>>From around the globe. It's the cube with digital coverage of Veem on 2020 brought to you by beam. >>Hi buddy. Welcome back to the cubes. Ongoing coverage of Veem on 2020s Veem online 2020 I'm Dave Volante and Rick van overs here as a senior director of product strategy at Veem. Rick, it's always a great pleasure to see you. I wish we could see each other face to face. >>Yeah. You know, it's different this year, but, uh, yeah, it is always great to be on the cube. I think, uh, uh, in 2018 had an eight year gap and it's a N a couple of times we've been back since and yeah, happy to be back on the cube. >>So how's it going with you guys with the online format? I mean, breakouts are big for you cause you're, you're profiling some new products that we're going to get into, how's it all working for you? >>Well, it's been different. It's a good way to explain it in one word different, but the reality is I have a, uh, pardon, the language, a side hustle here, where at Veeam, I've worked with the event team to kind of bring the best content. And for the breakouts, that's an area that I've been working a lot with our speakers and our, some of our partners, external experts, users, and people who have, you know, beaten ransomware and stuff like that. But I've worked really hard to aggregate the content and get the best blend of content. And we kind of have taken an interesting approach where the breakouts are that library of content that we think organizations and the people who attend the event really take away the most. So we've got this full spectrum from R and D deep level stuff to just getting started type of stuff, and really all types of levels in between. And yeah, we want the breakouts to focus on generally available products, right? So I've worked pretty diligently to bring a good spread across the, uh, different products. And then a little secret trick we're doing is that into the summer, we're going to open up new content. So there's this broadcast agenda that we've got publicized, but then beyond that, we're going to sneak in some new content into the summer. >>Well, I'm glad you're thinking that way, because you know, a lot of what a lot of people are doing. There's a church trying to take their physical events and mirror it to the, to the digital or the virtual. And I think so often with physical events, people forget about the afterglow. And so I'm glad you guys are thinking about it upfront. >>Yeah. It has to be a mechanism that we've used it a couple of different ways, one to match how things are going to be released. Right? Cause being, we're always releasing products across the different set. I mean, we have one flagship product, but then the other products have their own cycles. So if something works well for that, we'll put it into the summer library. And then it's also a great opportunity for us to reach deep and get some content from people that we might not have been able to get before. In fact, we had one of our engineers who's based in Australia and great resource, great region, strong market for us, but I can't w if we were to have the in person event, I can't bring somebody from Australia for one session, but this was a great way to bring her expertise to the event without, you know, having the travel burden and different variety of speakers and different varieties of content. So there's ways that we've been able to build on it. But again, the top level word is definitely different, but I feel like it's working for sure. >>So Rick, give us the helicopter view of some of the product areas that we should be really be aware of as it relates to what you guys are doing at Veem on 2020. And then we'll, we'll drill in give us the high level though. >>Yeah. So for people attending the event and online, my advice really is that we're spread across about 75 to 80% of the content is for technical people. 20% of the content in the breakouts is going to be for decision makers or executives, that type. And then within that, the context of the technical content, we want to have probably 10 to 15% being like presenters from our R and D group. So very technical, uh, low level type discussions, highest level architect type stuff, kind of after that generic use cases, a nice and in the middle area, because we have a lot of people that are getting started with our products, like maybe they're new to the office three 65 backup, or they're new to backing up natively in the cloud. We have a lot of contexts around the virtual machine backup and storage integration, all those other great things, but the platform is kind of spread out at Veeam. There's a lot to take in. So the thought is wherever anyone is on their journey with any of the products and not some, that's a hard task to do with a certain number of slots. We want to provide something for everyone at every level. So that's the, that's the helicopter view. >>So let me ask you a couple of follow ups on that. So let's start with office three 65. Now you guys have shared data at this event, uh, talking about that most customers just say, Oh yeah, well, I trust Microsoft to do my backup. Well, of course, as we, well, well know it, backup is one thing, but recovery is everything. And so explain why, uh, what will explain the value that you guys bring? Why can't I just rely on the SAS vendor, uh, to, to do my backup and recovery? >>Well, there's a lot to that question, Dave, the number one thing I'll say is that at Veeam, we have partnerships with Microsoft. You have where HPE, all the household brands of it. And in many of these situations, we've always come into the market with the platform itself, providing a basic backup. I'll give windows, for example, anti backup, right? Yeah. Those, you know, it's there, but there's always a market for more capabilities, more functionality, more portability. So we've taken office three 65 is a different angle for backup. And we lead with the shared responsibility model, Microsoft as well as the other clouds, make it very clear that data classification and that responsibility of data that actually sits 100% with the customer. And so, yes, you can add things to the platform, but if we have organizations where we have things like I need to retain my content forever, or I need a discovery use case. >>And then if you think about broader use cases like one drive for business data, especially with the rapid