>> from Boston, Massachusetts. It's the queue covering active eo 2019. Data driven to you by activity. >> Hi, everyone. Welcome back to Boston. This is the Cube, the leader, and on the ground tech coverage. My name is David. Want a stupid woman. And John for you have been here. Uh, all day we've been plowing through some great interviews. This is active FiOS data driven 19 conference, the second conference. They've had this kind of about 500 people here in Boston. Shaheen peruses here. He's the chief technical officer and chief information security officer at data endure Cuba. LEM, good to see you. Thanks very much for coming back on. >> Thank you. Thanks for having me. >> You're very welcome. So, um, let's talk about backup. Gave a talk today. What is your backup done for you lately? Essentially. You know, so interesting question, right? You look at the data. A lot of customers air rethinking their backup. We sort of saw this with the ascendancy of virtual ization. We're seeing again with cloud and digital transformation. What's that? What was the theme of your talk? What was the catalyst behind the thoughts there? >> I really walk through the concept that storage has continued to evolve so aggressively and so fast with Moore's law and everything else and what has really proliferated. Part of that is that our data keeps growing and growing fast, and a very big contributor of that is copy data management. So we take a backup of something, but we don't ever use that backup. We restore it, and now we have a second copy of production so that development could do work in it. Then we restore it somewhere else so that analytics can happen against that. Then we restored another place, and pretty soon you have 45456 ten 10 20 copies of the exact same data and that proliferation keeps growing and growing. And it's time to think about backup differently. And almost all traditional backup players have not changed the way they operate have not changed the way they deal with backups. They continue to do it the same way, and their programs were written to go to tape versus to Cloud or to do copy data management >> properly. So it's That's a color today, if you would, sir, you said to do it the same way it was meant to go to take meeting. What? It's just a designed to be essentially a serial process. Exactly designed. Maybe maybe recovery is sort of a hope. We never have to recover kind of kind of thought, and that's it. Back up and no other additional value >> and file it somewhere. So just in case something, it's an insurance policy. >> So how should be done >> so before I get into how it should be done, One of the other attributes that makes backup a challenge with traditional players is they convert the data into their proprietary format, so you can't use the data unless you rehydrate it and put it back into its native format. Then you can start doing analytics or a I, or whatever you wanna do against that. So what activity was done differently, which is what I feel is that how you should do it is they keep the data in native format, and then when you need to access that copy of that data, they create a virtual copy of that data. So you're not taking a penny dis space, but its performance, because the underlying this subsystem that you assigned to active fio is have whatever performance, you want to assign it. So now you can spend up 10 copies of the same server without ever taking up 10 copies of storage and give the give all of your constituents that development team, the analytics team, whatever teams the ability to access it in real time. >> Why did the traditional vendors do it that way? Because they want to reduce it to save cost is they wanna optimize on on performance or they want to have control. From a catalog standpoint, Wise >> said, the popular if you go back to tape tape, was really slow. And it was a serial right, like you were saying earlier. And so you had to write software that would know how to take advantage of that slow speed and not make any mistakes and then be able to recover from it. So they were converting it to a format that was easier to write, easier to read. But that format doesn't play anymore in today's world, however, they haven't really adopted their king technologies to today's world and what I 50 0 did differently when they came out 10 years ago, they said. We need to reshape this whole backup landscape on DH. They created this copy data management space and all other backup players. Air tryingto ad copy data management to compete. But active Theo isn't a backup solution. It's a copy data management solution and backup is a nice artifact. >> Okay, so you deliver services on top of this and other technologies, right? Maybe talk a little bit more about your business and what you're going to market >> way help companies that our whole go to market is around this concept of digital resilient. So the ability to survive and thrive in the middle of an attack and whether that be Mother Nature or that be a cyber attack, or that your system's crashing on you and the in order to do that, let's just pick security. Let's parts that for a second. If you have a ransomware attack, for example, you can have the best controls. However, if a foothold gets into your environment and encrypts your data, your only choices recovery. And if you can't recover, you have to pay the ransom to get the encryption back way had a customer who had challenges on their their backups were on the virtual ization platform, which got encrypted and they weren't able to recover. So their only option was to pay ransom ware and, uh, fair to say they weren't the customer until after that happened. But the But the reality is that solutions like after Theo in by nature of the way they act, the way they store the data off promises in cloud or the way they store it s so that it's not easily it's immutable. It makes it a lot easier for a organization to leverage it and be able to recover quickly from it and have offsite copies or multiple data center copies. So