>> Live from Las Vegas, it's theCUBE, covering AWS re:Invent 2018. Brought to you by Amazon Web Services, Intel and their ecosystem partners. >> Welcome back. Here live on theCUBE, which we continue our day one coverage of AWS re:Invent, along Lauren Cooney. I'm John Walls and 40,000 of our best friends. >> Closest friends. >> That's right. It's a great venue. The Sands is. We're joined now by Tyson Clark. He's the technical director of Air Bud Entertainment. Tyson, thanks for joining us here on theCUBE. >> Thank you for having me. >> First off, let's talk about Air Bud. I mean so, you guys made Air Bud, right? >> We did. >> And you have other projects going as well? >> Yep. Right now we're working on a TV series for Disney. It's going to be about 22 episodes teaching how puppies become puppies while their owners are at school. >> How puppies become puppies? >> How puppies become puppies! >> Coming to a theater, maybe a TV channel near you? >> Disney Streaming. >> Disney Streaming? Good enough, fair enough. >> Aw, very cool. >> Alright tell us about technical director. So, you're the IT guy. >> I am the IT guy. >> You're handling a multitude of problems from a lot of different stakeholders. Tell us about it. >> So I do everything from password reset and the easy stuff all the way up to the most complicated, setting up our whole network, rendered farms, et cetera. >> So you're doing full stack IT? >> I'm doing absolutely everything. Full stack, everything. >> That's pretty impressive. >> A rare breed. >> It is. It's definitely a hand full. >> What do you work on that I would say, we've been talking to folks, like Cohesity and things along those lines. Do you use Cohesity? What are some of the things that you do with them? >> I definitely use Cohesity for our backups. They are a lifesaver. Tape backup just wasn't cutting it for us. We were generating way too much data to be able back it up to tape. Cohesity has allowed us to backup to that and pass it off to the cloud for archival. >> Well, wow. >> Sp what, in terms of the entertainment company, you talk about the data that their generating. >> Yes. >> I mean what are they trying to keep track of? What are you trying to do for them in that respect that hasn't been done before? >> So what we're doing is when we film something, we don't want to get rid of those assets. They're pretty expensive to make. So, we got to hold on to them. We got to make sure they're all recorded. We pass it off to the cloud for archival and then, next movie, say we need a dog from that movie, or an object we built. We can always bring it back and then reuse it. >> From a security standpoint, because there have been some instances-- >> Some pretty bad ones, yep. >> Where's that fit on your pyramid of concern? >> That's extremely high. In the media entertainment business it's very strict on what security rules are. We're right up there. It's pretty much number one. >> Great, so what do you hear? What's interesting for you here at AWS re:Invent? >> Pardon me? >> What is interesting for you here at AWS re:Invent? What are the things that you see as exciting and that you really want to put your hands on? >> Well, what I'm really interested in right is being able to burst in the cloud. So I'm trying to find a solution that will let me scale out my render farm on demand, instantly, pretty much. So, going up to, who knows how many cores. Just to get that render through so we can get our shots done in time. >> Great, anyone that you're looking at here? >> Not yet. Still trying to look around and find someone. >> Very cool. >> A lot of good contenders. >> So what is it in terms of how your job has evolved? If you had to cite, these are probably two or three of maybe the larger concerns that we've had that are being addressed now and fast forward that to next step, next iteration about what kind of, if there's anything that keeps you up at night, what that is? >> Well, what keeps me up at night right now is switching to 4K. A lot of people think you just flip the switch, it's easy, but that means we have four times the amount of data. It takes twice as long to render. It takes four times longer to move things around. It just, it's insane. >> So you're really excited about 5G? >> 5G will help, but right now we're looking at quadrupling pretty much all our storage. It's going to be a very exciting time and a very scary time for us. >> Who are you stakeholders, internally, and how do you handle them? Because I assume that its a dispersate group. You've got a lot of different people with a lot of different priorities, and because you're wearing that IT hat, you're the guy. You're the department that everybody's coming to for answers. >> The biggest person I deal with, personally is the CFO. The other one is the CEO, and they're both worried because I'm telling them I need to buy $5 million worth of infrastructure. The only way I can justify that is showing them. Hey look, it's working better than it was ever before. It's a better product every day. >> Yeah and we're seeing that more and more across the board with IT really having to be the partner of the CFO to actually get the budget to do what you want to do. I think that's pretty consistent for organizations that want to move forward. >> And the budgets are just getting bigger and bigger unfortunately. >> Do you find that rationalizing becomes, is a more critical factor now? >> Absolutely. Before you could get away with a lot smaller, like 10 terabytes was great. Now we're looking at petabytes. It's definitely, rationalizing is needed a lot more now. >> Is there anybody beyond the CFO? I would assume. You're got a lot of people knocking, or CFO, a lot of people knocking on your door. Hey Tyson. I need this, I need this. >> The CFO and the CEO are two best friends, and they're both the top dogs. They're the ones kind of running the whole show there. I'm pretty lucky in that aspect. >> What are you going to do to help solve their problems? Say in the coming year, if you had to say, okay this is going to be a bottleneck. This is going to be a problem. This is how I'm going to address it. What would that be for you in 2019? >> The biggest bottleneck, like I said, is just going to be data. We've got to get four time more or our Isilon. We've got to get four time more of our Qumulo. We've also have to get four times more of our Cohesity, and that's the main part. If we don't have that cohesity, we're done. >> Well I can solve a problem for you for next year. If you're looking for another dog, Lauren's got this gorgeous mix of dane lab. About 120 pounder. >> His name is Milo. He'd be perfect for a film. >> Milo, all right. >> Perfect. >> Just let us know if you need help next year. >> Absolutely. As long as that dog loves treats. >> I'm sure that's not a problem. Tyson, thanks for being with us. >> Thank you so much. >> Thank you so much. >> We'll continue our coverage here, live on theCUBE. We're at AWS re:Invent in Las Vegas. (upbeat music)

>> Live from Las Vegas, it's theCUBE, covering AWS re:Invent 2018. Brought to you by Amazon Web Services, Intel and their ecosystem partners. >> Welcome back. Here live on theCUBE, which we continue our day one coverage of AWS re:Invent, along Lauren Cooney. I'm John Walls and 40,000 of our best friends. >> Closest friends. >> That's right. It's a great venue. The Sands is. We're joined now by Tyson Clark. He's the technical director of Air Bud Entertainment. Tyson, thanks for joining us here on theCUBE. >> Thank you for having me. >> First off, let's talk about Air Bud. I mean so, you guys made Air Bud, right? >> We did. >> And you have other projects going as well? >> Yep. Right now we're working on a TV series for Disney. It's going to be about 22 episodes teaching how puppies become puppies while their owners are at school. >> How puppies become puppies? >> How puppies become puppies! >> Coming to a theater, maybe a TV channel near you? >> Disney Streaming. >> Disney Streaming? Good enough, fair enough. >> Aw, very cool. >> Alright tell us about technical director. So, you're the IT guy. >> I am the IT guy. >> You're handling a multitude of problems from a lot of different stakeholders. Tell us about it. >> So I do everything from password reset and the easy stuff all the way up to the most complicated, setting up our whole network, rendered farms, et cetera. >> So you're doing full stack IT? >> I'm doing absolutely everything. Full stack, everything. >> That's pretty impressive. >> A rare breed. >> It is. It's definitely a hand full. >> What do you work on that I would say, we've been talking to folks, like Cohesity and things along those lines. Do you use Cohesity? What are some of the things that you do with them? >> I definitely use Cohesity for our backups. They are a lifesaver. Tape backup just wasn't cutting it for us. We were generating way too much data to be able back it up to tape. Cohesity has allowed us to backup to that and pass it off to the cloud for archival. >> Well, wow. >> Sp what, in terms of the entertainment company, you talk about the data that their generating. >> Yes. >> I mean what are they trying to keep track of? What are you trying to do for them in that respect that hasn't been done before? >> So what we're doing is when we film something, we don't want to get rid of those assets. They're pretty expensive to make. So, we got to hold on to them. We got to make sure they're all recorded. We pass it off to the cloud for archival and then, next movie, say we need a dog from that movie, or an object we built. We can always bring it back and then reuse it. >> From a security standpoint, because there have been some instances-- >> Some pretty bad ones, yep. >> Where's that fit on your pyramid of concern? >> That's extremely high. In the media entertainment business it's very strict on what security rules are. We're right up there. It's pretty much number one. >> Great, so what do you hear? What's interesting for you here at AWS re:Invent? >> Pardon me? >> What is interesting for you here at AWS re:Invent? What are the things that you see as exciting and that you really want to put your hands on? >> Well, what I'm really interested in right is being able to burst in the cloud. So I'm trying to find a solution that will let me scale out my render farm on demand, instantly, pretty much. So, going up to, who knows how many cores. Just to get that render through so we can get our shots done in time. >> Great, anyone that you're looking at here? >> Not yet. Still trying to look around and find someone. >> Very cool. >> A lot of good contenders. >> So what is it in terms of how your job has evolved? If you had to cite, these are probably two or three of maybe the larger concerns that we've had that are being addressed now and fast forward that to next step, next iteration about what kind of, if there's anything that keeps you up at night, what that is? >> Well, what keeps me up at night right now is switching to 4K. A lot of people think you just flip the switch, it's easy, but that means we have four times the amount of data. It takes twice as long to render. It takes four times longer to move things around. It just, it's insane. >> So you're really excited about 5G? >> 5G will help, but right now we're looking at quadrupling pretty much all our storage. It's going to be a very exciting time and a very scary time for us. >> Who are you stakeholders, internally, and how do you handle them? Because I assume that its a dispersate group. You've got a lot of different people with a lot of different priorities, and because you're wearing that IT hat, you're the guy. You're the department that everybody's coming to for answers. >> The biggest person I deal with, personally is the CFO. The other one is the CEO, and they're both worried because I'm telling them I need to buy $5 million worth of infrastructure. The only way I can justify that is showing them. Hey look, it's working better than it was ever before. It's a better product every day. >> Yeah and we're seeing that more and more across the board with IT really having to be the partner of the CFO to actually get the budget to do what you want to do. I think that's pretty consistent for organizations that want to move forward. >> And the budgets are just getting bigger and bigger unfortunately. >> Do you find that rationalizing becomes, is a more critical factor now? >> Absolutely. Before you could get away with a lot smaller, like 10 terabytes was great. Now we're looking at petabytes. It's definitely, rationalizing is needed a lot more now. >> Is there anybody beyond the CFO? I would assume. You're got a lot of people knocking, or CFO, a lot of people knocking on your door. Hey Tyson. I need this, I need this. >> The CFO and the CEO are two best friends, and they're both the top dogs. They're the ones kind of running the whole show there. I'm pretty lucky in that aspect. >> What are you going to do to help solve their problems? Say in the coming year, if you had to say, okay this is going to be a bottleneck. This is going to be a problem. This is how I'm going to address it. What would that be for you in 2019? >> The biggest bottleneck, like I said, is just going to be data. We've got to get four time more or our Isilon. We've got to get four time more of our Qumulo. We've also have to get four times more of our Cohesity, and that's the main part. If we don't have that cohesity, we're done. >> Well I can solve a problem for you for next year. If you're looking for another dog, Lauren's got this gorgeous mix of dane lab. About 120 pounder. >> His name is Milo. He'd be perfect for a film. >> Milo, all right. >> Perfect. >> Just let us know if you need help next year. >> Absolutely. As long as that dog loves treats. >> I'm sure that's not a problem. Tyson, thanks for being with us. >> Thank you so much. >> Thank you so much. >> We'll continue our coverage here, live on theCUBE. We're at AWS re:Invent in Las Vegas. (upbeat music)

(soft upbeat music) >> The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know. This had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cyber security strategies. And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President, Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time (indistinct) and chief technology officer at Druva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. Right now I'm going to toss it to Lisa Martin, another one of the hosts, for today's program. Lisa, over to you. (soft upbeat music) >> Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that ransomware that has everybody's attention. And it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also was accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, that we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it >> Inextricably linked. And it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience, for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomwares. The other thing about it is, it's really a lot like Whack-A-Mole. They attack us in one area, and we defend against it, so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded, "I don't think so, because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable the bad guys aren't going to just fade into the night without giving it a lot of fight." So I really think that ransomware is one of those things that is here for the long term, and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was in a worldwide study, it was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, is a little over 500 different individuals across the globe, in North America, select countries in Western Europe as well as several in Asia-Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attack successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't necessarily to be trusted. And so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared, and on the other hand, the results are absolutely horrible. Two thirds of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to... kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready, based on the information you have, and these people are smart people and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason a lot of these have been successful. So that was kind of the key finding to me in kind of the "aha" moment, really, in this whole thing, Lisa. >> That's a massive disconnect, with the vast majority saying, "We have a cyber recovery playbook," yet, nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience, as we said, this is a matter of this is going to happen, just a matter of when and how often? >> It is a matter, yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on-demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you had double the infrastructure if your financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on-demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have, and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >> So what do you think the big issue here is? Is it that these IT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know and until you get into a specific attack... there are so many different ways that organizations can be attacked. And in fact, from this research that we found, is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high probability of recovery, things like that, those are the kinds of things that organizations have to put into place, really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think, "We are prepared, we've got a playbook," yet so many are are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, "Hey guys, across every industry we are vulnerable, this is going to happen, we've got to make sure that we are truly resilient and proactive"? >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the the consequences of ransomware it's not just the ransom, it's the lost productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CISO, whoever it is, they're extremely concerned about this. And I can tell you they are fully engaged in addressing these issues within their organization. >> So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on premises aren't going away, so that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge, is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here, Phil. I wish we had more time. But I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. (gentle music)

>> The past 2 1/2 years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This we know. This had several ripple effects on CSO and CIO strategies that were highly visible at the Board of Directors' level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies, and more specifically, CIOs quickly realized that their business resilience strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to "Why Ransomware isn't Your Only Problem," a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today, we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President Phil Goodwin is here to share the highlights of the study and to summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically, and data protection, generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time CUBE alum and Chief Technology Officer at Druva, and Anjan is Vice President and General Manager of Product Management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. But right now I'm going to toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. (upbeat music) >> Bill Goodwin joins me next, the VP of Research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyberattacks massively increasing, the threat landscape changing so much. What is IDC seeing? >> You know, you really hit the top topic that we find from IT organizations as well as business organizations. And really, it's that digital resilience, that ransomware that has everybody's attention, and it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also has accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty, and this is relatively new for 2022, but within IDC we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to have the scale up or scale down on demand nature of cloud. So those are, in a nutshell, kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You can't have IT resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked, and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomers. The other thing about it is it's really a lot like Whac-A-Mole, you know. They attack us in one area and we defend against it so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that is here for the long term and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware? >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it was a little over 500 different individuals across the globe in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries there were 20 different industries represented, they're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, you know, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet, when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than 1/3 of organizations were able to fully recover their data without paying the ransom, and some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't necessarily to be trusted, and so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, wow. On the one hand, people think they're really, really prepared, and on the other hand, the results are absolutely horrible. You know, 2/3 of people having to pay the ransom. So you start to ask yourself, well, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing. You think you're ready, based on the information you have. And these people are smart people, and they're professionals, but oftentimes, you don't know what you don't know. And like I said, the bad guys are always dreaming up new ways to attack us. And so, I think, for that reason, a lot of these have been successful. So that was kind of the key finding to me and kind of the aha moment really in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly 1/2 being the victims of ransomware in the last three years, and then 1/2 of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen, just a matter of when and how often. >> It is a matter, yeah, as you said, it's not if, when, or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services, you know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more, in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You know, you can have on-demand resources. In the old days, when we had disaster recoveries where we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If you're financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts, and that extends the time to recover that they have and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here is? Is it that these IPT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. You don't know what you don't know, and until you get into a specific attack, you know, there are so many different ways that organizations can be attacked. And, in fact, from this research that we found is that, in many cases, data exfiltration exceeds data corruption by about 50%. But when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place, really as a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous. What do you recommend organizations do? You talked to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is going to happen. We've got to make sure that we are truly resilient and proactive? >> Yes, and in fact, what we found from this research is in more than 1/2 of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the lost productivity, it's the loss of revenue. It's the loss of customer faith and goodwill, and organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, you know, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing those issues within their organization. >> So all the way at the top, and critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen a big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable. But what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it, we're just cracking the surface here, Phil. I wish we had more time, but I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that, take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin, and you are watching theCUBE, the leader in live tech coverage. >> We live in a world of infinite data. Sprawling, dispersed, valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats, and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about, different deployments for workloads running on-premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four to five copies of the same data, increasing costs and risk, building to an incoherent mess of complications. Now, imagine a world free from these complexities. Welcome to the the Druva Data Resiliency Cloud, where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resilience. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. Through a true cloud experience built on Amazon Web Services, the Druva platform automates and manages critical daily tasks, giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly. With the Druva Data Resiliency Cloud, your data isn't just backed up, it's ready to be used 24/7 to meet compliance needs and to extract critical insights. You can archive data for long-term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. Druva is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500, costing up to 50% less than the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Druva makes it simple. (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE and the Druva special presentation of "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W Curtis Preston, Curtis Preston, as he's known in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at "Why Ransomware isn't Your Only Problem." Great to see you, thanks for coming on. >> Happy to be here. >> So we always see each other at events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I'd like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here in this survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately, they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit, successfully hit by ransomware, paid the ransom and/or lost data, and yet the same people that were surveyed, they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system, and so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know. "We're good, boss, we got this covered." >> Yeah, it's all good, it's all good. >> And the fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution, and so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, there was a huge percentage of people that said that they had, you know, a ransomware response, you know, and readiness program. And you look at that, and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program, which includes a number of things, right? There's the cyberattack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number, I think, just hurt me the most is that because, you talked about re-infections. The surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail. >> You're in business, you're a good customer >> Yeah, yeah, exactly. >> for ransomware. >> Yeah, so the fact that, you know, 60, what, 2/3 of the people that were attacked by ransomware paid the ransom. That one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back, and even the psychology of the practitioners was, you know, it's super important to get backup and recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change your tooling. So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things, starting with that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand, "You know, that's a good idea, Curtis, why don't you look into that?" Nobody wants to be- >> Where's that guy now? He doesn't work here anymore. Yeah, I hear where you coming from. >> Exactly. >> It's psychology (indistinct) >> Yeah, so there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of Active Directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if that production environment is compromised, now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't backup. So we got the ransomware." It makes sense. >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first, and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it, or you can switch to the way Druva does things, which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. It's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically, what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, because that's the other thing is that by storing the data in the cloud, and I've said this a few times, you get to break the laws of physics, and the only way to do that is time travel. (both laughing) So yes, so Druva has time travel. And this is a Curtisism, by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it, and that's kind of what I mean by time travel, in that you, basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics is you break the laws of time. >> (laughs) Well, all right, everyone wants to know the next question, and this is a real big question is, are you from the future? >> (laughs) Yeah. Very much the future. >> What's it like in the future, backup, recovery? How does it restore? Is it air gapping everything? >> Yeah, well, it's a world where people don't have to worry about their backups. I like to use the phrase get out of the backup business, just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter, and I often make the joke that if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah, and what's great about your background is you've got a lot of historical perspective. You've seen that, the waves of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on. And got to think automated, things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not, that our customers don't have to do all of those things that all of our competitors have to do to, you know, to break, to try to break the laws of physics, I've been fighting the laws of physics my entire career, to get the backup done in the first place, then to secure all the data, and to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> All right, we'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data, and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches, and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva Data Resiliency Cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software as a service model delivers 24/7/365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches, and upgrades for you. Druva also makes zero trust security easy with built-in multifactor authentication, single sign-on, and role-based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built-in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean, unencrypted data from the entire timeframe of the attack. Cyberattacks are a major threat, but you can make protection and recovery easy with Druva. (electronic music) (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE's special presentation with Druva on "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. Our next guests are Stephen Manley, Chief Technology Officer of Druva, and Anjan Srinivas, who is the General Manager and Vice President of Product Management at Druva. Gentlemen, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic. The IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Great to be here, John. >> So what's your thoughts on the survey's conclusion? Obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is, on the one hand, everybody who sees the survey and reads it is going to say, "Well, that's obvious." Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is, it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that they needed to do. A lot of people are even still wondering, when that happens next time, what do I even do? So clearly not very surprising. Clearly, I think it's here to stay, and I think as long as people don't retool for a modern era of data management, this is going to to stay this way. >> Yeah, I hear this all the time in our CUBE conversations with practitioners. It's kind of like the security pro, give me more tools, I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because, you know, people claim that they have tools at crime points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing, but it doesn't seem there's confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first, and Stephen can add to it. What happens is, I think this is a panic buying and they have accumulated this tooling now just because somebody said they could solve your problem, but they haven't had a chance to take a real look from a ground up perspective to see where are the bottlenecks? Where are the vulnerabilities? And which tooling set needs to lie where? Where does the logic need to reside? And what, in Druva, we are watching people do and people do it successfully, is that as they have adopted Druva technology, which is ground up built for the cloud, and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware, and then there's a whole plethora of ecosystem players that kind of combine to really finish the story, so to say, right? So I think this has been a panic buying situation. This is like, "Get me any help you can give me." And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva, and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> Yes, Stephen? >> I was going to say, I mean, one of the the really interesting things in the survey for me, and for a moment, a little more than a moment, it made me think was that the large number of respondents who said, "I've got a really efficient, well-run back environment," who, then, on basically the next question said, "And I have no confidence that I can recover from a ransomware attack." And you scratch your head and you think, "Well, if your backup environment is so good, why do you have such low confidence?" And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture, and let's face it, the disk-based architecture's been around for almost two decades now, in terms of disk-based backup, you can have that tuned to the hilt. