 brought from Las Vegas, it's theCUBE. Covering EMC World 2016. Brought to you by EMC. Now, here are your hosts, John Furrier and Dave Vellante. Okay, welcome back everyone. We are here live in Las Vegas for EMC World 2016. This is Silicon Angles, the CUBE, our flagship program where we go out to the events and extract the signal from the noise. I'm John Furrier, my co-host Dave Vellante. We've been here seven years of EMC. We're all kicked off when the CUBE started. Always great to have great guests, CTO. Stephen Manley is the CTO of Core Technologies, group of EMC, one of the main pillars of EMC strategy. Core technology is emerging. Core is holding down the fort, keeping the lights on. That's the legacy business. That's the big business. Why, you just call me the legacy business? No, this is the legacy business. He meant Fred and Butter. Yeah, there we go. Fred and Butter, the sweet spot. There is no one's moving those workloads. I mean, that's going to be stable business. That's the core machine. Yeah, just make sure we're still innovating. We're still doing things. People still like us. So it's clear that it's not just old technologies. You soften the keynotes. You got flash all over there. A lot of optimized workloads, certainly on the storage side. Update us. Is this a change? Is this new? Did something happen? Was this part of the plan all along? So it really is part of the plan. And one of the things I think guy covered in the keynote, which to be fair, I didn't see because I was doing customer meetings, but I'm going to assume what he said. He talks, I think generally about sort of the technical debt environments. He talks about some of the converged software defined environments and the cloud environments and which apps you're on where. If you look at a lot of what we're trying to do in those tech debt environments, things like the all flash VMAX, things like Unity, that really is all around. How do you simplify those environments down? Because there is so much technical debt people have to pay off. And so we've had a lot of focus over the last couple of years of how do we enable them to pay that off inexpensively? Because there's one thing to say I need to reduce my technical debt. But if you go to a customer and say, I can help you reduce your technical debt if you just rip everything out and start over again. They look at you like, yeah, that doesn't reduce my debt. So a lot of what we've been trying to do is how do we incrementally help them reduce that debt? At the same time, we talked about, I think he probably talked about the copy data management work and talked some about where that's going. And that moves you into some of that new world, that converged world where Chad obviously does a lot around convergence of production workloads, but the convergence of protection is just as important in those environments. And so I think it's a good mix of helping pay down technical debt as well as getting into some of the new workloads and then connecting up into cloud. So some of the announcements this week are filled on the things that you and I have talked about for years. The whole notion of data protection and evolving that and being able to understand the metadata, leveraging the metadata, your whole copy data management thing. So talk about how that's evolved and how you brought your roadmap to fruition. So a lot of this comes down to, at some point you need to focus on what is it that people are looking for in these new environments? And there were always kind of two forcing functions that we had. The first was you had a lot of end users or at least application owners, VM owners who said, I need a more active role in the data protection scheme because I don't like filing tickets and waiting for things to happen in terms of recovering from outages or being able to spin up copies for test and development. And then the second was in the technology data path, VMWare and applications in the storage itself started to really provide technologies that enabled faster copy creation, faster data protection. And so we've been looking at that and saying, as these trends come together, we're going to need something that really helps facilitate those workloads and facilitate those workflows. And that's going to be different than the way we used to do data protection. Because if you think about the way I used to do data protection, there was a monolithic application that I deployed and there were a set of people whose job was to babysit and care and feed that application. You look at these copy data management workflows and it's really all around, give me APIs that allow me to trigger this through my vrealize APIs or through Oracle R-Man or through Viper. And so that's really been a lot of how we've gotten that built is we've come to understand that there are new users and new workflows and again that convergence that drives you to bring these things together. You guys were joking earlier about legacy. But you have a long legacy in data protection. How are you leveraging that to your advantage in the marketplace? I think there's a couple. One is, and we had a mental number of customers today who said I'm getting a lot of talk from startups X, Y, and Z and they're saying that they can come in and they solve my problems. Now they solve my problems as long as my environment looks exactly