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to, you know, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right? To air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish that, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it. All this is now mainstream front lines. Great stuff. Curtis, great to have you on, bring that perspective and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> Alright. We'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. (gentle scientific music)

(upbeat music) >> Welcome back everyone to theCUBE special presentation with Druva on why ransomware isn't your only problem. I'm John Furrier, your host of theCUBE. Our next guest are Stephen Manly, Chief Technology Officer of Druva. And Anjan Srinivas, who is the general manager and vice president of product management in Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic, the IDC White Paper that you guys put together with IDC. Really nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Anjan: Great to be here John. >> So what's your thoughts on the survey's conclusion? Obviously the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is on the one hand, everybody who sees the survey, who reads, it's going to say, well that's obvious. Of course ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that needed to do. A lot of people are even still wondering when that happens next time, what do I even do? So clearly not very surprising. Clearly I think it's here to stay and I think as long as people don't retool for a modern era of data management, this is going to stay this way. >> Yeah, I mean I hear this all the time in our CUBE conversations with practitioners It's like the security product. Give me more tools. I'll buy anything that comes in the market. I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share your insights into what's going on in the product side? Because people claim that they have tools at fine points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'Cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train. It's always changing, but it doesn't seem this confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first and Stephen can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said could solve your problem but they haven't had a chance to take a relook from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities, and which tooling set needs to lie where, where does the logic need to reside? And what a Druva, we are watching people do and people do it successfully is that as they have adopted Druva technology, which is ground up built for the cloud and really built in a way which is driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really mitigating this ransomware. And then there is a whole plethora of ecosystem players that combine really, really finish the story so to say. So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> John: Yes, Stephen. >> I was going to say, one of the really interesting things in the survey for me and for a moment, little more than a moment, it made me think was that the large number of respondents who said I've got a really efficient well-run backup environment who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well if your backup environment is so good, why do you have such low confidence? And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture and let's face it, the disk-based architecture's been around for almost two decades now in terms of disk-based backup, you can have that tune to the health. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, I'm doing the best I can, but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so yeah. >> Well, that's a great point. Before we get into the customer side, I want to get to in second, I interviewed Jaspreet, the founder and CEO, many years ago even before the pandemic. You mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built, backup and recovery bolted on, not really designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now is a huge issue. >> I think, to me, there's three things that come up over and over and over again as we talk to people in terms of being built in cloud, being cloud native, why is it an advantage? The first one is, is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gap, offsite, managed under a separate administrative domain so that you're not retrofitting any air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And this certainly plays into account as your business grows or in some cases as you shrink or repurpose workloads. You're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on-premises as much or as little as you want. And then I think the third one is, we're seeing basically things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, wow, I need it six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >> Anjan, you got the product side. It's challenging job 'cause you have so many customers asking for things probably on the roadmap. You probably go hour for that one. But I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenge by ransomware on a weekly basis, and what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in as Druva is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model, which all fit into that overall security operating model that they are really owning and they need to manage and operate because this is just not about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate when the middle of the war so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at a hundred miles per hour while they're just trying to live one day at a time. And unless they really develop this overall security operating model helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS and we are going to be continuing to evolve that to further many services that public cloud software 'cause our customers are really consuming them at breakneck speed. >> So the new workloads, the new security capabilities, love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? Because this is, you got new workloads, you got the new security needs, what's the disruption impact? 'Cause we won't avoid that. How much it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, again, we're willing to put our money where our mouth is and that's a big deal. That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that model that Anjan was talking about. We look at this and we say, the goal of Druva is to do the job of protecting and securing your data for you so that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from, your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally. And we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there and the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. People concerned about it. So great stuff. In the last five minutes guys, if you don't mind, I'd love to have you share what's on the horizon for Druva. You mentioned the new workloads Anjan. You mentioned this new security hearing shift left. DevOps is now the developer model. They're running IT, yet data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace in the competition? >> Yeah, I think listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first from Druva before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which I think is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need, what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build all the way from a feature level where we have things like recycled bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox, which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security and that's where my focus is to go and get those features delivered. And Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure. So John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications and a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because if you think about it, if someone deletes some really important records in Salesforce, that's actually the record of your business. And so we're looking at more and more SaaS application protection and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce or something like a Microsoft 365, you do want to look into sandboxing, you want to look into long-term archival because, and this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning. We'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed from when attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers, not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and really, the power of SaaS as a service, simplicity to continue on amongst keeping these complex technologies together. >> Anjan that's a great call out. I was going to mention ease of use and self-service. Big part of the developer and IT experience, expected, it's the table stakes. Love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But at the end of the day, automation, cross cloud protection, and security to protect and recover. This is huge and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment. Really under the hood and really the value of the product. Thanks for coming on. Appreciate it. >> Thank you very much. >> Okay, there it is. You got the experts talking about under the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. (gentle music)

(upbeat music) >> Hey everyone, Lisa Martin for theCUBE here. Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape, as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations, as well as business organizations, and really it's that digital resilience, that ransomware that has everybody's attention. And it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC, we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is what we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient. And to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization. Whether it's through digital transformation, or whether it's simply data availability, whatever it might happen to be, digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company These days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably? Or is data resilience to find as something a little bit different? >> Well, sometimes, yeah, that we do get caught using them when one as the other, but data resilience is really a part of digital resilience if you think about the data itself and the context of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked. And it's becoming a corporate initiative. But there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it. And they really avoided confronting that. Nowadays, so many people have been hit by it, that stigma has gone. And so really it is becoming more of a community kind of effort, as people try to defend against these ransomwares. The other thing about it is it's really a lot like Whac-A-Mole. They attack us in one area and we defend against it, so they attack us in another area and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "One of these days, we're going to get pretty well defended against ransomware, and it's going to go away." And I responded, "I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities." And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a lot of fight. So I really think that ransomware is one of those things that is here for the long-term, and something that we we have to address and have to get proactive about. >> You mentioned some stats there. And recently, IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things, let's talk a little bit about the demographics of the survey, and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it's a little over 500 different individuals across the globe, in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, BPO of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high, or very high degree of confidence in their recovery tools, and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a 1/3 of organizations were able to fully recover their data without paying the ransom. And some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't aren't necessarily to be trusted. And so the software that they provide, sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared. And on the other hand, the results are absolutely horrible. 2/3 of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson, "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready based on the information you have. And these people are smart people, and they're professionals. But oftentimes, you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me, and kind of the aha moment, really, in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly half being the victims of ransomware in the last three years. And then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen. Just a matter of when and how often. >> It is a matter. Yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud, where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on demand resources. And in the old days when we had disaster recoveries, where there we had two different data centers and the failover and so forth, you have double the infrastructure. If your financial services, it might even be triple the infrastructure. It's very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly, what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place, to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit. And all of a sudden, they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have. And it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here? Is it that these IT practitioners over 500 that you surveyed across 20 industries, as a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know. And until you get into a specific attack, there are so many different ways that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice, things like encryption, immutability, things like that that organizations can put into place. Certainly, air gaps, having a solid backup foundation to where data is, you have a high probability recovery, things like that. Those are the kinds of things that organizations have to put into place, really, is a baseline to assure that they can recover as fast as possible, and not lose data in the event of our ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities, and as the threat landscape just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners? But does this go all the way up to the board level in terms of, " Hey guys across every industry, we are vulnerable. This is going to happen. We've got to make sure that we are truly resilient and proactive." >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the loss productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing these issues within their organization. >> So all the way at the top, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned, ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved? To the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on-premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and and to be able to take that cloud-centric perspective and apply it on-premises, as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Druva sponsored IDC white paper, fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> I'm, Lisa Martin. You're watching theCUBE, the leader in live tech coverage. (upbeat music)