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues, you know, really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, "I'm doing the best I can," but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so, yeah. >> Well, that's a great point. Before we get into the customer side I want to get to in second, you know, I interviewed Jaspreet, the founder and CEO many years ago, even before the pandemic, and you mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built kind of backup and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now. It's a huge issue. >> I think, to me there's three things that come up over and over and over again as we talk to people in terms of, you know, being built in cloud, being cloud native, why is it an advantage? The first one is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. The second advantage is the scalability. And you know, this certainly plays into account as your business grows, or, in some cases, as you shrink or repurpose workloads, you're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on premises as much or as little as you want. And then I think the third one is we're seeing, basically, things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is we're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, "Wow, I needed six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks, and it's backed by Druva to make sure it works. >> Anjan, you know, you got the product side, you know, it's a challenging job 'cause you have so many customers asking for things, probably on the roadmap, you probably can go an hour for that one, but I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated, probably on the feature requests, but also structurally as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think, after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in, as Druva, is that we are providing them the cloud operating model and a data protection operating model, combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate, because this is not just about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate in the middle of the war, so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour, while they're just trying to live one day at a time. And unless they really develop this overall security operating model, helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS, and we are going to be continuing to evolve that to further the many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So new workloads, new security capabilities. Love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? You got new workloads, you got the new security needs, what's the disruption impact? 'Cause you want to avoid that. How much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, you know, again, we're willing to put our money where our mouth is, and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say the goal of Druva is to do the job of protecting and securing your data for you so that you, as a customer, don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks, all with SLAs. So everything from your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally, and we're guaranteeing the long-term durability of the data so that if you backup with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there, and the only way for this to work is to have a service that can provide you SLAs across all of the risks, because that means, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. (laughs) People are concerned about it, so great stuff. In the last five minutes, guys, if you don't mind, I'd love to have you share what's on the horizon for Druva? You mentioned the new workloads, Anjan. You mentioned this new security. You're going to shift left. DevOps is now the developer model. They're running IT. Get data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace and the competition? >> Yeah, I think, listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first, from Druva, before they can start to get into much more advanced level of insights and analytics around that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which, I think, is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor, and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build, all the way from a feature level where we have things like (audio distorts) that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security, and that's where my focus is, to go and get those features delivered, and Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure, so, yeah, so John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications, and a lot of those SaaS applications have data. So there's the obvious things, like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because, if you think about it, if someone you know deletes some really important records in Salesforce, that's actually kind of the record of your business. And so, we're looking at more and more SaaS application protection, and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce, or something like Microsoft 365. You do want to look into sandboxing, you want to look into long-term archival, because this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks, because we're seeing across the globe. And then, of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because, let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud, and then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember, John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and then really the power of SaaS as a service, simplicity to kind of continue on, amongst kind of keeping these complex technologies together. >> Anjan, that's a great callout. I was going to mention ease of use and self-service. Big part of the developer and IT experience. Expected. It's the table stakes. Love the analytic angle, I think that brings the scale to the table, and faster time to value to get to learn best practices. But at the end of the day, automation, cross-cloud protection and security to protect and recover. This is huge, and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You have the experts talk about under the hood, the product, the value, the future of what's going on with Druva, and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva Data Resiliency Cloud is the only 100% SaaS data resiliency platform that provides centralized, secure, air gapped, and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyberattacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds, and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup and recovery, but also data resiliency across high value use cases, such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability, and ransomware protection. The Druva Data Resiliency Cloud, your data, always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past 2+ years, a lot of good technology practices have been put into place, but there's much more work to be done, specifically, because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a system's view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. Here we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net, and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching "Why Ransomware isn't Your Only Problem," made possible by Druva, in collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention, and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment. And, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered. Sometimes it's not. So you look at that and you go, Wow. On, on the one hand, people think they're really, really prepared, and on the other hand, the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue. It's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, It's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact, we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that, Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching the Cube, the leader in live tech coverage. >>We live in a world of infinite data, sprawling, dispersed valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about different deployments for workloads running on premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four of five copies of the same data, increasing costs and risk building to an incoherent mess of complications. Now imagine a world free from these complexities. Welcome to the dr. A data resiliency cloud where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resili. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. >>Through a true cloud experience built on Amazon web services, the DR A platform automates and manages critical daily tasks giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly with the dr A data resiliency cloud, your data isn't just backed up, it's ready to be used 24 7 to meet compliance needs and to extract critical insights. You can archive data for long term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. DVA is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500 costing up to 50% less in the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Dr. A makes it simple. >>Welcome back everyone to the cube and the drew of a special presentation of why ransomware isn't your only problem. I'm John Furrier, host of the Cube. We're here with w Curtis Preston. Curtis Preston, he known in the industry Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. >>Happy to be here. >>So we always see each other events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I to get your thoughts and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >>Yeah, I think it's the, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately they didn't. The, the, the, the data protection world has been this way for a while where there's this, this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit successfully, hit by ransomware, paid the ransom and, and, and or lost data. And yet the same people that were surveyed, they had to high degrees of confidence in their backup system. And I, you know, I, I could, I could probably go on for an hour as to the various reasons why that would be the case, but I, I think that this long running problem that as long as I've been associated with backups, which you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And, and people often just, they, they, they don't wanna have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh, the backup system's great, because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >>It's funny, you know, we're good boss, we got this covered. Good, >>It's all good, it's all good, >>You know, and the fingers crossed, right? So again, this is the reality and, and, and as it becomes backup and recovery, which we've talked about many times on the cube, certainly we have with you before, but now with ransomware also, the other thing is people get ransomware hit multiple times. So it's not, not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution. And so let's get into that. You know, you have had hands on backup experience. What are the points that surprised you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >>Well, I would say that the, the, the one part in the survey that surprised me the most was people that had a huge, you know, that there, there was a huge percentage of people that said that they had a, a, a, you know, a a a ransomware response, you know, in readiness program. And you look at that and you, how could you be, you know, that high percentage of people be comfortable with their ransomware readiness program and a, you know, which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so your, you believe that your company was ready for that, and then you go, and I, I think it was 67% of the people in the survey paid the ransom, which as, as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most is that because you, you talked about re infections, the surest way to guarantee that you get rein attacked and reinfected is to pay the ransom. This goes back all the way ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail and >>You're in business, you're a good customer arr for ransomware. >>Yeah. So the, the fact that, you know, 60 what two thirds of the people that were attacked by ransomware paid the ransom. That one statistic just, just hurt my heart. >>Yeah. And I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, it's super important to get back in recovery and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, the arr joking, but there's recurring revenue for the, for the bad guys if they know you're paying up and if you're stupid enough not to change, you're tooling, right? So, so again, it works both ways. So I gotta ask you, why do you think so many are unable to successfully respond after an attack? Is it because they know it's coming? I mean, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding and successfully to this? >>I I think it's a, it's a litany of thing starting with the, that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if, if you're the one that raises their hand, you know what, that's a good idea, Curtis, why don't you look into that? Right. Nobody, nobody wants to be, Where's >>That guy now? He doesn't work here anymore. Yeah, but I I I hear where you come from exactly. Psychology. >>Yeah. So there, there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They, they, they become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate for from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if you, if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then you've, if, if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I, and I just don't think that people are thinking about that. Yeah. You know, and they're using the same backup techniques that they've used for many, many years. >>So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, Hey, we'll just take out the backup first so they can backup. So we got the ransomware it >>Makes Yeah, exactly. The the largest ransomware group out there, the KTI ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. >>Okay, so you guys have a lot of customers, they all kind of have the same this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >>Well, again, you, you've got to fully segregate that data. There are, and, and everything about how that data is stored and everything about how that data's created and accessed. There are ways to do that with other, you know, with other commercial products, you can take a, a, a standard product and put a number of layers of defense on top of it, or you can switch to the, the way Druva does things, which is a SAS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the, the, it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the, the way juva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work with us. You just log in and you get all of that. >>I guess how do, how do you break the laws of physics? I guess that's the question here. >>Well, when, because that's the other thing is that by storing the data in the cloud, we, we do, and I've said this a few times, that you get to break the laws of physics and the, the only way to do that is to, is time travel and what, that's what it, so yeah, so Druva has time travel. What, and this is a criticism by the way. I don't think this is our official position, but Yeah. But the, the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of what I mean by time travel in that you basically, you configure your dr your disaster recovery environment in, in DVA one time. And then we are pre restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go the, the data should already be restored. And that's the, i that's the way that you break the laws of physics is you break the laws of time. >>Well, I, everyone wants to know the next question, and this is the real big question, is, are you from the future? >>Yeah. Very much the future. >>What's it like in the future? Backup recovery as a restore, Is it air gaping? Everything? >>Yeah. It, it, it, Well it's a world where people don't have to worry about their backups. I I like to use the phrase, get outta the backup business. Just get into the ReSTOR business. I I, you know, I'm, I'm a grandfather now and I, and I love having a granddaughter and I often make the joke that if I don't, if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about >>Backups. Yeah. And what's great about your background is you've got a lot of historical perspective. You've seen that been in the ways of innovation now it's really is about the recovery and real time. So a lot of good stuff going on. And God think automated thingss gotta be rocking and rolling. >>Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to, you know, to, to break, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I, I wish that, I wish everybody had that ability. >>Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream front lines. Great stuff Chris, great to have you on, bring that perspective and thanks for the insight. Really >>Appreciate it. Always happy to talk about my favorite subject. >>All right, we'll be back in a moment. We'll have Steven Manley, the cto and on John Shva, the GM and VP of Product Manage will join me. You're watching the cube, the leader in high tech enterprise coverage. >>Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability, scans, patches and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released after an attack. Recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the DR A data resiliency cloud on your side. The DR A platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. >>Our software as a service model delivers 24 7 365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches and upgrades for you. DVA also makes zero trust security easy with builtin multifactor authentication, single sign-on and role-based access controls in the event of an attack. Druva helps you stop the spread of ransomware and quickly understand what went wrong. With builtin access insights and anomaly detection, then you can use industry first tools and services to automate the recovery of clean unencrypted data from the entire timeframe of the attack. Cyber attacks are a major threat, but you can make protection and recovery easy with dva. >>Welcome back everyone to the Cubes special presentation with DVA on why ransomware isn't your only problem. I'm John er, host of the Cube. Our next guest are Steven Manley, Chief Technology Officer of dva and I, John Trini VAs, who is the general manager and vice president of product management and Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic, the IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >>Great to be here John. >>So what's your thoughts on the survey's conclusion? I've obviously the resilience is huge. Ransomware is continues to thunder away at businesses and causes a lot of problems. Disruption, I mean just it's endless ransomware problems. What's your thoughts on the con conclusion? >>So I'll say the, the thing that pops out to me is, is on the one hand, everybody who sees the survey, who reads, it's gonna say, well that's obvious. Of course ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But, but I think when you dig deeper and there and there's a lot of subtleties to look into, but, but one of the things that, that I hear on a daily basis from the customers is it's because the problem keeps evolving. It, it's not as if the threat was a static thing to just be solved and you're done because the threat keeps evolving. It remains top of mind for everybody because it's so hard to keep up with with what's happening in terms of the attacks. >>And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping it away from all the tooling that needed to do. A lot of people are even still wondering when that happens next time, what do I even do? So clearly not very surprising. Clearly I think it's here to stay and I think as long as people don't retool for a modern era of data management, this is going to stay this >>Way. Yeah, I mean I hear this whole time and our cube conversations with practitioners, you know there, it's kind of like the security pro give me more tools, I'll buy anything that comes in the market. I'm desperate. There's definitely attention but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because you know, people claim that they have tools at fine points of, of recovery opportunities but they can't get there. So it seems to be that there's a confidence problem here in the market. What, how do you guys see that? Cuz I think this is where the rubber meets the road with ransomware cuz it's, it is a moving train, it's always changing but it doesn't seem as confidence. Can you guys talk about that? What's your reaction? >>Yeah, let me jump in first and Steven can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said could solve your problem, but they haven't had a chance to take a re-look from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities and which tooling set needs to lie? Where, where does the logic need to recite and what in Drew we are watching people do and people do it successfully, is that as they have adopted through our technology, which is ground up built for the cloud and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware. >>And then there's a whole plethora of ecosystem players that kind of combine to really really finish the story so to say, right? So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and tried to identify the right set of ecosystem to really bring together to solve it meaningfully. >>Steven, >>I was gonna say, I mean one, one of the, one of the really interesting things in the survey for me and, and, and for a moment, little more than a moment, it made me think was that the large number of respondents who said I've got a really efficient well run backup environment, who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well if your backup environment is so good, why do you have such low confidence? And, and, and I think that's the moment when we, we dug deeper and we realized, you know, if you've got a traditional architecture and let's face the dis base architecture's been around for almost two decades now in terms of dis based backup, you can have that tune to the help that can be running as efficiently, efficiently as you want it, but it was built before the ransomware attacks before, before all these cyber issues, you know, really start hitting companies. And so I have this really well run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying I'm doing the best I can, but as Angen pointed out, the architecture, the tooling isn't there to support what, what problems I need to solve today. Yeah, >>Great point. And so yeah, well that's a great point. Before we get into the customer side, I wanna get to in second, you know, I interviewed Jare, the the founder CEO many years ago, even before the pandemic. You mentioned modern, you guys have always had the cloud, which r this is huge. Now that you're past the pandemic, what is that modern cloud edge you guys have? Cuz that's a great point. A lot of stuff was built kind of Beckham recovery bolted on, not really kind of designed into the, the current state of the infrastructure and the cloud native application modern environment we're seeing. Right? Now's a huge issue >>I think. I think it's, it's to me there's, there's three things that come up over and over and over again as, as we talk to people in terms of, you know, being built in cloud, being cloud native, why is an advantage? The first one is, is security and ransomware. And, and, and we can go deeper, but the most obvious one that always comes up is every single backup you do with DVA is air gap offsite managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And you know this, this certainly plays into account as your, your business grows or in some cases as you shrink or repurpose workloads, you're only paying for what you use. >>But it also plays a a big role again when you start thinking of ransomware recoveries because we can scale your recovery in cloud on premises as much or as little as you want. And then I think the third one is we're seeing a basically things evolving new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SA service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting, you know, the customer doesn't have to say, Wow, I need it six months in the lab before I upgrade it and it's an 18 month, 24 month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >>That says on John, you know, you got the, the product side, you know, it's challenging job cuz you have so many customers asking for things probably on the roadmap you probably go hour for that one. But I wanna get your thoughts on what you're hearing and seeing from customers. You know, we just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated on the, probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing, what's the key customer need? How are you guys responding? >>Yeah, actually I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges because we see customers and help customers who are getting challenge by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in as rua is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate because this is just not about a piece of technology. >>On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on but innovating faster with faster, with less. And that has been this age old problem, do more with less. But in this, in this whole, they're like trying to innovate in the middle of the war so to say, right, the war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at a hundred miles per hour while they're just, you know, trying to live one day at a time. >>And unless they really develop this overall security operating model helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this kind of this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with now. Drew is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC two offering to protect EC two virtual machines back in aws and we are gonna be continuing to evolve that to further many services that public cloud software cuz our customers are really kind of consuming them at breakneck speed. >>So the new workloads, the new security capabilities. Love that. Good, good call out there. Steven, this still the issue of the disruption side of it, you guys have a guarantee there's a cost of ownership as you get more tools. Can you talk about that angle of it? Because this is, you got new workloads, you got the new security needs, what's the disruption impact? Cause you know, you won't avoid that. How much is it gonna cost you? And you guys have this guarantee, can you explain that? >>Yeah, absolutely. So, so Dr launched our 10 million data resiliency guarantee. And, and for us, you know, there were, there were really two key parts to this. The first obviously is 10 million means that, you know, again we're, we're we're willing to put our money where our mouth is and, and that's a big deal, right? That that, that we're willing to back this with the guarantee. But then the second part, and, and, and this is the part that I think reflects that, that sort of model that Angen was talking about, we, we sort of look at this and we say the goal of DVA is to do the job of protecting and securing your data for you so that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from, you know, your data's gonna be recoverable in the case of a ransomware attack. >>Okay, that's good. Of course for it to be recoverable, we're also guaranteeing, you know, your backup, your backup success rate. We're also guaranteeing the availability of the service. You know, we're, we're guaranteeing that the data that we're storing for you can't be compromised or leaked externally and you know, we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover 30 years from now, that data's gonna be recovered. So we wanted to really attack the end to end, you know, risks that, that, that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there and the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SAS vendor, we're doing the job for you so you're buying results as opposed to technology. >>That's great. Great point. Ransomware isn't the only problem that's the title of this presentation, but is a big one. People concerned about it. So great stuff. In the last five minutes guys, if you don't mind, I'd love to have you share what's on the horizon for dva. You mentioned the new workloads on John, you mentioned this new security hearing shift left DevOps is now the developer model, they're running it get data and security teams now stepping in and trying to be as vo high velocity as possible for the developers and enterprises. What's on the horizon, Ava? What trends is the company watching and how are you guys putting that together to stay ahead in the marketplace and the competition? >>Yeah, I think listening to our customers, what we realize is they need help with the public cloud. Number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first from before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which I think is very unique to thwa because only we can look at multiple tenants, multiple customers because we are a SAS vendor and look at insights and give them best practices and guidances and analytics that nobody else can give. >>There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need, what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are gonna build all the way from a feature level where we have things like recycle bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights and security and that's where my focus is to go and get those features delivered and Steven can add a few more things around services that Steven is looking to build in launch. >>Sure. So, so yeah, so, so John, I think one of the other areas that we see just an enormous groundswell of interest. So, so public cloud is important, but there are more and more organizations that are running hundreds if not thousands of SaaS applications and a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365 Google workspace, but we're also seeing a lot of interest in protecting Salesforce because if you think about it, you know, if you, if if someone you know deletes some really important records in Salesforce, that's, that's actually actually kind of the record of your business. And so, you know, we're looking at more and more SaaS application protection and, and really getting deep in that application awareness. It's not just about backup and recovery. When you look at something like, like a sales force or something like Microsoft 365, you do wanna look into sandboxing, you wanna, you wanna look into long term archival because again, this is the new record of the business, what used to be in your on premises databases that all lives in cloud and SaaS applications now. >>So that's a really big area of investment for us. The second one, just to echo what, what engine said is, you know, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them, will do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your, your data up more cleanly, you're gonna be a lot less worried and a lot less exposed from that attack happens. So we want to be able to again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline. We've got to deliver value to our customers, not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >>That's great stuff. Run John. >>And remember John, I think all this while keeping things really easy to consume consumer grade UI APIs and the, the really, the power of SaaS as a service simplicity to kind of continue on amongst kind of keeping these complex technologies together. >>Aj, that's a great call out. I was gonna mention ease of use is and self-service, big part of the developer and IT experience expected, it's the table stakes, love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But the end of the day automation, cross cloud protection and security to protect and recover. This is huge and this is big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of of the product. Thanks for coming on. Appreciate it. >>Thank you very much. >>Okay, there it is. You got the experts talking about under the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Ante will give you some closing thoughts on the subject here you're watching the cube, the leader in high tech enterprise coverage. >>As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The dr. A Data Resiliency Cloud is the only 100% SAS data resiliency platform that provides centralized, secure air gapped and immutable backup and recovery. With dva, your data is safe with multiple layers of protection and is ready for fast recovery from cyber attack, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds and your business critical SaaS applications. Druva is the only 100% SAS fender that can manage, govern, and protect data across multiple clouds and business critical SAS applications. It supports not just backup and recovery, but also data resiliency across high value use cases such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale storage optimization, data immutability and ransomware protection. The DVA data resiliency cloud your data always safe, always ready. Visit druva.com today to schedule a free demo. >>One of the big takeaways from today's program is that in the scramble to keep business flowing over the past two plus years, a lot of good technology practices have been put into place, but there's much more work to be done specifically because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher. Today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a systems' view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. You know, we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you gotta do is go to the cube.net and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching why Ransomware isn't your only problem Made possible by dva, a collaboration with IDC and presented by the Cube, your leader in enterprise and emerging tech coverage.

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva, and Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment and, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered, sometimes it's not. So you look at that and you go, Wow. On, on the one hand people think they're really, really prepared and on the other hand the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue, it's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that. Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching The Cube, the leader in live tech coverage.

