>>Drew and I are pleased to welcome Kevin Warda. Who's the director of information technology services at the Hotchkis school, a very prestigious and well respected boarding school in the beautiful Northwest corner of Connecticut. Hello, Kevin? >>Hello. It's nice to be here. Thanks for having me. >>Yeah, you, you bet. Hey, tell us a little bit more about the Hotchkis school and your role. >>Sure. The hacha school is an independent boarding school, grades nine through 12, as you said, very prestigious and in an absolutely beautiful location on the deepest freshwater lake in Connecticut, we have 500 K 500 acre main campus and a 200 acre farm down the street. My role is as the director of information technology services, essentially to oversee all of the technology that supports the school operations, academics, sports, everything we do on campus. >>Yeah. And you've had a very strong history in the educational field, you know, from that lens what's, what's the unique, you know, or not unique, but the pressing security challenge that's top of mind for you. >>I think that it's clear that educational institutions are a target these days, especially for ransomware. We have a lot of data that can be used by threat actors and schools are often underfunded in the area of it, security it in general sometimes. So I think threat actors often see us as easy targets or at least worthwhile to try to get into, >>Because specifically you are potentially spread thin underfunded. You gotta, you, you got students, you got teachers. So there really are some, are there any specific data privacy concerns as well around student privacy or regulations that you can speak to? >>Certainly because of the fact that we're an independent boarding school, we operate things like even a health center. So data privacy regulations across the board in terms of just student data rights Ferra, some of our students are under 18. So data privacy laws such as Copa apply HIPAA can apply. We have PCI regulations with many of our financial transactions, whether it be fundraising through alumni development, or even just accepting the revenue for tuition. So it's, it's a unique place to be. Again, we operate very much like a college would, right? We have all the trappings of a, of a private college in terms of all the operations we do. And that's what I love most about working education is that it's, it's all the industries combined in many ways. >>Very cool. So let's talk about some of the defense strategies from a practitioner point of view, then I want to bring in, in drew to the conversation. So what are the, the best practice and the right strategies from your standpoint of defending your, your data? >>Well, we take a defense and depth approach. So we layer multiple technologies on top of each other to make sure that no single failure is a key to getting beyond those defenses. We also keep it simple. You know, I think there's some core things that all organizations need to do these days in including, you know, vulnerability scanning, patching using multifactor authentication and having really excellent backups in case something does happen. >>Drew, are you seeing any similar patterns across other industries or customers? I mean, I know we're talking about some uniqueness in the education market, but what, what, what can we learn from other adjacent industries? >>Yeah, I, you know, Kevin is spot on and I love hearing what, what he's doing going back to our prior conversation about zero trust, right? That defense in depth approach is beautifully aligned, right? With a zero trust approach, especially things like multifactor authentication, always shocked at how few folks are applying that very, very simple technology and, and across the board, right? I mean, Kevin is referring to, you know, financial industry, healthcare industry, even, you know, the security and police, right. They need to make sure that the data that they're keeping evidence right. Is secure and imutable right, because that's evidence, >>Well, Kevin paint a picture for us, if you would. So you were primarily on, Preem looking at potentially, you know, using more cloud, you were a VMware shop, but tell us, paint a picture of your environment, kind of the applications that you support and, and the kind of, I wanna get to the before and the, after wasabi, but start with kind of where you came from. >>Sure. Well, I came to the hatchet school about seven years ago and I had come most recently from public K12 and municipal. So again, not a lot of funding for it in general security or infrastructure in general. So Nutanix was actually a solu, a hyperconverged solution that I implemented at my previous position. So when I came to Hodges and found mostly on-prem workloads, everything from the student information system to the card access system, that students would use financial systems, they were almost all on premise, but there were some new SAS solutions coming in play. We had also taken some time to do some business continuity planning, you know, in the event of some kind of issue. I don't think we were thinking about the pandemic at the time, but certainly it helped prepare us for that. So as different workloads were moved off to hosted or cloud based, we didn't really need as much of the on premise compute and storage as, as we had. And it was time to retire that cluster. And so I brought the experience I had with Nutanix with me, and we consolidated all that into a, a hyper-converged platform, running Nutanix AV, which allowed us to get rid of all the cost of the VMware licensing as well. And it is an easier platform to manage, especially for small it shops like ours. >>Yeah. AHV is the Acropolis hypervisor. And so you migrated off of VMware avoidance V the VTax avoidance. That's a common theme among Nu Nutanix customers. And now did you consider moving into AWS? You know, what was the catalyst to consider wasabi as part of your defense strategy? >>We were looking at cloud storage options and they were just all so expensive, especially in egress fees to get data back out, WASA became across our, our desks. And it was such a low, low barrier to entry to sign up for a trial and get, you know, terabyte for a month. And then it was, you know, $6 a month for terabyte. After that, I said, we can try this out in a very low stakes way to see how this works for us. And there was a couple things we were trying to solve at the time. It wasn't just a place to put backup, but we also needed a place to have some files that might serve to some degree as a content delivery network. Some of our software applications that are deployed through our mobile device management needed a place that was accessible on, on the internet that they could be stored as well. >>So we were testing it for a couple different scenarios and it worked great, you know, performance wise, fast security wise. It has all the features of, of S3 compliance that works with, with Nutanix and anyone who's familiar with S3 permissions can apply them very easily. And then there was no egress fees. We can pull data down, put data