>> Announcer: Live from Chicago, Illinois; it's theCUBE. Covering VeeamON 2018. Brought to you by Veeam. >> Welcome back to the Windy City, everybody. You're watching theCUBE, the leader in live tech coverage, where we go out to the events, we extract the signal from the noise. This is our second day at VeeamON 2018, our second year. I'm Dave Vellante with Stu Miniman, my co-host. Phil Goodwin is here, he's a research director at IDC's storage systems and software group. Phil, thanks very much for coming on theCUBE. >> Pleasure to be here today. >> So you've been to more VeeamONs than we have, so you've seen even a greater evolution, although we've been to a lot of VeeamUGs. We saw a lot of green. This company has painted Chicago in green. What's your take on the progression and ascendancy of Veeam beyond just being a virtualization specialist? >> Sure, obviously the most interesting thing about Veeam is how they really have become the high growth leader of this industry, and in many ways, kind of the darling of the industry because they've got a lot of the momentum, a lot of the attention that's going on in the data protection and recovery software space. I think what has really struck me over the years of these VeeamON conferences, and really from the very first one that I attended three years ago, is the degree to which there is an ecosystem that's been built up around the products that they have for things like disaster recovery as a service, backup as a service and so forth. Where people take the Veeam software, build it into their own products and go to market with that, and I think that's totally unique in the way they've done that compared to many of their competitors. >> Let's see, we're talking about 800 plus million dollars in bookings, mid-30% growth rates. I presume the data protection market's not growing that fast. >> No, although it's surprisingly strong. Last year it grew at about 7% rate. We don't expect it to keep going that fast but if you compare that to other stores' software, which is 1% to 2% or in some cases even negative, it's actually an area that's quite bright. >> Yeah it's grown much, much faster than the overall IT business, right? >> Oh yeah, absolutely. >> And so, why? Why is it growing faster? >> Well part of it's driven by capacity. A lot of the vendor models are associated with the capacity and so they charge upgrades every year and as data is growing at about 40% per year on a compound annual growth rate, that does cause customers to upgrade their licenses. But we're also seeing an acceleration in the deployment of applications so we expect IT organizations, according to our research, to add an additional 200 applications over the next 36 months. That's not a lot of new applications. What we find in many cases is what we would call the traditional incumbent vendors, who have their footprint within the enterprise, maintain that footprint in many cases, but those new applications have the opportunity to bring in new products and that's really where the opportunity for Veeam is. >> So part of the growth is somewhat artificial if I understand it in that it's pricing driven, and so that would suggest, given that data protection is largely insurance, that the CFOs are going to look at that line out and say, "Oh, this isn't sustainable." Unless, and I want to run this by you, research indicates that Fortune 1000 companies leave, over a three to four year period, billions of dollars each on the table because of not the most end-to-end or well-thought-out architected data protection solutions. Maybe that expands the TAM a little bit, but is that kind of growth sustainable? You've already sort of indicated it's not, but maybe talk about that a little bit. >> Right. The nature of threats has really changed a lot over the years too, so if you look back on computing, it used to be system failure, human error, and to some degree natural disaster were your biggest threats. Nowadays it's actually ransomware, malware, and other things that are much bigger threats than the traditional types of threats that organizations have dealt with. As the evolution of data protection has come about, what we've found is very much a willingness among IT organizations to not simply try and go with a single product, but to rather buy a best-in-class product for specific platforms. In the case of Veeam, I think they really did a very successful job of riding the virtual infrastructure wave when most of their competitors were architected specifically for second platform types of applications. >> Phil, one of the interesting things to watch in Veeam is their expansion beyond that virtualization. What insight can you give us about data protection and SAS and public cloud and service providers? A lot of those environments you would think that the platform or the provider might have a choice, so how does Veeam get in there? How much do customers really have choice there? >> That's really a great point because what is happening is we're moving data protection from the system level. We've moved it up to the virtualization layer and now it's really moving to the application layer, where it is the application developer whose building that data protection directly into their application. So what we're seeing is those application developers, which as you mentioned many are SAS applications on the web, building the data protection into their specific environment. But the other thing that's happening is IT organizations are suddenly realizing that much of that data that is in the web or with those SAS applications is not being protected according to the SLAs of the organization. They're using third party tools and applications like Veeam to bring that data back on site and to protect it according to what the requirements and government's requirements are. >> Okay, so let's unpack some of this. If I understood it correctly, going back to the developers, as architecting in the data protection approach, is that a result of the DeVops trend, infrastructure as code, or is it something else driving it? >> I think it's more being driven by the fact that these are discrete applications outside the data center. So if I'm inside the data center and I'm trying to protect 100 different applications, I may try and apply the same techniques to all of them, the same policies. But these are applications like Salesforce.com, or Payday, or other applications that are really, for lack of a better term, a single application. That environment really doesn't have to consider the other systems within a data center. >> So it's the SAS guy saying "one size fits all." >> Phil: For them, yes. >> Which, by the way, is an age-old problem inside the data center. Either you were not protected enough or you were paying too much. Do companies like Veeam solve that problem by providing more granularity and maybe aligning better with that? >> Yeah. They go attack the problem in a couple of different ways. First of all, they certainly have their traditional business within the data center, but they're also partnering with many of the cloud-based organizations like Azure and Amazon and others to be able to help organizations protect data they have in the cloud. Plus they're working with specific applications to be able to provide that kind of protection for a SAS app. >> I want to come back to something you were talking about with Stu about best of breeds. We do a lot of these shows. You talk to a lot of customers and a lot of technology companies. You get two ends of the spectrum. You get the best of breed guys like Veeam say, "Hey, we're best of