(upbeat music) >> Hey everyone, Lisa Martin for theCUBE here. Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape, as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations, as well as business organizations, and really it's that digital resilience, that ransomware that has everybody's attention. And it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC, we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is what we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient. And to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization. Whether it's through digital transformation, or whether it's simply data availability, whatever it might happen to be, digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company These days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably? Or is data resilience to find as something a little bit different? >> Well, sometimes, yeah, that we do get caught using them when one as the other, but data resilience is really a part of digital resilience if you think about the data itself and the context of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked. And it's becoming a corporate initiative. But there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it. And they really avoided confronting that. Nowadays, so many people have been hit by it, that stigma has gone. And so really it is becoming more of a community kind of effort, as people try to defend against these ransomwares. The other thing about it is it's really a lot like Whac-A-Mole. They attack us in one area and we defend against it, so they attack us in another area and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "One of these days, we're going to get pretty well defended against ransomware, and it's going to go away." And I responded, "I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities." And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a lot of fight. So I really think that ransomware is one of those things that is here for the long-term, and something that we we have to address and have to get proactive about. >> You mentioned some stats there. And recently, IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things, let's talk a little bit about the demographics of the survey, and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it's a little over 500 different individuals across the globe, in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, BPO of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high, or very high degree of confidence in their recovery tools, and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a 1/3 of organizations were able to fully recover their data without paying the ransom. And some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't aren't necessarily to be trusted. And so the software that they provide, sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared. And on the other hand, the results are absolutely horrible. 2/3 of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson, "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready based on the information you have. And these people are smart people, and they're professionals. But oftentimes, you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me, and kind of the aha moment, really, in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly half being the victims of ransomware in the last three years. And then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen. Just a matter of when and how often. >> It is a matter. Yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud, where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on demand resources. And in the old days when we had disaster recoveries, where there we had two different data centers and the failover and so forth, you have double the infrastructure. If your financial services, it might even be triple the infrastructure. It's very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly, what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place, to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit. And all of a sudden, they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have. And it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here? Is it that these IT practitioners over 500 that you surveyed across 20 industries, as a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know. And until you get into a specific attack, there are so many different ways that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice, things like encryption, immutability, things like that that organizations can put into place. Certainly, air gaps, having a solid backup foundation to where data is, you have a high probability recovery, things like that. Those are the kinds of things that organizations have to put into place, really, is a baseline to assure that they can recover as fast as possible, and not lose data in the event of our ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities, and as the threat landscape just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners? But does this go all the way up to the board level in terms of, " Hey guys across every industry, we are vulnerable. This is going to happen. We've got to make sure that we are truly resilient and proactive." >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the loss productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing these issues within their organization. >> So all the way at the top, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned, ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved? To the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on-premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and and to be able to take that cloud-centric perspective and apply it on-premises, as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Druva sponsored IDC white paper, fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> I'm, Lisa Martin. You're watching theCUBE, the leader in live tech coverage. (upbeat music)

>>From the Bellagio hotel in Las Vegas, it's the cube covering UI path forward for brought to you by >>Welcome to the cubes coverage of UI path forward for live from Las Vegas. We're here at the Bellagio. Lisa Martin, with Dave a long time, very excited to have in-person events back ish. I'll say we're going to be talking about automation as a boardroom imperative. We have two guests joining us here, James Matras here consulting principal. America's intelligent automation leader at UI and Irv. Dennis retired EA partner, and former CFO of HUD gentlemen. Welcome to the program. Exciting topic automation as a boardroom imperative, James says COO and start with you. How do you discuss the value of automation as being a key component and driver of transformation? >>That's a great question. I think what we've seen in the last couple of years is the evolution of what automation used to be. Two is going nine. And we've seen the shift from what we call generation one, which is very RPA centric type automation to more generation two, which is the combined integration of multiple technologies. It can target an intern process and it's quite important that you understand the pivotal shift because it's not enabling us to move from a task micro top agenda to a macro agenda actually impacts an organization at a strategic level. The ability to be able to look at processes more deeply to automate them in an end to end process collectively and use these different technologies in a synergistic manner truly becomes powerful because it shifts the narrative from a micro process agenda into more systemic area. >>So gen zero is an Emmanuel gen one is RPA point tools that individual maybe getting their personal productivity out. And then now you're saying gen three is across the enterprise. Where are we in terms of, you know, take your experience from your practical experience? Where do you think the world is? It's like probably between zero and one still. Right. But the advanced folks of thinking about gen three, w what's your, >>Yeah, it's a great question. And, um, when you and I, I can do the comparison being private and public sector on this because I was 37 years with E Y then went into retirement and CFL at HUD CFO. Ed was, was a HUD was nowhere. They had to just do all the intelligence digitalization, um, throughout, uh, from scratch. The private sector is probably five or six years ahead of them. But when you think about James talks about the gen one, two and three, the private sector is probably somewhere between two and three. And I know we're talking about the board in this conversation. Um, boards probably have one and two on their radar. Some boards may have three, some may not, but that's where the real strategic focus for boards needs to be is looking forward and, and getting ahead. But I think from a public sector standpoint, lot to go private sector, more to go as well. But, uh, there's a, there's a bit of a gap, but the public sector is probably only about three or four years behind the private sector >>To be okay. Let's look at the numbers, look at, look at the progress for the quarter. And now it's like discussion on cyber discussion on digital discussion on automated issue. It really changed the narrative over the last decade. >>Yeah, I think when you think of boards today, the lots of conversation on cyber that that conversation has been around for a while. A lot of conversation on ESG today, that conversation is getting, getting very popular. But I think when you think of next three, a Jen talks that bear James talks about, um, that's got to start elevating itself if it's not within the boardroom right now, because that will be the future of the company. And the way I think of it from a board's conversation is if a company doesn't think of themselves as a technology company in all aspects, no matter what you do, you are a technology company or you need to be. And if you're not thinking along that way, you're gonna, you're gonna lose market share and you're going to start falling behind your competitors. >>Well, and how much acceleration did the pandemic bring to just that organizations that weren't digital forward last year are probably gone? >>I think it certainly has shifted quite a lot. There's been a drive, the relevance of technology and hard plays for us in the modern workforce in the modern workplace has fundamentally changed the pandemic. We reimagine how we do things. Technology has progressed in itself significantly, and that made a big difference for, for all the environments as a result of that. So certainly is one of the byproducts of the pandemic has been certainly a good thing for everybody. >>Where does automation fit in the board? Virginia? You've got compensation committee. You've probably, I mean, there's somebody in charge of cyber. You got ESG now there's automation part of a broader digital agenda. Where's what's the right word. >>You know, I, I would personally put it in a enterprise risk management from a standpoint that if you're not focused on it, it's going to be a risk to the enterprise. And, um, when you think of automation and intelligent automation and RPA, uh, I think boards have a pretty good sense of how you interface with your customers and your vendors. I think a big push ought to be looking internally at your own infrastructure. You know, what are you, what are you doing in the HR space? What are you doing in a financial statement, close process? What are you doing your procurement process? I suspect there's still a lot of very routine transactions and processing within those, that infrastructure that if you just apply some RPA artificial intelligence, that data extraction techniques, you can probably eliminate a lot of man hours from the routine stuff. And, and the many man hours is probably not the right way to think of it. You could elevate people's work from being pushing numbers around to being data analyzers. And that's where the excitement is for people to see. >>It's not how it's viewed at organizations. We're not eliminating hours. Well focusing folks on much more strategic down at a test. >>Yes. I would say that that's exactly right now in the private sector, you're always going to have the efficiency play and profitability. So there will be an element of that. I know when at HUD we're, we're focused, we were not focused on eliminating hours because we needed people and we focused on creating efficiencies within the space and having people convert from, again, being Trent routine transactions, to being data analyzers and made the jobs, I'm sure. Fund for them as well. I mean, this is a lot of fun stuff. And, and if, uh, uh, companies need to be pushing this down through their entire infrastructure, not just dealing with our customers and the third parties that they deal with >>Catalyst or have been public sector. So you mentioned they may be five or six years behind, but I've seen certain public sector organizations really lean in, they learn from, from the private sector. And then even when you think about some of the military, how advanced they are absolutely. You know, the private could learn from them and if they could open it up. But >>So, yeah, I think that's, that's well said I was in this, you know, the that's the civilian part with, with the housing and urban development. I think the catalyst is, uh, bringing the expertise in, uh, I know when I, when I came, I went to HUD to elevate their financial infrastructure. It was, it was probably the worst of the cabinet agency. The financials were a mess. There was no, there was a, uh, there was not a clean audit opinion for eight years. And I was there to fix that and we fixed it through digitalization and digital transformation, as well as a financial transformation. The catalyst is just creating the education, letting people know what is, what, what technology can do. You don't have to be a programmer, but it's like driving a car. Anybody can drive a car, but we can't mechanic, you know, work as a mechanic on it. >>So I think it's creating education, letting people know what it can do. And at HUD, for example, we did a very simple, I was telling James earlier, we did a very simple RPA project on an, an, a financial statement, close process. It was 2,600 hours, six months. Once we implemented the RPA, brought that down to 70 hours, two weeks, people's eyes exploded with it. And then all of a sudden, I said, I want everyone to go back and come back with, with any manual process, any routine process that can convert to an RPA. And I got a list of a hundred, then it came then became trying to slow everything down. We're not going to do it overnight. Yeah, exactly. >>So, but it was self-funding. It was >>Self-funded. Yes. >>And, and how do you take that message to customers that it could be self-funding how how's that resonating >>Very well. And I think it was important. I always like to say, it's a point of differentiation because you look at, uh, mentioned earlier that organizations are basically technology companies. That's what they are. But now if you look across that we no longer compete at the ERP level without got SAP, Oracle, it's not a point of differentiation. We don't compete the application layer where they've got service. Now, black line, how we use them is helpful. We competed the digital layer and with automation is a major component of that. That's where your differentiation takes place. Now, if you have a point of differentiation, that is self-funding, it fundamentally changes the game. And that's why it's so important for boards to understand this, because that risk management, if you've not doing it, somebody is getting ahead of the game much faster than you are. >>Yeah. Yeah. You mentioned ERP and it, and it triggered something in my mind. Cause I, I said this 10 years ago about data. If in the nineties, you, you couldn't have picked SAP necessarily as the winner of ERP. But if you could have picked the companies that were using ERP could have made a lot of money in the stock market because they outperform their peers. And the same thing was true with data. And I think the same thing is going to be true with automation in the coming decade. >>Couldn't agree more. And I think that's exactly the point that differential acceleration happening this. And it's harder because of the Europeans. Once you knew what it was, you can put the boundaries on it. Digital, the options are infinite. It's just continuous progress as are from there. >>I've got a question for you. You talked about some great stats about how dramatically faster things were took far less time. How does that help from an adoption perspective? I know how much cultural change is very difficult for folks in any organization, but that sort of self-serving how does that help fuel adoption? >>Well, it's interesting. Um, it's, it is a, we're actually going to talk about this tomorrow. It is a framework and it's got to start at the leadership has got to start with governance. It's got to start with a detailed plan. That's executable. And it's got to start with getting buy-in from not only your, the, the organization, but the people you're dealing with outside the organization. Um, it's, it's, uh, I think that's absolutely critical. And when you bring this back to the boardroom, they are the leaders of the companies. And, and I, James, I talked about this as we're getting ready for tomorrow's session. I think the number one thing a board can do today is an own personal self assessment. Do they understand automation? Do they understand what next generation three is? Do they understand what the different components can do? And do they understand how the companies are implementing it? And if I was a board member, uh, on our boards, I say, we need to understand that or else this is nothing's going to happen. We're going to be here at the reliance of the CEO and the CFO strategy, which may or may not include or be thinking about this next three. So leadership at the top is going to drive this. And it's so critical. >>We were talking about catalyst before. And you mentioned education and expertise. I'm always curious as to what drew you to public sector because it's, yeah, I mean, very successful, you know, you're, you're with one of the global SIS directly, you can make a lot more money and that side. So what was it did, was it a desire to it's a great country? Was it >>Take one for the team and I'm going to do a selfish plug here. I just actually wrote a book in this whole thing called transforming a federal agency. What's the name of the book transforming and federal agency. And it's, uh, I spent my time at E Y for 37 years, fully retired. I wanted to give back and do meaningful work. And we lived in Columbus, Ohio, as I was talking about earlier, I was going to go teach and I got a call from the president's personnel office to see if I wanted to come. And these, the CFO at HUD with secretary Carson and change turn the agency around, uh, that took me a little while to say yes, because I wasn't sure I wanted something full time. It was a, it was in DC. So I'd be in a commuting role back and forth. My family's in Columbus. >>Um, but it was, uh, I did it and I loved it. It was, uh, I would pray, I would ask anyone that's has the ability to go into public service at any point in their career to do it. It's it was very rewarding. It was one of my favorite three years of life. And to your point, I didn't have to do it, but, uh, if I wanted to do something and give back and that met the criteria and we were very successful in turning it around with the digital transformation and a lot of stuff that we're talking about today gave me the ability to talk about it because I helped lead it >>For sharing that and did it. So did it start with the CFO's office? Because the first time I ever even heard about our RPO RPA was at a CFO conference and I started talking to him like, oh, this is going to be game changing. Is that where it started? Is that where it lands today? >>From an infrastructure standpoint, the CFO has the wonderful ability to see most processes within a company and its entire lifestyle from beginning to end. So CFO has that visibility to understand where efficiencies can happen in the process. And so the CFO plays a dramatically important role in this. And you think about a CFO's role today versus 20 years ago, it's no longer this, the bean counter rolling up numbers that become a business advisors to the board, to the CEO and to the executive suite. Um, so the CFO, I think has probably the best visibility of all the processes on a global basis. And they can see where the, the efficiencies and the implementation of automation can happen. >>So they can be catalysts and really fueling the actual >>Redesign of work. Yes, they, they, they probably need to be the catalyst. And as a board member, you want to be asking what is the CFO's strategic imperative for the next year? And if it doesn't include this, it's just got to get on the agenda. >>Well, curve ball here is his CFO question and you know, three years or two years ago, you wouldn't have even thought, I mean, let me set it up better. One of the industries that is highly automated is crypto. Yeah. You wouldn't even thought about crypto in your balance sheet a couple of years ago, but I'm not sure it's a widespread board level discussion, but as a CFO, what do you make of the trend to put Bitcoin on balance sheets? >>Yeah, I'm probably not the right person to ask because I'm a conservative guy. >>If somebody supported me and he said, Hey, why don't we put crypto on the balance sheet? >>I would get much more educated. I wouldn't shut it down. I would put it into, let's get more educated. Let's get the experts in here. Let's understand what's really happening with it. Let's understand what the risks are, what the rewards are. And can we absorb any sort of risk or reward with it? And when you say put it on the balance sheet, you can put it on in a small way to test it out. I wouldn't put the whole, I wouldn't make the whole balance sheet for Dell on day one. So that's why I would think about it. Just tell, tell me more, get me educated. How did you think about it? How can it help our business? How can I help our shareholders? How does it grow the bottom line? And then, then you start making decisions. >>Cause CFOs, let me find nature often conservative and most CFOs that I talked to just say no way, not a chance, but you're, maybe you're not as conservative as you think. Well, >>No, but I will never say go away on anything. I mean, cause I want to learn. I want to know. I mean, um, if you like all this stuff, that's new, it's easy to say go away, right? Yeah. But all of a sudden, three years later, the go away, all your competitors are doing it at a competitive advantage. So never say go away, get yourself educated before you jump into it. >>That's good advice. Yeah. In any walk of life question for you, or have you talked about the education aspect there? I'm curious from a risk mitigation perspective, especially given the last 18, 19 months, so tumultuous, so scary for all those organizations that were very digital, they're either gone or they accelerated very quickly. How much of an education do you have to provide certain industries? And are you seeing certain industries? I think healthcare manufacturing, financial services as being leaders in the uptake? >>Well, I think the financial service industries, for sure, they, they, they get this and then they need to, uh, cause they, you know, they're, they're a transaction and based, uh, industry. Uh, so they get it completely. Um, you know, I think maybe some manufacturing distribution, some of the old line businesses are, you know, they may not be thinking of this as progressively as they should. Um, but they'll get there. They're going to have to get there eventually. Um, you know, when you think about the education, my, I thought you were gonna ask a question about the education of the workforce. And I think as a board member, I would be really focused on, uh, how am I educating my workforce of the future? And do I have the workforce of the future today? Do I have to educate them to have to bring in hiring for it? Do I have to bring third-party service providers to get us there? So as a board member really focus on, do I have the right workforce to get us to this next stage? And if not, what do I need to do to get there? Because >>We'll allocate a percentage of their budgets to training and education. And the question is where do they put it >>In? Is it the right training and education, right? >>Where do they focus though? Right now we hear you iPad talking about they're a horizontal play, but James, when you and Lisa, we were asking about industry, when you go to market, are you, are you more focused on verticals? Are you thinking, >>No, it's on two things. So which often find is regardless of the sector with some nuanced variation, the back office functions are regionally the procure to pay process as the same fundamentals, regardless of the sector where the differentiation comes in at a sector of service is when you start going to the middle of the front office, I mean a mining has only one customer. They sold their product to image the retailer has an endless number of them. So when you get to the middle and front office and really start engaging with a customer and external vendors, then a differentiation is very unique and you'd have a lot of sort of customers having sector specific nuances and variations in how you use the platform. And that's where the shift now is happening as well is the back office functions that are largely driven by the CFO. If now getting good, robust value out of it, there's pivot to make it a differentiator in the market, comes in the front and middle office. And that's where we starting to say, sector specific genres solutions, nuances really come to the fall >>Deep industry expertise. Do you think digital at all changes that the reason I ask it because I see Amazon as a retail and then they're in cloud and they're in grocery other in content Apple's in, in financial services and you're seeing these internet giants with a dual agenda, they're disrupting horizontal technology and then there's disruptive industries. And my premise is it's because of data and digital. Do you ever see that industry specialization changing that value chain >>Without a doubt? And I think it's happens initially. It starts off. When people have started looking at the process, they realize there's such key dependencies on the upstream and downstream components of the value chain that they want to control it. So they actually start bridging out of what the core practices or the core business to own a broader agenda. And with digital, you can do it. You can actively interact more systemically that installs triggering, well, maybe I have a different product offering. Maybe I can own this. Could I monetize the information I had at my disposal today in a completely new line. And that really what gets truly innovative and starts creating a revenue increase as opposed as the cost saving. And that's what they're really going after. It's how do I, >>The vertical integration is not new. The plenty of ended up Koch industries, Tyson foods, but now it's digital. So presumably you can do it faster with greater greater scale >>Without a doubt. And you don't have to move your big ERP and things like that. Cause that's the only way it takes five years to move my technology backbone with digital. I can do the interaction tomorrow and we can build up enough to be able to sustain that in the short term. >>Right. And speaking of speed, unfortunately, guys, we are out of time, but thank you. Fantastic conversation automation as a board imperative guys, that's been great James or >>Thank you for your time. Thank you so much >>For Dave a long day. I'm Lisa Martin. You're watching the queue. We are live in Las Vegas at the Bellagio at UI path forward for stick around Dave and I will be right back. Okay.

>>from around the globe. It's the Cube covering space and cybersecurity. Symposium 2020 hosted by Cal Poly >>Oven. Welcome back to the Space and Cyber Security Symposium. 2020 I'm John for your host with the Cuban silicon angle, along with Cal Poly, representing a great session here on industry success in developing space and cybersecurity. Resource is Got a great lineup. Brigadier General Steve Hotel, whose are also known as Bucky, is Call Sign director of Space Portfolio Defense Innovation Unit. Preston Miller, chief information security officer at JPL, NASA and Major General retired Clint Crozier, director of aerospace and satellite solutions at Amazon Web services, also known as a W s. Gentlemen, thank you for for joining me today. So the purpose of this session is to spend the next hour talking about the future of workforce talent. Um, skills needed and we're gonna dig into it. And Spaces is an exciting intersection of so many awesome disciplines. It's not just get a degree, go into a track ladder up and get promoted. Do those things. It's much different now. Love to get your perspectives, each of you will have an opening statement and we will start with the Brigadier General Steve Hotel. Right? >>Thank you very much. The Defense Innovation Unit was created in 2015 by then Secretary of Defense Ash Carter. To accomplish three things. One is to accelerate the adoption of commercial technology into the Department of Defense so that we can transform and keep our most relevant capabilities relevant. And also to build what we call now called the national Security Innovation Base, which is inclusive all the traditional defense companies, plus the commercial companies that may not necessarily work with focus exclusively on defense but could contribute to our national security and interesting ways. Um, this is such an exciting time Azul here from our other speakers about space on and I can't, uh I'm really excited to be here today to be able to share a little bit of our insight on the subject. >>Thank you very much. Precedent. Miller, Chief information security officer, Jet Propulsion Lab, NASA, Your opening statement. >>Hey, thank you for having me. I would like to start off by providing just a little bit of context of what brings us. Brings us together to talk about this exciting topic for space workforce. Had we've seen In recent years there's been there's been a trend towards expanding our space exploration and the space systems that offer the great things that we see in today's world like GPS. Um, but a lot of that has come with some Asian infrastructure and technology, and what we're seeing as we go towards our next generation expects of inspiration is that we now want to ensure that were secured on all levels. And there's an acknowledgement that our space systems are just a susceptible to cyber attacks as our terrestrial assistance. We've seen a recent space, uh, policy Directive five come out from our administration, that that details exactly how we should be looking at the cyber principle for our space systems, and we want to prevent. We want to prevent a few things as a result of that of these principles. Spoofing and jamming of our space systems are not authorized commands being sent to those space systems, lots of positive control of our space vehicles on lots of mission data. We also acknowledge that there's a couple of frameworks we wanna adopt across the board of our space systems levers and things like our nice miss cybersecurity frameworks. eso what has been a challenge in the past adopted somebody Cyber principles in space systems, where there simply has been a skill gap in a knowledge gap. We hire our space engineers to do a few things. Very well designed space systems, the ploy space systems and engineer space systems, often cybersecurity is seen as a after thought and certainly hasn't been a line item and in any budget for our spaces in racing. Uh, in the past in recent years, the dynamic started to change. We're now now integrating cyber principles at the onset of development of these life cycle of space. Systems were also taking a hard look of how we train the next generation of engineers to be both adequate. Space engineers, space system engineers and a cyber engineers, as a result to Mrs success on DWI, also are taking a hard look at What do we mean when we talk about holistic risk management for our space assistance, Traditionally risk management and missing insurance for space systems? I've really revolved around quality control, but now, in recent years we've started to adopt principles that takes cyber risk into account, So this is a really exciting topic for me. It's something that I'm fortunate to work with and live with every day. I'm really excited to get into this discussion with my other panel members. Thank you. >>You Preston. Great insight there. Looking forward. Thio chatting further. Um, Clint Closure with a W. S now heading up. A director of aerospace and satellite Solutions, formerly Major General, Your opening statement. >>Thanks, John. I really appreciate that introduction and really appreciate the opportunity to be here in the Space and Cybersecurity Symposium. And thanks to Cal Poly for putting it together, you know, I can't help, but as I think to Cal Poly there on the central California coast, San Luis Obispo, California I can't help but to think back in this park quickly. I spent two years of my life as a launch squadron commander at Vandenberg Air Force Base, about an hour south of Cal Poly launching rockets, putting satellites in orbit for the national intelligence community and so some really fond memories of the Central California coast. I couldn't agree more with the theme of our symposium this week. The space and cyber security we've all come to know over the last decade. How critical spaces to the world, whether it's for national security intelligence, whether it's whether communications, maritime, agriculture, development or a whole host of other things, economic and financial transactions. But I would make the case that I think most of your listeners would agree we won't have space without cybersecurity. In other words, if we can't guaranteed cybersecurity, all those benefits that we get from space may not be there. Preston in a moment ago that all the threats that have come across in the terrestrial world, whether it be hacking or malware or ransomware or are simple network attacks, we're seeing all those migrate to space to. And so it's a really important issue that we have to pay attention to. I also want to applaud Cow Pauling. They've got some really important initiatives. The conference here, in our particular panel, is about developing the next generation of space and cyber workers, and and Cal Poly has two important programs. One is the digital transformation hub, and the other is space data solutions, both of which, I'm happy to say, are in partnership with a W. S. But these were important programs where Cal Poly looks to try to develop the next generation of space and cyber leaders. And I would encourage you if you're interested in that toe. Look up the program because that could be very valuable is well, I'm relatively new to the AWS team and I'm really happy Thio team, as John you said recently retired from the U. S. Air Force and standing up the U. S. Space force. But the reason that I mentioned that as the director of the aerospace and satellite team is again it's in perfect harmony with the theme today. You know, we've recognized that space is critically important and that cyber security is critically important and that's been a W s vision as well. In fact, a W s understands how important the space domain is and coupled with the fact that AWS is well known that at a W s security is job zero and stolen a couple of those to fax A. W. S was looking to put together a team the aerospace and satellite team that focus solely and exclusively every single day on technical innovation in space and more security for the space domain through the cloud and our offerings there. So we're really excited to reimagine agree, envision what space networks and architectures could look like when they're born on the cloud. So that's important. You know, talk about workforce here in just a moment, but but I'll give you just a quick sneak. We at AWS have also recognized the gap in the projected workforce, as Preston mentioned, Um, depending on the projection that you look at, you know, most projections tell us that the demand for highly trained cyber cyber security cloud practitioners in the future outweighs what we think is going to be the supply. And so a ws has leaned into that in a number of ways that we're gonna talk about the next segment. I know. But with our workforce transformation, where we've tried to train free of charge not just a W s workers but more importantly, our customers workers. It s a W s we obsessed over the customer. And so we've provided free training toe over 7000 people this year alone toe bring their cloud security and cyber security skills up to where they will be able to fully leverage into the new workforce. So we're really happy about that too? I'm glad Preston raised SPD five space policy Directive five. I think it's gonna have a fundamental impact on the space and cyber industry. Uh, now full disclosure with that said, You know, I'm kind of a big fan of space policy directives, ESPN, Or was the space policy directive that directed to stand up of the U. S. Space Force and I spent the last 18 months of my life as the lead planner and architect for standing up the U. S. Space force. But with that said, I think when we look back a decade from now, we're going to see that s p d five will have as much of an impact in a positive way as I think SPD for on the stand up of the space Force have already done so. So I'll leave it there, but really look forward to the dialogue and discussion. >>Thank you, gentlemen. Clint, I just wanna say thank you for all your hard work and the team and the people who were involved in standing up Space force. Um, it is totally new. It's a game changer. It's modern, is needed. And there's benefits on potential challenges and opportunities that are gonna be there, so thank you very much for doing that. I personally am excited. I know a lot of people are excited for what the space force is today and what it could become. Thank you very much. >>Yeah, Thanks. >>Okay, So >>with >>that, let me give just jump in because, you know, as you're talking about space force and cybersecurity and you spend your time at Vanderburgh launching stuff into space, that's very technical. Is operation okay? I mean, it's complex in and of itself, but if you think about like, what's going on beyond in space is a lot of commercial aspect. So I'm thinking, you know, launching stuff into space on one side of my brain and the other side of brain, I'm thinking like air travel. You know, all the logistics and the rules of the road and air traffic control and all the communications and all the technology and policy and, you >>know, landing. >>So, Major General Clint, what's your take on this? Because this is not easy. It's not just one thing that speaks to the diversity of workforce needs. What's your reaction to that? >>Yeah. I mean, your observation is right on. We're seeing a real boom in the space and aerospace industry. For all the good reasons we talked about, we're recognizing