(gentle music) (background chattering) >> Welcome to theCUBE's continuous coverage of AWS re:Invent 2021. I'm Dave Nicholson, and we are running one of the largest, most important hybrid events in the technology business. We've got two live sets here in Las Vegas, along with our two studios back home. And I'm absolutely delighted to have two fantastic guests with me. I'm joined by Stephen Manley, Chief Technology Officer from Druva. Stephen, welcome. >> Thanks, great to be here. >> Welcome back to theCUBE. >> I know. >> CUBE alumni. >> Love theCUBE. >> Along with Jake Burns, Enterprise Strategist from AWS, which I think stands for Amazon Web Services. >> You are correct, thank you. >> Fantastic, so the first question to you Jake is, well, first welcome, again, enterprise strategist, what does that mean exactly? >> Yeah, so- >> What do you do? (laughing) >> We're a team of former CIOs and CTOs who have all spent most of our time as customers and have all had large-scale success digitally transforming our organizations using the AWS Cloud. And now we work for AWS and we advise and work with some of our largest customers, share what worked for us, what didn't, and help them with the beginning stages of their cloud journey. >> Fantastic. >> And, Dave. Dave, you got to ask him, in the last year how many customers have you met? >> Oh, in the past year, I'm averaging about 150 to 200 different customers per year. >> Nice. >> So in the past three years, it's about 550. >> Nice. So can you remember all their names? Or do you do a lot of, "Hey, buddy. Hey, Sport." >> Jake: It's a lot harder with the masks on. >> Yes. >> But I recognize faces better than I remember the names. >> And Stephen, tell us about Druva. >> Yeah, so Druva, we are a SaaS data protection company. We built the first data resiliency cloud. So think of this as you might have data in endpoints, your data center, in AWS, in SaaS applications, and we're really shifting the discussion from, it's not just about backing it up, it's not just about protecting it anymore. It's about how do you recover it? how do you make sure your data is always on, always available to you? And that's really where we're trying to take the conversation. Is making sure that your data is there when you need it. >> And to be clear, this isn't just about resiliency for data that's in the cloud? This is also- >> Everywhere. >> on-premises? IT as well? >> On-premises, you might have VMs, you might have NAS servers, you might have Oracle databases on-prem, again, you might have endpoints. You might have Salesforce data, all of it. We want to make sure all your data's available to you. >> So let's focus on the relationship between Druva and AWS for a minute. It's always interesting to hear about success stories. Let's talk about inhibitors. What are the things that keep the two of you up at night? What are some of the things that... You talked about former CIOs and CTOs, CTOs like Stephen, you're working with existing CIOs and CTOs in all sorts of organizations, what are the things that are preventing them from leveraging cloud as well as they could be? Stephen, start with you on that. >> Yeah, I'll say the first thing is everybody right now is terrified of Ransomware, right? I met a CIO last night and he said, "My entire agenda for 2021, and now 2022 is security, security, security." And everyone is just searching for solutions to say, "How can I make sure that my environment is secure? How can I make sure my data is secure? Especially from these pretty much ubiquitous Ransomware attacks, because until I get that taken care of, it's really hard for me to get on these cloud transformation journeys." And so a lot of the discussion we have with them is, again, Druva in combination with AWS can actually help solve that Ransomware challenge for you so that instead of thinking it as, "Do one, and then you can do the cloud transformation." Let's put those two together, right? But for me, that's the number one thing, is people are just worried about how they're going to deal with security. >> So they're worried, but Jake, isn't it true, we'll do a little perimysium here. (laughing) Tell me the truth. >> All right. >> Isn't that the case that some people still think that effectively their money is safer under their mattress than in a bank? In other words, "I feel safer with on-prem IT than I do having it in some cloud somewhere." Are we still facing that sort of cultural divide between reality and perception? >> Yeah, there's definitely an education, widespread education effort going on right now. Training and certification, which AWS has a lot of experience with and has fantastic courses I went through when I was a customer, my team went through when we were a customer, we were able to get up-skilled very quickly. That fear of the unknown really the way to solve it is through information, through knowing how the cloud works. And it was so funny, I was just having a conversation right before this with an executive team of one of our largest customers and they were talking about how their CSO was dead set against the cloud and then one day did a complete 180. And we're seeing this all the time. When they realize what the cloud is, all the compliance and controls that we have, all of the redundancy that we have, all the benefits of being in the cloud. Then it seems to be like, there's just a moment where it clicks and then people become strong advocates. So there is still a lot of work to do in that area, but we find that people get it very quickly. >> Yeah, Stephen, you've had a long and illustrious career, I say that seriously. >> Stephen: There you go. >> And so you're living that bridging the divide between the old world of on-premises IT and cloud. What are you seeing in that regard in terms of where people's emotions are? >> Oh yeah, and that transformation that Jake talks about, I see it all the time where I'll sit down with a customer and it is exactly that, "Well, I have this on an appliance and because that appliance is under my control, I feel safer." And then we start talking about what the real threats are, that, let's face it Ransomware can come through your environment and it gets in anywhere and it can spread everywhere. And internal threats, internal bad actors, they can get at your appliances. And it very quickly shifts that conversation from, "Oh my gosh, how am I going to maintain all this? I have to do security patching, and upgrades, and I've got to watch everything." And Druva a sort of sits and says, "One of the great things that we had because we're built natively on AWS, a lot of the problems I worried about back when I built appliances are gone. I don't have to worry about capacity planning because AWS always gives me more. I don't have to worry about provisioning new equipment because it just automatically scales for me. I don't have to worry about a lot of the networking challenges that I used to have to worry about because it's built into the environment." And so a lot of what we talked to them about is, by taking these sort of daily routine things off the table, you can actually focus on the higher level value. You can focus on making your environment more secure because you're not just doing the basic blocking and tackling 'cause that's being done for you. And that really gets people sort of across that chasm. >> So you talk about basic block and tackle, in the keynote today, it was mentioned that there are 475 different types of instances within AWS. That gave me a little jolt to the heart because I was thinking back to Steve Jobs saying, "We can only have three of everything." And so sometimes with choice and with flexibility comes complexity. How does Druva manage the potential complexity that exists in the AWS space? How do you take what's best from AWS and deliver it to Druva customers to achieve what they want to achieve? >> Yeah, I think for us, that's really the benefit of being a SaaS provider is, we've designed a system from the ground up for AWS. And so, whether you're talking about the different storage types, where you've got S3, you've got Glacier, you've got Glacier Deep Archive. You have all the different instance types. You have different container services, ECS, EKS, there's all these choices. And frankly, it's something that we've spent a lot of time working on. And honestly, tons of people like Jake inside of AWS willing to help us. We characterize our workload and then they walk us through what's sort of the best practices so that we can deliver an end to end solution for the customer. So that, for our customers, it's just one simple cost, right? How much data are you storing? That's it, right? All the things happening in the background we take care of. And we take care of because we have AWS helping us design and implement this the best possible way. >> And so Jake, with all of the customer conversations that you've had, I'm sure we can guess what some of the themes have been over the last year or two with the pandemic and with things related to security. What are some of the other conversations that you're having with customers that people might not expect? >> Yeah. >> Based on what's going on? >> I think the biggest thing that would be surprising to most people is that vast majority of our conversations are about culture and about people, not about technology. We've gotten to a point where, and I've said this for a number of years, there's never been a better time to move to cloud, but that just keeps being more and more true as time goes on, as the technology gets more mature and as we have more and more examples of people who are very successful doing it. But like you said earlier, there are still some people who are used to the old way of doing things. So it's really largely an education issue, it's a culture issue. It's getting people to wrap their heads around this new way of doing things. And once they see that they get very excited about it. We very rarely see people who are kind of neutral about it. The very, very beginning stages, sometimes they're fearful. When they learn what it is they get very excited and they get very enthusiastic. And my advice to customers is to get your team excited and enthusiastic as early as possible, and they'll solve all of those process and technology problems very quickly and very easily. >> Now what are you seeing in terms of any skill gaps or skill divides? We, coming from a background where we're bridging the divide between sort of the legacy world and cloud. You have IT practitioners that have been doing this stuff for a long time. >> Right. >> That either need to move into the future or not. >> Right. >> Or you need to hire new people. Are there any challenges there in terms of finding the skill sets you need versus training up existing people? >> Yeah, so this is something I talk about a lot, and you do have a choice between hiring and trying to use the people you have and get them up skilled. I strongly favor the second. For one, it's very difficult to hire for cloud skills because it's in such high demand right now, but you use that to your advantage. And by training your staff, it's one of the kind of carrots you can use to get them excited about it. "You learn this, you will be valuable in the marketplace." And when you frame it that way, they get very excited to learn. And when you combine the training with the firsthand experience and give them opportunities to use it, and this could be everyone in the organization, it doesn't have to be like your engineering team or your infrastructure team. I had people in the help desk that learned how to become cloud engineers. When you give them that opportunity, and you give them the tools to do it, and the opportunity to use it with the training, it tends to be a much easier recipe for success. And then your problem becomes retention. But like I say, you're going to have either the problem of hiring or, retention, or you're going to have the problem of having people who don't have enough skills. I'd rather have the problem of retention. And if you have that capability of up-skilling people, then you don't really need to worry about it because there's more people all the time that are becoming more and more skilled. The other thing is, it's a lot easier to overlay cloud skills on top of people who already know your organization and your applications, than bring in new people- >> Sure. >> who have cloud skills, try to retain them and then teach them how your organization works. So there's a lot of advantages to using the people that you have, and the training is a lot easier than people think. >> So who were the people in those organizations that are making the decision to go with Druva? >> [Stephen} Right. >> And who are the people in organizations who are then managing Druva environments moving forward? Do you need a PhD in Druva- (laughing) >> Stephen: Right. >> to be able to manage an environment like that? >> I'll tell you one of the things that I talk to a lot of customers about that are going through sort of that, "How do I up skill?" Is, the first thing we try to remind them is, don't just about what you did on-premises, and then say, "And we're going to do the exact same thing in cloud." Because that is usually a path to either frustration or failure. "I had a physical appliance, I'm going to run a virtual appliance." That's not usually the right answer. So a lot of times we spend time walking them through, "Here's how you think differently. Again, cloud is dynamically scalable. You want something that breaks apart those limits. Cloud gives you 475 options, which means you have purchasing power that you never had as a company that you can have so many different options in front of you." So think of these not as how you thought of your on-premises environment, but think of it as a new way of doing things. And so what we find is the people who tend to be most attracted to Druva are those customers who are saying, "I'm spending too much time, effort, and money on my data protection environment." Which basically is everybody. Nobody wakes up and says, "I wish I could spend more time and money doing backup." And then in terms of who runs it, what we find is it often gets absorbed in sort of a cloud administrator task, right? Where they're looking more broadly across the organization. It's not just about backup, it's backup, it's disaster recovery, it's security, it's compliance because they're looking at the data as opposed to the infrastructure at that point. And that's where they can really start to grow their careers and have a lot bigger impact inside their companies. >> So I can tell that you're an awesome guy to have at a party, because you'll talk about all the risks that we face. >> Absolutely! >> Talking about data center fire drills, you're literally talking about fires and drills at that point. >> You got it. >> But so what's on the horizon for Druva? What are the things that you... When you look out into the future, in the area of resiliency, what are some of the things that you're thinking about? >> There's a couple of things for me. I think one of them, again, Ransomware is everywhere. And so many people right now are still focused on just, "Can I get a clean copy? Can I get a safe copy?" That's built into Druva. So, we're beyond that. The real focus for me is, how do we streamline your recovery process? Because for so many customers, they make this assumption that a Ransomware recovery is just like a disaster recovery. And it's not, it's not as if you just had a system outage. Someone has invaded your environment and you need to make sure that the data, the environment is clean before you recover. You're going to want clean sandboxes to play around with things before you put it in, you're going to need to work with your legal team. So a lot of what we're working with is helping them orchestrate at larger scale. I think the other area that gets really interesting is this notion of autonomous, right? We talk about self-driving cars. Again, nobody wants to spend time tuning and managing their backup environment. So as Druva moves forward it's, "How can we just do this automatically for you?" Again, we're built in the cloud, everything scales automatically. You as a customer shouldn't have to be doing anything. You shouldn't be babysitting this. Let us take care of it for you. So for me, those are the really two big things. It's cybersecurity, that full end to end recovery, and it's around the autonomous protection. >> So Jake, a reality check, anything that he just said that sounds like... (laughing) sounds out of line based on your experience talking to customers in the last year? >> Jake: No, I agree with that. And I think we're touching on something that's really powerful here, because you kind of alluded to the choice that people have in AWS and we're creating new services all the time and new features all the time, right? So these are building blocks that companies can use. And there's a lot of builders at a lot of companies that get very excited to see all these building blocks, and it's about using the right tool for the job. So by giving you more choices, we're giving you more of an opportunity to find the exact fit for the workload you have. But if you just want it to work, then we have this partner of ecosystems. Druva being one of our... My personal favorites (laughing) >> Love you , Jake. >> that build on AWS, use these very resilient, very secure building blocks to build something that's turnkey for a customer. So I think it's a great marriage and it benefits customers ultimately. So it makes us happy. >> All right, well 2022 we expect this gentlemen here to see at least 300 customers to meet his goal. That's what we're expecting from you, Jake. >> All right, I'm on it. >> Thanks to all for joining us here at theCUBE's, continuous coverage of AWS re:Invent 2021, I almost said 2022, live from Las Vegas. Stay tuned for much more from the leader in hybrid technology event programming, theCUBE. (gentle music)

