>> Announcer: Live from Las Vegas, it's theCube. Covering Veritas Vision 2017. Brought to you by Veritas. >> Welcome back to Las Vegas everybody, this is theCube, the leader in live tech coverage. This is day one of two day coverage of Veritas Vision #VtasVision. My name is Dave Vellante, and I'm here with my co-host Stu Miniman. Zach Bosin is here. He's the director of information governance solutions at Veritas. And Anna Simpson is a distinguished systems engineer at Veritas. Which Anna means you know where all the skeletons are buried and how to put the pieces back together again. Welcome to theCube, thanks for coming on. >> Thank You. >> Thank You. >> Let's start with, we've heard a little bit today about information governance, Zach we'll start with you. It's like every half a decade or so every decade, there's a new thing. And GDPR is now the new thing. What's the state of information governance today? How would you describe it? >> I think the primary problem that organizations are still trying to fight off, is exponential data growth. We release research every year called the Data Genomics Index, and what came back this past year is that data growth has continued to accelerate, as a matter of fact, 49% year over year. So this problem isn't going anywhere and now it's actually being magnified by the fact that data is being stored, not only in the data center on premises, but across the multi-cloud. So information governance, digital compliance is all about trying to understand that data, control that data, put the appropriate policies against it. And that's really what we try to do with helping customers. >> I always wonder how you even measure data. I guess you could measure capacity that leaves the factory. There's so much data that's created that's not even persistent. We don't even know, I think, how fast data is growing. And it feels like, and I wonder if you guys agree or have any data suggestions, it feels like the curve is reshaping. I remember when we were talking to McAfee and Brynjolfsson it feels the curve is just going even more exponential. What's your sense? >> That's typically what we see. And then you have IoT data coming online, faster and faster and it really is a vertical shot up. And all different types and new files types. One of the other really interesting insights, is that unknown file types jumped 30-40%. Things that we don't even recognize with our file analysis tools today, are jumping off the charts. >> It used to be that PST was the little nag, it looks trivial compared to what we face today, Anna. What's your role as a distinguished systems engineer? How do you spend your time? And what are you seeing out there? >> I definitely spend my time dealing with customers around the world. Speaking to them about information governance. Particularly around risk mitigation these day. In terms of the issues we see in information governance, data privacy is a big one. I'm sure you've been hearing about GDPR quite a bit today already. That's definitely a hot topic and something our customers are concerned about. >> Are they ringing you up saying, "Hey, get in here. "I need to talk you about GDPR?" Or is more you going in saying, "You ready for GDPR? How does that conversation go? >> It's definitely a combination between the two. I think there is definitely a lot of denial out there. A lot of people don't understand that it will apply to them. Obviously if they are storing or processing data which belongs to an EU resident, containing their personal data. I think organizations are either in that denial phase or otherwise they're probably too aware, so they've probably started a project, done some assessment, and then they're buried in the panic mode if we have to remediate all these issues before May next year. >> What's the bell curve look like? Let's make it simple. One is, "we got this nailed." That's got to be tiny. The fat middle which is "we get it, we know it's coming, "we got to allocate some budget, let's go." Versus kind of clueless. What's the bell curve look like? >> I would say that there's 2% of companies, maybe, that think they have it nailed. >> Definitely in single digits, a low single digits. >> I think maybe another 30% at least understand the implications and are trying to at least but a plan in place. And the rest, 66% or so, still aren't very aware of what GDPR means for their business. >> Dave: Wow. >> Can you take us inside? what's Veritas's role in helping customers get ready for GDPR? We talked to one of Veritas's consulting partners today and it's a big issue, it crosses five to ten different budget areas. So what's the piece that Veritas leads and what's the part that you need to pull in other partners for? >> Sure thing. So in terms of our approach, we have what we refer to as a wheel. Which sort of attacks different parts of the GDPR, so various articles step you through the processes you need to be compliant. Things like locating personal data, being able to search that data, minimizing what you have, because GDPR is really dictating you can no longer data hoard, because you can only keep data which has business value. Further downstream it's obviously protecting the data that has business value, and then monitoring that over time. From a Veritas approach perspective, we tying those articles obviously to some of our products, some of our solutions. There's also definitely a services component around that as well. When you think about e-discovery of regulatory requirements, when the regulators come in, generally they're not necessarily going to be questioning the tools, they're going to be questioning how you're using those tools to be compliant. It is sort of a combination between tools and services. And then we're also partnering with other consulting companies on that process piece, as well. Zach, at the keynote this morning, there was a lot of discussion about there's dark data out there, and we need to shine a light on it I have to imagine that's a big piece of this. Why don't you bring us up to speed. What are some of the new products that were announced that help with this whole GDRP problem. >> In to that point, 52% of data is dark, 33% is rot, 15% is mission critical. Today we announced 23 new connectors for the Veritas information map. This is our immersive visual data mapping tool, that really highlights where you're stale, and orphaned, and non-business critical data is across the entire enterprise. New connectors with Microsoft as your Google Cloud storage, Oracle databases, so forth and so on, there's quite a number that we're adding into the fold. That really gives organizations better visibility into where risk may be hiding, and allows you to shine that light and interrogate that data in ways you couldn't do previously because you didn't have those types of insights. >> Also we heard about Risk Analyzer? >> Yes, that's right. We just recently announced the Veritas Risk Analyzer, this is a free online tool, where anyone can go to Veritas.com/riskanalyzer, take a folder of their data, and try out our brand new integrated classification engine. We've got preset policies for GDPR, so you drop in your files, and we'll run the classification in record speed, and it will come back with where PII is, how risky that folder was, tons of great insights. >> So it's identifying the PII, and how much there is, and how siloed it is? Are