all the value space from again economic prosperity to exploration to being ableto, you know, improve agriculture and in weather and all those sorts of things that we understand from space. So what I'm really excited about is we're seeing this this blossom of space companies that we sort of referred to his new space. You know, it used to be that really only large governments like the United States and a handful of others could operate in the space domain today and largely infused because of the technological innovation that have come with Cyber and Cyrus Space and even the cloud we're seeing more and more companies, capabilities, countries, all that have the ability, you know. Even a well funded university today can put a cube sat in orbit, and Cal Poly is working on some of those too, by the way, and so it's really expanded the number of people that benefits the activity in space and again, that's why it's so critically important because we become more and more reliant and we will become more and more reliant on those capabilities that we have to protect him. It's fundamental that we do. So, >>Bucky, I want you to weigh in on this because actually, you you've flown. Uh, I got a call sign which I love interviewing people. Anyone who's a call sign is cool in my book. So, Bucky, I want you to react to that because that's outside of the technology, you know, flying in space. There's >>no >>rule. I mean, is there like a rules? I mean, what's the rules of the road? I mean, state of the right. I mean, what I mean, what what's going? What's gonna have toe happen? Okay, just logistically. >>Well, this is very important because, uh and I've I've had access thio information space derived information for most of my flying career. But the amount of information that we need operate effectively in the 21st century is much greater than Thanet has been in the past. Let me describe the environment s so you can appreciate a little bit more what our challenges are. Where, from a space perspective, we're going to see a new exponential increase in the number of systems that could be satellites. Uh, users and applications, right? And so eso we're going we're growing rapidly into an environment where it's no longer practical to just simply evolved or operate on a perimeter security model. We and with this and as I was brought up previously, we're gonna try to bring in MAWR commercial capabilities. There is a tremendous benefit with increasing the diversity of sources of information. We use it right now. The military relies very heavily on commercial SAT com. We have our military capabilities, but the commercial capabilities give us capacity that we need and we can. We can vary that over time. The same will be true for remote sensing for other broadband communications capabilities on doing other interesting effects. Also, in the modern era, we doom or operations with our friends and allies, our regional partners all around the world, in order to really improve our interoperability and have rapid exchange of information, commercial information, sources and capabilities provides the best means of doing that. So that so that the imperative is very important and what all this describes if you want to put one word on it. ISS, we're involving into ah hybrid space architectures where it's gonna be imperative that we protect the integrity of information and the cyber security of the network for the things most important to us from a national security standpoint. But we have to have the rules that that allows us to freely exchange information rapidly and in a way that that we can guarantee that the right users are getting the right information at the right. >>We're gonna come back to that on the skill set and opportunities for people driving. That's just looking. There's so much opportunity. Preston, I want you to react to this. I interviewed General Keith Alexander last year. He formerly ran Cyber Command. Um, now he's building Cyber Security Technologies, and his whole thesis is you have to share. So the question is, how do you share and lock stuff down at the same time when you have ah, multi sided marketplace in space? You know, suppliers, users, systems. This is a huge security challenge. What's your reaction to this? Because we're intersecting all these things space and cybersecurity. It's just not easy. What's your reaction? >>Absolutely, Absolutely. And what I would say in response to that first would be that security really needs to be baked into the onset of how we develop and implement and deploy our space systems. Um, there's there's always going to be the need to collect and share data across multiple entities, particularly when we're changing scientific data with our mission partners. Eso with that necessitates that we have a security view from the onset, right? We have a system spaces, and they're designed to share information across the world. How do we make sure that those, uh, those other those communication channels so secure, free from interception free from disruption? So they're really done? That necessitates of our space leaders in our cyber leaders to be joining the hip about how to secure our space systems, and the communications there in Clinton brought up a really good point of. And then I'm gonna elaborate on a little bit, just toe invite a little bit more context and talk about some the complexities and challenges we face with this advent of new space and and all of our great commercial partners coming into therefore way, that's going to present a very significant supply chain risk management problems that we have to get our hands around as well. But we have these manufacturers developing these highly specialized components for the space instruments, Um, that as it stands right now, it's very little oversight And how those things air produced, manufactured, put into the space systems communication channels that they use ports protocols that they use to communicate. And that's gonna be a significant challenge for us to get get our hands around. So again, cybersecurity being brought in. And the very onset of these development thes thes decisions in these life cycles was certainly put us in a best better position to secure that data in our in our space missions. >>Yeah, E just pick up on that. You don't mind? Preston made such a really good point there. But you have to bake security in up front, and you know there's a challenge and there's an opportunity, you know, with a lot of our systems today. It was built in a pre cyber security environment, especially our government systems that were built, you know, in many cases 10 years ago, 15 years ago are still on orbit today, and we're thankful that they are. But as we look at this new environment and we understand the threats, if we bake cybersecurity in upfront weaken balance that open application versus the risk a long as we do it up front. And you know, that's one of the reasons that our company developed what we call govcloud, which is a secure cloud, that we use thio to manage data that our customers who want to do work with the federal government or other governments or the national security apparatus. They can operate in that space with the built in and baked in cybersecurity protocols. We have a secret region that both can handle secret and top secret information for the same reasons. But when you bake security into the upfront applications, that really allows you to balance that risk between making it available and accessible in sort of an open architecture way. But being sure that it's protected through things like ITAR certifications and fed ramp, uh, another ice T certifications that we have in place. So that's just a really important point. >>Let's stay high level for a man. You mentioned a little bit of those those govcloud, which made me think about you know, the tactical edge in the military analogy, but also with space similar theater. It's just another theater and you want to stand stuff up. Whether it's communications and have facilities, you gotta do it rapidly, and you gotta do it in a very agile, secure, I high availability secure way. So it's not the old waterfall planning. You gotta be fast is different. Cloud does things different? How do you talk to the young people out there, whether it's apparent with with kids in elementary and middle school to high school, college grad level or someone in the workforce? Because there are no previous jobs, that kind of map to the needs out there because you're talking about new skills, you could be an archaeologist and be the best cyber security guru on the planet. You don't have to have that. There's no degree for what, what we're talking about here. This >>is >>the big confusion around education. I mean, you gotta you like math and you could code you can Anything who wants to comment on that? Because I think this >>is the core issue. I'll say there are more and more programs growing around that educational need, and I could talk about a few things we're doing to, but I just wanna make an observation about what you just said about the need. And how do you get kids involved and interested? Interestingly, I think it's already happening, right. The good news. We're already developing that affinity. My four year old granddaughter can walk over, pick up my iPad, turn it on. Somehow she knows my account information, gets into my account, pulls up in application, starts playing a game. All before I really even realized she had my iPad. I mean, when when kids grow up on the cloud and in technology, it creates that natural proficiency. I think what we have to do is take that natural interest and give them the skill set the tools and capabilities that go with it so that we're managing, you know, the the interest with the technical skills. >>And also, like a fast I mean, just the the hackers are getting educated. Justus fast. Steve. I mean e mean Bucky. What do you do here? You CIt's the classic. Just keep chasing skills. I mean, there are new skills. What are some of those skills? >>Why would I amplify eloquent? Just said, First of all, the, uh, you know, cyber is one of those technology areas where commercial side not not the government is really kind of leading away and does a significant amount of research and development. Ah, billions of dollars are spent every year Thio to evolve new capabilities. And a lot of those companies are, you know, operated and and in some cases, led by folks in their early twenties. So the S O. This is definitely an era and a generation that is really poised in position. Well, uh, Thio take on this challenge. There's some unique aspects to space. Once we deploy a system, uh, it will be able to give me hard to service it, and we're developing capabilities now so that we could go up and and do system upgrades. But that's not a normal thing in space that just because the the technical means isn't there yet. So having software to find capabilities, I's gonna be really paramount being able to dio unique things. The cloud is huge. The cloud is centric to this or architectural, and it's kind of funny because d o d we joke because we just discovered the cloud, you know, a couple years ago. But the club has been around for a while and, uh, and it's going to give us scalability on and the growth potential for doing amazing things with a big Data Analytics. But as Preston said, it's all for not if if we can't trust the data that we receive. And so one of the concepts for future architectures is to evolve into a zero trust model where we trust nothing. We verify and authenticate everyone. And, uh, and that's that's probably a good, uh, point of departure as we look forward into our cybersecurity for space systems into the future. >>Block everyone. Preston. Your reaction to all this gaps, skills, What's needed. I mean it Z everyone's trying to squint through this >>absolutely. And I wanna want to shift gears a little bit and talk about the space agencies and organizations that are responsible for deploying these spaces into submission. So what is gonna take in this new era on, and what do we need from the workforce to be responsive to the challenges that we're seeing? First thing that comes to mind is creating a culture of security throughout aerospace right and ensuring that Azzawi mentioned before security isn't an afterthought. It's sort of baked into our models that we deploy and our rhetoric as well, right? And because again we hire our spaces in years to do it very highly. Specialized thing for a highly specialized, uh, it's topic. Our effort, if we start to incorporate rhetorically the importance of cybersecurity two missing success and missing assurance that's going to lend itself toe having more, more prepared on more capable system engineers that will be able to respond to the threats accordingly. Traditionally, what we see in organizational models it's that there's a cyber security team that's responsible for the for the whole kit kaboodle across the entire infrastructure, from enterprise systems to specialize, specialize, space systems and then a small pocket of spaces, years that that that are really there to perform their tasks on space systems. We really need to bridge that gap. We need to think about cybersecurity holistically, the skills that are necessary for your enterprise. I t security teams need to be the same skills that we need to look for for our system engineers on the flight side. So organizationally we need we need to address that issue and approach it, um todo responsive to the challenges we see our our space systems, >>new space, new culture, new skills. One of the things I want to bring up is looking for success formulas. You know, one of the things we've been seeing in the past 10 years of doing the Cube, which is, you know, we've been called the ESPN of Tech is that there's been kind of like a game ification. I want to. I don't wanna say sports because sports is different, but you're seeing robotics clubs pop up in some schools. It's like a varsity sport you're seeing, you know, twitch and you've got gamers out there, so you're seeing fun built into it. I think Cal Poly's got some challenges going on there, and then scholarships air behind it. So it's almost as if, you know, rather than going to a private sports training to get that scholarship, that never happens. There's so many more scholarship opportunities for are not scholarship, but just job opportunities and even scholarships we've covered as part of this conference. Uh, it's a whole new world of culture. It's much different than when I grew up, which was you know, you got math, science and English. You did >>it >>and you went into your track. Anyone want to comment on this new culture? Because I do believe that there is some new patterns emerging and some best practices anyone share any? >>Yeah, I do, because as you talked about robotics clubs and that sort of things, but those were great and I'm glad those air happening. And that's generating the interest, right? The whole gaming culture generating interest Robotic generates a lot of interest. Space right has captured the American in the world attention as well, with some recent NASA activities and all for the right reasons. But it's again, it's about taking that interested in providing the right skills along the way. So I'll tell you a couple of things. We're doing it a w s that we found success with. The first one is a program called A W s Academy. And this is where we have developed a cloud, uh, program a cloud certification. This is ah, cloud curriculum, if you will, and it's free and it's ready to teach. Our experts have developed this and we're ready to report it to a two year and four year colleges that they can use is part of the curriculum free of charge. And so we're seeing some real value there. And in fact, the governor's in Utah and Arizona recently adopted this program for their two year schools statewide again, where it's already to teach curriculum built by some of the best experts in the industry s so that we can try to get that skills to the people that are interested. We have another program called A W s educate, and this is for students to. But the idea behind this is we have 12 cracks and you can get up to 50 hours of free training that lead to A W s certification, that sort of thing. And then what's really interesting about that is all of our partners around the world that have tied into this program we manage what we call it ws educate Job board. And so if you have completed this educate program now, you can go to that job board and be linked directly with companies that want people with those skills we just helped you get. And it's a perfect match in a perfect marriage there. That one other piece real quickly that we're proud of is the aws Uh restart program. And that's where people who are unemployed, underemployed or transitioning can can go online. Self paced. We have over 500 courses they can take to try to develop those initial skills and get into the industry. And that's been very popular, too, So that those air a couple of things we're really trying to lean into >>anyone else want to react. Thio that question patterns success, best practices, new culture. >>I'd like Thio. The the wonderful thing about what you just touched on is problem solving, right, And there's some very, very good methodologies that are being taught in the universities and through programs like Hacking for Defense, which is sponsored by the National Security Innovation Network, a component of the I you where I work but the But whether you're using a lien methodologies or design school principals or any other method, the thing that's wonderful right now and not just, uh, where I work at the U. The Space force is doing this is well, but we're putting the problem out there for innovators to tackle, And so, rather than be prescriptive of the solutions that we want to procure, we want we want the best minds at all levels to be able to work on the problem. Uh, look at how they can leverage other commercial solutions infrastructure partnerships, uh, Thio to come up with a solution that we can that we can rapidly employ and scale. And if it's a dual use solution or whether it's, uh, civil military or or commercial, uh, in any of the other government solutions. Uh, that's really the best win for for the nation, because that commercial capability again allows us to scale globally and share those best practices with all of our friends and allies. People who share our values >>win win to this commercial. There's a business model potential financial benefits as well. Societal impact Preston. I want to come to you, JPL, NASA. I mean, you work in one of the most awesome places and you know, to me, you know, if you said to me, Hey, John, come working JP like I'm not smart enough to go there like I mean, like, it's a pretty It's intimidating, it might seem >>share folks out there, >>they can get there. I mean, it's you can get there if you have the right skills. I mean I'm just making that up. But, I mean, it is known to be super smart And is it attainable? So share your thoughts on this new culture because you could get the skills to get there. What's your take on all this >>s a bucket. Just missing something that really resonated with me, right? It's do it your love office. So if you put on the front engineer, the first thing you're gonna try to do is pick it apart. Be innovative, be creative and ways to solve that issue. And it has been really encouraging to me to see the ground welcome support an engagement that we've seen across our system. Engineers in space. I love space partners. A tackling the problem of cyber. Now that they know the West at risk on some of these cyber security threats that that they're facing with our space systems, they definitely want to be involved. They want to take the lead. They want to figure things out. They wanna be innovative and creative in that problem solving eso jpl We're doing a few things. Thio Raise the awareness Onda create a culture of security. Andi also create cyber advocates, cybersecurity advocates across our space engineers. We host events like hacked the lad, for example, and forgive me. Take a pause to think about the worst case scenarios that could that could result from that. But it certainly invites a culture of creative problem solving. Um, this is something that that kids really enjoy that are system engineers really enjoyed being a part off. Um, it's something that's new refreshing to them. Eso we were doing things like hosting a monthly cybersecurity advocacy group. When we talk about some of the cyber landscape of our space systems and invite our engineers into the conversation, we do outweighs programs specifically designed to to capture, um, our young folks, uh, young engineers to deceive. They would be interested and show them what this type of security has to offer by ways of data Analytic, since the engineering and those have been really, really successful identifying and bringing in new talent to address the skill gaps. >>Steve, I want to ask you about the d. O. D. You mentioned some of the commercial things. How are you guys engaging the commercial to solve the space issue? Because, um, the normalization in the economy with GPS just seeing spaces impacts everybody's lives. We we know that, um, it's been talked about. And and there's many, many examples. How are you guys the D o. D. From a security standpoint and or just from an advancement innovation standpoint, engaging with commercials, commercial entities and commercial folks? >>Well, I'll throw. I'll throw a, uh, I'll throw ah, compliment to Clint because he did such an outstanding job. The space forces already oriented, uh, towards ah, commercial where it's appropriate and extending the arms. Leveraging the half works on the Space Enterprise Consortium and other tools that allow for the entrepreneurs in the space force Thio work with their counterparts in a commercial community. And you see this with the, uh, you know, leveraging space X away to, uh, small companies who are doing extraordinary things to help build space situational awareness and, uh, s So it's it's the people who make this all happen. And what we do at at the D. O. D level, uh, work at the Office of Secretary defense level is we wanna make sure that they have the right tools to be able to do that in a way that allows these commercial companies to work with in this case of a space force or with cyber command and ways that doesn't redefine that. The nature of the company we want we want We want commercial companies to have, ah, great experience working with d o d. And we want d o d toe have the similar experience working, working with a commercial community, and and we actually work interagency projects to So you're going to see, uh, General Raymond, uh, hey, just recently signed an agreement with the NASA Esa, you're gonna see interagency collaborations on space that will include commercial capabilities as well. So when we speak as one government were not. You know, we're one voice, and that's gonna be tremendous, because if you're a commercial company on you can you can develop a capability that solves problems across the entire space enterprise on the government side. How great is that, Right. That's a scaling. Your solution, gentlemen. Let >>me pick you back on that, if you don't mind. I'm really excited about that. I mentioned new space, and Bucky talked about that too. You know, I've been flying satellites for 30 years, and there was a time where you know the U. S. Government national security. We wouldn't let anybody else look at him. Touch him. Plug into, um, anything else, right. And that probably worked at the time. >>But >>the world has changed. And more >>importantly, >>um, there is commercial technology and capability available today, and there's no way the U. S government or national security that national Intel community can afford economically >>to >>fund all that investment solely anymore. We don't have the manpower to do it anymore. So we have this perfect marriage of a burgeoning industry that has capabilities and it has re sources. And it has trained manpower. And we are seeing whether it's US Space Force, whether it's the intelligence community, whether it's NASA, we're seeing that opened up to commercial providers more than I've ever seen in my career. And I can tell you the customers I work with every day in a W s. We're building an entire ecosystem now that they understand how they can plug in and participate in that, and we're just seeing growth. But more importantly, we're seeing advanced capability at cheaper cost because of that hybrid model. So that really is exciting. >>Preston. You know you mentioned earlier supply chain. I don't think I think you didn't use the word supply chain. Maybe you did. But you know about the components. Um, you start opening things up and and your what you said baking it in to the beginning, which is well known. Uh, premise. It's complicated. So take me through again, Like how this all gonna work securely because And what's needed for skill sets because, you know, you're gonna open. You got open source software, which again, that's open. We live in a free society in the United States of America, so we can't lock everything down. You got components that are gonna be built anywhere all around the world from vendors that aren't just a certified >>or maybe >>certified. Um, it's pretty crazy. So just weigh in on this key point because I think Clint has it right. And but that's gonna be solved. What's your view on this? >>Absolutely. And I think it really, really start a top, right? And if you look back, you know, across, um in this country, particularly, you take the financial industry, for example, when when that was a burgeoning industry, what had to happen to ensure that across the board. Um, you know, your your finances were protected these way. Implemented regulations from the top, right? Yeah. And same thing with our health care industry. We implemented regulations, and I believe that's the same approach we're gonna need to take with our space systems in our space >>industry >>without being too directive or prescriptive. Instance she ating a core set of principles across the board for our manufacturers of space instruments for deployment and development of space systems on for how space data and scientific data is passed back and forth. Eso really? We're gonna need to take this. Ah, holistic approach. Thio, how we address this issue with cyber security is not gonna be easy. It's gonna be very challenging, but we need to set the guard rails for exactly what goes into our space systems, how they operate and how they communicate. >>Alright, so let's tie this back to the theme, um, Steve and Clint, because this is all about workforce gaps, opportunities. Um, Steve, you mentioned software defined. You can't do break fix in space. You can't just send a technician up in the space to fix a component. You gotta be software defined. We're talking about holistic approach, about commercial talk about business model technology with software and policy. We need people to think through, like you know. What the hell are you gonna do here, right? Do you just noticed road at the side of the road to drive on? There's no rules of engagement. So what I'm seeing is certainly software Check. If you wanna have a job for the next millennial software policy who solves two problems, what does freedom looked like in space Congestion Contention and then, obviously, business model. Can you guys comment on these three areas? Do you agree? And what specific person might be studying in grad school or undergraduate or in high school saying, Hey, I'm not a techie, but they can contribute your thoughts. I'll >>start off with, uh, speak on on behalf of the government today. I would just say that as policy goes, we need to definitely make sure that we're looking towards the future. Ah, lot of our policy was established in the past under different conditions, and, uh, and if there's anything that you cannot say today is that space is the same as it was even 10 years ago. So the so It's really important that our policy evolves and recognizes that that technology is going to enable not just a new ways of doing things, but also force us to maybe change or or get rid of obsolete policies that will inhibit our ability to innovate and grow and maintain peace with with a rapid, evolving threat. The for the for the audience today, Uh, you know, you want some job assurance, cybersecurity and space it's gonna be It's gonna be an unbelievable, uh, next, uh, few decades and I couldn't think of a more exciting for people to get into because, you know, spaces Ah, harsh environment. We're gonna have a hard time just dud being able differentiate, you know, anomalies that occur just because of the environment versus something that's being hacked. And so JPL has been doing this for years on they have Cem Cem great approaches, but but this is this is gonna be important if you put humans on the moon and you're going to sustain them there. Those life support systems are gonna be using, you know, state of the art computer technology, and which means, is also vulnerable. And so eso the consequences of us not being prepared? Uh, not just from our national security standpoint, but from our space exploration and our commercial, uh, economic growth in space over the long term all gonna be hinged on this cyber security environment. >>Clint, your thoughts on this too ill to get. >>Yeah. So I certainly agree with Bucky. But you said something a moment ago that Bucky was talking about as well. But that's the idea that you know in space, you can't just reach out and touch the satellite and do maintenance on the satellite the way you can't a car or a tank or a plane or a ship or something like that. And that is true. However, right, comma, I want to point out. You know, the satellite servicing industry is starting to develop where they're looking at robotic techniques in Cape abilities to go up in services satellite on orbit. And that's very promising off course. You got to think through the security policy that goes with that, of course. But the other thing that's really exciting is with artificial intelligence and machine learning and edge computing and database analytics and all those things that right on the cloud. You may not even need to send a robotic vehicle to a satellite, right? If you can upload and download software defined, fill in the blank right, maybe even fundamentally changing the mission package or the persona, if you will, of the satellite or the spacecraft. And that's really exciting to, ah, lot >>of >>security policy that you've gotta work through. But again, the cloud just opens up so many opportunities to continue to push the boundaries. You know, on the AWS team, the aerospace and satellite team, which is, you know, the new team that I'm leading. Now our motto is to the stars through the cloud. And there are just so many exciting opportunities right for for all those capabilities that I just mentioned to the stars through the cloud >>President, your thoughts on this? >>Yes, eso won >>a >>little bit of time talking about some of the business model implications and some of the challenges that exists there. Um, in my experience, we're still working through a bit of a language barrier of how we define risk management for our space systems. Traditionally traditionally risk management models is it is very clear what poses a risk to a flight mission. Our space mission, our space system. Um, and we're still finding ways to communicate cyber risk in the same terms that are system engineers are space engineers have traditionally understood. Um, this is a bit of a qualitative versus quantitative, a language barrier. But however adopting a risk management model that includes cybersecurity, a za way to express wish risk to miss the success, I think I think it would be a very good thing is something that that we have been focused on the J. P o as we Aziz, we look at the 34 years beyond. How do >>we >>risk that gap and not only skills but communication of cyber risk and the way that our space engineers and our project engineers and a space system managers understand >>Clinton, like Thio talk about space Force because this is the most popular new thing. It's only a couple of nine months in roughly not even a year, uh, already changing involving based on some of the reporting we've done even here at this symposium and on the Internet. Um, you know, when I was growing up, you know, I wasn't there when JFK said, you know, we're gonna get to the moon. I was born in the sixties, so, you know, when I was graduating my degree, you know, Draper Labs, Lincoln Lab, JPL, their pipeline and people wasn't like a surge of job openings. Um, so this kind of this new space new space race, you know, Kennedy also said that Torch has been passed to a new generation of Americans. So in a way that's happening right now with space force. A new generation is here is a digital generation. It's multi disciplinary generation. Could you take a minute and share, uh, for for our audience? And here at this symposium, um, the mission of Space Force and where you see it going because this truly is different. And I think anyone who's young e I mean, you know, if this was happening when I was in college would be like dropping everything. I'm in there, I think, cause there's so many areas thio jump into, um, it's >>intellectually challenging. >>It's intoxicating in some level. So can you share your thoughts? >>Yeah. Happy to do that. Of course. I I need to remind everybody that as a week ago I'm formally retired. So I'm not an official spokesman for US forces. But with that, you know, it said I did spend the last 18 months planning for it, designing and standing it up. And I'll tell you what's really exciting is you know, the commander of, uh, US Base Force General J. Raymond, who's the right leader at the right time. No question in my >>mind. But >>he said, I want to stand up the Space Force as the first fully digital service in the United States. Right? So he is trying >>to bake >>cloud baked cybersecurity, baked digital transformational processes and everything we did. And that was a guidance he gave us every day, every day. When we rolled in. He said, Remember, guys, I don't wanna be the same. I don't wanna be stale. I want new thinking, new capabilities and I want it all to be digital on. That's one of the reasons When we brought the first wave of people into the space force, we brought in space operations, right. People like me that flew satellites and launch rockets, we brought in cyber space experts, and we brought in intelligence experts. Those were the first three waves of people because of that, you know, perfect synergy between space and cyber and intel all wrapped in >>it. >>And so that was really, really smart. The other thing I'll say just about, you know, Kennedy's work. We're going to get to the moon. So here we are. Now we're going back to the Moon Project Artemus that NASA is working next man first woman on the moon by 2024 is the plan and >>then >>with designs to put a permanent presence on the moon and then lean off to march. So there was a lot to get excited about. I will tell you, as we were taking applications and looking at rounding out filling out the village in the U. S. Space Force, we were overwhelmed with the number of people that wanted, and that was a really, really good things. So they're off to a good start, and they're just gonna accomplishment major things. I know for sure. >>Preston, your thoughts on this new generation people out there were like I could get into this. This is a path. What's your what's your opinion on this? And what's your >>E could, uh, you so bold as to say >>that >>I feel like I'm a part of that new generation eso I grew up very much into space. Uh, looking at, um, listen to my, uh, folks I looked up to like Carl Sagan. Like like Neil Tyson. DeGrasse on did really feeling affinity for what What this country has done is for is a space program are focused on space exploration on bond. Through that, I got into our security, as it means from the military. And I just because I feel so fortunate that I could merge both of those worlds because of because of the generational, um, tailoring that we do thio promote space exploration and also the advent of cybersecurity expertise that is needed in this country. I feel like that. We are We are seeing a conversions of this too. I see a lot of young people really getting into space exploration. I see a lot of young people as well. Um uh, gravitating toward cybersecurity as a as a course of study. And to see those two worlds colliding and converse is something that's very near and dear to me. And again, I I feel like I'm a byproduct of that conversion, which is which, Really, Bothwell for space security in the future, >>we'll your great leader and inspiration. Certainly. Senior person as well. Congratulations, Steve. You know, young people motivational. I mean, get going. Get off the sidelines. Jump in Water is fine, Right? Come on in. What's your view on motivating the young workforce out there and anyone thinking about applying their skills on bringing something to the table? >>Well, look at the options today. You have civil space President represents you have military space. Uh, you have commercial space on and even, you know, in academia, the research, the potential as a as an aspiring cyber professional. All of you should be thinking about when we when we When? When we first invented the orbit, which eventually became the Internet, Uh, on Lee, we were, uh if all we had the insight to think Well, geez, you know whether the security implications 2030 years from now of this thing scaling on growing and I think was really good about today's era. Especially as Clint said, because we were building this space infrastructure with a cyber professionals at ground zero on dso the So the opportunity there is to look out into the future and say we're not just trying to secure independent her systems today and assure the free for all of of information for commerce. You know, the GPS signal, Uh, is Justus much in need of protection as anything else tied to our economy, But the would have fantastic mission. And you could do that. Uh, here on the ground. You could do it, uh, at a great companies like Amazon Web services. But you can also one of these states. Perhaps we go and be part of that contingency that goes and does the, uh, the se's oh job that that president has on the moon or on Mars and, uh, space will space will get boring within a generation or two because they'll just be seen as one continuum of everything we have here on Earth. And, uh, and that would be after our time. But in the meantime, is a very exciting place to be. And I know if I was in in my twenties, I wanna be, uh, jumping in with both feet into it. >>Yeah, great stuff. I mean, I think space is gonna be around for a long long time. It's super exciting and cybersecurity making it secure. And there's so many areas defeating on. Gentlemen, thank you very much for your awesome insight. Great panel. Um, great inspiration. Every one of you guys. Thank you very much for for sharing for the space and cybersecurity symposium. Appreciate it. Thank you very much. >>Thanks, John. Thank you. Thank you. Okay, >>I'm >>John for your host for the Space and Cybersecurity Symposium. Thanks for watching.