overnight covid completely exposed those companies that were really not ready for the digital age there was a mad rush to the cloud in an effort to reshape the very notion of business resiliency and enable employees to remain productive so that they continue serve customers data protection was at the heart of this shift and cloud data protection has become a fundamental staple of organizations operating models hello everyone this is dave vellante and welcome to this cube conversation i'm joined by two long time friends of the cube rob emsley is the director of product marketing at dell technologies and stephen manley is the chief technology officer at dhruva guys great to have you on the program thanks for being here yeah great to be here dave this is the high point of my day dave all right i'm glad to hear it stephen it's been a while since we missing you guys so tell you face-to-face maybe it'll happen before 22. but we haven't aged a bit david ditto listen we've been talking for years about this shift to the cloud but in the past 12 months boy we've seen the pace of workloads that have moved to the cloud really accelerate so rob maybe you could start it off how do you see the market and perhaps what are some of the blind spots maybe that people need to think about when they're moving workloads so fast to the cloud yeah good question dave i mean you know we've spoken a number of times around how our focus has significantly shifted over the last couple of years i mean only a couple of years ago you know our focus was you know very much on on-premise data protection but over the last couple of years you know more workloads have shifted to the cloud you know customers have have started adopting sas applications and and all of these environments uh you know are creating data that is is so critical to these customers to protect you know so you know we've definitely found uh the more and more of our conversations have been centered around what can you do for me when it comes to protecting workloads in the cloud environment yeah now of course stephen this is kind of your wheelhouse how how are you thinking about the these market shifts yeah you know it's interesting and the data protection market heck the data market in general you know you see these these these sort of cycles happen and and for a long time we had a cycle where applications and environments were consolidating a lot it was all vms and oracle and sql and and we seem to be exploding out the other way to this there's a massive sprawl of different types of applications in different places like rob said you've got microsoft 365 and you've got salesforce and you've got workloads running in the cloud the world looks different and and you add on top of that the the new security threats as people move into the cloud i mean we you know a number of years ago we talked about how ransomware was an emerging threat we're way past emerging into you know there's a ransomware attack every six seconds and everybody wakes up terrified about it and so so so we really see the market has shifted i think in terms of what the apps are and also in terms of what the threats and the focus uh has come into play right well thanks for that there's there's some hard news which we're going to get to but but before we do rob stephen was mentioning the sas apps and we've been sort of watching that space for a while but a lot of people will ask why do i need a separate data protection layer doesn't my sas provider protect my data don't they replicate it they're they're cloud vendors why do i need to buy yet another backup product yeah there's there's a fairly common misconception dave you know that both sas application vendors and and and cloud vendors you know inherently are you know providing all of the data protection that you need um the reality is that they're not you know i think when you think about a lot of the data within those environments you know certainly they're focused on providing availability you know an availability you know is absolutely one thing that you can for the most part rely on the uh the cloud vendors uh to deliver to you but when it comes to actually um protecting yourself from you know accidental deletion you know protecting yourself from uh cyber threats and cyber crime that may infect your data you know through malicious acts you know that's really where you need to supplement the environment that the cloud providers provide you you know with you know best-in-class data protection solutions you know and this is really where you know we're really looking to introduce new innovations into the market you know to really really help customers you know with their client-based data protection yeah now you got some news here uh but let's kind of dig in if we we could to the to the innovations behind that maybe rob you could you could kick it off and then stephen will bring you in yeah so first piece of news that we're really happy to announce is the introduction of a new dell emc paraprotect backup service which is a new cloud data protection solution powered by druva you know hence you know the reason that stephen and i are here today it's designed to deliver additional protection without increasing it complexity so what powered by druva what does that mean can you add some color to that absolutely so you know when we really started looking at the expansion of our powerpatek portfolio you know we already have the ability to deliver both on-premises protection and to deliver that same software within the public cloud from a a paraprotect software delivery model but what we really didn't have within the portfolio is a cloud data protection platform and we really looked at you know what was available in the market we looked at our ability to develop that you know ourselves and we decided that the best path for our customers to bring capabilities to them as soon as we possibly could was to partner with druva you know when we really looked at the capabilities that that druva has been delivering for many years you know the capabilities that they have across many dimensions of of of cloud-based workloads and we're already engaged with them probably about six months ago you know first introduced druva as a an option uh to be resold by ourselves uh salesforce and partners and then we're pleased to to introduce uh a dell emc branded service power protect backup service okay so just one more point of clarification then stephen i want to bring you in so we're talking about this includes sas apps as well i'm talking 365 the google apps which we use extensively with crm salesforce for example what platforms are you actually you know connecting to and providing protection for yeah so the the real priority for us was to was to expand our power protect portfolio to support a variety of sas applications you mentioned you know uh real real major ones with respect to microsoft 365 um google workplace as well as um as uh as salesforce but the other thing that we also get with patek backup service is the ability to provide a cloud-based data protection service that supports endpoints such as laptops and desktops but also the ability to support hybrid workloads so for some customers the ability to use private backup service to give them support um for virtual machine backups both vmware and hyper-v but also application environments like oracle and sql and lastly but not least you know one of the things that backup service also provides when it comes to virtual machines is not only virtual machines on-premises but also virtual machines within the public cloud specifically vmware client on aws so stephen i i mean i i i remember i was talking to just several years ago and i've always liked sort of the druva model but it felt at the time you're like a little ahead of your time but boy the market has really come to you maybe you could just tell us a little bit more about the just generally cloud-based data protection and and the sort of low down on on your platform yeah and again i think you're right the market has absolutely swept in this direction like we were talking about with applications in so many places and endpoints in so many places and data centers and remote offices with data sprawled everywhere we find customers are looking for a solution that can connect to everything i i don't want seven different backup solutions one for each of those things i want one centralized solution and so kind of a data protection as a service becomes really appealing because instead of setting all of these things up on your own well it's just built in for you uh and and then the fact that it's it's as a service helps with things like the ransomware protection because it's off site in another location under another account and so we really see customers saying this is appealing because it helps keep my costs down it helps to keep my complexity down there's fewer moving parts and one of the nicest things is as i move to the cloud i get that one fixed cost right i'm not i'm not dealing with the oh wow this this bill is not what i was expecting it just comes in with with what i was what i was carrying and so it really comes down to as you go to the cloud you want a platform that's that's got everything built in uh something that and let's face it dell emc is is this this is this has always been the case you know that storage of last resort that backup that you can trust right you want something with a history like you said you've been talking to jaspreet for a while druva is a company that's got a proven track record that your data is going to be safe and it's going to be recoverable and you're going to want someone that can innovate quickly right so that as more new you know cloud applications arise you know we're there to help you protect them as they emerge so so talk a little bit more about the timing i mean we talked earlier about that okay covered really forced to shift to the cloud uh and you guys clearly have skated to the puck and you also you referenced sort of new workloads and and i'm just wondering how you see that from a you know timing standpoint and at this moment in time why this is such a you know the right fit yeah we we've seen a lot of customers over the last again 12 months or so you know one really accelerate their shift to things like sas applications microsoft 365 you know and and we're not just talking exchange online and onedrive but sharepoint online microsoft teams really going all in because they're finding that as as i'm distributed as i have a remote workforce my endpoints became more important again but also the ability to have collaboration became important and the more i depend on those tools to collaborate the more i'm depending on them to to replace what used to be in-person meetings where we could have a whiteboard and discuss things and it's it's done through collaboration online tools well i need to protect that not just because the data is important but because that's not how my business is running and so that entire environment is important and so it's really accelerated people coming and looking for solutions because they've realized how important these environments and this data is so stephen you mentioned you guys i mean i obviously have a track record but you got some vision too and i want to sort of poke at that a little bit i mean essentially is is what you're building is an abstraction layer that is essentially my data protection cloud is that how we should think about this and you've got your reference pricing i've seen your pricing it's clean it looks to me anyway like a like true cloud pricing gonna dial it up dial it down pay as you go consume it as you as you wish maybe talk about that a little bit yeah i mean i think if you think about the future of uh uh of consumption is that you know so many customers are looking for different choices than what many vendors have provided them in the past you know i think that you know the the days of of going through a you know a long procurement cycle and uh you know working through purchasing in order to get a big capital expense approved you know is it's just not the way that many of our customers are looking to operate now so i think that you know one of the things that we're looking at you know across the portfolio you know whether or not it be you know on-premises solutions or or cloud-based services is to provide all of that capability as a service you know i think that that will be you know a real future point of of arrival for us is we really rotate to offer that across all of our capabilities dave you know whether or not it be you know in the domain of storage or in the domain of data protection the concept of everything as a service is really something which is going to become more of the norm you know versus the exception so what does a customer have to do to be up and running what's that experience like is this going to log on and and everything's sort of you know there to them they what do they see what's the experience like yeah well that's one of the great things about parapatek backup service is that you know once the customer has has has worked through their you know their their uh their dell technologies you know sales uh team or their or their dell technologies partner you know they effectively you know get an activation um you know code to to sign up and and set up their credentials with powerpit backup servers and once they actually do that you know one of the things that they don't have to worry about is the deployment of the infrastructure the infrastructure is always on ready to go so what they do is they simply point powerpit backup service at the data sources that they wish to protect you know and that's one of the the great advantages around you know a sas based data protection platform you know and it's one of the things that that makes it very easy to get customers up and running with powerpath backup service so i'm guessing you have a roadmap you may be you maybe not you may be holding out on us and some of the other things that you're doing in this space but but what can you tell us about about other things you might be doing or that might be coming what can we expect well i mean you know dave that one of the things that you know we always talk about it's the power of the portfolio so so with the addition of private backup service it's not the only news that we're making with respect to cloud data protection you know i mentioned earlier that uh we have the ability to deploy our on-premises solutions in the public cloud with powerprotect data manager and our powerprotect virtual appliances you know and with this uh announcement that brings backup service into the portfolio we're also uh pleased to expand our support of the public cloud with full support of google cloud platform making powerprotect data manager available in the google marketplace and then lastly but not least you know our other cloud snapshot manager offering you know is now also fully integrated with our powerprotect virtual appliances to allow customers to store uh aws snapshots in a deduplicated fashion within aws s3 so that's an excellent capability that we've introduced to reduce the cost of storing um aws infrastructure backups for longer periods of time so really you know we've really continued to double down in bringing new cloud data protection capabilities to our customers wherever they may be yeah nice now steven you guys must be stoked have a partner like dell just massive distribution channel i wonder if you could give us any final thoughts you know thoughts on on the relationship how you see the future unfolding yeah i mean and obviously i've got you know history with with dell and emc and rob and one of the things you know i think dell's always been fabulous at is giving customers the flexibility to protect their data when they want how they want where they want with the investment protection but if it shifts over time they'll be there for them right going all the way back to the data protection suite and all those those those fantastic things we've done historically and so it's it's really it's great to to align with somebody that's got the same kind of values we do which is at druva it's that same model right wherever you want to protect your data wherever it is we're going to be there for you and so it was great that i think dell and druva both saw this demand from our customers and we said you know this is the right match right this is how we're going to help people keep their data safe as they start you know and continue and extend their journeys to the cloud and so you know dell proposes the the power protect backup service powered by druva and and everybody wins the dell's customers are safer dell completes its offering and let's face it it does help druva accelerate our momentum so this is this is this is and it's a lot of fun just hanging out with the people i used to work with especially wrong it's good seeing him again well you guys both have kind of alluded to the portfolio and the optionality that dell brings to its customers but rob you know i'll give you the final word a lot of times optionality brings complexity but this seems to be a really strong step in the direction of simplifying the world for your customers but rob i'll give you the last word yeah for sure i mean we've always said that it's not a one-size-fits-all world you know i think that you know one of the things that this um evolution of our powerpatek portfolio brings you know is an excellent added option for our customers you know many of the customers if not almost all of the customers that we currently sell to you know have a requirement for sas application protection you know many of them now especially after the last year have an added um sensitivity to endpoint protection you know so so those two things alone you know i think are are two things that all dell technology customers can really take advantage of with the introduction of private backup servers you know this is just a continued evolution of our uh capabilities to bring innovative data protection for multi-cloud workloads that last point is a great point about the endpoints because you got remote workers so exposed guys thanks so much for sharing the announcement details and the relationship and really good luck with the offering we'll be watching thanks dave thanks dave and thank you for watching this cube conversation this is dave vellante for the cube we'll see you next time you