that's the That's the challenge. I would say that a solution like activity of >> Psalms, where our customers I've got to take a little change for second and ask you CTO and a C. So I was taking a little security knowledge servant, test your security knowledge, and I actually did really well. I was like, 90% on. But what I got wrong was, you know, if you get hit with ransom where it said you should should pay it, and I said, Well, yeah, I guess so. They said, Nah, you're wrong, like, well, how else would I get my data back? If that's the way you know, I could avoid it if I were. I work with numbers like yours, but should people pay the ransom? >> So the odds of getting an encryption key that allows you to recover your data are minimal there. What usually happens is they don't want to get caught, so they don't want to send you the encryption key. They get the money and run because the more interactions they have with you, the more opportunity for somebody to trail them and figure out how >> to. So you shouldn't pay. You shouldn't, because your chances of infant testable that you're going to get your data back. >> The only way to pay in this customer they happen to have cyber insurance. And so their actual out of pocket expense was a fraction of the ransom. But not all cyber insurance covers all ransomware scenario. So it's They're not all kind of like, so it's a really it's a really complex question. Actually, I was >> wondering if you could do a smart contract. Yeah. Wait. What? >> You get the keys >> and you could be right. Yeah, on, then, then that's the challenge. right. It's leased like who's Who's way >> got to do it at the same time. But yeah, it's it's typically my recommendation is don't pay, but ideally, if you have, if you don't have a backup, then you really don't have an option. >> So part of your your job is obviously information security, which is the fast moving. I mean, that market is exploding. It feels like it's a big do over, You know that's going on. Um, you know, we all know the narrative. It's you know, there is no perimeter. All the money has been spent, you know, sort of hardening, you know, the perimeter building that moat. But now the queen leaves the castle so the whole paradigm changes. So how are you addressing that for your customers? >> So a couple ways Number one, the endpoint is the perimeter now, So the device that's sitting in front of here is an example is where you have to to treat the security, you need to monitor the activity of the behavior that's happening on that device. And if there's something that moves away from baseline, so if you're capturing a baseline of how you operate, what you do day today, and if all of a sudden you start encrypting your files and you never did before, the flag should go off. And those flags need to be able to get back to a central location, which is the business we operate. We offer a sock is a service. We deployed tools on the end points. We collect data from the perimeter, the firewalls around hers, the switches So we see the health of the network. But then we also monitor the end point to make sure if something's happening at that end point, we want to know we want to stop it before it spreads to anywhere else. >> It is a manage service. So another question around, you know, this is the buzz words of multi Cloud. It's a hot space, but it looks legit. I mean, multi cloud, I've always said, is the son of almost a symptom of multi vendor right versus a strategy. But increasingly, people are saying, Okay, we need a strategy. There's horses for courses, certain clouds or better for certain things, and that's where we're going. We're going, maybe rain in the shadow it in the line of business, or at least support them. So we need a strategy. Their So what? Your thoughts on multi cloud. How are you participating in that space? Is there any role for active fio? There >> absolutely is active fio supports all of before the major clouds out there. So they support a WS czar, G, C, P and IBM. And having that strategy allows a customer who's leveraging activity to protect their data to be able to spin up workloads in any of those clouds. And, for example, GP is known for better. Aye, Aye. And analytics. So spin up a copy of your data in G C. P. Do your analytics and then shut it down. Um uh, a czar is known integrate better with any Microsoft platform so spent up your Microsoft workloads and his whore and used them for whatever purposes, whether it's analytics or other and shut him down. Andi, each cloud does have its attributes and benefits that are better >> universes just good. Yeah, well, >> they have a lead, right? They've done a lot of application ecosystem, right? And then IBM, with Watson is kind of taking a lead in the Aye aye space. So, really, it's you as a company. As a architect cloud architect, you need to decide what cloud has the benefits you need and the ability to move between them with a technology like Octavio is pretty key >> thoughts on, uh, security. The cloud In the early days that was a real blocker. You know, people were concerned about security of Cloud, and today it's almost becoming an advantage. Do you buy that? >> So sort of. I've been I've been a c T O N C So for the last 15 years, and early clouds start ups and number one objection I always got was security in the cloud. You can't put your data there. The reality is, the cloud is no different than another data center. It's You can't abdicate your responsibility to secure your infrastructure just because it's in somebody else's data center, it's You still have to do what you would do. Apply your security policies, apply your security controls and manages if it's another one of your polos, for example, and that's where people forget. They think just because it's somewhere else I'm protected. The only benefit that the cloud gives us from a security perspective is the physical security. So nobody can get into that data center because they have great security controls. But that doesn't mean