you measuring that? What are you actually measuring there? >> We're actually giving you a risk score. When we're analyzing risk, you might find one individual piece of PII, or you might find much more dense PII. So depending on the number of files, and the types of files, we'll actually give you a different risk tolerance. What we're doing with the Risk Analyzer is giving you a preview, or just a snapshot of the types of capabilities that Veritas can bring to that discussion. >> Who do you typically talk to? Is it the GC, is it the head of compliance, chief risk officer, all of the above? >> Yeah, it's definitely all of the above-- >> Some person who has a combination of those responsibilities, right? >> Yeah, exactly. It's usually, if we're talking GDPR specifically, it's usually information security, compliance, legal, and particularly in organizations now, we're definitely seeing more data privacy officers. And they're the ones that truly understand what these issues are; GDPR or other personal data privacy regulations. >> Let's say I'm the head of compliance security risk information governance, I wear that hat. Say I'm new to the job, and I call you guys in and say, "I need help." Where do I start? Obviously you're going to start with some kind of assessment Maybe you have a partner to help you do that, I can run my little risk analyzer, sort of leech in machine, and that's good but that's just scratching the surface. I know I have a problem. Where do we start? What are the critical elements? And how long is it going to take me to get me where I need to be? >> I think visibility is obviously the first step, which Zach already spoke to. You really have to be able to understand what you have to then be able to make some educated decisions about that. Generally that's where we see the gap in most organizations today. And that's particularly around unstructured data. Because if it's structured, generally you have some sort of search tools that you can quickly identify what is within there. >> To add on to that, you actually have 24 hours. We can bring back one hundred million items using the information map, so you get a really clean snapshot in just one day to start to understand where some of that risk may be hiding. >> Let's unpack that a little bit. You're surveying all my data stores, and that's because you see that because you've got the back-up data, is that right? >> The backup data is one portion of it. The rest is really coming from these 23 new connectors into those different data stores and extracting and sweeping out that metadata, which allows us to make more impactful decisions about where we think personal data may be, and then you can take further downstream actions using the rest of our tool kit. >> And what about distributed data on laptops, mobile devices, IoT devices, is that part of the scope, or is that coming down the road, or is it a problem to be solved? >> It's a little out of scope for what we do. On the laptop/desktop side of things, we do have e-discovery platform, formally known as Clearwell, which does have the ability to go out and search those types of devices and then you could be doing some downstream review of that data, or potentially moving it elsewhere. It's definitely a place we don't really play right now. I don't know if you had other comments? >> You got to start somewhere. Start within your enterprise. This has always been a challenge. We were talking off camera about FRCP and email archiving. I always thought the backup ... The back company was in a good spot. They analyzed that data. But then there's the but. Even these are backed up, kind of, laptops and mobile devices. Do you see the risk and exposures in PII really at the corporate level, or are attorneys going to go after the processes around distributed data, and devices, and the like? >> I think anything is probably fair game at this point given that GDPR isn't being enforced yet. We'll have to see how that plays out. I think the biggest gap right now, or the biggest pain point for organizations, is on structured data. It kind of becomes a dumping ground and people come and go from organizations, and you just have no visibility into the data that's being stored there. And generally people like to store things on corporate networks because it gets backed up, because it doesn't get deleted, and it's usually things that probably should not be stored there. >> If I think back to 2006, 2007 time frame with Federal Rules of Civil Procedure, which basically said that electronic information is now admissible. And it was a high profile case, I don't want to name the name because I'll get it wrong, but they couldn't produce the data in court, the judge penalized them, but then they came back and said, "We found some more data. "We found some more data. "We found some more data." Just an embarrassment. It was one hundred million dollar fine. That hit the press. So what organizations did, and I'm sure Anna you could fill in the gaps, they basically said, "Listen, "it's an impossible problem so we're going to go after "email archiving. "We're going to put the finger in the dyke there, "and try to figure the rest of this stuff out later." What happened is plaintiff's attorney's would go after their processes and procedures, and attack those. And if you didn't have those in place, you were really in big trouble. So what people did is try to put those in place. With GDPR, I'm not sure that's going to fly. It's almost binary. If somebody says, "I want you to delete my data," you can't prove it, I guess that's process-wise, you're in trouble, in theory. We'll see how it holds up and what the fines look like, but it sounds like it's substantially more onerous, from what we understand. Is that right? >> Yes, I would 100% agree. From an e-discovery standpoint, there's proportionality and what's reasonable relative to the cost of the discovery and things like that. I actually don't think that that is going to come into play with GDPR because the fines are so substantial. I don't know what would be considered unreasonable to go out and locate data. >> Zach you have to help us end this on an up note. (group laughs) >> Dave: Wait, I wanted to keep going in to the abyss. (group laughs) We've talk about the exponential growth of data, and big data was supposed to be that bit-flip ... of turned it for, "Oh my God, I need to store it "and do everything, I need to be able to harness it "and take advantage of it" Is GDPR an opportunity for customers, to not only get their arms around information, but extract new value from it? >> Absolutely. It's all about good data hygiene. It's about good information governance. It's about understanding where your most valuable assets are, focusing on those assets, and getting the most value you can from them. Get rid of the junk, you don't need that. It's just going to get you into trouble and that's what Veritas can help you do. >> So a lot of unknowns. I guess the message is, get your house in order, call some experts. I'd call a lot of experts, obviously Veritas. We had PWC on earlier today, and a number of folks in your ecosystem I'm sure can help. Guys, thanks very much for coming on theCube and scaring the crap out of us. (group laughs) >> Thanks a lot. >> Alright, keep it right there buddy, we'll be back for our wrap, right after this short break. (light electronic music)