(upbeat music) >> Overnight COVID completely exposed those companies that were really not ready for the digital age. There was a mad rush to the cloud in an effort to reshape the very notion of business resiliency and enable employees to remain productive so that they continue serve customers. Data protection was at the heart of this shift and cloud data protection has become a fundamental staple of organizations operating models. Hello, everyone. This is Dave Vellante and welcome to this CUBE conversation. I'm joined by two longtime friends of theCUBE, Rob Emsley is the director of product marketing at Dell Technologies. And Stephen Manley is the Chief Technology Officer at Druva. Guys, great to have you on the program. Thanks for being here. >> Yeah, great to be here, Dave. >> This is the high point of my day, Dave. >> I'm glad to hear it, Stephen. It's been a while since we... Missing you guys to tell you face to face maybe it'll happen before 22, >> We haven't aged a bit, Dave. >> (laughing) Ditto. Listen, we've been talking for years about this shift to the cloud. In the past 12 months, boy, we've seen the pace of workloads that have moved to the cloud really accelerate. So Rob, maybe you could start it off. How do you see the market and perhaps what are some of the blind spots maybe that people need to think about when they're moving workloads so fast in the cloud? >> Yeah. Good question Dave. I mean, you know, we've spoken a number of times around how our focus has significantly shifted over the last couple of years. I mean, only a couple of years ago, our focus was very much on on-premise data protection, but over the last couple of years, more workloads have shifted to the cloud. Customers have started adopting SaaS applications and all of these environments are creating data that is so critical to these customers to protect, we've definitely found that more and more of our conversations have been centered around what can you do for me when it comes to protecting workloads in the client environment? >> Yeah. Now of course, Stephen, this is kind of your wheelhouse. How are you thinking about the these market shifts? >> Yeah. You know, it's interesting in the data protection market. heck the data market in general, you see these sort of cycles happen. And for a long time, we had a cycle where applications and environments were consolidating a lot. It was all VMs and Oracle and SQL and we seem to be exploding out the other way to this massive sprawl of different types of applications in different places. Like Rob said, we've got Microsoft 365 and you've got Salesforce and you've got workloads running in the cloud. The world looks different. And you add on top of that the new security threats as people moving to the cloud. A number of years ago we talked how ransomware was an emerging threat. We're way past emerging into... there's a ransomware attack every six seconds and everybody wakes up terrified about it. And so we really see the market has shifted I think in terms of what the apps are and also in terms of what the threats and the focus and this that's come into play. >> Right. Well, thanks for that. There's some hard news which we're going to get to, but before we do, Rob, Stephen was mentioning the SaaS apps and we've been sort of watching that space for a while but a lot of people will ask why do I need a separate data protection layer? Doesn't my SaaS provider protect my data? Don't they replicate it? They're cloud vendors, why do I need to buy yet another backup product? >> Yeah, that's a fairly common misconception, Dave, that both SaaS application vendors and cloud vendors, inherently are providing all of the data protection that you need. The reality is that they're not, you know I think when you think about a lot of the data within those environments, certainly they're focused on providing availability. And availability is absolutely one thing that you can, for the most part, rely on the cloud vendors to deliver to you. But when it comes to actually protecting yourself from accidental deletion. Protecting yourself from cyber threats and cyber crime that may infect your data through malicious acts, that's really where you need to supplement the environment that the cloud providers provide you, with best in class data protection solutions. And this is really where, waywardly looking to introduce new innovations into the market to really, really help customers with that cloud based data protection. >> Yeah. Now you got some news here. Let's kind of dig in, if we could, to the innovations behind that. Maybe Rob, you could kick it off and then, Stephen, we'll bring you in. >> Yeah. So first piece of news that we're really happy to announce is the introduction of a new Dell EMC PowerProtect backup service which is a new cloud data protection solution powered by Druva, hence the reason that Stephen and I are here today. It's designed to deliver additional protection without increasing IT complexity. >> So powered by Druva. what does that mean? Can you add some color to that? >> Absolutely. So, when we really started looking at the expansion of our PowerProtect portfolio, we already have the ability to deliver both on-premises protection and to deliver that same software within the public cloud from a PowerProtect software delivery model. But what we really didn't have within the portfolio is a cloud data protection platform. And we really looked at what was available in the market. We looked at our ability to develop that ourselves. And we decided that the best path for our customers to bring capability to them as soon as we possibly could was to partner with Druva. And we really looked at the capabilities that Druva has been delivering for many years, the capabilities that they have across many dimensions of cloud-based workloads. And we already engaged with them probably about six months ago, first introduced Druva as an option to be resold by ourselves, Salesforce and partners. And then we're pleased to introduce a Dell EMC branded service PowerProtect backup service. >> Okay, so just one more point of clarification, then, Stephen, I want to bring you in. So we're talking about... this includes SaaS apps as well, I'm talking 365, the Google apps which we use extensively, CRM, Salesforce, for example. >> Absolutely. >> What platforms are you actually connecting to and providing protection for? >> Yeah, so the real priority for us was to expand our PowerProtect portfolio to support a variety of SaaS applications. You mentioned, real major ones with respect to Microsoft 365, Google workplace, as well as Salesforce. But the other thing that we also get with PowerProtect backup service is the ability to provide a cloud-based data protection service that supports endpoints such as laptops and desktops but also the ability to support hybrid workloads. So for some customers the ability to use PowerProtect backup service to give them support for virtual machine backups, both VMware and Hyper-V, but also application environments like Oracle and SQL. And lastly, but not least, one of the things that backup service also provides when it comes to virtual machines is not only virtual machines on premises, but also virtual machines within the public cloud, specifically VMware cloud on AWS. >> So, Stephen, I remember I was talking to Jaspreet several years ago, and I've always liked sort of the Druva model but it felt at the time you were like a little ahead of your time, but boy, the market has really come to you. Maybe you could just tell us a little bit more about the just generally cloud-based data protection and the sort of low down on your platform. >> Yeah, and I think you're right, the market has absolutely swept in this direction. Like we were talking about with applications in so many places and end points in so many places and data centers and remote offices with data sprawled everywhere. We find customers are looking for a solution that can connect to everything. I don't want seven different backup solutions, one for each of those things, I want one centralized solution. And so kind of a data protection as a service becomes really appealing because instead of setting all of these things up on your own, well, it's just built in for you. And then the fact that it's as a service helps with things like the ransomware protection because it's off site in another location under another account. And so we really see customers saying this is appealing because it helps keep my costs down. It helps keep my complexity down. There's fewer moving parts. And one of the nicest things is as I move to the cloud I get that one fixed cost, right? I'm not dealing with the, oh, wow, this bill is not what I was expecting. It just comes in with what I was carrying. And so it really comes down to, as you go to the cloud, you want a platform that's got everything built in, something that, and let's face it, Dell EMC, this has always been the case, that storage of last resort that backup that you can trust, right? You want something with a history, like you said, you've been talking to Jaspreet for awhile, Druva is a company that's got a proven track record that your data is going to be safe and it's going to be recoverable and you're going to want someone that can innovate quickly, right? So that as more new cloud applications arise, we're there to help you protect them as they emerge. >> So talk a little bit more about the timing. I mean, we talked earlier about, okay, COVID really forced this shift to the cloud and you guys clearly have skated to the pocket and you also... You referenced sort of new workloads and I'm just wondering how you see that from a timing standpoint. And at this moment in time why this is such a, you know, the right fit. >> We've seen a lot of customers over the last again 12 months or so, one really accelerate their shift to things like SaaS applications, Microsoft 365, and we're not just talking exchange online and One Drive, but SharePoint online, Microsoft teams, really going all in because they're finding that, as I'm distributed, as I have a remote workforce, my end points became more important again, but also the ability to have collaboration became important. And the more I depend on those tools to collaborate, the more I'm depending on them to replace what used to be in-person meetings where we could have a whiteboard and discuss things. And it's done through collaboration online tools. Well, I need to protect that. Not just because the data's important, but because that's now how my business is running. And so that entire environment is important. And so it's really accelerated people coming and looking for solutions because they've realized how important these environments and this data is. >> So, Stephen, you mentioned that you guys, I mean, obviously you have a track record but you got some vision too. And I want to sort of poke at that a little bit. I mean, essentially is what you're building is an abstraction layer that is essentially my data protection cloud. Is that how we should think about this? And you've referenced pricing, I've seen your pricing, it's clean. It looks to me anyway like a true cloud pricing. Going to dial it up, dial it down, pay as you go, consume it as you wish. Maybe talk about that a little bit. >> Yeah. I mean, I think if you think about the future of consumption is that so many customers are looking for different choices than what many vendors have provided them in the past. I think the days of of going through a long procurement cycle and working through purchasing in order to get a big capital expense approved it's just not the way that many of our customers are looking to operate now. So I think that one of the things that we're looking at across the portfolio, whether or not it be on premises solutions or cloud-based services, is to provide all of that capability as a service. I think that that will be a real future point of arrival for us as we really rotate to offer that across all of our capabilities, Dave, whether or not it be in the domain of storage, or in the domain of data protection, the concept of everything as a service is really something which is going to become more of the norm versus the exception. >> So what does a customer have to do to be up and running? What's that experience like, is he just going to log on and everything's sort of there to them, what do they see? What's the experience like? >> Yeah, that's one of the great things about PowerProtect backup services, that once the customer has worked through that, their Dell technologies sells a team or the Dell technologies partner, they effectively get an activation code to sign up and set up the credentials with PowerProtect backup service. And once they actually do that, one of the things that they don't have to worry about is the deployment of the infrastructure. The infrastructure is always on ready to go. So all they do is they simply point PowerProtect backup service at the data sources that they wish to protect. That's one of the great advantages around a SaaS based data protection platform and it's one of the things that makes it very easy to get customers up and running with PowerProtect backup service. >> So I'm guessing you have a roadmap, you may be, you may be not, you may be holding out on us in some of the other things that you're doing in this space, but what can you tell us about other things you might be doing or what might be coming? What can we expect? >> Well, I mean, Dave, that one of the things that we always talk about is the power of the portfolio. So, with the addition of PowerProtect backup service, it's not the only news that we're making with respect to client data protection. You know, I mentioned earlier that we have the ability to deploy our on premises solutions in the public cloud with PowerProtect data manager and our PowerProtect virtual appliances, and with this announcement that brings backup service into the portfolio. We're also pleased to expand our support of the public cloud with full support of Google cloud platform, making PowerProtect data manager available in the Google marketplace. And then lastly, but not least, you know our other cloud snapshot manager offering is now also fully integrated with our PowerProtect virtual appliances to allow customers to store AWS snapshots in a debilitative fashion within AWS S3. So that's an excellent capability that we've introduced to reduce the cost of storing AWS infrastructure backups for longer periods of time. So really, we've really continued to double down in bringing new client data protection capabilities to our customers, wherever they may be. >> And nice to have, Stephen, you guys must be stoked to have a partner like Dell, a massive distribution channel. I wonder if you could give us any final thoughts, thoughts on the relationship, how you see the future unfolding. >> Yeah, I mean, and obviously I've got history with Dell and EMC and Rob. And one of the things I think Dell has always been fabulous at is giving customers the flexibility to protect their data when they want, how they want, where they want, with the investment protection that if it shifts over time, they'll be there for them, right. Going all the way back to the data protection suite and all those fantastic things we've done historically. And so it's really, it's great to align with somebody that's got the same kind of value as we do, which is with Druva, it's that same model, right? Wherever you want to protect your data, wherever it is, we're going to be there for you. And so it was great that I think Dell and Druva both saw this demand from our customers. And we said, this is the right match, right? This is how we're going to help people keep their data safe as they start and continue and extend their journeys to the cloud. And so, Dell proposes the PowerProtect backup service powered by Druva. And everybody wins. The Dell's customers are safer. Dell completes this offering, and let's face it, it does help to really accelerate our momentum. So this is and it's a lot of fun just hanging out with the people I used to work with especially it's good seeing them again. >> Well, you guys both have kind of alluded to the portfolio and the optionality that Dell brings to its customers, but Rob, you know, I'll give you the final word. A lot of times optionality brings complexity, but this seems to be a really strong step in the direction of simplifying the world for your customers. But, Rob, we'll give you the last word. >> Yeah, for sure. I mean, we've always said that it's not a one size fits all world. You know, I think that one of the things that this evolution of a PowerProtect portfolio brings is an excellent added option for our customers. Many of the customers, if not, almost all of the customers that we currently sell to, have a requirement for SaaS application protection. Many of them now, especially after the last year, have an added sensitivity to endpoint protection. So those two things alone I think are two things that all Dell technology customers can really take advantage of with the introduction of perhaps that backup service. This is just a continued evolution of our capabilities to bring innovative data protection for multi-cloud workloads. >> That last point is a great point about the end points because you've got remote workers, so exposed, guys, thanks so much for sharing the announcement details, and the relationship, and really good luck with the offering. We'll be watching. >> Thanks, Dave. >> Thanks Dave. >> And thank you for watching this CUBE conversation. This is Dave Vellante for theCUBE. We'll see you next time. (soft music)