>> Narrator: From the CUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world this is theCUBE Conversation. >> Hi everybody, This is Dave Vellante and welcome to this CUBE Conversation. We've been following a company called Actifio for quite some time. Now they've really popularized the concept of copy data management. Really innovative Boston based Waltham based company. And with me Brian Regan who's the chief marketing officer and Paul Forte who's the newly minted chief revenue officer of Actifio. Guys great to see you. I wish we were face to face at your June event but this will have to do. >> You're welcome. >> Thanks Dave. >> You bet Dave. >> Yeah, so Brian you've been on theCUBE a bunch. I'm going to start with Paul if that's okay. Paul, let's talk a little bit about your background. You've done a number of stints at a variety of companies. Big companies like IBM and others as well. What attracted you to Actifio? >> Yes Dave I would say in all honesty, I've been a software guy and candidly a data specific leader for many many years. And so IT infrastructure particularly associated around data has always been sort of my forte for on and onwards there. And so Actifio was just smack dab in the middle of that. And so when I was looking for my next adventure I had an opportunity to meet with Ash our CEO and founder and describe and discuss kind of what Actifio was all about. And candidly, the number of connections that we had that were the same. There are a lot of OEM relationships with people that I actually worked with and for some that work for me historically. So it was almost this perfect world. And I'm a Boston guy so it is in my old backyard. And yeah it was a perfect match for what I was looking for. Which was really a small growth company that was trying to get to the next level that had compelling technology in a space that I was super familiar with and could understand and articulate the value proposition. >> Well as we say in Boston, Paulie we got to get you back here. (laughs) >> I know (mumbles) so I'll pack my car. >> (laughs) Yeah. So Brian... >> For 25 years, I still got it. >> let's talk about the climate right now. I mean nobody expected this of course. And it's funny I saw Ash at an event in Boston last fall. We were talking like "Hey, what are you expecting for next year?" "Yeah a little bit of softening" but nobody expected this sort of black swan. But you guys I just got your press release. You put it out. You had a good quarter. You had a record first quarter. What's going on in the marketplace. How are you guys doing? >> Yeah, well I think that today more than ever businesses are realizing that data is what is actually going to carry them through this crisis. And that data whether it's changing the nature of how companies interact with their customers, how they manage through their supply chain and frankly how they take care of their employees, is all very data centric. And so businesses that are protecting that data that are helping businesses get faster access to that data and ultimately give them choice as to where they manage that data. On premises, in the cloud and hybrid configuration. Those are the businesses that are really going to be top of a CIO's mind. I think RQ1 is a demonstration that customers voted with their wallets and they are confident in Actifio as an important part of their data supply chain. >> Paul I want to come back to you. First of all I want to let people know you're an Ex-Army Ranger. So thank you for your service, that's awesome. >> You're welcome (mumbles). >> I was talking to Frank Slootman, I interviewed in the other day and he was sharing with me sort of how he manages and he says "Yeah I manage by a playbook". He's a situational manager and that's something that he learned in the military. Well it's weird. This is a situation. (Paul laughs) And that really is kind of how you're trained. And of course we've never seen anything like this but you're trained to deal with things that you've never seen before. So how you seeing organizations generally, Actifio specifically kind of manage through this crisis. What are some of the moves that you'are advising, recommending? Give us some insight there. >> Yeah, so it's really interesting. It's funny that you mentioned my military background. So I was just having this discussion with one of my leaders the other day. That one of the things that they trained for in the military, is the eventuality of chaos. So when you do an exercise we will literally tap the leader on the shoulder and say okay you are now dead. And without that person being allowed to speak they take a knee and the (mumbles) unit has to go on. And so what happens is you learn by muscle memory like how to react in times of crisis and you know this is a classic example of leadership in crisis. And so it's just interesting. So to me you have a playbook. I think everybody needs to start with a playbook and then start with the plan. I can't remember if it was Mike Tyson but one of my famous quotes was "Plan is good until somebody punches you in the face". (Dave laughs) >> That's the reality of what just happened to business across the globe. This is just a punch in the face. And so you've got a playbook that you rely on and then you have to remain nimble and creative and candidly opportunistic. And from a leadership perspective, I think you can't lose your confidence. Right, so I've watched some of my friends and I've watched some other businesses cripple in the midst of this pandemic because they're afraid instead of looking at this. In my first commentary in our first staff meeting Brian, if I remember it was this, okay so what makes Actifio great in this environment? Not why is it not great? And so we didn't get scared. We jumped right into it. We adjusted our playbook a little bit and candidly we just had a record quarter. And we took down deals. Honestly Dave we took down deals in every single geography around the globe to include Italy. It was insane, it was really fun. >> Okay, so this wasn't just one monster deal that gave you that record quarter. It was really a broad based demand. >> Yeah, so if you dug underneath the covers you would see that we had the largest number of transactions ever in the first quarter. We had the largest average selling price in the first quarter ever. We had the largest contribution from our nano partners and our OEM partners ever. And we had the highest number ever. And so it was really a nice truly balanced performance across the globe and across the size of deal sets and candidly across industries. >> Interesting, you used the term opportunistic and I get right on. You obviously don't want to be chasing ambulances. At the same time, we've talked to a lot of CEOs and essentially what they're doing and I'd like to get your feedback on this Brian. You're kind of reassessing the ideal profile of a customer. You're reassessing your value proposition in the context of the current pandemic. And I noticed that you guys in your press release talked about cyber resiliency. You talked about digital initiatives, data center, transformations etc. So maybe you could talk a little bit about that, Brian. Did you do those things, how did you do those things? What kind of pace were you guys at? How did you do it remotely with everybody working from home? Give us some color on that. >> Sure, and if Ash, if he were here he would probably remind us that Actifio was born in the midst of the 2008 financial crisis. So we have essentially been book ended by two black swans over the last decade. The lessons we learned in 2008 are every bit is as relevant today. Everything starts with cost containment and cost reduction. Hence in protection of the business and so CIOs in the midst of this shock to the system. I think we're very much looking at what are the absolutely vital and critical initiatives and what is a "nice to have" and I'm going to hit pause on nice to have and invest entirely in the critical initiative. And the critical initiatives tended to be around getting people safely working remotely. Getting people safe access to their systems and their applications and their data. And then ultimately it also became about protecting the systems from malicious individuals in the state actors. Unfortunately as we've seen in other times of crisis this is when crime and cyber crime particularly tends to spike, particularly against industries that don't have the strong safeguards in place to really ensure the resiliency in their applications. So we very much went a little bit back to the 2008 playbook around helping people get control of their costs, helping people continue to do the things they need to do at a much more infrastructural light manner. But also really emphasized the fact that if you are under attack or if you are concerned that you're infected but you don't know when, instant access to data and a time machine that can take you back and forth to those points in time is something that is something that is incredibly valuable. >> So let's dig into cyber resiliency. So specifically what is Actifio doing for its customers from a product standpoint, capabilities, maybe it's part of the 10C announcement as well but can you give us some specifics on where you fit in. Let's take that use case, cyber resiliency? >> Yeah, absolutely. So I think there's a stack of capabilities when it comes to cyber resiliency. At the lowest level, you need a time machine because most people don't know when they're infected. And so the ability to go back in time, test the recoverability of data, test the validity of the data is step one. Step two is once you found the clean point, being able to resume operations, being able to resume the applications operation instantly or very rapidly is the next phase. And that's something that Actifio was founded on this notion of instant access to data. And then the third phase and this is really where our partnerships really shine is you probably want to go back and mitigate that risk. You want to go back and clean that system. You want to go back and find the infection and eliminate it. And that's where our partnership with IBM for example, resiliency services and their cyber incident recovery solutions which takes the Actifio platform and then wrappers in a complete manage services around it. So they can help the customer not only get their systems and applications back on their feet but clean the systems and allow them to resume operations normally on a much safer and more stable ground. >> Okay, so that's interesting. So Paul was it kind of new adoptions? Was it increases from existing customers combination? Can you talk to that? >> Yeah, totally. So ironically to really come clean the metrics that we had in the first quarter were very similar to do with the metrics that we see historically. So the mix with mean our existing customer base and then our new customer acquisition were very similar to our historical metrics which candidly we were a little surprised by. We anticipated that the majority of our business would come from that safe harbor of your existing customer base. But candidly we had a really nice split which was great which meant that our value proposition was resonating not only with our existing customer base where you would expect it but also in any of our new customers as well who had been evaluating us that either accelerate it or just continue down the path of adoption during the timeframe of COVID-19. Across industries I would say that again there were some industries I would say that pushed pause. And so the ones that you can imagine that accelerated during this past period were the ones you would think of, right? So financial institutions primarily as well as some of the medical. So some of those transactions, healthcare and medical they accelerated along with financial institutions. And then I would say that we did have some industries that pushed pause. You can probably guess what some of those are. Among the majority of those were the ones that were dealing with the small and midsize businesses or consumer-facing businesses, things like retail and stuff like that. Well we typically do have a pretty nice resonance and a really nice value proposition but there were definitely some transactions that we saw basically just pause. Like we're going to come back. But overall yeah the feedback was just in general. It felt like any other quarter and it felt like just pretty normal. As strange as that sounds. 'Cause I know speaking to a lot of my friends in peer companies, peer software companies, they didn't have that experience but we did pretty well. >> That's interesting, you're right. Certain industries, airlines, I'm interviewing a CIO of a major resort next week. Really interested to hear how they're dealing with this but those are obviously depressed and they've dialed everything down. But we were one of the first to report that work from home pivot, it didn't, it didn't buffer the decline in IT spending that were expected to be down maybe as much as 5% this year but it definitely offset it. What about Cloud? We're seeing elevated levels in Cloud demand. Guys have offerings there. What are you seeing in Cloud guys? >> Do you want to take it Brian? >> Yeah, I'll start and then Paul please weigh in. I think that the move to the cloud that we've been witnessing and the acceleration of the move to cloud that we've been we've been witnessing over the past several years probably ramped up in intensity over the last two months. The projects that might have been on the 18 to 24 month roadmap have of all of a sudden been accelerated into maybe this year of our roadmap. But in terms of the wholesale everything moves to Cloud and I abandoned my on-premises estate. I don't think we've seen that quite yet. I think that the world is still hybrid when it comes to Cloud. Although I do think that the beneficiaries of this are probably the non-number one and number two Cloud providers but the rest of the hyper-scalers who are fighting for market shares because now they have an opportunity to perhaps, Google for example, a strategic partner of ours has a huge offering when it comes to enabling work from home and the remote work. So leveraging that as a platform and then extending into their enterprise offerings, I think it gives them a wedge that the Amazon might not have for example. So it's an acceleration of interest but I think it's just a continuation of the trend that we've been seeing for years. >> Yeah, and I would add a little bit Dave. The IBM held their Think Conferences past week. I don't know if you had an opportunity to participate. They're one of our OEM partners and... >> Dave: Oh Yeah, we covered it. >> When our CEO presented his opening his opening remarks it was really about digital transformation and he really put it down to two things and said any business that's trying to transform is either talking about hybrid Clouds or they're talking about AI and machine learning. And that's kind of it, right? And so every digital business is talking in one of those categories. And when I look to Q1 it's interesting that we really didn't see anything other than as Brian talked about all of the cloud business which is some version of an acceleration. But outside of that the customers that are in those industries that are in position to accelerate and double down during this opportunity did so and those that did not just peeled back a little bit. But overall I would agree with IBM's assessment of the market that those are kind of the two hotspots and hybrid Cloud is hot and the good news is, we've got a nice value prop right in the middle of it. >> Yeah, Alvin Chris has talked about, and he has it, maybe not a thing but he talked earlier in his remarks on the earnings call just in public statements that IBM must win the battle the architectural battle, the hybrid Cloud. And also that he wants to lead with a more technical sell essentially, which is to mean those two things are great news for you guys, obviously Red Hat is the linchpin of that. I want to ask you guys about your conference, Data-Driven. So we were there last year it was a really great intimate event. Of course you can't have the physical events anymore. So you've pushed to September or you're going all digital? Give us the update on that Brian. >> We're eager to have theCube participate in our September event. So I'm sure we'll be talking more about that in the coming weeks, but also >> Dave: Awesome, love it. (Brian laughs) >> Exactly, so you can tell Frank to put that in there. So we've been participating in some of the other conferences most notably last week learning a lot and really trying to cherry pick the best ideas and the best tactics we're putting on the digital event. I think that as we look to September and as we look to put on a really rich digital event one of the things that is first and foremost in our minds is we want to actually produce more on demand digital content particularly from a technology standpoint. Our technology sessions last year were oversubscribed. The digital format allows people to stream whenever they can and frankly as many sessions as they might want. So I think we can be far more efficient in terms of delivering technical content for the users of our technology. And then we're also eager to have as we've done with data driven in years past, our customers tell the story of how they're using data. And this year certainly I think we're going to hear a lot of stories about in particular how they use data during this incredible crisis and hopefully renewal from the crisis. >> Well one of my favorite interviews last year at your show was the guy from DraftKings. So hopefully they'll be back on and we'll have some football to talk about, well let's hope. >> Amen. >> I Want to end with just sort of this notion of we've been so tactical the last eight weeks. Right? You guys too I'm sure. Just making sure you're there for customers, making sure your employees are okay. But as we start to think about coming out of this into a Post-COVID Era and it looks like it's going to be with us for a while but we getting back to Quaseye opening. So I'm hearing hybrid is here to stay. We agree for sure. Cyber resiliency is very interesting. I think one of the things we've said is that companies may sub-optimize near term profitability to make sure that they've got the flexibility and business resiliency in place. That's obviously something that is I think good news for you guys but I'll start with Paul and then maybe Brian you can bring us home. How do you see this sort of emergence from this lockdown and into the Post-COVID Era? >> Yeah, this is a really interesting topic for me. In fact I've had many discussions over the last couple of weeks with some of our investors as well as with our executive staff. And so my personal belief is that the way buying and selling has occured, for IT specifically at the enterprise level, it's about to go through a transformation, no different than we watched the transformation of SAS businesses when you basically replaced a cold calling sales person with an inside and inbound marketing kind of effort followed up with SDR and BDR. Because what we're finding is that our clients now are able to meet more frequently because we don't have the friction of airplane ride or physical building to go through. And so that whole thing has been removed from the sales process. So it's interesting to me that one of the things that I'm starting to see is that the amount of activity that our sales organization is doing and the amount of physical calls that were going on, they happen to be online. However, way higher than what we can (mumbles), you coupled that with the cost savings of not traveling around the globe and not being in offices. And I really think that those companies that embrace this new model, are going to find ways to penetrate more customers in a less expensive way. And I do believe that the professional sales enterprise sales person of tomorrow is going to look different than it looks today. And so I'm super excited to be in a company that is smack dab in the middle of selling to enterprise clients and watching us learn together how we're going to buy, sell and market to each other in this post-COVID way. 'Cause the only thing I really do know it's just not going to be the way it used to be. What is it going to look like? I think all of us are placing bets and I don't think anybody has the answer yet. But it's going to look different for sure. >> They're very, very thoughtful comments. And so Brian, you know our thinking is the differentiation in the war. Gets one in digital. How is that affecting your marketing and your things around that? >> We fortunately decided coming into 2020, our fiscal 21, that we were actually going to overweigh digital anyway. We felt that, it was far more effective, we were seeing far better conversion rates. We saw way better ROI in terms of very targeted additive digital campaigns or general purpose ABM type of efforts. So our strategy had essentially been set and what this provided us is the opportunity to essentially redirect all of the other funds into digital. So we have essentially a two pronged marketing attack, right now, which is digital creating inbounds and BDRs that are calling on those inbounds that are created digitally. And so it's going to be a really interesting transition back when physical events if and when they do actually back and spawn, how much we decide to actually go back into that. To some extent we've talked about this in the past Dave. The physical events and the sheer spectacle and the sheer audacity of having to spend a million dollars just to break through that was an unsustainable model. (laughs) And so I think this is hastening perhaps the decline or demise of really silly marketing expense and getting back to telling customers what they need to know to help and assist their buying journey and their investigation journey into new technology. >> There in the IT world is hybrid. And I think the events world is also going to be hybrid. Intimate, they're going to live on but they're also going to have a major digital component to them. I'm very excited that there's a lot of learnings now in digital especially around events and by September, a lot of the bugs are going to be worked out. You know we've been going, feels like 24/7, but really excited to have you guys on. Thanks so much, really looking forward to working with you in September at Data-Driven. So guys thanks a lot for coming on theCUBE. >> Oh my gosh, thank you Dave. So nice to be here, Thank you. >> All right, stay safe. >> Thanks Dave, always a pleasure. You too. >> Thank you everybody, thank you. And thanks for watching. This is Dave Vellante for theCUBE and we'll see you next time. (gentle music)

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation [Music] hi buddy this is Dave Volante and welcome to this cute conversation you know the we've been following a company called Activia for quite some time now they they've really popularized the concept of copy data management really innovative Boston based Waltham based company and with me Brian Regan who's the chief marketing officer and all 40 who's the newly minted chief revenue officer of actifi Oh guys great to see you I wish we were face to face that you're you're you're June event but this will have to do yeah you bet yeah so you know Brian you've been on the cube a bunch I'm gonna start with Paul if that's okay Paul you know just let's talk a little bit about your your background you've you've done a number of stance at a variety of companies you know big companies like IBM and others as well what attracted you to Activia in all honesty I've been a software guy and candidly a data specific leader for many many years and so IT infrastructure particularly associated around data has always been sort of my forte for fun on words there and and so Activia was just smack dab in the middle of that right and so when I was looking for my next adventure you know I had an opportunity to to meet with a shower CEO and Founder and describe and discuss kind of what activity was all about and candidly the the number of connections that we had that were the same a lot of our OEM relationships with people that I actually worked with and for and some that worked for me historically so it was almost this perfect world right and I'm a Boston guy so it was in my in my old backyard and it was just a perfect yeah it was a perfect match for what I was looking for which was really a small growth company that was trying to you know get to the next level that had compelling technology in a space that I was super familiar with and understanding and articulate the value proposition well as we're saying in Boston Paulie we got to get you back here I know I pack my cock let's talk about the let's talk about the climate right now I mean nobody expected this of course I mean it's funny I was I saw ash and an event in in Boston last fall we were talking like hey what do you expected for next year yeah a little bit of softening but you know nobody expected this sort of Black Swan but you guys I just got your press release you put out you had a good you had a good quarter you had a record first quarter um what's going on in the marketplace how you guys doing yeah well I think that today more than than ever businesses are realizing that data is what is actually going to carry them through this crisis and that data whether it's changing the nature of how companies interact with their customers how they manage through their supply chain and in frankly how they take care of their employees is all very data-centric and so businesses that are protecting that data that are helping businesses get faster access to that data and ultimately give them choice as to where they manage that data on-premises in the cloud and hybrid configuration those are the businesses that are really going to be top of a CIOs mind I think our q1 is a demonstration that customers voted with their wallets in their confidence in ectopy Oh has an important part of their data supplied nopal I want to come back to you first of all your your other people know you're next you're next Army Ranger so thank you for your service that's awesome you know I was talking to Frank's lute man we interviewed me other day and he was sharing with me sort of how he manages and and he says the other managed by a playbook he's a situational manager and that's something that he learned in the military well this is weird this is a situation okay and that really is kind of how you're trained and and of course we've never seen anything like this but you're trained to deal with things that you've never seen before so how are you seeing organizations generally actifi Oh specifically going to manage through this process what are some of the moves that you're advising recommending give us some insight there yeah so I'm it's really interesting it's a it's funny that you mentioned my military background I was just having this discussion with one of my leaders the other day that you know one of the things that they trained for in the military is the eventualities of chaos right and so when you when you do an exercise they we will literally tap the leader on the shoulder and say okay you're now dead and without that person being allowed to speak they take a knee and the unit has to go on and so what happens is you you learn by muscle memory like how to react in time suffice it or and you know this is a classic example of leadership and crisis and so um so it's just it's just interesting like so to me you have a playbook I think everybody needs to start with a playbook and then start with a plan I can't remember if it was Mike Tyson but one of them one of my famous quotes was you know let you know plan is good until somebody punches you in the face that's the reality of what just happened the business across the globe is it just got punched in the face and so you got a playbook that you rely on and then you have to remain nimble and creative and candidly opportunistic and from a leadership perspective I think you can't lose your confidence right so I've watched some of my friends and of what some other businesses crippled in the midst of this and I'm because they're afraid instead of instead of looking at this in my first commentary that our first staff meeting Brian if I remember it was this okay so what makes active feel great in disembark like not why is it not great right and so we didn't get scared we jumped right into it we you know we adjusted our playbook a little bit and candidly we just had a record quarter and we just down here the honestly date we took down deals in every single geography around the globe to include Italy I mean so it was insane it was really fun okay so this wasn't just one monster deal that gave you that record Porter is really a broad-based the demand yeah so if you you know if you dug underneath the covers you would see that we had the largest number of transactions ever in the first quarter we had the largest average selling price in the first quarter ever we had the largest contribution from our panel partners and our OEM partners ever and we had the highest number ever and so it was a it was really a nice truly balanced performance across the globe and across the size of deal sets and candidly across industries interesting I mean you use the term opportunistic and and I think you're right on I mean you obviously you don't want to be chasing ambulances at the same time you know we've talked to a lot of CEOs and essentially what they're doing and I'd like to get your feedback on this Brian you you you're kind of reassessing the ideal profile of a customer you're reassessing your value proposition in the context of the current pandemic and and I noticed that you guys in your press release talked about cyber resiliency you talked about digital initiatives you know data center transformations etc so maybe you could talk a little bit about that Brian did you do those things how did you do those things what kind of pace were you guys at how did you do it remotely with everybody working from home give us some color on that sure and you know Ashley if you were here you would probably remind us that Activia was born in the midst of the 2008 financial crisis so we we have essentially been bookended by two black swans over the last decade the and the lessons we learned in 2008 are every bit as as relevant today everything starts with cost containment in hospital and in protection of the business and so cio is in the midst of this shock to the system I think we're very much looking at what are the absolutely vital critical initiatives and what is a nice to have and I'm going to pause on my step and invest entirely in the critical mission and the critical initiatives tended to be around getting people safely working for remotely getting people safe access to their systems and their applications in their data and then ultimately it also became about protecting the systems from malicious individuals and state actors up unfortunately as we've seen in other times of crisis this is when crime and cyber crime particularly tends to