>>The cube is back at Vemo 2022. I was happy to be live. Dave ante, Dave Nicholson and Dave Russell three Daves. Dave is the vice president of enterprise strategy at Veeam. Great to see you again, my friend. Thanks for coming >>On. Uh, it's always a pleasure. And Dave, I can remember your name. I can't remember >>Your name as well. <laugh> so wow. How many years has it been now? I mean, add on COVID is four years now. >>Yeah, well, three, three solid three. Yeah, Fallon blue. Uh, last year, Miami little secret. We're gonna go there again next year. >>Okay, so you joined Veeam >>Three. Oh, me four. Yeah, >>Yeah, yeah. Four is four, right? Okay. Wow. >>Um, time flies, man. >>Interesting. What your background, former analyst analyze your time at Veeam and the market and the changes in the customer base. What, what have you seen? What are the big takeaways? Learnings? >>Yeah. You know, what's amazing to me is we've done a lot more research now, ourselves, right? So things that we intuitively thought, things that we experienced by talking to customers, and of course our partners, we can now actually prove. So what I love is that we take the exact same product and we go down market up market. We go across geographies, we go different verticals and we can sell that same exact product to all constituencies because the differences between them are not that great. If it was the three Dave company or the 3m company, what you're looking for is reliable recovery, ease of use those things just transcend. And I think there used to be a time when we thought enterprise means something very different than mid-market than does SMB. And certainly your go to market plans are that way, but not the product plans. >>So the ransomware study, we had Jay buff on earlier, we were talking about it and we just barely scratched the surface. But how were you able to get people to converse with you in such detail? Was it, are you using phone surveys? Are you, are, are you doing web surveys? Are you doing a combination? Deep >>Dives? Yeah. So it was web based and it was anonymous on both ends, meaning no one knew VE was asking the questions. And also we made the promise that none of your data is ever gonna get out, not even to say a large petroleum company, right. Everything is completely anonymized. And we were able to screen people out very effectively, a lot of screener questions to make sure we're dealing with the right person. And then we do some data integrity checking on the back end. But it's amazing if you give people an opportunity, they're actually very willing to tell you about their experience as long as there's no sort of ramification about putting the company or themselves at risk. >>So when I was at IDC, we did a lot of surveys, tons of surveys. I'm sure you did a lot of surveys at Gartner. And we would look at vendor surveys like, eh, well, this kind of the questions are rigged or it's really self-serving. I don't sense that in your surveys, you you've, you've always, you've still got that independent analyst gene. Is that, I mean, it's gotta be, is it by design? Is it just happen that ransomware is a topic that just sort of lends itself to that. Maybe you could talk about your philosophy there. >>Yeah. Well, two part answer really, because it's definitely by design. We, we really want the information. I mean, we're using this to fuel or inform our understanding of the market, what we should build next, what we should message next. So we really want the right data. So we gotta ask the right questions. So Jason, our colleague, Julie, myself, we work really hard on trying to make sure we're not leading the witness down a certain path. We're not trying to prove our own thesis. We're trying to understand what the market really is thinking. And when it comes to ransomware, we wanna know what we don't know, meaning we found a few surprises along the way. A lot of it was confirmational, but that's okay too. As long as you can back that up, cuz then it's not just Avenger's opinion. Of course, a vendor that says that they can help you do something has data that says, they think you uni have a problem with this, but now we can actually point to it and have a more interesting kind of partnership conversation about if you are like 1000 other enterprises globally, this may be what you're seeing. >>And there are no wrong answers there. Meaning even if they say that is absolutely not what we're seeing. Great. Let's have that conversation that's specific to you. But if you're not sure where to start, we've got a whole pool of data to help guide that conversation. >>Yeah. Shout out to Julie Webb does a great job. She's a real pro and yes. And, and really makes sure that, like you say, you want the real, real answers. So what were some of the things that you were excited about or to learn about? Um, in the survey again, we, we touched just barely touched on it in 15 minutes with Jason, but what, what's your take? Well, >>Two that I'd love to point out. I mean, unfortunately Jason probably mentioned this one, you know, only 19% answered when we said, did you pay the ransom? And only 19% said, no, I didn't pay the ransom. And I was a hundred percent successful in my recovery. You know, we're in Vegas, one out of five odds. That's not good. Right? That's a go out of business spot. That's not the kind of 80 20 you want to hear. That's not exactly exactly. Now more concerning to me is 5% said no ransom was asked for. And you know, my phrase on that is that's, that's an arson event. It's not an extortion event. Right. I just came to do