(upbeat music) >> Announcer: From around the globe. It's theCUBE, with digital coverage of AWS reinvent 2020, sponsored by Intel, AWS and our community partners. >> Welcome to theCUBE's coverage of AWS reinvent 2020, the virtual edition. I'm Lisa Martin. I have a couple of guests joining me next to talk about AWS and Druva. From Druva, Chris White is here, the chief revenue officer. Hey Chris, nice to have you on the program. >> Excellent, thanks Lisa. Excited to be here. >> And from AWS Sabina Joseph joins us. She is the general manager of the Americas technology partners. Sabina, welcome. >> Thank you, Lisa. >> So looking forward to talking to you guys unfortunately, we can't be together in a very loud space in Las Vegas, so this will have to do but I'm excited to be able to talk to you guys today. So Chris, we're going to start with you, Druva and AWS have a longstanding partnership. Talk to us about that and some of the evolution that's going on there. >> Absolutely, yeah. we certainly have, we had a great long-term partnership. I'm excited to talk to everybody about it today and be here with Sabina and you Lisa as well. So, we actually re architect our entire environment on AWS, 100% on AWS back in 2013. That enables us to not only innovate back in 2013, but continue to innovate today and in the future, right. It gives us flexibility on a 100% platform to bring that to our customers, to our partners, and to the market out there, right? In doing so, we're delivering on data protection, disaster recovery, e-discovery, and ransomware protection, right? All of that's being leveraged on the AWS platform as I said, and that allows uniqueness from a standpoint of resiliency, protection, flexibility, and really future-proofing the environment, not only today, but in the future. And over this time AWS has been an outstanding partner for Druva. >> Excellent Chris, thank you. Sabina, you lead the America's technology partners as we mentioned, Druva is an AWS advanced technology partner. Talk to us from through AWS lens on the Druva AWS partnership and from your perspective as well. >> Sure, Lisa. So I've had the privilege of working with Druva since 2014 and it has been an amazing journey over the last six and a half years. You know, overall, when we work with partners on technical solutions, we have to talk in a better architect, their solution for AWS, but also take their feedback on our features and capabilities that our mutual customers want to see. So for example, Druva has actually provided feedback to AWS on performance, usability, enhancements, security, posture and suggestions on additional features and functionality that we could have on AWS snowball edge, AWS dynamoDB and other services in fact. And in the same way, we provide feedback to Druva, we provide recommendations and it really is a unique process of exposing our partners to AWS best practices. When customers use Druva, they are benefiting from the AWS recommended best practices for data durability, security and compliance. And our engineering teams work very closely together. We collaborate, we have regular meetings, and that really sets the foundation for a very strong solution for our mutual customers. >> So it sounds very symbiotic. And as you talked about that engineering collaboration and the collaboration across all levels. So now let's talk about some of the things that you're helping customers to do as we are all navigating a very different environment this year. Chris, talk to us about how Druva is helping customers navigate some of those big challenges you talked about ransomware for example, this massive pivot to remote workforce. Chris (mumbles) got going on there. >> Yeah, absolutely. So the, one of the things that we've seen consistently, right, it's been customers are looking for simplicity. Customers are looking for cost-effective solutions, and then you couple that with the ability to do that all on a single platform, that's what the combination of Druva and AWS does together, right? And as you mentioned, Lisa, you've got work from home. That's increased right with the unfortunate events going across the globe over the last almost 12 months now, nine months now. Increased ransomware that threats, right? The bad actors tend to take advantage of these situations unfortunately, and you've got to be working with partners like AWS like Druva, coming together, to build that barrier against the bad actors out there. So, right. We've got double layer of protection based on the partnership with AWS. And then if you look at the rising concerns around governance, right? The complexity of government, if you look at Japan adding some increased complexity to governance, you look at what's going on across, but across the globe across the pond with GDPR, number of different areas around compliance and governance that allows us to better report upon that. We built the right solution to support the migration of these customers. And everything I just talked about is just accelerated the need for folks to migrate to the cloud, migrate to AWS, migrate to leveraging, through the solutions. And there's no better time to partner with Druva and AWS, just because of that. >> Something we're all talking about. And every key segment we're doing, this acceleration of digital transformation and customers really having to make quick decisions and pivot their businesses over and over again to get from survival to thriving mode. Sabina talk to us about how Druva and AWS align on key customer use cases especially in these turbulent times. >> Yeah, so, for us as you said Lisa, right. When we start working with partners, we really focus on making sure that we are aligned on those customer use cases. And from the very first discussions, we want to ensure that feedback mechanisms are in place to help us understand and improve the services and the solutions. Chris has, he mentioned migrations, right? And we have customers who are migrating their applications to AWS and really want to move the data into the cloud. And you know what? This is not a simple problem because there's large amounts of data. And the customer has limited bandwidth Druva of course as they have always been, is an early adopter of AWS snowball edge and has worked closely with us to provide a solution where customers can just order a snowball edge directly from AWS. It gets shipped to them, they turn it on, they connect it to the network, and just start backing up their data to the snowball edge. And then once they are done, they can just pack it up, ship it back. And then all of this data gets loaded into the Druva solution on AWS. And then you also, those customers who are running applications locally on AWS Outposts, Druva was once again, an early adopter. In fact, last reinvent, they actually tested out AWS Outposts and they were one of the first launch partners. Once again, further expanding the data protection options they provide to our mutual customers. >> Well, as that landscape changes so dramatically it's imperative that customers have data center workloads, AWS workloads, cloud workloads, endpoints, protected especially as people scattered, right, in the last few months. And also, as we talked about the ransomware rise, Chris, I saw on Druva's website, one ransomware attack every 11 seconds. And so, now you've got to be able to help customers recover and have that resiliency, right. Cause it's not about, are we going to get hit? It's a matter of when, how does Druva help facilitate that resiliency? >> Yeah, now that's a great point Lisa. and as you look at our joint customer base, we've got thousands of joint customers together and we continue to see positive business impact because of that. And it's to your point, it's not if it's when you get hit and it's ultimately you've got to be prepared to recover in order to do that. And based on the security levels that we jointly have, based on our architecture and also the benefits of the architecture within AWS, we've got a double layer of defense up there that most companies just can't offer today. So, if we look at that from an example standpoint, right, transitioning offer specific use case of ransomware but really look at a cast media companies, right? One of the largest media companies out there across the globe, 400 radio stations, 800 TV stations, over a hundred thousand podcasts, over 4,000 or 5,000 streams happening on an annual basis, very active and candidly very public, which freaks the target. They really came to us for three key things, right? And they looked for reduced complexity, really reducing their workload internally from a backup and recovery standpoint, really to simplify that backup environment. And they started with Druva, really focused on the end points. How do we protect and manage the end points from a data protection standpoint, ultimately, the cost savings that they saw, the efficiency they saw, they ended up moving on and doing key workloads, right? So data protection, data center workloads that they were backing up and protecting. This all came from a great partnership and relationship from AWS as well. And as we continued to simplify that environment, it allowed them to expand their partnership with AWS. So not only was it a win for the customer, we helped solve those business problems for them. Ultimately, they got a (mumbles) benefit from both Druva and AWS and that partnership. So, we continue to see that partnership accelerate and evolve to go really look at the entire platform and where we can help them, in addition to AWS services that they're offering. >> And that was... It sounds like them going to cloud data production, was that an acceleration of their cloud strategy that they then had to accelerate even further during the last nine months, Chris? >> Yeah, well, the good news for cast is that at least from a backup and recovery standpoint, they've been ahead of the curve, right? They were one of those customers that was proactive, in driving on their cloud journey, and proactive and driving beyond the work from home. It did change the dynamics on how they work and how they act from a work from home standpoint, but they were already set up. So then they didn't really skip a beat as they continue to drive that. But overall, to your point, Lisa, we've seen an increase and acceleration and companies really moving towards the cloud, right. Which is why that migration strategy, joint migration strategy, that Sabina talked about is so important because it really has accelerated. And in some companies, this has become the safety net for them, in some ways their DR Strategy, to shift to the cloud, that maybe they weren't looking to do until maybe 2022 or 2023, it's all been accelerated. >> Everything's, but we have like whiplash on the acceleration going on. >> Sabina, talk to us about some of those joint successes through AWS's lens, a couple of customers, you're going to talk about the University of Manchester, and the Queensland Brain Institute, dig into those for us. >> Yeah, absolutely. So, I thank Chris sharing those stories there. So the two that kind of come into my mind is a University of Manchester. They have nearly 7,000 academic staff and researchers and they're, part of their digital transformation strategy was adopting VMware cloud on AWS. And the University actually chose Druva, to back up 160 plus virtual machine images, because Druva provided a simple and secure cloud-based backup solution. And in fact, saved them 50% of their data protection costs. Another one is Queensland Brain Institute, which has over 400 researchers who really worked on brain diseases and really finding therapeutic solutions for these brain diseases. As you can imagine, this research generates terabytes critical data that they not only needed protected, but they also wanted to collaborate and get access to this data continuously. They chose Druva and now using Druva solution, they can back up over 1200 plus research papers, residing on their devices, providing global and also reliable access 24 by seven. And I do want to mention, Lisa, right? The pandemic has changed all of humanity as we know it, right? Until we can all find a solution to this. And we've also together had to work to adjust what can we do to work effectively together? We've actually together with Druva shifted all of our day-to-day activities, 200% virtual. And we, but despite all of that, we've maintained regular cadence for our review business and technical roadmap updates and other regular activities. And if I may mention this, right, last month we AWS actually launched the digital workplace competency, clearly enabling customers to find specialized solutions around remote work and secure remote work and Druva, even though we are all in this virtual environment today, Druva was one of the launch partners for this competency. And it was a great fit given the solution that they have to enable the remote work environments securely, and also providing an end-to-end digital workplace in the cloud. >> That's absolutely critical because that's been one of the biggest challenges I think that we've all been through as well as, you know trying to go, do I live at work or do I work from home? I'm not sure some of the days, but being able to have that continuity and you know, your customers being able to access their data at 24 by seven, as you said, because there's no point in mapping up your data, if you can't recover it but being able to allow the continuation of the relationship that you have. I want to move on now to some of the announcements. Chris, you mentioned actually Sabina you did, when you were talking about the University of Manchester, the VMware ready certification Chris, Druva just announced a couple of things there. Talk to us about that. >> Thank you. Yeah, Lisa you're right. There's been a ton of great announcements over the past several months and throughout this entire fiscal year. To be in this touch base on a couple of them around the AWS digital workplace, we absolutely have certification on AWS around VMware cloud, both on AWS and Dell EMC, through AWS. In addition to continuing to drive innovation because of this unique partnership around powerful security encryption and overall security benefits across the board. So that includes AWS gov cloud. That includes HIPAA compliance, includes FedRAMP, as well as SOC two type two, certifications as well and protection there. So we're going to continue to drive that innovation. We just recently announced as well that we now have data protection for Kubernetes, 100% cloud offering, right? One of the most active and growing workloads around data, around orchestration platform, right? So, doing that with AWS, some of my opening comments back when we built this 100% AWS, that allows us to continue to innovate and be nimble and meet the needs of customers. So whether that be VMware workloads NAS workloads, new workloads, like Kubernetes we're always going to be well positioned to address those, not only over time, but on the front end. And as these emerging technologies come out the nimbleness of our joint partnership just continues to be demonstrated there. >> And Sabina, I know that AWS has a working backwards approach. Talk to me about how you use that to accomplish all of the things that Chris and you both described over the last six, seven plus years. >> Yes, so the working backwards process we use it internally when we build our own services, but we also worked through it with our partners, right? It's about putting the customers first, aligning on those use cases. And it all goes back to our Amazon leadership principle on customer obsession, focusing on the customer experience, making sure that we have mechanisms in place, to have feedback from the customers and operate that into our services solutions and also with our partners. Well, one of the nice things about Druva since I've been working with them since 2014 is their focus on customer obsession. Through this process, we've developed great relationship, Druva, together with our service team, building solutions that deliver value by providing a full Saas service for customers, who want to protect their data, not only in AWS, but also in a hybrid architecture model on premises. And this is really critical to us cause our customers want us to work with Druva, to solve the pain points, creating a completely maybe a new customer experience, right. That makes them happy. And ultimately what we have found together with Druva, is I think Chris would agree with this, is that when we focus on our mutual customers, it leads to a very longterm successful partnership as we have today with Druva. >> It sounds like you talked about that feedback loop in the beginning from customers, but it sounds like that's really intertwined the entire relationship. And certainly from what you guys described in terms of the evolution, the customer successes, and all of the things that have been announced recently, a lot of stuff going on. So we'll let you guys get back to work. We appreciate your time, Chris. Thank you for joining me today. For Chris white and Sabina Joseph, I'm Lisa Martin and you're watching theCUBE. (soft music fades)