spike particularly against industries that don't have the strong safeguards in place to to really ensure the resiliency their applications so we very much went a little bit back to the 2008 playbook around helping people get control of their costs helping people continue to do the things they need to do at a much more infrastructure light manner but also really emphasize the fact that if you are under attack or if you are concerned that you're infected but you don't know when you know instant access to data and a time machine that can take you back and forth to those points in time is something that is incredibly valuable so so let's >> cyber resiliency so specifically what is aekta video doing for its customers from a product standpoint capabilities maybe it's part of the the 10 see announcement as well but but can you can you give us some specifics on where you fit in let's take that use case cyber resiliency yeah absolutely so I think there's there's a staff of capabilities when it comes to cyber resiliency at the lowest level you need a time machine because most people don't know when they're in fact and so the ability to go back in time test the recoverability of data test the validity of the data is step one step two is once you've found the clean point being able to resume operations being able to resume the applications operation instantly or very rapidly is the next phase and that's something that Activia was founded on this notion of instant access to data and then the third phase and this is really where our partnerships really shine is you probably want to go back and mitigate that risk you want to go back and clean that system you want to go back and find the infection and eliminate it and that's where our partnership with IBM freezing resiliency services and their cyber incident recovery solution which takes the activity of platform and then rappers and a complete managed services around it so they can help the customer not only get their their systems and applications back on their feet but clean the systems and allow them to resume operations normally on a much safer and more stable okay so so that's interesting so Paul Paul was it kind of new adoptions was it was it increases from existing customers kind of a combination and you talk to that yeah totally so like ironically to really come clean we are the metrics that we had in the first quarter were very similar through the metrics that we see historically so the mix need our existing customer base and then our new customer acquisition were very similar to our historical metrics which candidly we were a little surprised by we anticipated um that the majority of our business would come from that safe harbor of your existing customer base but candidly we had a really nice split which was great which meant that you know a value proposition was resonating not only with our existing customer base where you would expect it but also in in any of our new customers as well who had been evaluating us that either accelerated or or just continue down the path of adoption during the time frame of Koba 19 across industries I would say that again um there was there were there were some industries I would say that pushed pause and so the ones that you can imagine that accelerated during during this past period were the ones you would think of right so financial institutions primarily as well as some some of the medical so some of those transactions healthcare and medical they accelerated along with financial institutions and then I would say that that we did have some industries that push pause and you can probably guess what some of those are a majority of those were the ones that we're dealing with the small and mid-sized businesses or consumer facing businesses things like retail stuff like that where we typically do have a pretty nice residence in a really nice value proposition but there were there were definitely some transactions that we saw basically just pause like we're going to come back but overall the yeah the feedback was just in general it felt like any other quarter and it felt like just pretty normal as strange as that sounds because I know speaking to a lot of my friends and gear companies your software companies they didn't have that experience but we did pretty well that's interesting I mean you're right I mean certain industries Airlines I'm interviewing a cio of major resort next week you know really interested to hear how they're you know dealing with this but those those are obviously depressed and they've dialed everything down but but we've we were one of the first to report that work from home pivot it didn't it didn't you know buffer the decline in IT spending that were expecting to be down you know maybe as much as 5% this year but it definitely offset it what about cloud we're seeing elevated levels in cloud demand guys you know have offerings there what are you seeing in cloud guys you want that yeah I'll start and then fall please please weigh in I think that'd be the move to the cloud that we've been witnessing and the acceleration of the MOOC table that we've been whipped over the past several years probably ramped up in intensity over the last two months The Improv been on the you know 18 to 24 month road map have all of a sudden been accelerated into maybe this year but in terms of the wholesale you know everything moves to cloud and I abandoned my on-premises estate I I don't think we've seen that quite yet I think the the world is still hybrid when it comes to cloud although I do think that the beneficiaries of this are probably the the non number one or number two cloud providers but the rest of the hyper scalers who are fighting for market share because now they have an opportunity to perhaps google for example a strategic partner of ours has a you know a huge offering when it comes to enabling work home and remote work so leveraging that as a platform and then extending into their enterprise offerings I think gives them a wedge that the you know Amazon might not have so this it's an acceleration of interest but I think it's just a continuation of the trend of seeing four years yeah and I would add a little bit if the you know IBM held their think conference this past week I don't know if you had an opportunity to participate there one of our OEM partners and oh yeah because you know when our the CEO presented his kind of opening his opening remarks it was really about digital transformation and he really he really kind of put it down to two things and said you know any business that's trying to transform is either talking about hybrid cloud but they're talking about AI and machine learning and that's kind of it right and so every digital business is talking in one of those categories and so when I look 2q1 it's interesting that we really didn't see anything other than as brian talked about all the cloud business which is some version of an acceleration but outside of that the customers that are in those industries that are in position to accelerate and double down during this opportunity didn't so and those that did not you know kind of just peeled back a little bit but overall I still I would agree with with ibm's assessment of the market that you know those are kind of the two hot spots and have a cloud is hot and the good news is we've got a nice guy operating Molloy yeah Arvind Krista talked about the the in and it has it maybe not I think but he talked earlier in his remarks on the earnings call just in Publix Davis that IBM must win the battle the architectural battle the hybrid cloud and also that he wants to lead with a more technical sell essentially which is submitted to me those those two things are great news for you guys obviously you know Red Hat is the linchpin of that I want to ask you guys about your your conference data-driven so we were there last year it was a great really great intimate event of course you know you hand up the physical events anymore so you've pushed to September you're going all digital would give us the update on on that program we're um we're eager to have the cube participate in our September event so I'm sure we'll be talking more about that in the coming weeks but awesome we love it we exactly so you can tell Frank to put that so we we've been participating in some of the other conferences I think most notably last week learning a lot and and really trying to cherry pick the best ideas and the best tactics for putting on a digital event I think that as we look to September and as we look to put on a really rich digital event one of the things that is I think first and foremost in our minds is we want to actually produce more on-demand digital content particularly from a technology standpoint our technology sessions last year were oversubscribed the digital format allows people to stream whenever they can and frankly as many sessions as they as they might so I think we can be far more efficient in terms of delivering technical content or the users of our technology and then we're also eager to have as we've done with data driven in the years past our customers tell the story of how they're using data and this year certainly I think we're going to hear a lot of stories about in particular how they use data during this incredible you know crisis and and hopefully renewal from crisis well one of my favorite interviews last year your show is the the guys from draft King so hopefully they'll be back on it will have some football to talk about let's hope I mean I want it I want to end with just sort of this notion of you know we've been so tactical the last eight weeks right I'm you guys too I'm sure just making sure you're there for customers making sure your employees are ok but as we start to think about coming out of this you know into a post probe Adaro it looks like it's gonna be with us for a while but we're getting back the you know quasi opening so I'm hearing you know hybrid is here to stay we agree for sure cyber resiliency is very interesting I think you know one of the things we've said is that that companies may sub optimize near-term profitability to make sure that they've got the flexibility and resilience business resiliency in place you know that's obviously something that is I think good news for you guys but but I'll start with Paul and then maybe Brian you can bring us home how do you see this sort of emergence from this lockdown and into the post ghovat era yeah so this is a really interesting topic for me in fact I've had many discussions over the last couple weeks with some of our investors as well as our executive staff and so my personal belief is that the way buying and selling has occurred for IT specifically at the enterprise level is about to go through a transformation no different than we watched the transformation of SAS businesses when you basically replace the cold-calling salesperson with an inside and you know inbound marketing kind of effort followed up with SDR and vdr because what we're finding is that our clients now are able to meet more frequently because we don't have the friction of airplane ride or or physical building to go through and so like that that whole thing has been removed from the sales process and so it's interesting to me that one of the things that I'm starting to see is that the amount of activity that our sales organization is doing and the amount of physical calls that were going on they happen to be online however you couple that with the cost savings of not traveling around the globe and not being in offices and and I really think that those companies that embrace this new model are gonna find ways to penetrate more customers in a less expensive way and I do believe that the professional sales enterprise salesperson of tomorrow is gonna look at then it looks today and so I'm super excited to be in a company that is smack dab in the middle of selling to enterprise clients and and watching us learn together how we're gonna buy sell and market to each other in this post public way because I I'm the only thing I really do know it's just not gonna be the way it used to be what is it gonna look like I think all of us are placing bets and I don't think anybody has the answer yet but it's gonna look different for sure they're very very thoughtful comments and so Brian you know our thinking is the differentiation and the war yes it gets one in digital how is that affecting you know sort of your marketing and your thing around that we we fortunately decided coming into 2020 our fiscal 21 that we were actually going to overweight digital anyway we felt that it was far more effective we were seeing far better conversion rates we saw you know way better ROI in terms of very targeted tentative digital campaigns or general-purpose ABM type of efforts so our strategy had essentially been set and and what this provided us is the opportunity to essentially redirect all of the other funds individually so you know we have essentially a two-pronged marketing you know attack Frank now which is you know digital creating inbounds and B DRS that are calling on those in bounds that are created digital and so it's a you know it's going to be a really interesting transition back when physical events if and when they do actually come back into form you know how much we decide to actually go back into that that been I think that you know to someone to some extent we've talked about this in the past II you know the physical events and the the sheer spectacle and this year you know audacity of having to spend a million dollars just to break through that was an unsustainable model and so I think this is this is hastening perhaps the decline or demise of really silly marketing expense and getting back to telling telling customers what they need to know to help their an assist their buying journey in their investigation journey into a new technology I mean the IT world is hybrid and I think the events world is also going to be hybrid to me nice intimate events you know they're gonna live on but they're also gonna have a major digital component to them I'm very excited that you know we're a lot of learnings now in digital especially around events and by September the a lot of the the bugs are gonna be worked out you know we've been going to it so it feels like 24/7 but really excited to have you guys on thanks so much really looking forward to working with you in in September it's data-driven so guys thanks a lot for coming on the cube oh my gosh thank you Dave so nice it's so nice to be here thank you alright pleasure you did thank you everybody thank you and thanks for watching this is Dave Volante for the cube and we'll see you next time [Music]

>> From the Amazon Meeting Center in Downtown Seattle, it's theCUBE. Covering Imagine: A Better World, A Global Education Conference sponsored by Amazon Web Services. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're in Seattle, Washington, at the AWS, I think it's called the Meeting Space. There's a lot of AWS buildings around here. It's AWS Imagine: Education, first year of the conference, about 900 registered folks, 22 countries represented. Really excited, this thing is going to grow. We've seen it before with AWS. We saw it with Summit: Reinvent. AWS Public Sector. We're excited to be here for the very first time and our next guest is Dr. Scott Ralls. He is the President of Northern Virginia Community College. Scott, great to see you. >> Thank you, it's good to be here Jeff, appreciate it. >> A lot of mentions of NOVA, and that's you guys. >> That's us, yeah. >> That's not the PBS programming. You guys are kind of out front on some of these initiatives, with 3sa and AWS Public Sector. I wonder if you can tell us a little bit about the Veterans' Apprenticeship Program, which has been in place for a little while. >> Just a little bit about NOVA, we're a community college just right outside of the Virginia suburbs of D.C. We're the, I'd say, the biggest college that nobody's heard of outside of our region. We have about 100,000 students. >> 100,000? >> 100,000. >> And how many campuses? >> Six campuses. >> For us, our niche is information technology. It's where the internet runs through our region, and so that cloud computing, we have the highest concentration of cloud computing cyber degrees. That's why the AWS partnership is so key for us, because it's about the opportunity for our students. And for AWS, it's about filling those jobs. Also, we have a lot of employers in our region that hire based on AWS credentials. AWS is the backbone for them. That's why for us as a community college, being jobs-focused, filling that gap, that's why it's key for us. >> That's Tyson's corner, right? That's where AOL started-- >> That's right, that's right, that's right. >> and there's a whole history. >> You've got all the cyber right around there. One writer has said that we're the bullseye of the internet. It's a unique place, but it's a unique opportunity for our students. >> Right, and the smart money's on the AWS second headquarter being in that neighborhood, but we don't-- >> Knock on wood. >> Knock on wood. We would love to see that. >> I'm just curious then if you've been educating people to get jobs in this IT sector, how you've seen that evolve over time? Because it used to be there were a lot of sys admin jobs or a lot of jobs that now automation and cloud is taking away. On the other hand, there's a lot of new jobs that the technology's enabling, like happens every time. How are you seeing the landscape change? >> I really think that's the way it has been. 30 years ago, when I was breaking into this workforce and world, that same conversation was going on. Automation was going to take all the jobs. There's been all kinds of new opportunities that emerge and that's the same thing we see, and certainly in Northern Virginia we see that so, for us, as a community college, we're doing it two ways. You asked about the apprenticeship program, that was our first entree with AWS so we are one of their primary training providers, education providers for apprenticeship. Those are the veterans and others that are hired by AWS, they come to our college for the education component, the certifications, the IT skills. The second part for us is the new cloud degree which we introduced in February, which is a two-year, first cloud degree in the country that will help other students who are not those coming through apprenticeship to also break into this important area. >> This is an associate's degree like all the other degrees you guys offer >> That's right. as a two-year program. I'd be just curious, what are some of the curricula? What are some of the core classes that they take that are part of that degree? >> One of the things that we've been doing, we use a lot of data analytics on the workforce side that others do not so part of it's our engagement, talking with the AWS leaders about what's needed. Part of it's also watching what AW, what credentials, what skills AWS is hiring for and then others who use the AWS platform, so you will see certain types of credentials that are built in, security plus, Linux plus, AWS Solutions Architect built in. Also even programming language, it's like Python because of its importance in that regard. We kind of use that as the, using that intelligence, if you will, to be able to build out what the degree should look like. Because we're paying attention to how AWS hires and how the IT users of AWS, how they're hiring and what the skills are that they're looking for. >> How hard is it to get that through at the school, to actually have an associate degree based on cloud? Were they receptive of the idea, did everybody see it coming, was it a hard push? >> We did it within one year, we did it within one year. >> Did it in one year? >> Within one year. >> Everything in the cloud happens fast. >> We moved fast on this. It is built off of our IT degree, so it's a specialization of that degree, so it was really, I think what made it move faster for us was two things. One is AWS has a great program called AWS Educate, which essentially provides a lot of the curriculum content. It's the kind of things if you were starting a degree, you would have to go out and create on your own. Having that rich content. Other partners, like Columbus State, who is also, Santa Monica, others that are working on cloud degrees and we can partner with each other. Then having the apprenticeship as sort of a North Star to tack on with respect to how companies are hiring and what skills are needed. That allowed us to move fast. >> Beyond Educate and the actual materials and curriculum materials, what does partnering with AWS do for you guys? What has that enabled you to do as part of this program that you couldn't do or it'd be a whole lot harder? >> Not everybody looks at community colleges. Being partnered with AWS, who they are, is key for us, it's important for us. I think it's also they recognize how important it is for them. Not everybody recognizes that. One thing that's unique for us as a community college, we have a lot of students who come to us who already have four-year degrees to get that skills part. It's almost like a graduate school. The apprentices are that way. Most of the apprentices already have four-year degrees in computer science, and we're providing that finishing piece. I think AWS sees in us how to broaden the, to scale, to fill that talent gap. I really think the only way you're going to diversify the talent gap and scale the talent gap is through institutions like ours. >> It's really an interesting statement on the role of community colleges in this whole refactoring of education. One, as you said, a lot of people have four-year degrees, so this concept of ongoing education, continue to get new skills as the opportunities dictate. Have that very specific knowledge and these certifications that are not Intro Philosophy or English Lit 205. These are very specific things that people can apply to their job today. >> The curriculum changes so fast, so we have to be willing to change, our instructors have to be willing to get that new thing. The history curriculum doesn't change that quickly, but the IT curriculum and particularly as it relates to cloud and cyber and other areas. If we're not doing that, then we're out of the ballgame, and when we're out of the ballgame that means our students are out of the ballgame, and that's what it's all about. >> When you come to an event like this, what are you hoping to get out of an event like this? Flew across the country, unfortunately through all the terrible smoke and stuff we have on the west coast. What are some of the things you hope to gain here with some of the other educators? >> One thing that always happens at AWS events is the connections that you make. Part of it is you do hear people, like we heard this morning, that you wouldn't have the opportunity to hear before, on machine learning and other areas. A lot of it's about the connections, so actually tomorrow morning a lot of the community colleges and others who are creating cloud programs will be working together tomorrow. AWS does a great job of maximizing our time, so we're part of the program, but we're also breaking off to really partner and that allows us all to move quicker. When we can build off of each other and then have the resources like AWS makes available to us. >> Sounds like you're moving pretty quick-- >> We're trying, we're trying. >> To get all that done and to get it done in a year. >> We have to keep up with where they're going. >> It's not what academic institutions are generally known for, speed and change. >> We're not your average academic institution. >> There ya go, alright. He's Dr. Scott Ralls,-- >> Thank you, 'preciate it. thanks for taking a few minutes with ya. I'm Jeff Frick, you're watching theCUBE, we're at AWS public sector, Imagine, in downtown Seattle. Thanks for watching, catch ya next time. (electronic tones)

>> Announcer: Live, from Las Vegas, it's The Cube! Covering Veritas Vision 2017. Brought to you by Veritas. >> Welcome back to the Aria Hotel in Las Vegas, everybody. We are covering Veritas Vision 2017, and this is The Cube, the leader in live tech coverage. My name is Dave Vellante, with Stu Miniman and Mike Palmer is here, he's the Executive Vice President and Chief Product Officer at Veritas. Mike, thanks for coming to The Cube. >> Thank you for having me here. >> Great keynote, yesterday. We see hundreds, if not thousands of these discussions, and talking head presentations, and yours was hilarious. Let's set up for the people who didn't see it, yesterday. Mike gets up there, and he's talking about the, there's a video that's playing about the end of the world. And the basic theme is that you didn't take care of your data, and now the world's coming to an end. Las Vegas was in shambles, and there were waterfalls running through the hotels, drones attacking people, and then you picked it up from there and then took it into, just a really funny soliloquy. But, where'd you come up with that idea? And, how do you think, I thought it went great, but how did you feel afterwards? >> Well, I can take only partial credit. I have an amazing creative team, and when you work at a company that's been doing, you know, large-scale enterprise data-center stuff, we know that part of our obligation for our audience is kind of making it more palpable for them, making it feel a little bit more, bringing the emotion to it. So we want to have a little bit of excitement in there. But at the same time, we have a real message, you know, and hopefully that came across, too. >> It did, and then, you know, but again, a lot of good humor, the megabytes, gigabytes, you know, up to zetabytes, yadabytes, Mike Tyson-bytes, on and on and on. (laughing) Very clever, so congratulations on that... >> Mike: Oh, thanks! >> We really enjoyed it. Mixed things up a little bit. So, and again, very transparent. We talked about the UX, not the best. You're not happy with it. >> Mike: Right. >> And again, very transparent about that, I think that's a theme of many successful companies, today. But, so, let's start with, sort of, what does it take as the Chief Product Officer, to transform a company from somebody who's been around since 1983, into a modern, you know, cloud-like, hyper-scale, you know, set of service and software offerings. >> That's a big question, but I can tell you the first thing that it takes, the most important thing that it takes, is the best engineering team in the world. You can do a lot of things around the outside, we need to fix our UX, we know that, often considered that to be the kitchens and bathrooms of our house remodel. But if your foundation's broken, if your framing isn't there, you really don't have much of an asset to put on the market. We have a great engineering team, we are releasing products at a velocity that is incomparable in the enterprise ISV space, and we're super proud of that. So I think that's the number one thing. I think number two is the other thing, that we're the envy of the industry, for, and that is, an amazing install-base of customers. Very hard to name a fortune 2000 company that isn't a significant customer of Veritas, so we have a great basis to collaborate and innovate. You know, the rest, we know we have some work to do as we bring it into the modern age. You know, we talked a lot about the fact that workloads are changing in data centers, architectures are changing, we're establishing new partnerships with some of the sponsors that you see here today, like Microsoft, like Google, like IBM, and Oracle, and others. And, you know, it takes a village and they're helping us move into the next 10 years. >> Stu: You know, Mike, talk a little bit about the transition from, you know, software that lived on servers, to now, well, cloud is just isn't somebody else's servers, I think, is the word for that. >> Mike: Right. >> You know, it definitely, we've talked many times this week, you know, Veritas was software-defined before there was such a thing, used to be the FUD from the traditional players, that it was like, oh, you can't trust stuff like that, and now, of course, they're all software-defined and, you know, talking about that, too, so, what does that mean, going to kind of, being completely agnostic, for where things lived, and some of the intricacies of trying to work with, you know, some of the big and small cloud-players? >> A lot of questions in there, and I think David Noy, who I know you guys are going to talk to later, is going to talk a bit more specifically about this, but one of the first things you have to keep in mind, is if you're building software to be software-defined, then you have to build it without considering the hardware platform that you may deliver it on. And I think that's where some of our competitors get it wrong, they can say that they're software-defined, but the litmus test is, can I really pick up this software without modification, and go run it in one of those hyper-scalers? Or put it on one of the white boxes that I went into the market and procured and integrated myself? Veritas has been doing that for a long time. In fact, if you really look at Veritas's core, we're an integrator. We've been an integrator of applications, through the protection space, in our file-system and our info-scale technologies, we are integrators of operating systems, when you look at hyper-scalers, they're just the next operating system. Someone else's hardware, as you said. So we look to protect our customers in terms of their choices, make flexibility a real part of the multi-cloud architecture they're putting together, still doing the things we do well with protection, and ultimately layer on that last little bit when we're talking software-defined and that is not just focus on the infrastructure, but really aspire to this, how do I better manage data and get value from data? >> You know, Mike, I want to dig one level deeper on that. So, the cloud providers, it's all well and good to say, yeah, I'm agnostic, but each of them have their own little nuances. It's, at least today, it's not like, oh, I choose today to wake up and this one has cheaper prices, and it's not a commodity, it's not a utility, and each one of them have services that they want you to integrate with, have to have deeper, how do you balance that, you know, integration, how much work's done, where the customers are pulling you, how does that product portfolio get put together? >> That's an excellent question and I will be fully honest, that a year ago we thought about the answer to that question very differently than we do today. You know, a year ago, I think we were somewhat naive, and thought, hey, we're going to throw a thin layer of capability on top of the clouds, and in effect commoditize them ourselves, and hope our customers just move around as if there were no underlying services. And obviously if you're a cloud-provider, that is not an approach that you're a big fan of. (laughing) And frankly, it's a disservice to the customers, because they are building some really valuable services, and they are differentiating themselves. Our approach has changed, our approach today is