shift of work from home organizations may not be not so much using the file server, but using things like one drive for business, for file exchanges, right? So having a control plane over that data is, is very important. So we really base it on the shared responsibility and Microsoft is one of our strongest partners. So they are very keen for us to provide solutions that are going to consume and move data around to, to meet customer needs in the cloud and in the SAS environment. For sure. So, you know, it's been a very easy conversation for our customers and it's our fastest growing product as well. So, uh, this, this product is doing great. Uh, I don't have the quarterly numbers, but we just released the mid part of Q4. We just released the newest release, which implemented object storage support. So that's been the big ask for our customers, right? So it's a, it's that product's doing great. >>Yeah. So, you know, that notion of shared responsibility, you hear that a lot in cloud security, you're applying it to cloud data protection, which, you know, security and data protection are now, you know, there's a lot of gray area between them now. Uh, and I think it's, you know, security is a, or data protection is a fundamental part of your security strategy, but that notion of shared responsibility is very important. And one that's oftentimes misunderstood because people hear, Oh, it's in the cloud. Okay. My cloud vendor has got to cover it, but what does, what does that shared responsibility mean? Ultimately, isn't it up to the customer to own the end end result. >>It is. And I look at, especially Microsoft, they classify their software for different ways on prem software, uh, software as a service, the infrastructure as a service. Uh, I forget what the third one is, but they have so many different ways that you can package their software, but in all of them, they put the data classification for the customer and it same for other clouds as well. And when, if I'm an organization today, if I'm running data in a SAS platform, if I am running systems in iOS platforms, in the hyperscale public clouds, that is an opportunity for me to really think about that control plane of the data and the backup and restore responsibility, because it has to be easy to use. It has to be very consumable so that customers can avoid that data loss or be in a situation where the complexity to do a restore is so miserable that they may not even want to go do it. I've actually had conversations with organizations as they come to Veeam. That was their alternative. Oh, it's just too painful to do. Like, why would you even do that? You know, so that, that shared responsibility model across the different data types in the cloud and on-premise well, and SAS models, that's really where we find the conversations go pretty nicely. >>Right. And if it's too complicated, you won't even bother testing it. So I want to ask you something about cloud native. You mentioned cloud native, your cloud native capabilities, um, and I'm, I'm inferring from that, that you basically are not just taking your on prem stack and shoving it into the cloud. You're actually taking advantage of the native cloud services. Can you, can you explain what's going on there and maybe some product specifics? >>Sure. So, you know, Veeam has this reputation of number one, VM backup, you know, here in my office, I have posters from all over the years and somewhere down here is number one, VM backup. And that's where we cut our teeth and got our name out there. But now if you're an Azure, if you're an Amazon, we have cloud native backup products available. In fact, the last time you and I spoke was that an Amazon reinvent where we launched the Amazon product. And then last month we launched the Azure product, which provides cloud native backup for Azure. And so now we have this cloud feature parody and those products are going to move very quickly as well. We've had the software as a service product for office three 65, where we keep adding services. And we saw in the general session, we're going to add protection for a new service in office three 65. >>So we're going to continue to innovate around these different areas. And there's also another cloud that we announced a capability for as well. So, you know, the platform at Veem it's growing, and it's amazing to see this happen cause you know, customers are making cloud investments and there's no cloud for all right. So some organizations like this cloud that cloud are a little bit of these two clouds combined. So we have to really go into the cloud with customer needs in mind because there's no one size fits all approach to the cloud, but their data, everybody knows how important that is. >>So to that end though, each, each cloud is going to have a set of native services and you've got to develop specific to that cloud, right? So that you can have the most, the lowest, highest performance, the most efficient, the lowest cost data protection solution backup and recovery possible is that, I mean, taking advantage of those native cloud services is going to be unique for each cloud, right? Because AWS has cloud and Azure cloud. Those are, those are different, you know, technically underneath, is that, is that right? >>You're absolutely right. And the cost models, they have different behaviors across the clouds. In fact, the breakout that I did here at the event with Melissa Palmer, those who are interested in the economics of the cloud should check that out because the cloud is all about consuming those resources. When I look at backup, I don't want backup to be a cost prohibitive insurance policy. Basically I want backup to be a cost effective yet resilient technology that when we're using the cloud, we can kind of balance all these needs. And one of the ways that beam's done that is we've put in cost estimators, which it's not that big of a like flashy part of the user interface, but it's so powerful to customers. The thought is if I want to consume infrastructure as a service in the cloud, and I want to back up via API calls, snapshots to ECE, two instances only nice and high performance, nice and fast. >>But the cost profile of that if I kept them for a year is completely different than if I used object storage. And what we're doing with the Veeam backup for Azure and Amazon products is we're putting those