breed, "why would you buy that old, clunky, "outdated backup capability?" And then, without naming names, you get the integrated full stack companies going, "Why would anybody buy from some tiny little company? "Oh yeah, okay they're 800 million, "but they can't do digital transformation and big data "and SAS and blah blah blah! "So why would anybody, who cares about backup?" So you have two completely counterpoised positions. How can you help us parse through that? >> I think a lot of it comes down to who is the actual consumer and buyer of the solution and that's indeed changing. What we're seeing much more is it is the application developer, the application provider, or even the line of business making the decision as to what applications are being deployed, as opposed to the central IT organization. So whereas the central IT organizations say "This is part of digital transformation," the business unit may be buying other applications. >> We talked a little earlier about money being left on the table. I don't know what your research shows but clearly there's opportunities there that's not being harvested today. From a cost-benefit analysis standpoint, I know it's one area that you focus on and spend some time there, is it a reasonable expectation that CFOs will actually look at that lost opportunity, that soft revenue that they're losing, which really is not that soft, and say, "Hey, we actually need "to increase our spending in this area?" >> Some of them, yes. What you really find is a maturity curve, of course, where you have some organizations that really have a very traditional view and have not tried to move forward. But our research is showing that about 60% of organizations have embarked on some kind of digital transformation, and that about 70% have a cloud-first perspective. Those organizations really are looking at those kinds of opportunities, both in terms of cost, opportunity cost or absolute cost, and saying, "How can we optimize this environment entirely?" >> If I were the CFO, and let's say I had the cash so I wasn't capital constrained, I would still say, "Look, this is insurance, "so figure out a way to get more value out of this data. "You got all of this data in the backup repository, "what can we do with that? "What analysis can we do? "Can we maybe be more efficient "with regard to how we do security?" It's like the US government. "Can we have this agency talk to that agency "and figure out a way we can get more leverage?" and really be putting pressure on them to do that. Is that an unreasonable expectation for CFOs? >> No, and in fact what our research has shown is that about 40% of organizations use their backup data sets for analytics. They also, about 30% of them, 33% use it for other purposes such as development and test, staging, others. So organizations really are trying to leverage that vast amount of information that they have for other purposes. One of the challenges that come out though is GDPR, the European regulation to the right to be forgotten and the way organizations have to be able to manage that data. Going into those data repositories, including backup data sets, to say "Okay, this is data "that we have to expunge by regulation." >> Phil, I wonder, we've been talking about the threats of GDPR and you might get sued or everything. The last few years, we've really been talking about how we get insights and data. Insights can transform businesses around data. Is GDPR a threat to this whole wave of getting value out of data? >> I don't think it's a threat to getting the value out of the data, I think it's a threat to how you manage that data. And the threat is much more widespread than many organizations realize. If you're doing business with anyone who is European or has traveled to Europe, and really any kind of footprint in that regard can potentially put your organization at risk if you're capturing any of that data. >> But that stat you just threw out was pretty interesting. The 40% percent of organizations that you surveyed are actually doing some types of analytics with their backup data. I would think that governance and compliance and GDPR related stuff, they're going to take, those 40% are going to take a similar approach to GDPR. Say, "Okay, guys, we got to do this. "Find some more value out of it, "or else get you in a headlock." Right? That's a huge number! >> Right, and one of the ways you do that is, and that Veeam has done is to open up APIs, application programming interfaces, to allow third party organizations to leverage that data repository and do that kind of analytics. Veaam, themselves, or any other backup vendor can't really leverage, or can't really do that, but by opening that up to third parties it increases that ecosystem and increases the value that IT organizations can get from their data and their investment. >> Some of your research. Maybe you can highlight some of the stuff you're proud of, fun stuff you've been working on, things that are current, recent, that you want to highlight to the audience. >> I think some of the interesting things, the trends in the industry really are that the kinds of things like backup and recovery and high availability and disaster recovery, we see really going into a continuum of availability. Where, if I can move data across geographies, and I can recover my application seamlessly regardless of where the data is, why do I ever need to have disaster recovery again? And in fact, that's where we believe availability is going, and in fact the theme for Veeam at this show is hyper-availability. One of the ways you do that is by placing the data in the right locations for that kind of recovery. Watching from the days of backing up once a day onto tape to continuous availability is actually a pretty interesting development. >> So who's doing a good job in this place? Sounds like Veeam is getting it done obviously, and the numbers speak for themselves. You got the startups, Cohesity, Rubrik, Zerto obviously plays in there. You have Veritas is supposedly retooling. You had Bill Coleman in there, former BEA guy who's supposedly put a lot of R and D into that. You got the leader in Dell EMC. Obviously they have a lot of resource, spend a lot of money, they're going through a retooling process. IBM has software defined everything. It seems like it's jump ball right now instead of wide open. >> It really is. You look at, you mentioned Dell EMC, they're focusing on IOT. Well IOT generates a phenomenal amount of data. What data needs to be captured, how does it need to be captured, protected, managed, is going to be a huge issue for organizations so that's a very interesting target. Veritas has been looking at their 360 data management and really taking a holistic view of data management and they're doing some very interesting things there. Commvault has done actually a pretty nice job of getting into some cloud-related kinds of things. And then finally as you mentioned, Rubrik and Cohesity, I would put them along with Veeam as probably the three companies that right now are disrupting this industry the most. There are probably certainly some other ones that are up and coming, but in terms of those that are really providing some disruption, I would probably go with those three. >> Alright, they're breaking down VeeamON 2017. Phil, thanks for coming on theCUBE. Great stuff, really good analysis. Appreciate you having on. >> Pleasure, guys, take care. >> The trains are backing up. We're trying to jam everything in before they shut down our studio, so we'll be right back right after this short break. (upbeat music)