harm. That's really troubling. Now there's a huge percentage there that said we paid the ransom about 24% said we paid the ransom and we still couldn't restore the data. So if you add up that 24 in that five, that 29%, that was really scary to me. >>Yeah. So you had the 19%. Okay. That's scary enough. But then you had the wrecking ball, right? Ah, we're just gonna, it's like the mayhem commercial. Yes. Yeah. See ya. Right. Okay. So <laugh>, that's, that's wild. So we've heard a lot about, um, ransomware. The thing that interests me is, and we've had a big dose of ransomware as analysts in these last, you know, 12, 18 months and more. But, but, but it's really escalated. Yeah. Seems like, and by the way, you're sharing this data, which is amazing. Right. So I actually want to dig in and steal some of the, the data. I think that's cool. Right? Definitely. You gave us a URL this morning. Um, so, but you, your philosophy is to share the data. So everybody sees it, your customers, your prospects, your competitors, but your philosophy is to why, why are you sharing that data? Why don't you just keep it to yourself and do it quietly with customers? >>Yeah. You know, I think this is such a significant event. No one vendor's gonna solve it all. Realistically, we may be tied for number one in market share statistically speaking, but we have 12.5%. Right. So we're not gonna be able to do greater good if we're keeping that to ourselves. And it's really a notion of this awareness level, just having the conversation and having that more open, even if it's not us, I think is gonna be beneficial. It speaks to the value of backup and why backup is still relevant this day and age. >>I dunno if you're comfortable answering this, but I'll ask anyway, when you were a Gartner analyst, did you get asked about ransomware a lot? >>No. >>Very rarely or never. >>Almost never. Yeah. And that was four years ago. Literally. Like it >>Was a thing back then, right? I mean it wasn't of course prominent, but it was, it was, I guess it wasn't that >>20 16, 20 17, you know, it's, it's interesting because at a couple of levels you have the, um, the willingness of participants to share their stories, which is a classic example of people coming together to fight a common fo. Yeah, yeah. Right. In the best of times, that's what happens. And now you're sharing that information out. One of the reasons why some would argue we've gotten to this place is because day zero exploits have been stockpiled and they haven't been shared. So you go to, you know, you go, you go through the lineage that gets you to not pet cat as an example. Yes. And where did it come from? Hey, it was something that we knew about. Uh, but we didn't share it. Right. We waited until it happened because maybe we thought we could use it in, in some way. It's, it's an, it's an interesting philosophical question. I, I don't know. I don't know. I don't know where, if that's, uh, the third, it's the one, the third rail you don't want to touch, but basically we're, we are, I guess we're just left to sort through whatever, whatever we have to sort through in that regard. But it is interesting left to industry's own devices. It's sharing an openness. >>Yeah. You know, it's, I almost think it's like open source code. Right? I mean, the promise there is together, we can all do something better. And I think that's true with this ransomware research and the rest of the research we do too. We we've freely put it out there. I mean, you can download the link, no problem. Right. And go see the report. We're fine with that. You know, we think it actually is very beneficial. I remember a long time ago, it was actually Sam Adams that said, uh, you know, Hey, there's a lot of craft brewers out there now, you know, is, are you as a craft brewery now? Successful? Are you worried about that? No. We want every craft brewery to be successful because it creates a better awareness. Well, an availability market, it's still Boston reference. >>What did another Boston reference? Yes. Thank you, >>Boston. And what <laugh>. >>Yeah. So, you know, I, I, I feel like we've seen these milestone, you know, watershed events in, in security. I mean, stucks net sort of yeah. Informed us what's possible with nation states, even though it's highly likely that us and Israel were, were behind that, uh, the, the solar winds hack people are still worried about. Yes. Okay. What's next. Even, even something now. And so everybody's now on high alert even, I don't know how close you guys followed it, but the, the, uh, the Okta, uh, uh, breach, which was a fairly benign incident. And technically it was, was very, very limited and very narrow in scope. But CISOs that I talked to were like, we are really paranoid that there's another shoe to drop. What do we do? So the, the awareness is way, way off the charts. It begs the question. What's next. Can you, can you envision, can you stay ahead? It's so hard to stay ahead of the bad guys, but, but how are you thinking about that? What this isn't the end of it from your standpoint? >>No, it's not. And unfortunately it's because there's money to be made, right? And the barrier to entry is relatively low. It's like hiring a Hitman. You know, you don't actually have to even carry out the bad act yourself and get your own hands dirty. And so it's not gonna end, but it it's really security is everyone's responsibility. Veeam is not really a full time security company, but we play a role in that whole ecosystem. And even if you're not in the data center as an employee of a company, you