numbers right there in the wizard. So you could say, Hey, I want to keep two years of data. And I have snapshots and I have object storage, totally different cost profiles. And I'll put those costs testaments in there. And you can make egregious examples where it'll be like 10 and 20 X the price, but it really allows customers to get it fast, to get it cost efficient. And more importantly, at the end of the day, have that protection that they need. And that's, you know, that's something that I've been trying to evangelize at this cost. Estimator is a really big deal. >>Yeah. Provides transparency so that you can let the business, you know, drive sort of what the, what the data protection level is as opposed to sort of either, whether it's a one size fit all or you're under protected or overprotected and spending too much, I asked Anton is going to kind of, how do you prioritize it? Because basically his answer was we look at the economics and then ultimately you're giving tools to allow the customer to decide, >>Yeah, you don't want to have that surprise cloud bill at the end of the month. You don't want to have, um, you know, waste in the cloud and Anton's right. The economics are very important. The modeling process that we use is interesting. I had a chat with one of the product managers who is basically in charge of our cloud economic modeling and to the organizations out there. This is a really practical bit is, think about modeling, think about cloud economics, because here's the very important part. If you've already implemented something it's too late and what I mean by that, the economics, if they're not right when you implement it, so you're not modeling ahead of time. Once you implement, you can monitor it all you want, but you're just going to monitor it off the model. So the thought is, this is all a backwards process. You have to go backwards with the economics, with the modeling, and that will lead you to no surprises down the road. For sure. >>I want to ask you about the COVID impact generally, but specifically as it relates to ransomware, I mean, we've had a lot more inquiries regarding ransomware. There's certainly a lot more talk about it in the press. What have you seen, uh, specifically with respect to ransomware since the pandemic and since the lockdown. >>So that's something that's near and dear to my heart on the technology team here at product strategy, everyone has like a little specialization industry specialization. Ransomware's mine. So good ask. So the one thing that sticks out to me a lot is identifying where ransomware comes in and around. I have one data point that indicated around 58 or so percent of ransomware comes in through remote desktop. And the thought here is if we have shifted to remote access and new working models, what really worries me, Dave is when people hustle, when people hurry and the thought here is you can have it right. Or you can have it right now in mid March, we needed to make a move right now. So I worry about UN UN incomplete security models, right? People hurrying to, um, implement and maybe not taking their security, right. Especially when you think about most ransomware can come in through remote desktop. >>I thought fish attacks were the main attack vector, but I had some data points that told me this. So I have been, and I just completed a great white paper that those watching this can go to dot com and download. But the thought here is I just completed a great white paper on tips to beat ransomware and yes, Veeam has capabilities, but here's the logic. Dave. I like to explain it this way, beating ransomware. And we had a breakout that I recorded here at the event, encourage everyone to watch that I had two users share their story of how they beat ransomware with Veem. Two very different ways too. Any product is, or is not necessarily ransomware resilient. It's like going through an audit. And what I mean by that is people ask me all the time is being compliant to this standard or that standard it's 100% dictated how the product's implemented, how the product's audited, same with ransomware. >>It's 100% dictated on how Veem is implemented. And then what's the nature of the exploit. And so I break it down to three simple things. We have to educate. We have to know what threats are out there. We have to know who is accessing, what data. And then the big part of it is the implementation. How have we implemented Veeam? Are we keeping data in immutable buckets in the cloud? Are we keeping data with an air gap? And then three, the remediation when something does happen, how do we go about solving that problem? I talked to our tech support team who deals with it every day and they have very good insights, very good feedback on this phenomena. And that they've helped me shape some of the recommendations I put in the paper. But, uh, yeah, it's a 30 page paper. I don't know if I can summarize it here. That's a long one for me, but, uh, the threats real, and this is something we'll never be done with. Right. I have, I've done two other papers on it and I'm going to have another one soon after that, but we're building stuff into the product. We're educating the market. And, um, you know, we're winning, we're seeing like I had the two customers, um, beat ransomware, great stories. I think I learned so much hearing from someone who's gone through it and that you can find that in the, in the Vermont broadcast for those attending here. >>Well, you've touched on a couple of having them take advantage of the cloud guys who have these immutable mutable buckets that you can, you can leverage. Um, a lot of people don't even don't even know about that. Um, and then, like you say, create an air gap and presumably there's best practice around how often you write to that bucket and how often you create, you know, that air gap you may be, you may be change up the patterns. I don't know other, other thoughts on that. >>Well, I collectively put, I've created a term and uh, nobody's questioning me on it yet, so that's good, but I'm calling it ultra resilient storage. And what I'm referring to is that immutable backup in the cloud. And if we, it becomes a math calculation, you know, if you have one data point in there, that's good. But if you had a week's worth of data points, that's better. If you had a month's worth of data points, that's even better. But