a very deep-level integration with each cloud provider, and the specialization they're bringing to the market, without sacrificing the portability, without sacrificing the built-in protections that the cloud providers aren't putting on their platforms and don't want to put on their platforms. And again going back to this idea of data, ultimately, if it's someone else's hardware, in effect, in some cases, someone else's application, it's always your data, and how we are servicing that data is really the key. >> So, that's really hard work. In a lot of cases, you have to interface with very low-level, primitive APIs from the cloud service providers. How do you, sort of, balance your resources, or a portion of your resources, between doing that, because you guys, I call it the compatibility matrix, all kinds of data stores, all kinds of clouds, every one of those is engineering resources. And it seems that's a key part of your strategy, but you got to be sacrificing something, which is maybe, you know, the next widget on your existing products. How do you think about proportioning those? >> You know, at Veritas, in a way, the emergence of the cloud ecosystem actually improves that situation for us. We're carrying 30 years of operating systems that have come and gone, that have incremented versions, and our customers often strand or isolate single examples of those boxes, from 20 years ago that they expect us to test all of our software against, on their behalf. (laughing) For example, right, and so when you look at where we are today, there are five or 10 cloud providers, versus hundreds of operating system versions, and application, we have no problem supporting the proliferation in cloud, we actually welcome the ability to support those... >> Stu: You're much happier with the one version of AJUR, as opposed to the old Patch Monday. >> Exactly right, and you know, they upgrade the whole thing at once... >> Yeah. >> They issue a couple new services, and we adapt 'em, no problem. >> Am I thinking about it the wrong way? Because, while that's true, and I understand that, but within an individual cloud, you could have 15 data services. I think about AWS data services, their data pipeline is increasingly complex, so. Doesn't that complexity scale in a different direction? >> Mike: It scales differently for sure, but I would give a lot of credit to the cloud providers, because they're taking a lot of the regression testing that we used to have to do, for example, with application providers and operating system providers who didn't think about us when they were building their products. The cloud providers take accountability for regression testing all of the things that they release to their customers. So when we adopt an API, we're fully confident that that API works in the context of that cloud environment. So that's off our plate. It really isolates the need for us to simply test that API against our environment. >> Dave: OK, so much more stable and predictable environment for you. I want to ask you, I've heard the term modern data protection a lot, what is modern data protection? Everyone wants to be next-gen, how do you define modern data protection? >> Mike: And this is something we're super passionate about, because our industry has been around for quite a long time, and you get terms thrown out there, like legacy or modern, and everyone's fighting for brand recognition, and kind of, end of the growth spaces in the market. For us, it actually is very simple. We recognize that there are a lot of different techniques to protect data, we think of these protection schemes like lots of different insurance policies, and lots of different tools in your toolbox. Where Veritas is going to win, and continues to win, is that we can offer our customers all of those techniques. We're not trying to convince them that one technique is so much more special than another one, that they need to diversify and create complexity in their environment, so we talk about modern data protection as the ability to choose snapshots, or back-ups, or copy data management, or workload migration, in the future there will be other ways to do this: continuous data protection, or scale-out platforms for cloud providers. These are just techniques inside of a Veritas portfolio, as opposed to stand-alone companies that create complexity for our customers. So, modernization is choice. >> Dave: OK, so you have this awesome install-base. Bill Coleman said to us yesterday, in response to a similar but related question, that it's ours to lose. And the question that we have is, as you look at that install base, you got to get them onto this modern data platform. How do you do that? Do you write some abstraction layer? You talked about that thin layer in the cloud, you must have thought about doing that. Is that what you're doing? How is that going? What does that journey look like? >> Mike: You know, that is one of the most fundamental strategy questions for Veritas. And one of the things we recognized early on, is that while we do have an amazing install base of customers, and those customers are hyper-scaled themselves, you're talking about customers with tens of thousands of servers running our software, both on the storage and the protection site, so the thing that we cannot ask them to do is continuously upgrade their environment to take advantage of new features. We will put out one-to-two major releases of our software, particularly on a protection side, annually. But we're innovating at a far greater pace than that, so we've made some conscious choices to create new architectures for our customer that are workload-specific, so Cloud Point, being a great example, coming out in July, our Object Store announcements, underpinning our next generation protection solutions. So they have modern storage capabilities, our second example. But pulling them together is where only Veritas can offer a customer a complete catalog of that data. So, combining your net back-up catalog with Cloud Point, for example, with your storage, with what you've put into cloud, provides a customer, for the first time, kind of a complete view of the secondary estate. And so, as long as we get that right, we don't have to upgrade, we don't have to seed, what we have to do is enable our customers, through simple adoption of new tools, provide that visibility over the top, and I think that they'll be good to go. >> So that's kind of like a, I think of a term, backward compatibility, is essentially what you're providing for your install base, is that right? >> Mike: That's exactly right. Providing, and this is where API-based infrastructure and service-driven architectures help us a lot. We don't have to fully instantiate a code-base every time that we want to offer a service to a customer. >> Dave: There aren't many independent, in fact there aren't any independent, is one, two-and-a-half billion dollar software companies in your space, but there are many emerging guys, who are getting a lot of attention, well-funded, some, you know, hitting that kind of, 100 million dollar revenue mark, at least it appears that way. How do you look at those guys? What do you learn from them? You know, Branson said today, you know, you learn by listening and watching, in this case. You're watching the market, obviously, what are you seeing there, it's the hottest space in the infrastructure market right now, is your space and security. Are the two, you know, smoking hot spaces. What are you observing, and what are you learning? >> And I think the direct answer to your question is probably the user. You know, and I think that's the lesson of the industry even over the last 15 years, is that when a new workload arises, it's creating a new user inside the enterprise IT department. And that user often gets to determine all of the services that they need to make themselves successful. If that is a cloud workload, and they need availability services, or they need protection services, they want that to integrate in the same place that they buy in provision their cloud workload. If it's a container workload it's the same. We saw the rise of some of our competitors that got to multi-hundred million dollar revenue streams, by focusing on a single user, and a single type of transaction, with a single type of interface. And Veritas kind of lost its way, I think, a little bit, back in that time. So what we are watching today, is who are our users? What workloads are emerging? What sort of interfaces do we need to develop for those users? Which is why we made our UX statements as strongly as we did. We're committed to those. That is going to be the future of Veritas, it's serving the broadening user-base inside of enterprise. >> Dave: You're seeing a lot of discussion in the industry around design thinking, I know we're out of time, here, but, you know, you see companies, like, for instance, Charles Phillips's company, Infor, bought a company called Hook and Loop, and they're all about design, and, how is design thinking fitting into your, sort of, UX/UI plans? >> I mean, the parlance that we use internally is jobs to be done. Right, we clearly want to create a very consistent user experience, and look and feel, we want our customers to be proud to be Veritas customers. But we have to be super cognizant of, what is the job they're trying to get accomplished? And allow the system to be designed around accommodating that. If that is, I want three workflows in three steps or less, can I do that? It could be, I have a very complicated job and I want the ability to control very granular things, do I have an interface to do that? So, if we know the user and the job to be done, we can create a consistent look and feel, I think that we are, we're going to not only ride the wave, of change inside of our particular industry, but I think we're going to wind up in a consolidation space where we're a big winner. >> All right, last question, the bumper sticker on Vision 2017, as the trucks are pulling away from the area, what's the bumper sticker? >> Mike: Secondary data is your most under-utilized asset, and a platform provider is what you need to take advantage of it. >> Dave: All right, Mike, thanks very much for coming to The Cube. Congratulations, and good luck. >> Thank you for having me. >> All right, you're welcome, keep right there, buddy, Stu and I will be back with our next guest. The Cube, live we're live from Veritas Vision 2017. Be right back.

>> Narrator: Live from Las Vegas, it's The Cube, covering VMworld 2017. Brought to you by VMware, and its ecosystem partners. (upbeat music) >> Hello everyone, welcome back to The Cube's three day coverage of VM World 2017. This is day two. I'm John Furrier, your host, with Wikibon analysts Peter Burris and Stu Miniman. Peter, head of research, Wikibon.com, Stu Miniman, analyst. Guys, and cohost too on stage two, we have two sets. Day one and we've got two more days, Stu. 27 videos, a lot of content, keynote is up. Gelsinger's on stage with Mike O'Dell. Your thoughts? >> Yes, so, John, first of all, last year, you know, we've been doing this show for a lot of years. Last year, the energy was a little off, you know? We talked about on the intro, there's rumors about management change, everything like that? Energy's up. The attendance isn't up much, but, there's a lot of good discussions. People are digging into, kind of this whole, hybrid cloud, multi-cloud world. The keynote this morning, they've got, you know, folks from Google Cloud, up on stage. It's supposed to be the biggest announcement in the platform, in the last four years. I think we'll dig into that some. I'm not sure if it's the biggest announcement. >> Was there an applause? >> There was actually a bigger applause when Andy Jassy got on stage yesterday, than there was when they announced that, you know, VMware and Pivotal are now part of the Cloud Native Container Foundation, so, you know. CNCF, you know, three weeks, a few weeks ago, Amazon joined the CNCF, Microsoft part of the CNCF. Good step. Cubernetti's absolutely hugely important. VM and Pivotal, they'll want to ride that wave, participate in that wave, but, I'm not sure that they're, you know, that the leading edge of it, I like NSX's plugging into it, they're starting to figure out all of those internetworking pieces. But it's not the one I think, you know, we'll come a year from now and say oh, jeez, remember when they announced PKS, That's the thing that really changed the landscape. >> Yeah, I think the Google announcement was a little bit, seemed desperate to me, although very important, I said it's more of a long game on my tweet stream. But I think they try to force that a little bit. Certainly, I personally don't think it was a good move for them to do that at this stage and try to hype it up given the impact that Jassy had. And also Jassy's jab, a little bit, at some of these optical deals, we used to call them Barney deals, named after the cartoon. Barney, you know, they love each other, but no real deal there. Jassy, he's hinting that most of these cloud deals are optical, not a lot of meat behind it, unlike their deal. >> You know, I'm going to be the contrarian in this one, guys. I'm not going to say it's the most important infrastructure deal in the last four years. I think that's very true, Stu. But I will say this: our research when the AWS VMware deal was announced last October, was that it was an important deal, and it was going to have a material impact on the industry. Because it promised a way for a lot of VM customers to get to the cloud. And now we're seeing that happen. But we also observed that it became pretty clear, it was kind of obvious, that AWS had a lot to gain in that. And VMware was, I don't want to say desperate, but VMware was holding on and trying to remain relevant as we go through these transitions. I think a great thing about this conference is that VMware is demonstrating, is transforming. But think about this Google deal. Who gets the most out of this deal? >> John: VMware. >> VMware, but Google needs this really bad. Google really needs that enterprise presence. And VMware is in a great position relative to the Google deal. So VMware has not got a couple of companies that it can kind of-- >> You're shaking your head. >> Yeah, so here's the thing I'd say: while Google Cloud is standing up there, this is not VMware saying use Google Cloud. This is Pivotal and VMware saying we're fully integrated with Cooper Netties, which means that if I have Pivotal and VMware using PKS, it is now fully compatible with GKE. But that is very different from what we're seeing with Amazon. I talked to a VMware and Amazon joint customer this morning and he said I've got my data center. We've been using AWS for four years. And my data center guys are kind of slow. VMware and AWS allows them to be agile. They have the operating model. They have the tools. They like to use this. As opposed to Cooper Netties. That changes. You don't talk to a lot of people at VMware that are like, oh yeah, hey, I'm ready for microservices. I'm going to refactor all my applications. VMware, from day one, was like I'm going to take my applications, I want to, without changing a lot of code, move it in there. So, we've been talking for years on this show. You know, where are the developers? Are they here? Cooper Netties, all about the developers. I didn't hear a strong developer push in the announcement this morning. So, that's where I think it's still very different. >> It's a good conversation. I think Pete is right. Google does need this. But here's the nuance that's kind of in this game. It came from the VMware Cloud Native group. So Cloud Native certainly is strategy for VMware to play. VMware doesn't want to have just Amazon. They need to be multicloud. So-- They need to be multicloud, but I don't think that they should be playing the cards. This is a long game. The Cooper Nettiers that you know and I know, it's really difficult. People want to make it simple. There needs to be cross compatibility on, with application workloads. Very strategic, very important. Not a lot of meat on the bone. Okay, they're shipping commercial version of Google. Big deal. >> Most container implementations are running in a virtual machine. They just are. >> John: Yeah, true. >> This is an important deal for users. And that's the most important thing. >> Potential users that are going to be in the evolution of where this is going. To Stu's point, I think that where this connects is, the conversation here is: I'm just trying to get my act together on the on prim true private cloud. >> We're seeing the industry start to reform. So, again, Stu, you're right. It's not the most important thing in four years. But it's not also something to be-- >> It's a strategic enchant. It's very important. >> But it's also got near term implications. That for anyone who's doing container-based development, is running that whole thing inside of VM, and along comes VMware that says, hey you know what, we're going to bring industrial strength to this. It's a good thing. >> It's a good thing. Again, we all have a good conversation. This is a frothy conversation. I love it. Which means it's relevant to you guys out there. I think its timing is interesting. Again, I would have done a strategic play on this one. I would have done a strategic intent. The shipping stuff, okay cool. But you guys are on it. We will be monitoring it. Peter, I've got to ask you the question, and let's kick off Day Two. You guys have been beavering away for two days now here in analyst sessions, meeting all the executives, what's your observation? What's your take away so far? >> Well, the thing that we talked about, we did the wrap up yesterday, and now the analyst day came a couple of things. The first thing I'll say is that: when you pull back the covers of any new VMware initiative, increasingly you find NSX staring back at you. And it didn't used to be that way. So, increasingly, you're finding that NSX is becoming that kind of crown jewel. And that plays into this notion of VMware wanting to be the multicloud orchestrator using NSX as kind of a cross-multicloud technology. The second thing is that it's always interesting to observe how software technology, we talk about software technology in abstraction or independent of hardware. But the two always do move together. And we talked about yesterday about how vSAN has become such an important technology industry, Stu. And the observation we made, and isn't it interesting, that vSAN's importance grew just as people started doing flash-based storage arrays. And so those two things are becoming much more important in the aggregate universe here. And the third thing here is VMware is trying to do more around simplification through the cloud foundation, but they have to make sure it doesn't just look like a new marketecture, a new set of marketing. >> I want to throw some controversy out there. Stu, I heard some hallway conversations all last night, and the theme pretty much was this. I'm kind of paraphrasing multiple conversations. Love the direction, love vSAN, love all this NSX stuff. I do agree NSX is looking like the crown jewel. Clouding over the top. Orchestration is going to be the battleground for middleware. Great, I love that. But now, I'm an operations guy. I have VMware and I've got to go to the cloud in a big way. I've got to manage all this stuff. I have operational stacks merging together that have not been tested into multiple configurations with VMs, hardware stacks, software stacks, jamming together untested. This is a new pain point, and a slow point. We're slowing people down. Stu, do you agree? >> Yeah, really interesting point, because let's look at vSAN and NSX. vSAN, I can hand that to a virtualization admin, and they can get running pretty fast on that. Actually, I have one of the executives from VMware, he's like, we save money for customers really fast. NSX, a little bit more of a longer game. A little bit more complicated. Especially when you start getting into it. This whole interfabric between clouds, this is not an easy button for multicloud or anything like that. But NSX is really cool. John, we've been watching since day one. I mean, I remember when you and I interviewed Martín Cansado right after the acquisition. You know, huge acquisition, and as Pat Gelsinger said in the keynote yesterday, what vsphere was in the last 20 years, NSX will be for the next decade or more. So, absolutely, we kind of understand where the battlegrounds are. The devil's always in the details. >> Is it stable, Stu. Is this stuff stable? >> No, none of it is stable. But we're in the midst of a significant transformation, so we shouldn't expect stability. >> You're implying the outcome for the customers is significantly there to make the investment? >> Stu's right. This isn't plug and play world. There's a lot of work going on and what users are looking for now is who in the technology companies are going to make and sustain the investments to drive simplification. And VMware is in the mix. One of the other things we said last night, John, is that, if you look back, there have been very few technology companies that have successfully made a major transformation. IBM did it in the early 1990s. Microsoft has done it a couple of times. We may be witnessing VMware making a pretty significant transformation here. >> This show's not a dud, that's for sure, no doubt. VMworld and reinvent will probably become the two most important shows in cloud, hands down. Obviously besides from the international stuff-- >> Peter: That's important. >> You know, Microsoft, I'm seeing not a lot of clarity around Microsoft. Google, they're trying to get that cloud event going. Again, it's a great cloud wars going on, guys. So this is going to be crazy. >> Peter: It's starting to take shape. >> Well, you mentioned simplicity. Michael Dell's coming on. One of things I'm going to ask him, and I'd love to get your thoughts on what we should ask him. I'm going to ask him how do you make this shit simple? That ultimately, in the era of all this stuff jamming together, stacks, hardware stacks, software stacks, seamless operational capability, new developers coming on board, edge of the network. >> One of the things, a critique I have for Dell the company, is they want to give you choice. You're going to talk to Michael, and he's going to say Azure Stack, I've got that solution. AWS, VMware's got that solution. We've got the VMware solutions. We've got virtu-stream over here and everything. Customers want opinionated offerings to help them through that. Because, oh my gosh, I figured out the virtualization stuff, and I'm figuring out some of the networking security fees, I've got containers and there's other stuff coming from the future, and oh my God, security is beating me over the head nonstop. And now you want to be a major player in that? Yeah, how can they help customers get in the right swim lanes, help customers get comfortable in the deep end? >> Peter just talked about what I think is kind of key, he just mentioned plug and play. I'll just go a step further. This general purpose computing market is over. Nothing is general purpose anymore. Those things that you need to bolt on, but you have a unique requirement by corporations and enterprises-- >> I'll push on that a second, and I'll give you the question I would ask. If we look at the big picture, the big picture goes like this, the first fifty years of the computing industry were dominated by an OLTP-oriented model of how you use computers. Highly imperative programming. The tool sets were set up that way. Single database manager. You serialize everything from the database manager. That is the model that drove the first 50 years. We're in the middle of something totally different right now. We really don't know what it is. We conceived the peace parts with the coming together. It's going to be more hunks of programming, more declarative, distributed data, we're not going to serialize the same way. We can see what it's going to look like. But it's unclear exactly what shape it's going to take. The question I would ask, and I think it kind of builds on what you said, is what is Dell's commitment to the cloud's experience on 2022? We know what the cloud experience is today. The cloud experience today is defined by Amazon. They've done an absolutely magnificent job. Nobody thought they could do it except for Amazon. And they did it. And they did an absolutely magnificent job of it. But what's the cloud experience of 2022? We say it's going to be true private cloud, hybrid cloud, and a set of methods and a computing model that starts with data and finishes with outcome. What is Michael Dell say it's going to be? >> I was just going to say, Peter, that is The Question you talk about. When we think about the mega-merger of Dell, EMZ, and Vmware, at the end of the day, Michael wants to pull through more servers. But it's that operating model that's going to drive things. So, will VMware really be able to fix their management stack. Peter, when I became an analyst seven years ago, I was like, well anytime I can say back security and management are broken and they still suck, right? And so the question is, five years from now, will we, you know, be able to day hey, VMware is really doing some awesome things, Pivotal is really bringing this together, Dell technology's really front and center to help that experience. >> I was going to ask him who he's voting for, Mayweather or McGregor, in the fight night. >> Mike Tyson, right? >> Put you over to Mike Tyson. All right, serious question to end this. Peter, I know this is something near and dear to your heart, and Stu, at Wikibon, you guys are really, there's a lot of end user conversations, how should end users start preparing themselves. Because Pat Gelsinger's still laying out the narrative of today is the last day, the shortest time, whatever his quote was, it's going to get faster. And to your point of all this work that needs to get done on the investment, the customer environment is going to get crazier and harrier and more complex. What are end user enterprise customers having to do? >> So if I'm a CIO I'm doing three things. The first thing I'm doing is I'm introducing the core principles that are related to Agile. So I'm telling my people, culturally, we're going to me empirical, we're going to use data to make decisions, we're going to be iterative, we're going to cycle, and we're going to be really opportunistic. We're going to be very willing to break down sacred cows. That's the first thing I'm doing. The second things I'm doing is I'm starting to introduce a set of etics that say if we can put it in the public cloud, we will put in in the public cloud. But we have to use iterative, empirical, and opportunistic to recognize that we won't always be able to put it in the public cloud. And we have to be prepared to be able to do stuff on-premise, because we are going to be doing things on-premise. The third thing that I'm going to do, and I think this is really important, is that IT, for the last n number of years, has been focused on taking costs out of the business. David Floyer talks about this a lot, the idea of automation. Well, increasingly IT is going to be asked to find ways to add revenue to the business. That's kind of where a lot of his digital engagement goes. What that boils down to, ultimately, is that the history of working, collaborating, has been based on taking costs out driven by procurement, and this notion of strategic relationships has been kind of a fraud, has been kind of something we just say. So the third thing is: you're going to have to start focusing on what it really means to be strategic. Vendor management, to truly partner, to transfer and control intellectual property boundaries and how that happens. So those are the three things I think CIOs absolutely must start doing. >> And that is what Andy Jassy's been hinting around is optical illusions, is whether its vendor. Where's the partnerships? Where's the coding? Great observation, Peter, I've got to say that was phenomenal. I would agree. I mean, this is ultimately coming to a new era with computing with AI, IOT Edge. I think Pat Gelsinger laid out the wave slide beautifully yesterday. >> We're throwing the computing industry up in the air right now and seeing where it's going to land. It's time to start shaping that into the new model of how we're going to think through problems and how we're going to solve problems with technology. >> And we had the CIO perspective yesterday with Bask Iyer, who's the CIO of VMware. He said, John, look it, some things in IT are recognizable. There are certain patterns. We know when retail has spiked. So, yeah, I'll do bursting of the cloud, but most things can be patternized, and that's okay. Some things will always be unrecognizable. But it's not always that dynamic. Once you get that nailed down, that's where the true private cloud report comes in. Congratulations, by the way, on the true private cloud report from Wikibon. It's going viral here on the show. >> Some great work from Stu and David Floyer for many years. >> Great work. It's going viral. Talk of the town here in Vegas. Congratulations, Stu. >> Well, thank you. It's something, we've been having this conversation in this community specifically at VMworld for years. Because it was that air gap between I virtualized and that helped utilization to I really need to get to that operating model of the cloud. I interviewed a consultant from Australia last year on the other set. And he said a lot of the companies he still talks to is IT is still a call center. And we've been talking for years about moving from just being a call center to really partnering with a business. Or, you know, Jeremy Burton, who I interview recently, he's like no It's driving the business. And it's great that there are some companies that fully transformed and they are engaging in that or at least they tell a good story. But there's a lot of customers that are still working on their own journey. And that's what shows like this are all about. >> So really quick John. So the way I describe that is when you think about cost benefit, when you think about productivity, it's how much work am I going to get done for how much cost? The cost is the denominator. What we like to say is that IT has to start taking on a numerator mentality. What benefits am I going to create? What opportunities am I going to create? What revenue am I going to help create? Got to think on the numerator side of the equation. >> You guys are doing some great work. You know, a lot of analysts are always pumping in reports: Oh, you got to see this. And then pushing out to the analyst relationship. If you're in this business, whether you're a CXO, an advisor, or you work for a company and you don't read that true private cloud report, you possibly could be fired. It's really game-changing. It's like the software reading the world memo. This is the marketplace that's hot right now. True Private Cloud Report by Wikibon. Check it out. The Cube Day Two Coverage continues. We'll be right back with more after this short break.