like this. If everything's virtualized and I only want to do this and they look at you and they say, but realistically we've got everything from mainframe to I've got 20 terabyte databases on physical infrastructure to a thriving virtual environment to now a more of a cloud environment. And one of the things they're looking for is what they've come to expect from backup vendors historically is when I say, can you protect this? The answer comes back, yes. And so they're looking for somebody that says, can you cover me through my entire environment? Now I'm not looking for least common denominator. When we get to the virtual environment I expect you to be able to do new and exciting things but I don't want you to be a one trick pony either. And so that's one area that I think the breadth of the portfolio helps us is that we can cover the whole environment. I think the second one is in terms of the tried and true technology, people look at something like a data domain, people look at something like a recover point, they look at SRDF and they say, these are things I bet my business is on for the last decade or two decades. It's not just something I'm going to throw in and hope it works because these are my crown jewels. And then I think the third is the expertise with applications because in the end all of this infrastructure is out there to serve an application and if you come in and say, well I can create a snapshot, I can create something that's crash consistent, they look at you and they say that's great but I have an SAP environment simply saying, well yeah hopefully it'll just all come back up. That's not good enough for me. So I think those are the three. I was talking about the data explosion, we've been talking about that for decades. My question relates to people's understanding of the value of data. We're working with our CXOs right now and one of the premises that we're putting forth is the lack of understanding of data value is making it really hard for people to properly secure and protect their data. Do you see that, do you buy that premise and how are you helping customers solve that problem? I do, I think what we're seeing in the environments right now is there's kind of a bifurcated approach. So there's still I'd say of the customers I meet 80% of them are doing what I'd call brute force. And they're just trying to apply policies to everything and just work harder and we see this with some of the ransomware. I'm going to do sort of an air gap kind of service for all of my protected data because I don't know what's where and so I need to be protected for all of it. My archive solution is I'm going to index my entire backups after I put them onto object storage because again I don't know what I need to hold for seven years, 10 years, whatever it is. And certainly I get it, right? Because if you can't connect with your lines of business if you aren't getting response from the legal team brute force is the best you've got. But over the last few years we have seen people shift I'd say it's a 20%. Three years ago it was maybe 10% that were able to take these policies and say no we're going to get smarter about understanding our apps, understanding our data and make more informed decisions about them. And I think a lot of what's helping and make those decisions are technologies and one of the ones that's in our portfolio is the DP Search technology where it really helps them look across their data sets and understand what's there so they can make more informed calls because you look out and you say I've got an exabyte of data, where do I start, right? So if you don't have something that helps you classify it to begin with it seems like an impossible job and you fall back to brute force. So the trend is starting to move towards getting more insightful on your data but there's a lot of people that have a long way to go. Of course, you mentioned air gapping is a huge boon for you guys because that creates new opportunities right now on more product sales but ultimately there's real value for the customer there. Oh, absolutely, I'm a big fan of the air gap. I think, you know- Explain the air gap to folks. Oh, absolutely. This is a really interesting new dynamic. So yeah, so this is something that's come about and ransomware has been the latest trigger. Rogue Admins was a trigger before where basically customers look and they say, you know, if something gets into my environment and effectively locks all my data away from me or destroys my data for me, usually they target the backups first and then they go after the primary data so that if your primary data gets locked down, you know, the ransomware person calls you up says to get your data back you're going to have to pay X amount. By the way, I've already nuked all your backups. So guess what? It's either me or you're losing all your data. That really informs them quickly how important their data is. But they're looking at that and they're saying, well, how do I secure myself? And so there's notion of an air gap where in our world, let's say you've got a data domain, you could replicate to a third data domain that's off the grid almost all the time so that it's inaccessible to these attacks. Comes on the grid just briefly every day at random points of time so that I can get a copy out there. That gives them that insulation so