of course those cost profiles are going to change. Same thing with tape tapes, a an air gap, removable media, and I go back and forth on this, but some of the more resilient storage snapshot engines can do ultra resilient techniques as well, such as like, uh, pure storage, safe mode and NetApp snap fall. And then the last thing is actually a Veeam technology. It's been out for three, four years now, insider protection. >>It's a completely out of band copy of backup data that that Veeam cloud connect offers. So my thought here is that these ultra resilient types, those are best defense in these situations. And, you know, it's, it's a, it becomes a calculated risk of how much of it do I want to keep, because I want to have the most restore options available. I want to have no data loss, but I also don't want it old. Right. You know, there's a huge decline in value taking your business back a year ago, because that's the last tape you had, for example, I want today's or yesterday's backup if I'm in that type of situation. So I go through a lot of those points in my paper, but I hope that, um, those out there fighting the war on ransomware have the tools. I know they have the tools to win with them. >>Well, it's like we were talking about before and ransomware is a really good example of the, the blurring lines between security and backup and recovery. Of course. Uh, what role do analytics play in terms of providing transparency and identifying anomalous behavior in the whole ransomware equation? >>Well, the analytics are very important and I have to be really kind of be transparent, you know, VMs, backup company, right? We're not a security tool, but this is it's getting awfully close. And the, I don't want to say the long form historical definition of it. Security was something around this thing called a CIA triad, maintaining confidentiality, integrity, and availability of data. So security tools are really big on the confidentiality and integrity side of it. But on the availability side, that's ravine can come in. So the analytics come in to our play pretty naturally, right? We have, the Veem has had for years now, uh, an alarm that detects abnormal behavior in regards to CPU rights or CPU usage and disk, right IO. Like if there's both of those or abnormally high, that this is what we call possible ransomware activity. Or if we have a incremental backup, that is like 100% change rate, that's a bad sign, right. >>Things like that. And then the other angle is even on PCs desktops like this computer, I'm talking to you now on w we have just simple logic of, once you take a backup eject the drive. So it's offline, right? So analyzing where the threats come from, what kind of behavior they're going to have when we apply it to backup. Veem can have these built in analytic engines that are just transparently there for our customers. There's no deep reeducation necessary to use these, but the thought is we want a very flexible model. That's going to just provide simple ease of use, and then allow that protection with the threatscape to help it help the customers where we can, because no two ransomware threats are the same. That's the other thing. They are so varied in what they do everything from application specific to files. And now there's these new ones that upload data. The ransom is actually a data leak. They're not encrypting the data. They're just the ransom is to take down potentially huge amounts of data leakage, right? So, um, all kinds of threat actors out there for sure. >>You know, it's a last kind of line of questioning here. Rick is, as I've said, a number of times, it's just, it's ironic that we're entering this new decade in this pandemic hits. And everybody talks about the acceleration of certain trends. But if you think about the trends, you know, last decade, it's always performance and costs. We talked a lot about granularity. We talked about, you know, simplicity, you guys expanded your number of use cases. Uh, the, the support, the compatibility matrix, if you will, all those things are sort of things that you've executed on. As you look forward to this coming decade, we talked about cloud. I mean, we were talking about cloud, you know, back in the, in 2008, 2009 time frame, but it was a relatively small portion of the business. Now everybody's talking cloud. So cloud cloud, native DePaul discussion on ransomware and maybe even broader business resiliency, digital transformation, we've been, we've been given lip service in a lot of cases to digital transformation. All of a sudden that's changed. So as you put on, you pull out the telescope and look forward to the trends that are going to drive your thinking in themes, decision making. What do you look toward? >>Well, I think that laser focused on four things, backup solutions for cloud workloads, and there's incredible opportunity there, right? So yes, we have a great Azure story, great Amazon story. And in the keynote, we indicated the next cloud capability, but there's still more, there's more services in the cloud that we need to go after. There's also the sass pocket. We have a great office, three 65 story, but there's other SAS products that we could provide a story for. And then the physical and virtual platforms. I mean, I feel really confident there we've got really good capabilities, but there's always the 1%. And you know, what's in the corner. What's the 1% of the 1%, right? And those are workloads we can continue to go after. But my thought is, as long as we attack those four areas, we're going to be on a good trajectory to deliver on that promise of being that most trusted provider of cloud data management for backup solutions. >>So my thought here is that we're going to just keep adding products. And it's very important to make it sometimes a new product. We don't want to just bolt it on to backup and replication via 11 or be 10 for that, for that matter, because it'll slow it down, right? The cloud native products are going to have to have their own cadence, their own independent, um, development cycles. And they're going to move faster, right? Because they'll need to, so you'll, you'll see us continuing to add new products, new capabilities, and sometimes it'll, it'll intermix, you know, and that's, that's, that's the whole definition of a platform when one product is talking to another, from a management side, a control plane, given customer portability, all that stuff. So we're going to just go after a cloud, virtual, physical SAS, and new products and new capabilities to do it. >>Well, Rick, it's always a pleasure talking to you. Your home studio looks great. You look good. And, but, but nonetheless, hopefully we'll be able to see each other face to face here shortly. Thanks for coming on. >>Thank you, Dave. >>All right. And thank you for watching. Everybody's Dave Vellante and our continuous coverage of the Mon 2020, the online version of right back, right after this short break.