have a role to play in security. You know, don't click that link, lock the door behind you, that type of thing. So how do you stay ahead of it? I think you just continually keep putting a focus on it. It's like performance. You're never gonna be done. There's always something to tune and to work on, but that can be overwhelming. So the positive I try to tell someone is to your point, Dave, look, a lot of these vulnerabilities were known for quite some time. If you were just current on your patch levels, this could have been prevented, right? You could have closed that window. So the thing that I often say is if you can't do everything and probably none of us can do something and then repeat, do it again, try to get a little bit better every period of time. Whether that's every day, every quarter, what case may be, do what you can. >>Yeah. So ransomware obviously very lucrative. So your job is to increase the denominator. So the ROI is lower, right? And that's a, that's a constant game, right? >>Absolutely. It is a crime of opportunity. It's indiscriminate. And oftentimes non-targeted now there are state sponsored events to your point, but largely it's like the fishermen casting the net out into the ocean. No idea with certainty, what's gonna come back. So I'm just gonna keep trying and trying and trying our goal is to basically you wanna be the house on the neighborhood that looks the least inviting. >>We've talked about this. I mean, any, anyone can be a, a, a ransomware as to go in the dark web, ransomware's a service. Oh, I gotta, I can put a stick into a server and a way I go and I get some Bitcoin right. For it. So, so that's, so, so organizations really have to take this seriously. I think they are. Um, well you tell me, I mean, in your discussions with, with, with customers, >>It's changed. Yeah. You know, I would say 18 months ago, there was a subset of customers out there saying vendors, crying Wolf, you know, you're trying to scare us into making a purchase decision or move off of something that we're working with. Now. I think that's almost inverted. Now what we see is people are saying, look, my boss or my boss's boss's boss, and the security team are knocking on my door asking, what are we gonna do? What's our response? You know, how prepared are we? What kind of things do we have in place? What does our backup practice do to support ransomware? The good news though, going back to the awareness side is I feel like we're evangelizing this a little less as an industry. Meaning the security team is well aware of the role that proper backup and availability can play. That was not true. A handful of years ago. >>Well, that's the other thing too, is that your study showed the closer the practitioner was to the problem. Yes. The more problems there were, that's an awareness thing. Yes. That's not a, that's not, oh, just those guys had visibility. I wanna ask you cuz you've You understand from an application view, right. There's only so much Veeam can do. Um, and then the customer has to have processes in place that go beyond just the, the backup and recovery technology. So, so from an application perspective, what are you advising customers where you leave off and they really have to take over this notion of shared responsibility is really extending beyond cloud security. >>Yeah. Uh, the model that I like is interestingly enough, what we see with Caston in the Kubernetes space. Mm-hmm <affirmative> is there, we're selling into two different constituencies, potentially. It's the infrastructure team that they're worried about disaster recovery. They're worried about backup, but it's the app dev DevOps team. Hey, we're worried about creating the application. So we're spending a lot of focus with the casting group to say, great, go after that shift, left crowd, talk to them about a data availability, disaster recovery, by the way you get data movement or migration for free with that. So migration, maybe what you're first interested in on day one. But by doing that, by having this kind of capability, you're actually protecting yourself from day two issues as well. >>Yeah. So Let's see. Um, what haven't we hit on in this study? There was so much data in there. Uh, is that URL, is that some, a private thing that you guys shared >>Or is it no. Absolutely. >>Can, can you share the >>URL? Yeah, absolutely. It's V E E so V two E period am so V with the period between the E and the a forward slash RW 22. So ransomware 22 is the research project. >>So go there, you download the zip file, you get all the graphics. Um, I I'm gonna dig into it, uh, maybe as early as this, this Friday or this weekend, like to sort of expose that, uh it's you guys obviously want this, I think you're right. It's it's it's awareness needs to go up to solve this problem. You know, I don't know if it's ever solvable, but the only approach is to collaborate. Right. So I, I dunno if you're gonna collaborate with your head-to-head competitors, but you're certainly happy to share the data I've seen Dave, some competitors have pivoted from data protection or even data management to security. Yes. I see. I wonder if I could run a premise by, I see that as an adjacency to your business, but not sort of throwing you into the security bucket. What are your thoughts on that? >>Yeah. You know, certainly respect everything other competitors are doing, you know, and some are getting very, you know, making some good noise and getting picked up on that. However, we're unapologetically a backup company. Mm-hmm, <affirmative>, we're a backup