up at will, and it's not costing us any extra, which is excellent because especially in education, we need fixed costs. We need to know what we're gonna spend over a year before we spend it and not be hit with, you know, bills for, for egres or, or because our workload or our data storage footprint grew tremendously. We need, we need that. We, we can't have the variability that the cloud providers would give us. >>So Kevin, you, you explained you're hypersensitive about security and privacy for obvious reasons that we discussed. Were you concerned about doing business with a company with a funny name? Was it the trial that got you through that knothole? How did you address those, those concerns as an it practitioner? >>Yeah, anytime we adopt anything, we go through a risk review. So we did our homework and we checked the funny name really means nothing. There's lots of companies with funny names. >>I think we don't go based on the name necessarily, but we did go based on the history understanding, you know, who started the company, where it came from and really looking into the technology, understanding that the value proposition, the ability to, to provide that lower cost is based specifically on the technology, in which it lays down data. So, so having a legitimate, reasonable, you know, excuse as to why it's cheap, we weren't thinking, well, you know, you get what you pay for it. It may be less expensive than alternatives, but it's, it's not cheap. It's not, you know, it's, it's reliable. And that was really our concern. So we, we did our homework for sure before even starting the trial, but then the trial certainly confirmed everything that we had learned. >>Yeah. Thank you for that. Drew explain the whole egres charge. We hear a lot about that. What do people need to know? >>First of all, it's not a funny name, it's a memorable name, date, just like the cube. Let's be very clear about that. Second of all egres charges. So, you know, other storage providers charge you for every API call, right? Every get every, put every list, everything okay. It's, it's part of their, their, you know, their, their process. It's part of how they make money. It's part of how they cover the cost of all their other services. We don't do that. And I think, you know, as, as Kevin has pointed out, right, that's a huge differentiator because you're talking about a significant amount of money above and beyond. What is the list price? In fact, I would tell you that most of the other storage providers, hyperscalers, you know, their list price, first of all, is, is, you know, far exceeding anything else in the industry, especially what we offer and then right. Their, their additional cost, the egres cost, the API requests can be two, three, 400% more on top of what you're paying per terabyte. >>So you used the little coffee analogy earlier in our conversation. So I'm, here's what I'm imagining. Like I have a lot of stuff. Right. And, and I, I, I had to clear up my bar and I put some stuff in storage, you know, right down the street and I pay them monthly. I can't imagine having to pay them to go get my stuff. That's kinda the same thing here. >>Oh, that's a great metaphor, right. That, that storage locker, right? Yeah. You know, can you imagine every time you wanna open the door to that locker and look inside having to pay a fee? >>No, no, that would be annoying. >>Or, or every time you pull into the yard and you want to put something in that storage locker, you have to pay an access fee to get to the yard. You have to pay a door opening fee. Right. And then if you wanna look and get an inventory of everything in there, you have to pay and it's ridiculous. Yeah. It's your data, it's your storage, it's your locker. You've already paid the annual fee probably cuz that they gave you a discount on that. So why shouldn't you have unfettered access to your data? That's what wasabi does. And I think as Kevin pointed out, right, that's what sets us completely apart from everybody >>Else. Okay, good. That's helpful. It helps us understand how Wasabi's different. Kevin. I'm always interested when I talk to practitioners like yourself in, in, in learning what you do, you know, outside of the technology, what are you doing in terms of educating your community and making them more cyber aware? Do you have training for students and faculty to learn about security and, and ransomware protection? For example? >>Yes. Cyber security awareness training is definitely one of the required things everyone should be doing in their organizations. And we do have a program that we use and we try to make it fun and engaging too. Right? This is, this is often the checking, the box kind of activity. Insurance companies require it, but we wanna make it something that people want to do and wanna engage with. So even last year, I think we did one around the holidays and kind of pointed out the kinds of scams they may expect in their personal life about, you know, shipping of orders and time for the holidays and things like that. So it wasn't just about protecting our school data. It's about the fact that, you know, protecting their information is something you do in all aspects of your life. Especially now that the folks are working hybrid off of working from home with equipment from the school, this stakes are much higher and people have a lot of our data at home. And so knowing how to protect that is important. And so we definitely run, run those programs in a way that, that we want to be engaging and fun and memorable so that when they do encounter those things, especially email threats, they know how to handle them. >>So when you say fun, it's like you come up with an example that we can laugh at until of course we click on that bad link, but I'm sure you can, you can come up with a lot of interesting and engaging examples. Is that what you're talking about? About having fun? >>Yeah. I mean, sometimes they are kind of choose your own adventure type stories. You know, they, they, they, they stop as they run. So they're, they're, they're telling a story and they stop and you have to answer questions along the way to keep going. So you're not just watching a video, you're engaged with the story of the topic. Yeah. That's why I think is, is memorable about it, but it's also, that's what makes it fun. It's not, you're not just watching some talking head saying, you know, to avoid shortened URLs or to check, to make sure, you know, the sender of, of the email. Now you you're engaged in a real life scenario story that you're kind of following and making choices along the way and finding out was that the right choice to make or maybe not. So that's where I think the learning comes in. >>Excellent. Okay, gentlemen, thanks so much. Appreciate your time. Kevin drew awesome. Having you in the cube. >>My pleasure. Thank you. >>Yeah. Great to be here. Thanks. Okay. In a moment, I'll give you some closing thoughts on the changing world of data protection and the evolution of cloud object storage. You're watching the cube, the leader in high tech enterprise coverage.