>> From around the globe, it's theCUBE, with digital coverage of VeeamON 2020, brought to you by Veeam. >> Hi, everybody, welcome back to theCUBE's ongoing coverage of VeeamON 2020, it's Veeam online 2020. I'm Dave Vellante. And Rick Vanover's here, he's the senior director of product strategy at Veeam. Rick, it's always a great pleasure to see you. I wish we could see each other face-to-face. >> Yeah, you know it's different this year, but yeah, it is always great to be on theCUBE. I think in 2018, it had a eight-year gap and a couple of times we've been back since, and yeah, happy to be back on theCUBE. >> So how's it going with you guys with the online format? Breakouts are big for you 'cause you're profiling some new products that we're going to get into. How's it all working for you? Well, it's been different. It's a good way to explain it in one word, different. But the reality is, I have a, pardon the language, a side hustle here where at Veeam, I've worked with the event team to bring the best content, and for the breakouts, it's an area that I've been working a lot with our speakers and some of our partners and external experts, users, and people who have beaten ransomware and stuff like that. But I've worked really hard to aggregate the content and get the best blend of content. And we kind of have taken an interesting approach where the breakouts are that library of content that we think organizations and the people who attend the event really take away the most. So, we've got this full spectrum from R&D deep level stuff to just getting started type of stuff, and really all types of levels in between. We want the breakouts to focus on generally available products, right? So I've worked pretty diligently to bring a good spread across the different products. And then a little secret trick we're doing is that into the summer, we're going to open up new content. So there's this broadcast agenda that we've got publicized, but then beyond that we're going to sneak in some new content into the summer. >> Well, I'm glad you're thinking that way, because what a lot of people are doing, they're just trying to take their physical events and mirror it to the digital or the virtual, and I think so often with physical events, people forget about the afterglow, so I'm glad you guys are thinking about it upfront. >> Yeah, it has to be a mechanism, that we've used it a couple of different ways. One to match how things are going to be released, right? 'Cause Veeam, we're always releasing products across the different set. We have one flagship product, but then the other products have their own cycles. So if something works well for that, we'll put it into the summer library. And then it's also a great opportunity for us to reach deep and get some content from people that we might not have been able to get before. In fact, we had one of our engineers who's based in Australia, and great resource, great region, strong market for us, but if we were to have the in-person at that, I can't bring somebody from Australia for one session. But this was a great way to bring her expertise to the event without having the travel burden and different variety of speakers and different varieties of content. So there's ways that we've been able to build on it, but again, the top level word is definitely different. But I feel like it's working for sure. >> So, Rick, give us the helicopter view of some of the product areas that we should really be aware of as it relates to what you guys are doing at VeeamON 2020, and then we'll drill in. Give us the high level though. >> So for people attending the event online, my advice really is that we're spread across about 75 to 80% of the content is for technical people. 20% of the content in the breakouts is going to be for decision-makers or executives, that type. And then within the context of the technical content, we want to have probably 10 to 15% be presenters from our R&D group, so very technical low-level type discussions, highest level architect type stuff after that. Generic use case is a nice in-the-middle area, because we have a lot of people that are getting started with our products, so like maybe they're new to the Office 365 backup or they're new to backing up natively in the cloud. We have a lot of context around the virtual machine backup and storage integration and all those other great things, but when the platform is kind of spread out at Veeam, there's a lot to take in. So the thought is wherever anyone is on their journey with any of the products, and that's a hard task to do with a certain number of slots, we want to provide something for everyone at every level. So that's the helicopter view. >> So let me ask you a couple of followups on that. So let's start with Office 365. Now, you guys have shared data at this event, talking about most customers just say, "Oh, yeah, well, I trust Microsoft to do my backup." Well, of course, as we well know, backup is one thing (chuckles) but recovery is everything. Explain the value that you guys bring. Why can't I just rely on the SaaS vendor to do my backup and recovery? >> Well, there's a lot to that question, Dave. The number one thing I'll say is that at Veeam, we have partnerships with Microsoft, VMware, HPE, all the household brands of IT, and in many of these situations, we've always come into the market with the platform itself providing a basic backup. I'll give Windows, for example, anti-backup. It's there, but there's always a market for more capabilities, more functionality, more portability. So we've taken Office 365 as a different angle for backup, and we lead with the shared responsibility model. Microsoft as well as the other clouds make it very clear that data classification and that responsibility of data, that actually