electronically people can't get it. That you're still you. You haven't really gained anything by going to cloud other than reliability and availability. >> Yeah, your point about endpoint security before a bad user behavior is going to trump great security every single time. Exactly. Okay, final thoughts on this event, your business, your partnership, the marketplace take us home. >> I think I think is a great event. Lots of great topics are covered some great partnerships. Way heard some great information about analytics from IBM. I think that active FiOS uniquely positioned where you can take that one, back up your data and then be able to use it in so many different facets of your business rather than, like I said, creating the copies and exploding your data growth. And so because of that, you're seeing the partnership in the ecosystem coming together. The other attributes that makes it powerful is that they've got the AP integration. Anything you could do in the user interface, you can do the FBI, so that allows third party companies to come in and do integrations. That extend the capability and leverage that data even better on DH. So I think this event is good to help show people some of those capabilities and how some of those integration >> support that's here. It's all about creating incremental value with data as opposed to just below one out copies. So great. Appreciate it. Should you? Thanks very much for coming on the Q. Thank you. Good to see you again. Good to see you. All right. Thanks for watching everybody. We'll be back with our next guest right after this short break. You watching the Cube from data driven 19.

>> Narrator: Live from Las Vegas, it's theCUBE. Covering Veritas Vision 2017. Brought to you by Veritas. >> And we're back at Veritas Vision 2017 in Las Vegas. This is theCUBE, the leader in live tech coverage. My name is Dave Valanti and I'm here with my co-host, Stuart Miniman, and we've been unpacking the innovations and the evolution of Veritas at Veritas Vision over the past two days. Shahin Pirooz is here, he's the CTO of Data Endure. >> Shahin: Thank you for having us. >> Welcome to theCUBE, thanks for coming on. Digitally resilient. That's an interesting and powerful and loaded phrase. [Shahin] Sure. What does it mean to be digitally resilient? >> Ultimately, we're trying to get our customers digital resilience, and what that means to us is that your people have access to their data whenever they need it, wherever they need it, in a secure and protected manner. >> I got to follow up on that, but before I do, give us an overview of your company, what you guys do and what your specialty is. >> We're a system integrator and we happen to resell stuff as well, including Veritas, and we're about 32 years old. We evolved from very early days in the tech space, and continue to evolve the company and today, have four practice areas. Those practice areas include security and compliance, data center and cloud, the information management practice, which is where Veritas clearly falls into, and finally, we have a systems and storage practice, which is primarily one of our biggest practice areas in terms of revenue. We have, go ahead. >> [Dave} Go Ahead, please, carry on. >> We have customers. All of the biggest names you'd imagine in the Silicon Valley. Cisco, Facebook, Yahoo, Google, and then a series of customers below that tier as well. >> Really, those customers are relying on you to do their integration? To help with their deployments, get value faster? >> Yep, CenturyLink is the largest Veritas net backup appliance deployment in the world, and we implemented that platform for them. >> Interesting. You've got these heavy engineering driven companies, and they just what? They just don't want to waste time on stuff that's not their main business? >> So typically, it's like any IT organization. You've got a series of projects and those projects are spread out across the engineers that you have. Then you have something that you have to get done that's more urgent and more critical. You've got to re-vamp your backup infrastructure, for example, or you got to build out a new backup as a service offering, in CenturyLink's case. And while the engineers have the skillset to do it, they're also doing 60 other things during the day. So they bring companies like us in to get it done quickly, get it done accurately. Then, there's a level of reliance on not only our technical depth, but the access to visibility of what we see in other places as well. Whereas, your engineers might be focused on a single thing within a company, we see a lot of different environments. So when we run into problems, it's not the first time we've run into it, and we can get through it much more quickly. >> So this idea of digital resilience is really interesting to me. They say you should skate to the puck. I think you're really skating to the puck as most customers haven't transformed digitally even though everybody's talking about it, but what I said, it's really a rich and loaded phrase, what I'm inferring from it is if you're going to go digital, you better not bolt on resilience. You better design it in. I mean, that's sort of my inference. >> Shahin: That's exactly right. >> Well, talk about it a little bit. >> Typically, there's a, we look at the consumption and cloud is a big part of this journey for both our Veritas and ourselves. We look at cloud consumption as a journey that happens in five phases, or maturity levels, as we like to call them. So the cloud maturity model that I talk about often is level one is usually companies that start consuming backup to the cloud. The first step is we're going to backup our data to the cloud target and remove tape from our environment. Second step is consumption of storage. Then, you start moving some virtual machines, doing lift and shifts to the cloud at Level three, and Level four is when that digital transformation starts to happen. Where you're starting to build consumed cloud native data