>>long from Las Vegas. It's the Q covering a ws re invent 2019. Brought to you by Amazon Web service is and in along with its ecosystem partners. >>Welcome back here in the Cube, we continue our coverage here Day one, a day Ws re invent 2019 were on the show floor You could probably see behind the city's packed is exciting. Great exhibits, great keynotes this morning, Dan. A lot from Andy Jassy, Justin Warren. John Walls were joined by Jasper Singh, who is the founder and CEO of DRUVA. Good to have you here on the Cube. Thank you very much. And I say a whiner whose principal technologist at a. W s and I say it Good to see you this morning. Thanks very much. Thanks for being here. First off, tell me a little bit about drove up for folks at home. Might not be familiar. And then we're gonna get into your relationship with a W s. And why the two of you are sitting in first. Just a little thumbnail about druva. >>Sure, as we all know, data is growing by leaps and bounds on dhe. Data management prediction has been a big challenge for all enterprises driven the SAS platform very long. AWS, which helps him manage to get up and do it from the center to deal in the cloud toe at the educations, simply console to manage protection governance management on a single pane of glass. All >>right, so the two of you together we were talking before the interview a little bit about maybe some of these common attributes or shared values which make your partnership. I wouldn't say unique, but certainly make it work. So go over that a little bit about maybe we're that synergy exists where you see that overlap in your mission and why you think it's working so well for you to reveal your partnership. Once you're Jeffrey, why don't you jump on that? Isaiah? I >>think we saw a big chain in the enterprise landscape Hunter team and I made personally met Fiona Vogel back then and understood that big change and enterprise buying when it comes to a public cloud, data belongs to public cloud, the weeds growing and eventually manage on rebuild the entire rocket picture around the whole notion off a centralized sort of a data lake to predict it manageable on Arab us. We thought about eight of us in public cloud of completely different operating system. It's not just not about our technology team kicked out of the business changes with people want to buy an S L. A. Across the global consistent price point so delivered already have toe, understand how they built differently, operate differently security point of view cost part of you and also sell differently. You're gonna market partnerships you're setting motion procurement. All changes to be redesigned, reactivated entire drove our experience around Public Cloud And Amazon is in a great partner all throughout to build a story on top of the platform not just to based technology on, but are breeding a printing model on selling motion on and course introduced to customer benefits on. >>So one of the things that customers tell us is that when they come to the cloud, they want less stuff to manage. And it can be difficult sometimes to deal the new set of primitives. You know, the way things worked in your data center understanding locality, these sorts of things. A lot of this stuff gets abstracted in the cloud, and so druva help sort of take away all of that and create a simple solution for customers. They've been doing this for a long time, actually, you know, offering full SAS solution to customers not only who want to protect data in the cloud, but also on Prem to the cloud. And the way that eight of us goes about an Amazon in general goes about creating things for customers is way. Have what we call a working backwards process. And it all ties back to our first of 14 leaders, principles, customer obsession. And so one of the things that's really nice about working with druva is that they also have a working backwards process. And so we get to do a lot of that stuff together there, also a customer. So, you know, it's not just a partnership there. Also a customer, because they operate this SAS platform. And so, for quite a long time, for example, they've been one of the larger dynamodb customers. They've developed tight relationships with our service teams way our field knows them, you know, if you ask the field, you know, name a backup provider, you know chances are pretty good. They're gonna know Drew right, so and because they're all in on eight of us, it gives us an opportunity to launch things together. So when we have new storage classes in the past and new devices, new offerings Drew has been a launch partner on multiple occasions. I >>was gonna ask about that. A lien on AWS, like as a customer if I'm buying some clouds. So it's like I want to buy an S l A a cz you mentioned. Just do it. Do it. Really care which cloud you you picked as a customer >>customer. You really cared about an SL for for data recovery, which you need a guarantee across the group. That's a simplest part. So in that context, they don't care. But it goes beyond that. Data and infrastructure is very connected to shoot for the enterprise they wanted, you know, just to be recovered. But integrated with other service is, for example, Panis is are they have other value. Our service is you want to be part of the whole story from that perspective because there is so integral to their lesson strategy. They do care about where we're building this new every center from my data management, but they are getting more and more fragmented in both centralized way to manage. The more centralized way happens to be on the best known of embroidery, which happens to have all the service is to surround it of it. You do start to care about you know how they're holding me may transform the journey of data for the customer >>Ueno from the Kino this morning that I think it's only about 3% of total spend is on clouds, and there is room for a cloud to grow here. But that also means that there's a lot of data that sitting out there that isn't actually in the cloud. So a cloud based backup service like how the customers who already have existing onsite data, How should they think about this? You mentioned that they need to think about it in a different way and change the way that you experienced backup. So how how the customers start to understand what they should be doing differently and how they should think about their data in a different way. To start looking at something like the river >>Absolutely reversal. Ashley's got people, plus one that typically customers have 3.1 bucket solutions in their in their environment. They don't accept it, but they do have multiple softness. They always are the new one to replace an old one, but it still keep their legacy on what they need to do. What I do when I was to look for meditators before driven were tons and tons of legacy being managing very cars. And then I was always very, very hard. You have to spend a lot of time to manage all throughout, withdrew. Our philosophy is that your next generation of workloads, your next edition of evolution towards loud used to happen in river for a legacy. You could still keep the legacy software's IBM better cars. Let's keep on doing what you do with them. You're next. Attrition off architecture refresh, Refresh should happen in >>a zone old back of admin Who's gone through that process multiple times. Managing tape is a nightmare. Yes, I can. I can absolutely attest that that is the process. That enterprise tends to go through it like you want to pick something that you want to put all the new stuff on. Do you? Do you see anyone actually bringing data from their old system that they migrated across. So they just go, You know what? We'll just wait for it to die. >>I think a lot of people do a mix of both right today. They may have a cold data with a more humanity move toe deep archive a glacier from active data management part if you want to see how do it, how do they change processes to impact date evolution From now on 1st 1st 1st and foremost before they started, Look at old arcade media could be born on a CZ. Well, I think with evolution of deep archive, evolution off other service is much cheaper than tapes. It's about time that people start now, look at older technology that how do you know Maybe encompasses? Well, >>yeah, To me, this stuff is kind of hard. All right, on down might be oversimplifying, but you've got your warm data. You got stuff, it's cold. That might sit there for years. And we're gonna work, you know, we're never gonna worry about it again. But I have to decide what's warmer. What's cold. If I've got legacy and I've got new, I've got to decide what I want to bring over what I don't and then I've got the edge. I've got a i ot I've got all this stuff. No exponential growth data scale. So to me, it's it's It's a confounding problem of I'm in enterprise. It's already got my stuff going, as opposed to. If I'm totally born on the cloud, right, that's a how do you deal with? It's easy to do it from scratch. It's a lot harder to do it when I've got I'm bringing all his baggage with me and why do I want to bring on that headache? >>So I want you to think about it, says that you know, where would you want to innovate and start their first like a zombie? This is said that this morning in Kenya, or that whenever someone tells you you have one tool for it all, they probably wrong about it. Right? You. It's all for the best tool for the best problems. So you look at the way you really wouldn't want it any way you start there first to bring in the cloud first, then it slowly insanity. Start to lower your workload by getting rid of legacy or by re factoring in overtime. >>You've been doing this for a little while, So I assume that this isn't This isn't something that only just a couple of people of dipping their toe in the water and trying out. You told us before they actually had quite a bit of success with this. >>I think whenever there's an interesting problem, this competition. So we do have some new age companies coming to tow. What we do for a living drama is heading scale we announced this morning. We're $100 revenue run rate of business. So you just thought about building it right? But as I mentioned, it's about operating unit scale will be run about six million back after a week, with more than with better than 0.1% efficiency. It successfully the amount of paranoia going into security cost optimization Dev Ops Mount Off Hardware goes into building a good market motion to buy from marketplace by consumption models is very different from from legacy. Technology for side is only the first body, but Amazon has done for industry, which we're leading with cheerleading and we're falling. Example off is how you transform the buying baby of customer was something radically simple than ever before. >>You know, as a that's been been really a topic, and he's talked about it a lot. This transformation versus transition. It's kind of like being a little bit pregnant, you know, you have to transform yourself right and maybe it's not dipping the toe, but it's diving in that deep end. So from the AWS perspective and from what we've been hearing, just free talk about put it in that in that context, if you will, about people who are, I guess, willing to make a full fledged commitment and jump in and go is supposed to dabble in a little bit and maybe being a little bit pregnant, >>I mean something you mentioned earlier about two people. Just let let stuff rot. Yes, there is some of that like, don't get me wrong. I talked with customers all the time and they have three different backup providers. But the fact is, is that when they go to the cloud they look at okay, where can I cut and run, you know, And when they look at their the things that not only matter in order for them to transition their operations into the cloud. But then they look at, like, the new rate of data creation that they've got going on in the cloud. They sort of a lot of customers. They look at the old models of of enterprise, back of sweets and they say, Okay, I know how to operate this, But do I want to? Or they look at it, You know, some of the finer things. Like, you know, am I doing all the right things from a security perspective? In all of the right connection points across all of the right pieces of software, the answer may not be yes. Or maybe the answer is yes. And they look at other things, like, you know, what is my r p o gonna be? What is my rto gonna be? Can I abandon my eight of us account because of about actor scenario and go to another account and do a restore without having to have infrastructure in there? First you can if it's in somebody else's infrastructure in this case druva right. So, like there's there's a hard way to do things in an easy way to do things and drew has done things. Arguably, I would say they've done things the hard way so that customers can do things the easy way. It's probably a good way to characterize it. Early on, Druva decided that they didn't want to be in the infrastructure business, so they built something on top of a platform that would allow them to stop having to worry about that stuff. And if you're trying to on board a lot of customers concurrently than that, something that you want to scale automatically right, you know these kinds of things. When we talk to customers and customers ask us questions like You know what? Our customers using toe back up in eight of us. They often ask qualifying questions like I'm in a certain region or I'm in govcloud or I have too much data on prim for my bandwidth capabilities. And I don't really want to get into a new three year contract because I want to shut down this data center in October and it's, you know, maybe it's September, you know, maybe I don't have a lot of runway on, so they're looking for things like support for Snowball Edge. They're looking for things like not having Thio worry about. Do I have to modify all of my traditional applications to take advantage of other storage tears or my cold data? How do I get it into something like Amazon has three glacier deep archives without having to really know how that works on DSO. When these folks look at the clouds, they think aws because of all of the things that AWS enables them to do without them having to have, ah, a massive learning curve. When it comes to data protection in the cloud, Dhruv is doing the same thing. >>Well, the good news for Justin and me and Isaiah's, Jasper said. You hit 100 million. So dinner's on you tonight. This is great. I look, congratulations. Thank you. That is a big number and congratulate great success. Wish you all the best down the road and thank you both for being with us here on the Q. We appreciate that. Thanks very much. Back with more live here in Las Vegas. You're watching the Cuban eight of us. Raven 2019