sits 100% with the customer. And so, yes, you can add things to the platform, but if we have organizations where we have things like, I need to retain my content forever, or I need a discovery use case, and then if you think about broader use cases, like OneDrive for business data, especially with the rapid shift of work from home, organizations may now be not so much using the file server, but using things like OneDrive for Business for file exchanges. So, having the control plane open that data is very important, so we really base it on the shared responsibility. And Microsoft is one of our strongest partners, so they are very keen for us to provide solutions that are going to consume and move data around to meet customer needs in the cloud and in the SaaS environment for sure. So, it's been a very easy conversation for our customers and it's our fastest growing product as well. So this product is doing great. I don't have the quarterly numbers but we just released in the mid part or the Q4, we just released the newest release, which implemented object storage support, so that's been the big ask for customers, right? So that product's doing great. >> Yeah, so that notion of shared responsibility, you hear that a lot in cloud security. You're applying it to cloud data protection, which you know security and data protection are now, there's a lot of gray area between them now. And I think security or data protection is a fundamental part of your security strategy. But that notion of shared responsibility is very important and one that's oftentimes misunderstood because people hear, oh, it's in the cloud, okay, my cloud vendor's got it covered. But what does that shared responsibility mean? Ultimately, isn't it up to the customer to own the end result? >> It is, and I look at especially Microsoft. They classify their software four different ways, on-prem software, software as a service, infrastructure as a service, and I forget whatever the third one is, but they have so many different ways that you can package their software, but in all of them, they put the data classification for the customer. And it's the same for other clouds as well. And if I'm an organization today, if I'm running data in a SaaS platform, if I am running systems in IAS platforms, in the hyperscale public clouds, that is an opportunity for me to really think about that control plane of the data, and the backup and restore responsibility, because it has to be easy to use. It has to be very consumable so that customers can avoid that data loss or be in a situation where the complexity to do a restore is so miserable that they may not even want to go do it. I've actually had conversations with organizations as they come to Veeam, that was their alternative. Oh, it's just too painful to do, like, why would you even do that? So that shared responsibility model across the different data types in the cloud and on-prem as well and SaaS models, that's really where we find the conversations go pretty nicely. >> Right, and if it's too complicated, you won't even bother testing it. So, I want to ask you something about cloud data. You mentioned cloud native capabilities, and I'm inferring from that, that you basically are not just taking your on-prem stack and shoving it into the cloud. You're actually taking advantage of the native cloud services. Can you explain what's going on there, and maybe some product specifics? >> Sure, so Veeam has this reputation of number one VM backup. I'm here in my office, I have posters from all over the years, and somewhere down here is number one VM backup. And that's where we cut our teeth and got our name out there. But now if you're in Azure, if you're in Amazon, we have cloud native backup products available. In fact, the last time you and I spoke was at Amazon re:Invent where we launched the Amazon product. And then last month, we launched the Azure product, which provides cloud native backup for Azure, and so now we have this cloud feature parody, and those products are going to move very quickly. As well, we've had this software as a service product for Office 365 where we keep adding services. And we saw in the general session, we're going to add protection for a new service in Office 365. So we're going to continue to innovate around these different areas, and there's also another cloud that we announced a capability for as well. So the platform at Veeam, it's growing, and it's amazing to see this happen, 'cause customers are making cloud investments and there's no cloud for all. So some organizations like this cloud, that cloud, or a little bit of these two clouds combined. So we have to really go into the cloud with customer needs in mind, because there's no one size fits all approach to the cloud, but the data, everybody knows how important that is. >> To that end though, each cloud is going to have a set of native services, and you've got to develop specific to that cloud, right, so that you can have the highest performance, the most efficient, the lowest cost data protection solution backup and recovery possible. Taking advantage of those native cloud services is going to be unique for each cloud, right? 'Cause AWS' cloud and Azure cloud, those are different technically underneath. Is that right? >> You're absolutely right, and the cost models have different behaviors across the clouds. In fact, the breakout that I did here at the event with Melissa Palmer, those who are interested in the economics of the cloud should check that out, because the cloud is all about consuming those resources. When I look at backup, I don't want backup to be a cost-prohibitive insurance policy, basically. I want backup to be a cost-effective, yet resilient technology that when we're using the cloud, we can kind of balance all these needs. And one of the ways that Veeam's done that is we've put in cost estimators, which it's not that big of a flashy part of the user interface, but it's so powerful to customers. The thought is if I want to consume infrastructure as a service in the cloud, and I want to back up via API call snapshots to EC2 instances only, nice and high performance, nice and fast, but the cost profile of that if I kept them for a year is completely different than if I used object storage. And what we're doing with the Veeam backup for Azure and Amazon products is we're putting those numbers