bases instead of just migrating your database to the cloud. Then, Level five is typically the startups of the world, which are building cloud native applications and companies will eventually get to the point where they're building those cloud native applications. >> It's an interesting model. Cloud's getting more and more complicated. We said some of those companies that started up, out, cloud native, everything built there. >> Shahin: Yes. >> Sometimes, they're pulling things to another cloud or building their own data centers. We're finding, you know, they hyperscale companies look and sound a little bit more like some of the enterprise vendors and some of the enterprise vendors are going there and you've got companies like Veritas that are going to play everywhere. What's that dynamic? Especially Silicon Valley tends to be early on these. What's kind of that macro level? There is no typical customer. What are some of the dynamics you're seeing with the customers in cloud? >> It's a simple scale calculation. There's a point, there's a tipping point, where cloud becomes too expensive, and it's cheaper to have some fraction of your infrastructure running in house. It's that hybrid cloud model we've been talking about for the last decade and nobody really has a good handle on what it is. Run some of the cloud in-house, some of it in a public or multiple public clouds. What you're seeing in the Netflix's of the world who went all in and then back out is exactly that. They got to a point where they realize the amount of money that they're paying on a monthly basis to the public cloud providers is outpacing what they could do themselves internally. So they cut back to that tipping point. There is definitely sense in having infrastructure in the cloud, but there is that point where it doesn't scale out, work very well financially. >> Did you have any guidance that you can give people as to when they're going to hit that? I mean, we look at everything. You know, you talk to Amazon, they'll say no, no. We're always the cheapest, we can use reserve entities. Heck, they just gave, you know, by the second pricing. It's always kind of it depends, but what has your experience been? >> Shahin: It really is and it depends. But the short answer is that that tipping point is different for every single company. If you're a company who's never going to get two billions of users accessing your infrastructure, you're probably never going to hit that tipping point. You can be all cloud and you can be cloud native and be happy. Whereas if you're a Dropbox or a Netflix or somebody like that, who built all in or work day, for example. All of them are now looking at we need to build our own infrastructure to support that scale that can't keep up with us financially. >> I wonder if you could talk about some of the big picture. We touched on cloud, what are the big picture trends that you see driving customer behavior and how is it affecting their IT and how are you responding? >> I would say that there's two primary things that we're focused on to help customers address what is coming. Number one is compliance. Our security and compliance practice, we lead with compliance as opposed to all the other managed security providers. We effectively go to market with this notion that no matter who you are, you have some sort of regulatory concern, whether it's enforce by yourself or you have a third party or a government that's enforcing some regulatory concern on you. There's not a company out there that doesn't have something that they have to deal with on a regular basis. Our positioning is get your head around your compliance and that dictates what your infrastructure looks like, what your application consumption looks like, what your cloud consumption looks like. But you have to start from that place of here is how we have to deliver services and here's the controls we have to have in place. Then, do we have the right tools, technologies, people, and policies to do that. That's our approach to market. That's one side of the answer. The other side of the answer is storages continuously growing in leaps and bounds. We have this ridiculous amount of data that's stockpiling. We're all hoarders of storage, if you will. We don't know what to do with it. We're running out of storage places. We're throwing it in Amazon, we're throwing it in Google. We're throwing it in all these places and just paying monthly storage fees. That data is critical business data that if you can get and analyze it, you can make important business decisions about what your customers are doing, how they're buying things, what products they're buying, what products are not selling, and make fundamental business shifts and changes and all you have to do is put a layer of analytics above this massive hoards of data that we're just continuing to pile and pile. >> Where does Veritas fit in to this equation? >> In all of that. The 360 offering that Veritas has brought to market, a big part of that is compliance. If you look at the messaging on GDPR, that's just one compliance that they're focusing on. That applies across the board. Having visibility into all your data with their data insight platform, for example, who's accessing it, where they're accessing it, what types of data it is, the classification of data. That's the first level of being able to understand your unstructured data and know does it meet all the controls that I have to adhere to in order to deliver health information controls, or personal information controls, whatever your industry control might be. Whether it's PCI or GPR or HIPAA, you name it, it gives you the, you apply the compliance onto the data and have reports that let you know if you're in compliance or not. On the storage side, there's analytics within the backups as well as the data that give you visibility into what you've been protecting and what you've been backing it up and where that data resides on a global level so not only what but where is it and who's accessing