>> Narrator: Live from Austin, Texas, it's The Cube covering South by Southwest 2017, brought to you by Intel. Now, here's John Furrier. >> Hey, welcome everyone back for day two of live coverage of South by Southwest. This is the cube, our flagship program from Silicon Angle. We go out to the events and extract the (mumbles). We're at the Intel AI Lounge, people are rolling in, it's an amazing vibe here, South by Southwest. The themes are AI, virtual reality, augmented reality, technology. They got great booths here, free beers, free drinks, and of course great sessions and great conversations here with the Cube. My first guest of the day here is Ben Parr, a friend of the Cube. He's been an entrepreneur, he's been a social media maven, he's been a journalist, all around great guy. Ben, thanks for joining us today. >> Thank you for having me again. >> So you're a veteran with South by Southwest, you know the social scene, you've seen the evolution from Web 2.0 all the way to today, had Scobel on yesterday, Brian Fanzo, really the vibe is all about that next level, of social to connecting and you got a startup you're working on that you founded, co-founded called AI? >> Ben: Octane AI. >> Octane AI, that's in the heart of this new social fabric that's developing. Where AI is starting to do stuff, keep learning, analytics but, ultimately, it's just a connection. Talk about your company. What is Octane AI? Tell us a little bit about the company. >> So Octane AI is a platform that lets you build an audience on Facebook Messenger and then through a bot. And so, what we do is allow you to create a presence on Messenger because if I told you there was a social app that had a billion users every month, bigger than Snapchat plus Twitter plus Instagram combined you'd want to figure out a strategy for how to engage with those people right? And that social app is Facebook Messenger. And yet no one ever thinks, oh could I build an audience on a messaging app? Could I build an audience on Messenger or WeChat or any of the others. But you can through a bot. And you can not just build an audience but you can create really engaging content through conversation. So what we've done is, we've made it really easy to make a bot on messenger but more importantly, a real reason for people to, actually, come to your bot and engage with it and make it really easy to create content for it. In the same way you create content for a blog or create content for YouTube Channel. Maroon 5, Aerosmith, KISS, Lindsay Lohan, 30 seconds to MARS, Jason Derulo and a whole bunch more use us to build an audience and engage their fans on Messenger. >> So let me get your thoughts on a couple of trends around this. Cause this is really kind of, to me, a key part that chat bots illustrate the big trends that are going on. Chat bots were the hype. People were talking about, oh chat bots. It's a good mental model for people to see AI but it also has been, kind of, I won't say a pest, if you will, for users. It's been like a notification. A notification of the economy we're living in. Now you're taking it to the next level. This is what we're seeing. The deep learnings and the analytics around turning notifications which can be noisy after a while, into real content and connections. >> Into something useful, absolutely. Like look, the last year of bots. The Facebook platform is not even a year old. We've been in that fart apps stage of bots. Remember the first year of mobile apps? You had the fart app and that made $50,000 a day and that was annoying as hell. We're at that stage now, the experimentation stage. And we've seen different companies going in different, really cool directions. Our direction is, how do you create compelling content so you're not spamming people but you have content that you can share, not just in your bot but as a link on your social media to your followers, to your fans, on Twitter, everywhere else and have a scalable conversation about whatever you want. Maroon 5 has conversations with their audience about their upcoming tours or they even released an exclusive preview of their new song, Cold, through our bots. You could do almost anything with our bots or with any bot. We're just learning right now, as an industry, what are the best practices. >> So where do bots go for the next level? Because you and I have known each other for almost over 10 years, we've seen the whole movement and now we're living in a fake news era. But social media is evolving where content now is super important that glues people together, communities together. In a way, you're taking AI or bots, if you will. Which is a first, I mean, .5 version of where AI is going. Where content, now, is being blended into notifications. How important is content in community? >> Content in community are essential to any product. And I feel like when you hear the word bot, you don't think community and that you could build a community with it because it's a bot, it's supposed to be automated. But you, actually, can if you do it in the right way and it can be a very, very powerful experience. We're building features that allow you to build more community in your bot and have people who are talking with your bot communicate with each other. There's a lot of that. What I feel like is, we're at the zero point one or zero point two of the long scale of AI. What we need to do right now is showcase all the use cases that really work for AI, bots, machine learning. Over time, we will be adding more other great technologies from Intel and others that will make all these technologies and everything we do better, more social and most of all, more personalized. I think that's one of the big benefits of AI. >> Do you see bot technology or what bots can turn into being embedded into things like autonomous vehicles, AR, is there a stack developing, if you will, around bots? What you're talking about is a progression of bots. What's your vision on where this goes down the road? >> I see a bunch of companies, now, building the technological stack for AI. I see a bunch of companies building the consumer interface, bots is one of those consumer interfaces. Not just chat bots but voice bots. And then I see another layer that's more enterprise that's helping make more efficient things like recruiting or all sorts of automation or driving. That are being built as well. But you need each of those stacks to work really well to make this all work. >> So are there bots here at South by Southwest? Is there a bot explosion, is there bots that tell you where the best parties are? What's the scene here at Southby? Where are the bots and if there were bots, what would they be doing to help people figure out what to do? >> The Southby bot is, actually, not a bad bot. They launched their bot just before South by Southwest. It has a good party recommendations and things. But it the standard bot. I feel like what we're seeing is the best use, there's a lot of good bot people. What I'm seeing right now is that people are still flushing out the best use cases for their bots. There's no bot yet that can predict all the parties you want to go to. We got to have our expectations set. That will happen but we're still a few years away from really deep AI bots. But there are clearly ones where you can communicate faster with your friends. There's clearly ones that help you connect with your favorite artist. There's clearly ones that help you build an audience and communicate at scale. And I feel like the next step is the usefulness. >> Talk about the user interface. Robert Scobel and I were talking yesterday, we have some guests coming on today that had user experience background. With AI, with virtual reality, with bots, with deep learning, all this collective intelligence going on, what's your vision of the user interface as it changes, as people's expectations? What are some of those things that you might see developing pretty quickly as deep learning, analytics, more data stats come online? What is the user interface? Cause bots will intersect with that as an assistant or a value add for the user. What's your vision on? >> I'll tell you what I see in the near term and then I'll tell you a really crazy idea of how I see the long term. In the near term, I think what you're going to see is bots have become more predictive. That, based on your conversations, are more personalized and maybe not a necessarily need as much input from you to be really intelligent. And so voice, text, standard interfaces that we're used to. I think the bigger, longer run is neurological. Is the ability to interface without having to speak. Is AI as a companion to help us in everything we do. I feel like, in 30 years, we won't even, it's, kind of like, do your remember the world when it had no internet? It's hard, it feels so much different. There will be a point in about 20 years we will not understand what the world was before AI. Before AI assistance where assisting us mentally, automatically and through every interface. And so good AI's, in the long run, don't just run on one bot or one thing, they follow you wherever you go. Right now it might be on your phone. When you get home, it may be on your home, it may be in your car but it should be the same sets of AI's that you use daily. >> Doctor Nevine Rou, yesterday, called the AI the bulldozer for data. What bulldozers where in the real world, AI's going to do that for data. Cause you want to service more data and make things more usable for users. >> Yes, the data really helps AI become more personalized and that's a really big benefit to the user to every individual. The more personalized the experience, the less you have to do. >> Alright, so what's the most amazing thing you've seen so far this year at Southby? What's going on out there that's pretty amazing? That's popping out of the wood work? In terms of either trend, content, product, demos, what are some of the cool things you're seeing. >> So, as it is only Saturday, I feel like the coolest thing will still come to me. But outside of AI, there have been some really cool mixed reality, augmented reality demos. I can't remember the name. There's a product with butterflies flying around me. All sorts of really breaking edge technologies that, really, create another new interface honestly where AI may interact with us through the augmented reality of our world. I mean, that's Robert Scogul's thing exactly. But there's a lot of really cool things that are being built on that front. I think those are the obvious, coolest ones. I'm curious to see which ones are going to be the big winners. >> Okay, so I want to ask you a personal question. So you were doing some venture investing around AI and some other things. What caused you to put that pause button on that mission to start the chat bot AI company? >> So I was an investor for a couple of years. I invested in ubean, the wireless electricity company and Shots with Justin Bieber which is always fun. And I love investing and I love working with companies. But I got into Silicone Valley and I got into startups because I wanted to build companies. I wanted to build ideas. This happened, in part, because of my co-founders. My co-founder Matt, who is the first head of product at Ustream and twice into the Forbes 30 under 30. One of the king makers of the bot industry. The opportunity to be a part of building the future of AI was irresistible to me. I needed to be a part of that. >> Okay, can you tell any stories about Justin Bieber for us, while we're here inside the Cube? (laughs) >> I wonder how many of those I can, actually, tell? Okay, so look. Justin Bieber is an investor in a company I'm an investor in called Shots. Which is now a super studio that represents everyone from Lele Pons to Mike Tyson on digital online and they're doing really, really well. One of Justin's best friends is the founder, John Shahidi. And so it's just really random. Sitting with John, who I invested in and just getting random FaceTime's. Be like, oh it's Justin Bieber, say hi to Justin. As if it was nothing. As if it was a normal, it's a normal day in his life. >> Could you just have him retweet one of my Tweets. He's got like a zillion followers. What's his follower count at now? >> You don't want that. He's done that to me before. When Justin retweets you or even John retweets you, thousands of not tens of thousands of Justin Bieber fans, bots and not bots, start messaging you, asking you to follow them, talking to you all the time. I still get the tweets all the time from all the Justin fans. >> Okay don't tweet me then. I'm nice and happy with 21,000 followers. Alright, so next level for you in terms of this venture. Obviously, they got some rock stars in there. What's the next step for you guys right now? Give us a little inside baseball in the venture status where you guys are at. What's the next step? >> We launched the company publicly in November, we started in May. We raised 1.6 million from general catalyst, from Sherpa Ventures, a couple of others. When we launched our new feature, Convos, which allows you to create shareable bots, shareable conversations with the way you share blog posts. And that came out with all those launch partners I mentioned before like Maroon 5. We're working on perfecting the experience and, mostly, trying to make a really, really compelling experience with the user with bots because if we can't do that, then there's no use to doing anything. >> So you provide the octane for the explosive conversations? (laughs) >> Yes, there you go, thank you, thank you. And we make it really easy. So we're just trying to make it easier to do this. This is a product that your mom could use, that an artist could use, any social media team could use. Writing a convo is like writing a blog post on media. >> Are moms really getting the chat bot scene? I, honestly, get the Hollywood. I'm going to go back to Hollywood in a second but being a general, middle America kind of tech/genre, what are they like? Are they grokking the whole bot thing? What's the feedback from middle America tech? >> But think of it this way. There are a billion people on Messenger and it's a, really, part of the question, they all use Facebook Messenger. And so, they may be communicating with a bot without knowing it. Or they might want to communicate with their fans. It's not about the technology as much as this is like connecting with who you really care about. If I really care about a Maroon 5 or Rachel Ray, I can now have that option. And it doesn't really matter what the technology is as much as it is that personal connection, that experience is good. >> John: Is it one-one-one or group? Cause it sounds like it's town hall, perfect for a town hall situation. >> It's one-on-one, it's scale. So you could have a conversation with a bot while each of the audience members is having a conversation one-on-one. When you can choose different options and it could be a different conversation for each person. >> Alright, so I got to ask about the Hollywood scene. You mentioned Justin Bieber. I wanted to go down that because Hollywood really has adopted social media pretty heavily because they can go direct to the audience. We're seeing that. Obviously, with the election, Trump was on Twitter. He bypasses all the press but Hollywood has done very well with social. How are they using the bots? They are a tell sign of where it's going. Can you share some antidotal stories or data around how Maroon 5, Justin, these guys are leveraging this and what's some of the impact? >> Sure, so about a month 1/2, 2 months before Maroon 5 launched their new song, new single, Cold. They came to us and wanted to build a distribution. They wanted to reach their audience in a more direct personal way. And so we helped them make a bot. It didn't take long. We helped them write convos. And so what they did was they wrote convos about things like exclusive behind the scenes photos from their recent tour or their top moments of 2016 or things that their fans really care about. And they shared em. They got a URL just like you would get, a blog poster URL. They shared it out with their 39 million Facebook fans, they shared it with their Twitter followers, they shared it across their social media. And 10's of thousand's of people started talking with their bot each time they did this. About 24 hours before the bot, before their new single release, they exclusively released a 10 second clip of Cold through their bot. And when they did that, within 24 hours, the size of their bot doubled because it went viral within the Maroon 5 community. There's a share function in our convos and people shared the convo with their friends and with their friends friends and it kept on spreading. We saw this viral graph happen. And the next day when they released the single, 1000's of people bought the song because of the bot alone. And now the bot is a core of their social strategy. They share a convo every single week and it's not just them but now Lohan and a whole bunch of others are doing the same thing. >> John: Lindsay Lohan. >> Lindsay Lohan is one of our most popular bots. Her fans are really dedicated. >> And so you can almost see it's, almost connecting with CGI, looking at what CGI's doing in film making. You could almost have a CGI component built-in. So it's all this stuff coming together. >> Ben: Multimedia matters. >> So what do you think about the Intel booth here? The AI experience? They got some Kinetic photo experience, amazing non-profit activities in deep loading (mumbles), missing children, what do you think? >> This is some of the best use cases for AI which is, people think of AI as just like the direct consumer interface which is what we do but AI is an underlying layer to everything we do. And if it can help even 1% or 1,000% identify and find missing children or increase the efficiency of our technology stacks so that we save energy. Or we figure out new ways to save energy. This is where AI can really make an impact. It is just a fundamental layer of everything. In the same way the internet is just a fundamental layer of everything. So I've seen some very cool things here. >> Alright, Ben Parr, great guest, in venture capitalist now founder of a great company Octane AI. High octane, explosive conversations looking forward to adopting. We're going to, definitely, take advantage of the chat bot and maybe we can get some back stage passes to Maroon 5. (laughs) >> (laughs) There will be some fun times in the future, I know it. >> Alright Ben Parr. >> Ben: Justin Bieber. >> Justin Bieber inside the Cube right here and Ben Parr. Thanks for watching. It's the Intel AI Lounge. A lot of great stuff. A lot of great people here. Thanks for joining us. Our next guest will be up after this short break. (lively music)

>> Q. At service now Knowledge fourteen is sponsored by service. Now here are your hosts, Dave Volonte and Jeff Frick. >> Hi, buddy. We're back. This is the Cube alive. Mosconi south in San Francisco. This is the service now. Knowledge fourteen Conference. I'm David Dante here with Jeff Frick. The Cube is our live mobile studio. We get out to the events, we extract the signal from the noise. Atticus Tyson is here. Is the CEO of Intuit eyes attending a parallel event? The service now has going on here, which is the CEO Decisions event. I think it's about one hundred CEOs. Atticus, welcome to the Cube. Thanks for coming on. Thanks. Happy to be here. Yes. So tell us a little bit about what's going on over there. The CEO decisions. So, as >> you said, it's about a hundred CEOs, uh, having some good discussions about the future of the role of the CEO. And this thing is a good speakers and getting together to be able to talk and share. >> What are some of the big themes that you guys were talking about? >> The big theme is the shift of really from being about systems of records to systems engaged, uh, and how we engage with lines of business to really enable growth. And it's less about cost savings and what we used to >> do. Yeah, so the whole notion. I mean, I love Frank's Lubinsky note this morning, sort of the message of turning it from a cost center into a producer of value. It sounds good, right? But when you get down to it and you're you're in the front lines and you're talking to a lot of CEO is trying to do more with less. A lot of times they don't have the budget. They don't the time. They don't have the management buy in on the board by and interestingly, we're just talking to Dave, right ways that we were asking him about. Wilmore CEO has come out of the business because that was one of frank, sort of no prescriptions. You really need to have a CEO who knows as much about the business is the business people, and that's the discussion that they should be having, not a technology discussion. It's rare you happen to be one that came out of the business, so talk a little bit about some of the roles that you've played it into it and how you ended up as a C e o. >> Sure so I've been with the company almost thirteen years. I've had four major jobs, one leading the protection program for the company product management for the small business division and then heading up engineering on now. And, uh, and the main reason I joined the group is I was I was always hearing the reason we couldn't do something because of, uh rather than complain about it, fix it. So I joined them on, uh, it's hard. Uh, exactly what you talked about is we have to still run the company with all of our existing systems of record while we're innovating while we're trying to tell a new story while we're trying to train our existing employees who are great at running these older systems but don't necessarily know the new paradigm. So it's shifting everything while still running the railroad, which is difficult. >> So from from a business perspective, when you're sort of running the business, how was into it using technology as a differentiator and it's a competitive advantage. Well, >> one of the things you know since our main product is technology, uh, really are our whole community. Our whole set of employees are technical people, uh, and So we're trying to embed technology everywhere. Uh, one of the things that's happening also is the line between what's traditionally I t. And what's product is blurring. So if you're a customer and you want to pay your bill or you wanna change your address, you have to do that inside the product. In a way, that's easy. And so we have a night group have to figure out how to work within that framework and have a great experience doing >> okay. So the line between the group and the product group is is much more blurred. You're saying it into it that it would be a you know, manufacturer. >> Absolutely. And in fact, one of the things I've been doing is really making the group more like a product group. Hiring product managers. I actually have a whole design staff that designs experiences. So if you were to walk into a room, you mean why not know whose From my tear? Who's with product? >> Yeah, okay. And so are the discussions that what do they like? The discussions that you're having with the business folks? I mean, you're talking about they're pl how to grow their profitability. How to increase. You know their margins, how to expand their channel. I mean, those the conversations >> that you're having absolutely on DH. How do we really provide a great experience for our agents who worked with customers, how to provide great end and customer experiences? How are we as the group enabling them to do more for customers on DH, create that one on one engagement that we want to do >> so? And it's what's been the reception kind of coming in from the outsider, if you will, from the other side of the wall within the focus. You know, I'm sure you have probably some expectations that were completely incorrect. Some assumptions that were necessarily there. So how they taken to you. And also there's a lot of talk about transforming kind of people from service providers in terms of pencil pushers and form filler routers. Teo, you know, strategic thinkers adding business value. Are they receptive to That was at a hard message to get across. How's it actually happening? >> Yeah, absolutely receptive. And I think if anybody's learned mauritz me more than them, uh, I've learned kind of the importance of the organization and how embedded it is with actually operating the company, and I have found people there who wanted for a long time to be able to have these kinds of conversations. But they've been relegated, if you will toe handling tickets, Uh, so once we can provide the framework and really aligned the work we're doing in it with driving growth with driving value, the conversations get easier, they get more meaningful, and the people doing the work really enjoy it much more. >> So is there a secret formula that you can share with either CEOs that haven't been on the business side or business practitioners that don't haven't really been on the other side of better ways to bridge that gap or two Collaborator Think it make it easier? >> You know, I think the way that worked for me was really trying to get a line around KP eyes or keep performance indicators. You sit down with a business leader and you know, what are the three or four metrics that I can really help in driving your business? You know? Is it Is it contacts? Is it average handled, which usually isn't, you know, Is it more of a transaction? That promoter score based on the satisfaction with dealing with the agent. What are those right indicators for you as a business leader? And then let's measure ourselves there and I'll be responsible is the technology guy. Figure out the right technology to make that happen, but we're going to focus everybody in i t and the business on the same measurements. >> And how have you been able to carve additional resource is to go after those types of objectives versus we always hear about, you know, the unbelievable amount of percentages just to keep the lights on and keep things running. >> Exactly. And that's really an internal conversation that we've gotta have because I'm definitely not getting more budget, er and so it is a brown. How do we get more efficient and automate with what we already have? I work with vendors to help us get better while we shift. Resource is over to the news because I'm definitely not anymore, but you're >> not getting more budget. So, Atticus, you've you've run engineering organizations, so you've got at least, you know, technical background from that standpoint, even a software engineer. But you mentioned off camera. You know the acronym guy right. So you hang out with Duke World. Forget it. Right? Pig and highs and scrap yard. Right. Okay, so but so And you've been in the business side of things. So when you come back into a role, you come to a roll of the technology head. How do you organized to tap that? Technical expertise? Nothing necessarily lack but the currency, you know, the acronym. Go. So how do you organize that? You lied on your CTO. Do you have? You know, uh, did you have to change the organization or inherit one that actually worked? And what if you could describe that a little bit? >> Great question. I think the biggest thing I changed about the organization when I came in is. And when I came, it was organized around systems. So there was a sable team, and there was no idea Artie And what? Instead, we did this. We created a sales care and marketing team. Andi said, you know, you're really a cow gamble for driving a great sales Karen marketing experience for end users and for agents. And I don't really care what technology you're using. Uh, so don't be allegiant to the technology because we all know Salesforce's great today, five years from now, they may not, uh, and I don't want to get so blind that I don't see the next thing coming on. So I have an expectation people in those groups that they're always looking for the next thing as well. >> So it was a classic stovepipe. Now what kind of friction that that cause? >> Well, the friction is really kind of my own. Learning is how interconnected all of the enterprise really is. It's nice and easy to say. There's a sales Karen marketing team and there's a finance dean. But those two systems really have to integrate and talk together and learning how to bridge that gap in a way that doesn't create a lot of bureaucracy. That's something we're still learning to do. >> And and what has been the impact of that change? Have you been able to do anything discernible at this point? Are actually how long you been a CEO? So >> seo since June. Okay, so relatively new. Okay, but I was heading engineering within. I worked for the C E O for about a year before that. So I many a night for about two >> years. Okay. And what is the impact bin of that organization? Changes have been discernible. I think it >> has. I think there's two main things. One is much greater transparency with our business partners of how we're spending the dollars on DH. I've invited them in to sit with us at the table and help us allocate those resources together. Esso and a greater appreciation on their side of the trade offs We have to make why we still run the business but try to do the innovation that's one and then the other is really creating great innovation coming out of the team because when they feel like their allegiance to the sales and care engineer who's out on the floor, one of the things I've done, uh, that into it. We're famous for something called the Follow Me home, uh, where we actually go to our customers homes and watch them use the product. We did the same thing when we did a follow on agent, uh, so we went to the call center and actually washed agents work and ask them what was difficult about using the product. We had engineers doing that, not product managers so they can actually see the problem first. >> And you drove that initiative? Absolutely. It wasn't it was that considered innovative. ITT's seems so basic, right? But everyone's so busy and exactly time to do something, creating the time to do it >> and even getting the cooperation from the managers of the agents to do it, because they just want to be on the floor taking calls. But actually having somebody looking over their shoulder asking what was worked about that what didn't work was a little bit of organizational pushed back. But once they understood the value they got onboard, >> whether any on aha moments it came out of that. Or was it more incremental? Several >> and mostly around. Just screen design and call Flo. Why did we have you to four clicks when you could do it in two clicks to really allow the agent to focus more on their interaction with the customer, not their interaction with the product. >> So I want to shift gears a little bit, so when you're into it right, you guys used to send out discs and CDs, and you had to change your model tow cloud based application, which is you know the kind of classic Do you kill your own business or you let somebody else kill it for you, right? Talk a little bit about how that knowledge helped you within trying to transform the department. Great question. I mean, >> because we've been running a digital or an online product for well over twelve years now, uh, both in TurboTax and in QuickBooks. And we've learned a lot in how to just run that kind of experience. And so now, as cloud based I T offerings are coming along, we already really understand kind of what they're doing on their side on one of the things we've been really pushing for. I think along with other people in the industry is more transparency and those cloud providers. Sometimes you think that they just want to run it as a utility. But as a technologist, I want to know more about how their services running. So I know how to rely on that's been a think attention in the >> industry. We gotta rap, but I want to just get your take. So you're new to service now, right? You bring it in. Uh, we're going live in about a month. Okay. We've been through the proof of concept. What are your expectations? Where you going? Toe pointed. >> So I think first off, just the agents who resolve tickets are going to have a much better experience than what we had before, which was a combination of some homegrown systems, Uh, in a couple of other vendors. So much better agent experience during the resolving on a much better employees experience, putting in tickets, uh, and also much better visibility into the workflow. >> Great. Atticus Tyson. Thanks very much. You're coming on the cube, you know. Good luck in your new role. Looks like you're having an impact on, uh, kind of a poster child for the service now. Vision of a of a CEO. So appreciate you coming on. Thanks. Something I keep right to Everybody will be right back with our next guests. Dave, along with Geoffrey, relied from Mosconi in San Francisco right back