right there in the wizard. So you could say, "Hey, I want to keep two years of data, "and I have snapshots and I have object storage," totally different cost profiles, and I'll put those cost estimates in there. You could make egregious examples where it'll be like 10 and 20 x the price, but it really allows customers to get it fast, to get it cost-efficient, and more importantly at the end of the day, have that protection that they need. And that's something I've been trying to evangelize that this cost estimator is a really big deal. >> It provides transparency so that you're going to let the business drive sort of what the data protection level is, as opposed to sort of whether it's a one-size-fit-all or you're under-protected or over-protected and spending too much. I ask Anton, "How do you prioritize?" Basically his answer was we look at the economics. And then ultimately you're giving tools to allow the customer to decide. >> Yeah, you don't want to have that surprise cloud bill at the end of the month. You don't want to have waste in the cloud, and Anton's right, the economics are very important. The modeling process that we use is interesting. I had a chat with one of the product managers who is basically in charge of our cloud economic modeling, and to the organizations out there, this is a really practical bit, is think about modeling, think about cloud economics, because here's the very important part. If you've already implemented something, it's too late. And what I mean by that, the economics, if they're not right when you implement it so you're not modeling it ahead of time, once you implement, you can monitor it all you want, but you're just going to monitor it off the model. So the thought is this is all a backwards process. You have to go backwards with the economics, with the model, and then that will lead you to no surprises down the road. >> I want to ask you about the COVID impact generally, but specifically as it relates to ransomware, we've had a lot more inquiries regarding ransomware. There's certainly a lot more talk about it in the press. What have you seen specifically with respect to ransomware since the pandemic and since the lockdown? >> So that's something that's near and dear to my heart. On the technology team here at product strategy, everyone has a little specialization, industry specialization. ransomware is mine, so good ask. Whew, so the one thing that sticks out to me a lot is identifying where ransomware comes in, and I have one data point that indicated around 58 or so percent of ransomware comes in through remote desktop. And the thought here is if we have shifted to remote access and new working models, what really worries me, Dave, is when people hustle, when people hurry. And the thought here is you can have it right or you can have it right now. In mid-March, we needed to make a move right now. So, I worry about incomplete security models, people hurrying to implement and maybe not taking their security right, especially when you think about most ransomware can come in through remote desktop. I though phish attacks were the main attack vector, but I had some data points that told me this. So I have been, and I just completed a great white paper that those watching this can go to veeam.com and download, but the thought here is I just completed a great white paper on tips to beat ransomware, and yes, Veeam has capabilities, but here's the logic, Dave. I like to explain it this way. Beating ransomware, and we had a breakout that I recorded here at the event and encourage everyone to watch that, I had two users share their story of how they beat ransomware with Veeam, two very different ways, too. Any product is or is not necessarily ransomware-resilient. It's like going through an audit. What I mean by that is people ask me all the time, is Veeam compliant to this standard or that standard? It's 100% dictated how the product's implemented, how the product's audited. Same with ransomware. It's 100% dictated on how Veeam is implemented and then what's the nature of the exploit. And so I break it down into three simple things. We have to educate. We have to know what threats are out there, we have to know who is accessing what data, and then the big part of it is the implementation. How have we implemented Veeam? Are we keeping data in immutable buckets in the cloud? Are we keeping data with an air gap? And then three, the remediation. When something does happen, how do we go about solving that problem? I talked to our tech support team who deals with it every day, and they have very good insights, very good feedback on this phenomena, and that they've helped me shape some of the recommendations I put in the paper. But yeah, it's a 30-page paper. I don't know if I can summarize it here. It's a long one for me, but the threat's real, and this is something we'll never be done with, right? I've done two other papers on it, and I'm going to have another one soon after that. But we're building stuff into the product, we're educating the market, and we're winning. We're seeing like I had the two customers beat ransomware, great stories. I think I learn so much hearing from someone who's gone through it, and that you can find that in the VeeamON broadcast for those attending here. >> Well, you touched on a couple. Take advantage of the cloud guys who have these immutable buckets that you can leverage. A lot of people don't even know about that. And then, like you say, create an air gap, and presumably there's best practice around how often you write to that bucket and how often you create that air gap. You maybe change up the patterns, I don't know, other thoughts on that. >> Well, I collectively put, I've created a term, and nobody's questioning me on it yet, so that's good, but I'm calling it ultra-resilient storage. And what I'm referring to is that immutable backup in the cloud. It becomes a math calculation. If you have one data point in there, that's good, but if you had a week's worth of data points, that's better. If you had a month's worth of data points, that's even better. But of course, those cost profiles are going to change. Same thing with tape, tape's an air gap, removable media, and I go back and forth on this, but some of the more resilient storage snapshot engines can do ultra-resilient techniques as well, such as like Pure Storage