it. It's giving you all that visibility to try to get a handle on what it is, where it is and what valuable information is in there. >> And so you're bring this to market today. >> Shahin: We did. >> I mean, you got some pretty advanced customers. >> Shahin: Yes. >> Do you feel like you're on sort of the leading edge of the bell curve? >> We have customers that are on the leading edge of that bell curve, and we have customers that are starting that journey. They are starting to realize, GDPR is a perfect example, not everybody's sure what it's going to mean to them. It's like when HIPAA and PCI came out way back when. Everybody was like, "That's not my problem." And now everybody has to deal with it. I had many hospitals back then who wouldn't do anything, wouldn't do anything, and then the fines came, and they're like, "Okay, hurry. "Let's do something." >> Dave: Yeah, right. >> So similarly, the compliance aspect of this, we're seeing a lot more traction on because GDPR's only about six months away. >> I mean, it's a two sided coin, right? Because on the one hand, it's this sort of boondog for all the guys that can service those accounts, but on the other hand, it takes dollars away, potentially, from other more strategic initiatives, and in the case of HIPAA, you can't even get your own information out of the hospitals let alone other people's. What's your thought on GDPR? Is it as big as these other initiatives? It feels that way, but we don't really know yet, right? >> The risk, where GDPR is different than all the other regulatory concerns is that any individual in any of the European Union can come and say, "I want you to delete all the information "you have about me." And you have to. >> Dave: You have to prove it. >> You have to prove that you did it and that you don't have any of it. The control structures are making it difficult for companies to say, "How am I going to do this?" That's where products like the 360 solution that Veritas is bringing to market help give visibility into the data and so, you know, I see Joe Smith across my unstructured data. I see it in these file servers and this place and the other place. So you have visibility into where Joe Smith is and can take action to, actually, delete the data and show it's not there anymore with audits. It could be very real. Whether it's going to kick in and go live in July as it's supposed to or they're going to continue to extend it as they did with HIPAA and PCI, it's unclear at this point. >> Talk about that a little bit. Is that, sort of, what happened with HIPAA and PCI? But that was the U.S. government. >> Shahin: Yeah. >> It wasn't the EU. You know, again, we don't really know. You've seen some of the crackdowns by the EU on Google and others and so maybe they won't be as forgiving, who knows. >> They may not be as forgiving and I think it'll get dialed in a little bit more. I think, when it comes out and they realize the expense in trying to do this, is going to hamper business. I think it'll get dialed back a little bit. Not that you have to delete the data, for example, but you have to prove that you have it controlled and secured and somebody can't get to it. >> Dave: I mean, do you think that's really ultimately what it's going to be is the processes around it? >> Shahin: Yeah. >> It's going to be as important as everything else. >> Shahin: At the end of the day, All any of these audits and the regulatory concerns can do is tell you you have to have these processes. That's the best they can go hope for. It really is nothing more than a process conversation. But process without technology can be really burdensome and expensive on a company. >> Dave: Yeah, because the risk is that you say, "Okay, we got these processes in place. "Yes, we did it and here's the information." And then if you get hacked, and there's Joe Smith is still in there, oops. And then that somehow gets published on Wikileaks. >> Rut-roh. >> Exactly. >> So Shahin, as an industry, we've been talking for a while about how important data is, how we can leverage data. When we're talking GDPR, it's like well, you know, your data can be dangerous for you. Where are your customers? How do they, actually, do they value data? Is data still a challenge for them, or maybe give us a little bit of the spectrum of where you're seeing customers. >> It's a wide range. We've got customers that are in the research space, and they're doing, for example, genomics research, and their data is everything to them. We've got customers in the semi-conductor space, and they're building chips and their designs and they're information about how each chip design is improving from version to version. All that data is important to them and when they go back to do new chip designs, they have to be able to look back at that data and they do a lot of analytics. But then, there's industries that just keep the data because they think it's going to be important and they don't use it, they don't take advantage of it. They don't realize the risk associated with it either. It's the number one thing I used to, I've been a CECO for over 15 years, and the one thing I used to say to customers is, "If you're going to keep your data, "if you have a policy for data retention, "make sure that it's not longer "and creates an exposure for you "than it needs to be." Because keeping data too long can be, because you have to present it if you're in a litigation. So that's the challenge with these piles of data we keep keeping. The reality is customers are all the way to the extreme of using it heavily in deep analytics to I have no idea what I have, I just have piles of data. >> Dave: The variation on the Einstein quip, keep data as long as you need to but no longer. >> Shahin: Exactly. >> All right, Shahin, we have to go. Thanks very much for coming on theCUBE. >> Thank you. >> We appreciate it. >> My pleasure. >> All right. We're in a rapid sprint to the end of day two here at Veritas Vision 2017. We'll be right back. This is theCUBE.