company. First. We're worried about security. We're worried about, you know, data reuse and supporting shift, left types of things, but we're not gonna apologize for being in the backup availability business, not, not at all. However, there's a role that we can play. Having said that that we're a role. We're a component. If you're in the secondary storage market, like backup or archiving. And you're trying to imply that you're going to help prevent or even head off issues on the primary storage side. That might be a little bit of a stretch. Now, hopefully that can happen that we can go get better as an industry on that. >>But fundamentally we're about ensuring that you're recoverable with reliability and speed when you need it. Whether we're no matter what the issue is, because we like to say ransomware is a disaster. Unfortunately there's other kind of disasters that happen as well. Power failures still happen. Natural issues still occur, et cetera. So all these things have to be accounted for. You know, one of our survey, um, data points basically said all the things that take down a server that you didn't plan on. It's basically humans at the top human error, someone accidentally deleted something and then malicious humans, someone actually came after you, but there's a dozen other things that happened too. So you've gotta prepare for all of that. So I guess what I would end up with saying is you remember back in the centralized data centers, especially the mainframe days, people would say, we're worried about the smoking hole or the smoking crater event. Yeah. Yeah. The probability of a plane crashing into your data bunker was relatively low. That was when it got all the discussion though, what was happening every single day is somebody accidentally deleted a file. And so you need to account on both ends of the spectrum. So we don't wanna over rotate. And we also, we don't want to signal to 450,000 beam customers around the world that we're abandoning you that were not about backup. That's still our core >>Effort. No, it's pretty straightforward. You're just telling people to back up in a way that gives them a certain amount of mitigation yes. Or protection in the event that something happens. And no, I don't remember anything about mainframe. He does though though, much older than me >>EF SMS. So I even know what it stands for. Count key data don't even get me started. So, and, and it wasn't thank you for that answer. I didn't mean to sort of a set up question, but it was more of a strategy question and I wish wish I could put on your analyst hat because I, I feel, I'll just say it. I feel as though it's a move to try to get a tailwind. Maybe it's a valuation play. I don't know. But I, I, it resonated with me three years ago when everybody was talking data management and nobody knew what that meant. Data management. I'm like Oracle. >>Right. >>And now it's starting to become a little bit more clear. Um, but Danny Allen stuff and said, it's all about the backup. I think that was one of his keynote messages. So that really resonated with me cuz he said, yeah, it starts with backup and recovery. And that's what, what matters most to these customers. So really was a strategy question. Now maybe it does have valuation impact. Maybe there's a big market there that can be consolidated. You know, uh, we, this morning in the analyst session, we heard about your new CEO's objectives of, you know, grabbing more market share. So, and that's, that's an adjacency. So it's gonna be interesting to see how that plays out far too many security vendors. As, as we know, the backup and recovery space is getting more crowded and that is maybe causing people to sort of shift. I don't know, whatever right. Or left, I guess, shift. Right. I'm not sure, but um, it's gonna be really interesting to watch because this has now become a really hot space after, you know, it's been some really interesting momentum in certain pockets, but now it's everywhere it's coming ubiquitous. So I'll give you the last word Dave on, uh, day one, VEON 20, 22. >>Yeah. Well boy, so many things I could say to kind of land the plane on, but we're just glad to be back in person. It's been three years since we've had a live event in those three years, we've gone from 300,000 customers to 450,000 customers. The release cadence, even in the pandemic has been the greatest in the company's history in 2020, 2021, there's only about three dozen software only companies that have hit a billion dollars and we're one of them. And that, you know, that mission is why hasn't changed and that's why we wanna stay consistent. One of the things Danny always likes to say is, you know, we keep telling the same story because we're not wanting to deviate off of that story and there's more work to be done. And to honors point, you know, Hey, if you have ambitious goals, you're gonna have to look at spreading your wings out a little bit wider, but we're never gonna abandon being a backup. Well, >>It's, it's clear to me, Dave on was not brought in to keep you steady at a billion. I think he's got a site set on five and then who knows what's next? Dave Russell, thanks so much for coming back in the cube. Great to >>See always a pleasure. Thank you. >>All right. That's a wrap for Dave one. Dave ante and Dave Nicholson will be backed tomorrow with a full day of coverage. Check out Silicon angle.com for all the news, uh, youtube.com/silicon angle. You can get these videos. They're all, you know, flying up Wiki bond.com for some of the research in this space. We'll see you tomorrow.