SafeMode and NetApp SnapVault. And then the last thing is actually a Veeam technology that's been out for, I don't know, three or four years now, insider protection, it's a completely out-of-band copy of backup data that Veeam Cloud Connect offers. So my thought here is that these ultra-resilient types, those are the best defense in these situations. It becomes a calculated risk of how much of it do I want to keep, because I want to have the most restore options available, I want to have no data loss. But I also don't want it old. There's a huge decline in value of taking your business back a year ago, because that's the last tape you had, for example. I want today's or yesterday's backup if I'm in that type of situation. So, I go through a lot of those points in my paper, but I hope that those out there fighting the war on ransomware have the tools. I know they have the tools to win with Veeam. >> Well, it's like we were talking about before, and ransomware is a really good example of the blurring lines between security and backup and recovery, of course. What role do analytics play in terms of providing transparency and identifying anomalous behavior in the whole ransomware equation? >> Well, the analytics are very important, and I have to be really kind of, be completely transparent. Veeam is a backup company. We're not a security tool. But it's getting awfully close. I don't want to say, the long form historical definition of IT security was something around this thing called a CIA triad, maintaining confidentiality, integrity, and availability of data. So, security tools are really big on the confidentiality and integrity side of it, but on the availability side, that's where Veeam can come in. So the analytics come in to our play pretty naturally. Veeam has had for years now an alarm that detects abnormal behavior in regards to CPU usage and disk write IO. If there's both of those are abnormally high, that is what we call possible ransomware activity. Or if we have a incremental backup that is like 100% change rate, that's a bad sign, things like that. And then the other angle is, even on PC's desktops, like this computer I'm talking to you now on, we have just simple logic of once you take a backup, eject the drive so it's offline, right? So analyzing where the threats come from, what kind of behavior they're going to have, when we apply it to backup, Veeam can have these builtin analytic engines that are just transparently there for our customers. There's no deep re-education necessary to use these, but the thought is we want a very flexible model that's just going to provide simple ease of use and then allow that protection with the threatscape to help the customers where we can, because no two ransomware threats are the same. That's the other thing. They are so varied in what they do, everything from application specific to files, and now there's these new ones that upload data. The ransom is actually a data leak. They're not encrypting the data, the ransom is take down potentially huge amounts of data leakage. So all kinds of threat actors out there, for sure. >> You know, the last line of questioning here, Rick, is I've said a number of times, it's ironic that we're entering this new decade and this pandemic hits. Everybody talks about the acceleration of certain trends, but if you think about the trends, last decade, it's always performance and cost, we talked a lot of granularity, we talked about simplicity, you guys expanded your number of use cases, the support, the compatibility matrix if you will. All those things are sort of things that you've executed on. As you look forward to this coming decade, we talked about cloud. I mean, we were talking about cloud back in 2008, 2009 timeframe, but it was a relatively small portion of the business. Now everybody's talking cloud, so cloud, cloud native, the whole discussion on ransomware, and being broad, our business resiliency. Digital transformation, we've been given lip service in a lot of cases to digital transformation. All of a sudden, that's changed. So as you pull out the telescope and look forward to the trends that are going to drive your thinking and Veeam's decision making, what do you look toward? >> Well, I think that Veeam is laser-focused on four things. Backup solutions for cloud, workloads, and there's incredible opportunity there, right? So yes, we have a great Azure story, great Amazon story, and in the keynote we indicated the next cloud capability, but there's still more, there's more services in the cloud that we need to go after. There's also the SaaS market. We have a great Office 365 story, but there's other SaaS products that we could provide a story for. And then the physical and virtual platforms, I mean, I feel really confident there. We've got really good capabilities, but there's always the 1% and what's in the corner, and what's the 1% of the 1%? And those are workloads we can continue to go after. But my thought is, as long as we attack those four areas, we're going to be on a good trajectory to deliver on that promise of being that most trusted provider of cloud data management for backup solutions. So, my thought here is that we're going to just keep adding projects, and it's very important to make it sometimes a new product. We don't want to just bolt it on to Backup and Replication V11 or V10 for that matter, because it'll slow it down. The cloud native products are going to have to have their own cadence, their own independent development cycles, and they're going to move faster, 'cause they'll need to. So you'll see us continue to add new products, new capabilities, and sometimes it'll intermix, and that's the whole definition of a platform, when one product is talking to another, from a management side, a control plane, giving customer portability, all that stuff. So we're just going to go after cloud virtual/physical SaaS and new products and new capabilities to do it. >> Well, Rick, it's always a pleasure talking to you. Your home studio looks great, you look good, but nonetheless, hopefully we'll be able to see each other face-to-face here shortly. Thanks for coming on. >> Thank you, Dave. >> All right, and thank you for watching, everybody. It's Dave Vellante and our continuous coverage of VeeamON 2020, the online version. We'll be right back right after this short break. (upbeat music)