that when the ransomware calls up, they say, no, we're fine, we've got copies back here so we're not going to pay the ransom. So the old way was Rogue Admin. Now the new threat is ransomware where they basically hack you and then hold your critical infrastructure at hostage. And people are just saying, it's too critical and they write big fat checks to get it back. For what we've seen, it's over a billion dollar business at this point in terms of what, yeah. That was the latest report I saw. Over a billion dollars are being generated by these ransomware crooks. How often do you hear about this? I'm texting our writers right now because I think there's a huge phenomenon going on. The air gap is a huge tactic. I was in New York two weeks ago. Every single customer I met, whether it was financial, healthcare, insurance, pharmaceutical, media and entertainment, across the board, half the time we said, oh, so what are you doing about ransomware? The other half, the very first thing they brought up in the meeting is, my boss, my team is worried about ransomware. What do you guys have to offer? Because the consequences to them are so great that even if they had a full on response, a down time gap between not negotiating with hostages, guns for hostages, whatever you want to call it. So the problem has huge consequences. Oh, huge. So they have to just pay the money. And then the ransom guys, they know the numbers. So they'll say, hmm, yeah, exactly. Your choice is pay me or see you fired and out of business. And the amazing thing is what I heard from one of the customers that got hit by this, at least in their name, we'll hold their name reserved, they said, these guys are so well set up at this point that when they called for the ransom, they said, you're going to pay us some Bitcoins so it's not traceable. And since you guys probably aren't comfortable using Bitcoins, we have a help desk you can call that will help you figure out how to pay us. You look at that kind of organization. It's an onboarding process for the ransomware. We have a self-service portal come in and we'll walk you right through the. Phenomenal. And so I think it's a really important thing for people to look at because, again, not only is your business held hostage, but again, if it gets into the news, it's incredibly embarrassing and threatening, right? You're a financial institution, you're admitting that you got hacked, which means that, sure, your data got locked away from you and you paid. There's lost sales of so many hidden down benefit cost problems that they would get carried on. So the solution you have is essentially to get off the grid. Exactly. And come on periodically at random times so nobody can predict when that is. Do you also work with your services organization to provide guidance to people as to how to set this up and best practice it? Absolutely. And in fact, part of what the smarter companies are doing in this is, again, they're doing that first initial, all right, let's get everything air-gapped. But then they're working with us and services partners to say, and then let's actually do a threat assessment of what data are we most worried about, which finally gets to that data assessment that you always want so that you can be even smarter about, again, how you prioritize your data, how you manage your service levels. So in some ways, there are some people who are, to use the old Rahm Emanuel line, don't waste a good crisis, right? So I'm using this to solve the immediate problem, but now that I have my business's attention as the IT team, I'm actually using it to set ourselves up for the future to be able to better manage our environment. You also seen, and I know we got to go, but have you also seen more awareness at the board level of how to respond from a communication standpoint to the inevitable penetration? I think so. I think that's, and that's one of the reasons we're getting so much attention on this versus your sort of standard data outage, is the standard data outage is something that, again, the more senior, non-technical people in an organization look at and they go, I guess this stuff happens, I've been used to it. Ransomware is something they see in the news, it's something that they instinctively, it's something you can instinctively understand. It's the Sony hack, the Sony hack was huge, right? Right. Absolute ransomware, poster child. I don't want to be Sony. Exactly, and so it's got the executive's attention in a way that a traditional IT problem doesn't. And so like I said, this is a chance if you're an IT to really, again, it's a bad thing, but can you use it to then basically set yourself up to make the world better in the future? The answer is, again, a lot of people are. Well, we'd love to pay you in Bitcoin and hold you hostage here in the queue. Steven, thanks so much for sharing your insight here. Great stuff, ransomware, beware. But a lot of great stuff, this is what it's all about. And we didn't even get to capacity optimization, which is a big part of the product. A lot of slew of announcements, congratulations. We're going to circle back with Guy, he was just on earlier, but great stuff, congratulations. Well, thank you guys. We're here at EMC Rural 2016 theCUBE, I'm John Furrier, Dave Vellante, you're watching theCUBE. Looking back at the history of Dell, personal.