>> Announcer: Live from San Francisco, celebrating 10 years of high tech coverage, it's theCUBE! Covering VMworld 2019. Brought to you by VMware and its ecosystem partners. >> Welcome back, I'm Stu Miniman with my co-host, Justin Warren, and this is theCUBE, live from the lobby of Moscone North here in San Francisco. The 10th year we've had theCUBE and happy to bring back two CUBE alums. Which, of course, in 2010 we didn't even have the idea of a CUBE alum, we were just gathering some friends, some industry experts. To my right is Jaspreet Singh, who's the founder and CEO of Druva. Sitting next to him is Kit Colbert, who's the Vice President CTO of the Cloud Platform Business Unit at VMware. Gentleman, thanks so much for joining us. >> Good morning. >> Thanks for having us. >> All right, so Jaspreet, I remember talking to you when Druva was a new company and cloud native wasn't the thing that came to mind when we were talking about it. We've known for a long time how important data is, and protecting that and managing that, of course, is something the industry's been looking at a long time. But give us the update on kind of Druva and you brought along Kit, so we're going to be talking about some of the cool, cloud native multi-cloud modernization type things, how that fits in your world. >> Absolutely. If you think about the world, right? In 1998, say for a start, they would create a whole notion of size and no software and the whole picture, right? Since then applications went in size, then came developer tools which were in size, and now it's all about infrastructure and first your management which is getting to be a cloud native, public cloud orientated size world. To where Druva comes in. As the world gets more and more fragmented, the data gets more and more fragmented. The multiple versions of cloud are different parts of strategy. Data management has to get more and more centralized. Which is where Druva comes in and which is where me and Kit are together. I think as VMware build a strategy for multi-cloud. Pulling the whole VMC approach to multiple versions of public cloud. Druva is a great partner, to sort of bring the data management together. A single control plane to manage multiple versions of cloud deployment on a single plane. >> All right, great so Kit it sounds like VMC is the kind of key component work together. 'cause when I think at Druva, a lot of what I think of is SaaS. And SaaS isn't necessarily the first thing that I think of when I think of VMware, so... >> We're tryin' to get there, tryin' to get there Stu. >> Yeah, no but pull it together as to where your customers intersect. >> Yeah absolutely, so it's a great partnership and definitely really focused on rallying around VMware Cloud and native AWS. And the core idea there was that we could deliver a cloud service to our customers of our VMware infrastructure, right? And we'll become a SaaS company, transforming into that. And that's something that we've been very focused on strategically, right? And so VMware Cloud and AWS is really the first offering. But there's many more coming. So just earlier today we announced the availability of VMware Cloud on Dell EMC. This idea of bringing our cloud service, STDC as a service on premises, to customer data centers, to customer edge locations. And the cool part about it, as Jaspreet mentioned, is that this world is becoming more and more distributed and we're seeing that with just the number of STDCs and how they're proliferating everywhere and you do need that centralization in terms, from a management perspective in order to handle all that diversity. And so, that's the big focus for us, in terms of the infrastructure, kind of just the core compute, source, network but you then have to up-level and say, how do you think about the data? And that's really where this partnership comes in. >> Right, so Jaspreet so if I understand that correctly, what you're trying to do here is to provide one data management method, no matter where the data lives. So, I don't have to go and find one tiny thing for, oh okay, I've got this other weird bit in the corner here, that I need a special, dedicated data protection thing for, 'cause that's always difficult. Data protection is hard enough. I really don't need to have, oh how am I going to deal out of this particular thing? Oh, now I've got to go and get another tool. And learn how to use it, maintain it, keep everyone skilled in it. Well actually, I can just pick Druva and then I've solved that problem. >> That's right. I think we are more forward-looking, than backward-looking. So, what we're doing is, any new application comes into an enterprise. Think about, from a point of view of a new cloud, like a VMC, AWS deployment. If you're deploying, you know, a lot of new edge location or data centers or new cloud services, Druva's a perfect partner to bring data management, along with it. For a legacy application that you always had, you can keep your legacy vendor with you. Where it has a con wall, you can keep them as they remain in your enterprise. Bring Druva for the new applications at hence. All the new workload that are more cloud bound workload, is our core focus, hence the VMC partnership. >> Right, so does that mean I'll be able to use Druva wherever VMC is available? >> That's right. >> Yeah. >> Because you're expanding how many places I can get VMC now, I've noticed. >> Yeah, very exciting. >> That's very interesting >> It is, yeah, and I think that's again, the beauty of the partnership, is that we're doing a ton of work to deliver VMC to more and more locations. We've partnered with AWS, and now we've got global coverage, almost all the regions by the end of this calendar year. And now with VMware Cloud on Dell EMC , we can go wherever the customer is. They essentially give us a street address, and we can deliver hardware there and then operate it remotely and they can take advantage of that. And the cool thing about it, that all comes up to this control plan that we have running in the cloud and this is how we can interact with Druva. They can have a few simple APIs they can manage via us to access all those workloads that are distributed all over the place. >> Think of public cloud. Public cloud is nothing but Amazon's, initially was a concept of Amazon applying retail to IT. You can buy a resource anywhere in the globe at a fixed price point at certain SLA. That's the promise of, public cloud promise of VMC to get same VMware experience wherever you go across the world same price point. Same promise with Druva . The same data you put anywhere, can be managed, predicted end-to-end, same policy, same price point across the globe. >> And people often forget that part of it, that we're technologists. So people like to look at that the speeds and feeds and what does the technology do but there's, when you're running a business is actually a lot more to it and pricing models and things that technologists sometimes find boring. I love a good spreadsheet but something as, a simple pricing model where I can understand it and I know what it's going to do for me, was when I spin up a brand new application and I understand how am I going to manage this over the long term, how am I going to protect it, and what's it going to do for the the ROI on that? And what's that going to look like in three years' time? Not just turning up the brand new project. What is the operational cost of that going to look like? These are the kinds of things that people, I think are starting to get a lot more used to now that they particularly with cloud it's a much more operational model. It's not a build model. It's, yes build is one part of it, but you also need to be able to run and manage it >> And think of what we call the world of two ransomwares. There is a ransomware when you're worried about a data breach or data loss and there's another ransomware we have to, your data production vendor or your hardware vendors say is, you know, give me five years of money up front with the promise to manage the data eventually. So in the public cloud world, it's pay-as-you-go on demand. You need a new application you spin up a new workload in VMC in AWS. You need data protection spin up right there and then, no pre-planning, pre-positioning, architecture reviews needed. >> And I think like, the great thing about Druva and what we're talking about here in this consistency of operations. How you're managing data, really goes into the whole strategy that VMware has around driving consistency across infrastructure as well. I think one of the big value propositions that we can help with is taking a lot of this very heterogeneous infrastructure with different capabilities, different hardware form factors and layering on our virtual infrastructure which simplifies a lot of that and delivering that consistent experience. And of course data management as we said is a key part of that experience. >> Yeah, you mentioned kind of the move of VMware towards being more of a SaaS player and working in those environments. One of the flags along that journey is VMware's always had a robust ecosystem. But in the cloud my understanding is you've released now a VMware Cloud Marketplace. Reminds me a little bit of a certain cloud provider that has a very well-known marketplace. Give us a little bit about it, and Jaspreet'll, of course tell us about the Druva piece of that. >> Yeah, absolutely. We're kind of really evolving our strategic aims. Historically we've looked at how do we really virtualize an entire data center? This concept of the software-defined data center. Really automating all that and driving great speed efficiency increases. And now as we've been talking about, we're in this world where you kind of have STDCs everywhere. On Prem, in the cloud, different public clouds. And so how do you really manage across all those? These are things we've been talking about. So the cloud marketplace fits into that whole concept in the sense that now we can give people one place to go to get easy access to both software and solutions from our partners as well as open source solutions, and these are things that come from the Bitnami acquisition that we recently did. So, the idea here is that we cannot make it super simple for customers to become aware of the different solutions to draw those consistent operations that exists on top of our platform and with our partners and then make it really easy for them to consume those as well >> And Druva's part of it. We were day one launch partner on the marketplace. Marketplace serves predominantly two purposes. One is, the ease of E-commerce, you can drive through a marketplace. Second, is the ease of integration. You have a prepackaged solution, which comes along with it. It's a whole beauty of cloud, exactly as I mentioned. We see cloud beyond technology. It's an E-commerce model most companies should adapt to. And as the part of the progress, our commitment is to be in marketplace day one. Druva is right now number one ISP globabally for AWS. So we understand the whole landscape of how E-commerce gets done on public cloud very very well, and we are super thrilled to be a partnership with VMC on the marketplace, the VMC Marketplace. >> It's another one of those important indicators. I think about VMware's Cloud journey. Cloud isn't a destination, it's not a location. It's a way of doing things-- >> Kit: It's a model, yep. >> So having this this marketplace way of consuming software and becoming far more like as you say, it's STDC, but with that software as a service on Earth. You can have STDC as a service. That's probably too many letters in that. >> We use that internally, yes the STDC, AAS (laughs). >> Seeing those features coming to VMware and the partners that you bring in to that ecosystem. And Stu and I we spoke before, it's like VMware is always been a great partner for everyone in that ecosystem and it does have a real ecosystem and we see it again this year at the show. That you have these partners who come in, and you're finding ways to make it easier for those integrations to happen in a nice, easy to consume way and customers like that. So the enterprise is a heterogeneous environment. If you just do one acquisition and all of a sudden, I've got two different ways of doing the same thing. So being able to have known trusted solutions to do that, where I don't have to spend ages and ages figuring out how to, how do I configure this? I don't actually make this do what I need it to do. It's like I'm trying to solve a customer problem. I'm not trying to build technology for its own sake for most of the customers. I just want something that works, and particular with data protection, I just want it to work. >> The owners aren't producing more back abutments. >> No, which, I don't think it should. it's kind of a shame. I used to be a back out man but we don't need anymore of those >> I think this is the idea. You talked in the beginning about this notion of service delivery and how can we take all these STDC's that we have out there that customers are running, and enhance their value and enhance the value to the customer's business by adding on these value-added services. So, I think that's one of the beauties of cloud marketplace is that they can very easily extend what they, customers can extend what they already have with these additional services. >> Jaspreet, VMware's been going through a lot of change. They've made acquisitions. I saw a number of announcements today, that I don't think I would have seen back in the EMC days of you know, some of the data protection solutions being baked into the platform. Tell us what it means to be a VMware partner today. >> I think it's great to see VMware innovating and making strong progress. I think in this world of constant change it can either be in the front end of, you can never never over-innovate. You can be in the front end of, being in the edge, driving change, driving Innovation, driving chain industry or taking a back seat and then be in HPE. So I think I love to see VMware what they're doing and making all the progress and great to be a partner in this change, in this journey to see as a strong partner. >> Yeah, I mean, we're not standing still and it's funny like. So one of the biggest announcements today in my mind is Project Pacific, this re-architecture of vSphere to building Kubernetes into the fabric of what vSphere is. And it's funny when you start looking at that because I think folks have a concept in their mind, of what vSphere is, right? It's VM-based and I have worked with it in certain ways. It's got a certain API or interface and we're fundamentally changing all that. We're rethinking, as I mentioned how we deliver our STDC's, our customers consume them. And so I think that notion of being at the forefront, we're very committed to that >> Kit, I'm glad you broke it up 'cause I'm still having a little trouble thinking through it. Now on the one hand, every company is going through this, we're going to containerize everything, we're going to make it microservices, every infrastructure component, now has that fundamental building block. Docker had a ripple effect on what happens, similar to what VMware had a decade before. But I look at Project Pacific and I'm like well, when Cloud Foundry was originally created, it was, we want back then we called it Paz, but I want a thin layer, and I don't want to pull VMware along for that necessarily. It might fit underneath it, but it might not. So help us understand as to like, how is this not like, a lock into what, you're going to use vSphere and you're going to have your license agreement with us every year and now you're going to be locked into this because this is your Kubernetes platform. >> Yeah, that's a good question. So look, I actually think it drives more openness because Kubernetes is an open platform and we're integrating that in, and we're leveraging the Kubernetes API. And so, the vSphere will have two northbound APIs, one of which is based on the existing VM-based one and the other one which is Kubernetes. And so partially, it's we're actually opening it up. The cool thing about what we can do with Pacific is that we have what, 300, 400000 customers running vSphere. They have an aggregate around 70 million workloads. We're able to take that massive footprint and move it forward almost overnight by building Kubernetes into vSphere. And so the way I look at it, is this is a huge force multiplier for our customers, this ability to move their fleet of applications forward at basically, zero cost, very little cost. And while leveraging all the tools and technologies, they already have. This is another good thing, that our partnership with Druva as well, is that because the way we've architected this, all the tools that use vSphere today and the vSphere's APIs, those APIs will see the Kubernetes pods and things that are provisioned and those tools can operate on those pods just like they can on VMs. And those things just work out of the box. So like if a customer gets specific and uses Druva, and they start provisioning some pods, into Kubernetes on vSphere, Druva will see those they can manage the data, it's all automatic. And of course, Druva can do extra cool things, like even get deeper integration there. But the point is that we've got, you know thousands of partners again who's out of the box that stuff will work. Now is that lock in? No, I actually think that because people are switching over to Kubernetes, they now have the ability to move that to a different Kubernetes environment if they so see fit. Anyway, so that's my quick answer >> Think about the world. Virtualization is practically free right now. What you pay for is the enterprise, once you pay for abstraction level, remove complexity, make my scale happen, and this is where you pay for the whole VMware stack. When the customer start deploying containers, they haven't seen the complexity they would see at scale. When you see the complexity in management and data plane and insecurity plane, then they would need the ecosystem of providers to solve those complexities at scale but as we're a think if Kubernetes takes off and production application, right now it's mostly dev and test, it goes to a production application, the world would need something which is a much more robust sort of control planes to manage it end-to-end >> Yeah, I mean, we solved a lot of the hard problems around running applications in production. And I think what we're doing with Pacific, is enabling all those cool innovations to work not just for existing apps but for new Kubernetes-based apps as well. >> All right, well Kit and Jaspreet, thank you so much. A lot of new things for everybody to dig into and I always appreciate both of you and your teams are very responsive and dig in. Be looking forward to more blog posts and more podcasts from your team and the like, to go into it more. For Justin Warren, I'm Stu Miniman. We have tons more coverage here at VMworld 2019. Thank you so much for watching theCUBE. (upbeat music)

(upbeat electronic music) >> Live from Las Vegas, it's theCUBE covering AWS re:Invent 2018. Brought to you by Amazon Web Services, Intel, and their ecosystem partners. >> Hi everyone, welcome back to theCUBE, we're live in Las Vegas for AWS Amazon Web Services re:Invent 2018. It's the sixth year of theCUBE coverage. Two sets wall-to-wall. Day two of day four, day one of our broadcast, two more days, wall-to-wall coverage. I'm John Furrier, your host. Our next two guests are from Druva. We've got Jaspreet Singh, CUBE alumni, founder and CEO, and Mike Palmer, chief product officer from Druva. You guys are in the middle of it, welcome to theCUBE. >> Thanks very much. >> Thanks for coming on. >> Thank you. >> Good to see you guys. I want to get into it because I just had another guest on earlier. We talked about the holy trinity of infrastructure has been compute, networking, and storage, right? Those things are not, those are evolving, now they're coming together and they're changing. You get a lot of compute here, you can do more storage there, you got networking. We're expecting to hear a lot of announcements about connectivity. But the new dynamics of the infrastructure really encapsulates why cloud's been so successful. Okay great, cloud's great, DevOps, microservices. Check check check. We all love that, we believe it. But the big thing that people, I won't say be blindsided by, but aren't talking as much about is just the impact of data. Okay, you guys were out early on it, you saw the architecture in the cloud. Are people finally getting it? The cloud and data are coming together architecturally, thinking-wise, impact to customer. You guys started attacking that problem early on. What's your vibe here at re:Invent about the role of data and cloudification? >> Sure, I think if you look back and understand why cloud happened in the first place, right? So if you look at Amazon itself or AWS, it's Amazon's retail API is applied to everything IP. Where you could, we could buy and consume services on a price point across the globe as APIs. And now if you fast-forward, the right decide the compute, network is all coming together, the new realm of self serverless computing, all these turns are pioneering more and more increased data creation. Either in the data center, at the edge, or in the cloud. And unless you do something more holistic, sort of manage it, to protect it, to manage it, it's getting harder and harder to put your arms around the data growth. And cloud is a great answer to the whole data management, or the whole creation and management of data, given that the traditional systems are not very, very defined in the way data is going. Data used to be in Oracle, and VMware, and Siebel Systems, and everything else, now it's more image sensor, media text, apps which have been created. The new realm of data is very hard to put arms around with traditional routes of putting in the box in the middle of data. That's why the cloud is key to it. >> On the product side, you guys have been attacking the data. Amazon's expecting to announce here, they've done some pre-announcements, the role of consistency. It's something that we've talked about on theCUBE in our studio and at events. You guys have been on this from day one. Cloud operations on-premises, and the cloud should look the same, has to be consistent. Andy Jassy is going to be banging that drum tomorrow in his keynote. You guys have been part of AWS for a long time, your relationship. Are they getting that messaging from you guys? (chuckles) I mean, Andy, they all be in the public cloud now that he's back on-premise. So he's listening to the customers. I mean, Andy's very straight up about it. He's like, hey, I'm a big guy. I can handle the criticism. Customers want it on-premise. I'd love her when it come to the cloud, but that's what they want. >> It certainly would be flattery that they took messaging from Druva. (John laughing) And I'm not sure that-- >> But you guys have been, cover the relationship with Amazon first. How long have you guys been working with Amazon? >> We work five years now. Very good relationship with Amazon. >> And the product side is impacted in their ecosystem. How are you guys doing relative to the architecture of Amazon? >> I think we're the only natively architected solution in the market today. And so, if you saw this morning, we were right there on the board with some of the companies that have been around for decades, primarily because if you think about the generations of data protection solutions where you started with tape on mainframe, and you moved to one of the four legacy providers in the client's server space, you had another one that really popped up with VMware. Druva really owns the cloud space. And that requires, as you mentioned, a different architecture, adoption of more of an object storage model, the ability to natively store data in a file system in the cloud. That's different than what anyone has built in the past, and I think that's what the relationship with AWS is built on. >> So you think that Jassy's going on his on-premise mess-ee-mah consistently validates what you guys do? >> Without a doubt. He's gotten a lot of customers moving to AWS over the years, and some of them have some real barriers. I think AWS is doing what they always have done well. Listen to their customers, create solutions for those customers, and in the case of Druva, for example, being able to be integrated in a Snowball Edge which is unique to Druva, serving those customers, moving data to the cloud but allowing 'em local restore? Give 'em-- >> Andy Jassy announces AWS on-premise which is what we're expecting to see tomorrow. It's maybe some sort of appliance or something along those lines. We'll see what it comes out as. That's essentially the Azure stack model done right. From their premier perspective. Amazon on Amazon, Amazon on-premise, you can run it in the cloud. This sounds like a tailwind for you guys. How will that impact your business? How is Druva going to be impacted? To me, it would seem like it's just, you don't miss a beat. Sounds like it's going to be a good thing. Your thoughts. >> I think as Mike mentioned when he joined the company as well, right? The beauty of, what I didn't even realize, is that every time Amazon improves the platform, Druva is almost automatically benefited, given they're so, they really build on them. So when Amazon announced Snowball Edge, we were a launch partner with them, and third-party apps should be provision on Snowball Edge. I have a different take on the on-premise word than what the world think of. I think ultimately cloud or no cloud, it's all about helping the customer. If my understanding is correct, what Amazon is trying to do is to create a better way for customers to adapt more to public cloud, which is going deep in data center. There's a difference between doing enough on the edge to make the way for the cloud versus trying to do the legacy of going on-premise. So as Amazon creates that corridor for the option, Druva's naturally a good fit for it and part of it. >> Yeah, certainly that being cloud native with AWS is going to give you guys a good lift. Kind of a lay up question there. Let's get into the customer latency question, 'cause this has come up, expect to hear this a lot as well. Latency matters, latency certainly is a key criteria. Why the on-premise strategy? I would say Snowball, they're kickin' the tires. They did the VMware RDS deal on-premise, then so, this was not like an awakening for Amazon, they were going down that road. A little bit more deeper. What is the impact to customers, in you guys' opinion, of the move from Amazon? What's your thoughts? How deep in the enterprise does it go? How will this impact cloud migration? Is it going to change lift-and-shift to be more of a container strategy where you containerize it, then shift it? Some will not shift? What's your thoughts on the impact of cloud on-premise? >> So, I think there's three kinds of clouds. One is where you're trying to build any new applications in cloud which is where mostly Amazon comes in. Second is you can build a pre-made SaaS application. And third is the lift-and-shift. They're trying to still keep it tied to the data center, and putting some local in the cloud. And the third category is where latency matters. And just like virtualization, the last critical app to be virtualized was Exchange and SQL, right? When Exchange got virtualized, the data center opened the door, right? >> Yeah. >> The last critical app left in the way for major clouded option is, seems like Oracle. So which is where our RDS on-premise announced, which is where latency becomes key if you have to adopt some of those financial applications being built in the cloud where hyper-critical latency or uptime is needed. So that's a last hinge for some of the large enterprises to see more clouded option. >> Mike, talk about the product innovations. So people that don't know Druva, they see a lot of hype out there in this market. A lot of advertising, a lot of funding, venture-backed funding, you guys are startup. Pretty competitive. Where are you guys winning? What are the key innovations in the product that you guys have? Take a minute to explain your key value for your customers. >> Well, the first thing I think we want our customers to remember is if you're moving your workloads into an Amazon environment, or you're adopting cloud, we're the only natively architected solution. So just like you would have bought, a competitor for example in the VMware space, you're going to buy Druva because of its advantages to scale with Amazon in terms of its compute, to be able to allow you to tier into the various storage options that they create almost on a quarterly basis for you. But beyond all the infrastructure basics, we are converging services that otherwise were separate silos on-premises. So if you are a customer of one of the legacy providers, and you needed eDiscovery, you bought an eDiscovery product. You needed archive? You bought an archive product. You got backup, you bought backup product. The beauty of having a file system in the cloud is you can buy all of those operations against a single object store. So the definition's changing, we're offering that advantage. >> And one more point to it is also the go-to-market strategy. You saw David McCann this morning talk about Marketplace and how it's going to reshape the selling motion for them. And he mentioned Druva as the key Marketplace partner. With also tooling, or retooling the go-to-market motion of how customers wants to best buy a SaaS service and not a hardware, software model, impacting the real agility and time to market for businesses. >> Are you guys in the Marketplace? >> Absolutely. >> Yeah. >> You guys are on to something really big here and I think it's not well understood, the industry yet. I want to just think out loud for a minute. You mentioned that I got to buy eDiscovery, siloed app. 'Cause that's the old way. I mean, cloud's kind of a horizontally scalable fabric. Some of the best solutions aren't pure plays. So you guys are I think the first company of its kind that kind of is not in a category. I mean, I see how you want to be in a category. Gartner has the Magic Quadrant, backup and recovery, okay. You got to be in some and you win that one, you get some good marks on that. But cloud is more, it helps, maybe it could be leading backup and recovery, but it's not a solution for that. Just delivers value that happens to be for backup and recovery, powered by software. >> That's right. >> So this is the cloud dynamic of having the kind of scale. This is a whole new paradigm of software development. Your reaction to that, do you agree? >> Tell-- >> I totally agree. And I think you hit on two very important points. You know, one is data is a platform in the cloud, now it's a surface that you can operate on. You can add services, you can integrate with ecosystem services. Not everything is going to come from Druva. But unlike competitors, when you are with Druva, we are going to enable you to work with those providers. I think the second one, and the one, personally having come from an ISV environment, is this. If I have a great idea today, 65% of my customers wouldn't be in production with my idea for 2 1/2 years. >> Yeah, the time. >> That model's gone. If Amazon announces a service today as Jaspreet mentions, we want our customers to be taking advantage of that with their data today. >> Talk about the impact of the ecosystem that you guys are seeing, just thoughts on the industry. Jaspreet, you seem to have been around them. You've seen the movie a few times. What's coming? Because if these net-new workloads, again, you're going to hear Andy Jassy talk about this on the keynote tomorrow, new net-new workloads. AI's being powered, ML is being powered by compute availability. So that changes that industry. Kind of a slow, stuck in the mud for 20 years AI. You see Lumi's been around for not new science. But with compute, new magic happens. This the dynamic. What's your thoughts on the ecosystem. Those old solutions are going to die. There's going to be winners and losers. Who are the winners and who are the loser? >> I think the time will say how people take on the challenges. We believe that three core changes coming to cloud. One is serverless computing. In a big way. To drive the cost down of computing dramatically. And also converge the whole networking storage compute in a single mine center. Second is machine learning, or what in Druva we call AI of Things. How machine learning will be like mobility of 10 years ago to impact almost every single piece of software to make it smarter. >> Machine learning first is going to be a new trend. >> Exactly. >> We just called it right now on theCube. ML first. (Mike chuckling) >> And then the third trend is going to be around the nature of enterprise to analyze content. The whole Spark, or Kafka, or, the entire availability of metadata on your fingertips to sort of mine information, the available data, data on the platform, is going to be a predominant thing in the future. So put them together, the possibilities are limitless. You have a data platform which you can mine more cost effectively to the serverless, and be a lot more effective through machine learning. >> I think you guys are a data platform without a doubt. You're not backup and recovery. It's just one of the things you happen to do. And you need a category to start with. I mean, this is a data platform. And you're seeing that all over the place. I just saw a presentation from the FBI, counter-terrorism, they just can't put the puzzles together fast enough on these investigations 'cause the databases are everywhere. So just latency, talk about time to value, just ridiculous. Bad guys are winning. IT is going through the same thing. >> I think software in general has moved away from proprietary and more toward open standards, and so you're going to look for solutions that enable an ecosystem, that don't lock you into a container for one purpose, and we're taking a hold of that trend. >> Alright, guys, real quick, we going to end this segment. What's going on with Druva? Quick plug. How many people? What's on the roadmap? Where's the new innovation, where's the disruption coming? >> You take that? >> Roadmap, 600 people and growing. And the company was just an exciting place to be. Jaspreet mentions one of the most important things. Customer's think about three things. How much does it cost me? It it reducing my risk, or making me more agile? And we're focused on all three. You'll see us, serverless architecture's going to continue to reduce costs. Adopting Amazon storage tiers is going to help our customers reduce costs. From the making them better point of view, you're going to see more eDiscovery, legal hold, performance is going to improve, integration with premises, we got a lot going on at Druva. >> Lambda is so much faster than spitting up an instance, that's for sure. >> That's right, that's right. >> Your thoughts, final word. >> I think data science and machine learning is a big core focus of Druva. I think we have over 100 petabyte in management today. About, as he said, about 600 employees and growing very, very rapidly. How we monetize this 100 petabyte with the cloud through us, with customers, know how our knowledge is a big focus area for us. And also the data born in the cloud. The focus has shifted to your point of newer clouds. How do we tackle the new world clouds? Born in the cloud, born outside the core center of data center, and tackling those. A big focus for us going into next year. >> Congratulations, guys. Jaspreet, I know as founder it's always hard to stand up a company. You guys are doing well, congratulations. You got the right architecture, you got the right product roadmap. Congratulations, I'm looking forward to hearing more. Cloudification, new workloads, scale. This is the new buzzwords around competitive advantage and value. It's theCUBE bringing you all the coverage here from re:Invent. Stay with us for more after this short break. (futuristic beep) (futuristic electronic music)