 Drew and I are pleased to welcome Kevin Warrenda, who's the Director of Information Technology Services at the Hotchkiss School, a very prestigious and well-respected boarding school in the beautiful northwest corner of Connecticut. Hello, Kevin. Hello, it's nice to be here. Thanks for having me. Yeah, you bet. Hey, tell us a little bit more about the Hotchkiss School and your role. Sure, the Hotchkiss School is an independent boarding school, grades nine through 12, as you said, very prestigious. And in an absolutely beautiful location on the deepest freshwater lake in Connecticut, we have a 500 acre main campus and a 200 acre farm down the street. My role as the Director of Information Technology Services is essentially to oversee all of the technology that supports the school, operations, academics, sports, everything we do on campus. Yeah, and you've had a very strong history in the educational field. From that lens, what's the unique, or not unique, but depressing security challenge that's top of mind for you? I think that it's clear that educational institutions are a target these days, especially for ransomware. We have a lot of data that can be used by threat actors and schools are often underfunded in the area of IT security and IT in general sometimes. So I think threat actors often see us as easy targets or at least worthwhile to try to get into. Because specifically you are potentially spread thin, underfunded, you got students, you got teachers. So there really are some, are there any specific data privacy concerns as well around student privacy or regulations that you can speak to? Certainly, because of the fact that we're an independent boarding school, we operate things like even a health center. So data privacy regulations across the board in terms of just student data rights and FERPA, some of our students are under 18, so data privacy laws such as COPA apply, HIPAA can apply, we have PCI regulations with many of our financial transactions, whether it be fundraising through alumni development or even just accepting the revenue for tuition. So it's a unique place to be. Again, we operate very much like a college would, right? We have all the trappings of a private college in terms of all the operations we do. And that's what I love most about working in education is that it's all the industries combined in many ways. Very cool. So let's talk about some of the defense strategies from a practitioner point of view. Then I want to bring in Drew to the conversation. So what are the best practice and the right strategies from your standpoint of defending your data? We take a defense in depth approach. So we layer multiple technologies on top of each other to make sure that no single failure is the key to getting beyond those defenses. We also keep it simple. I think there's some core things that all organizations need to do these days including vulnerability scanning, patching, using multi-factor authentication and having really excellent backups in case something does happen. Drew, are you seeing any similar patterns across other industries or customers? I mean, I know we're talking about some uniqueness in the education market, but what can we learn from other adjacent industries? Yeah, Kevin is spot on and I love hearing what he's doing. Going back to our prior conversation about zero trust, that defense in depth approach is beautifully aligned with the zero trust approach, especially things like multi-factor authentication always shocked at how few folks are applying that very, very simple technology and across the board, right? I mean, Kevin is referring to financial industry, healthcare industry, even the security and police. They need to make sure that the data that they're keeping evidence is secure and immutable because that's evidence. Well, Kevin, paint a picture for us if you would. So you were primarily on-prem, looking at potentially using more cloud. You were a VMware shop, but tell us, paint a picture of your environment, kind of the applications that you support and the kind of, I want to get to the before and the after with Sabi, but start with kind of where you came from. Sure, well, I came to the Hatchett School about seven years ago and I had come most recently from public K-12 and municipal. So again, not a lot of funding for IT in general, security or infrastructure in general. So Nutanix was actually a hyper-converged solution that I implemented at my previous position. So when I came to Hatchett's and found mostly on-prem workloads, everything from the student information system to the card access system that students would use, financial systems, they were almost all on-premise, but there were some new SaaS solutions coming in play. We had also taken some time to do some business continuity planning in the event of some kind of issue. I don't think we were thinking about the pandemic at the time, but certainly it helped prepare us for that. So as different workloads were moved off to hosted or cloud-based, we didn't really need as much of the on-premise compute and storage as we had and it was time to retire that cluster. And so I brought the experience I had with Nutanix with me and we consolidated all that into a hyper-converged platform running Nutanix AHV, which allowed us to get rid of all the cost of the VMware licensing as well. And it is an easier platform to manage, especially for small IT shops like ours. Yeah, AHV is the Acropolis Hypervisor. And so you migrated off of the VMware avoidant, the V-tax avoidance, that's a common theme among Nutanix customers. And now, did you consider moving into AWS? What was the catalyst to consider Wasabi as part of your defense strategy? We were looking at cloud storage options and they were just all so expensive, especially in egress fees to get data back out. Wasabi came across our desks and it was such a low barrier to entry to sign up for a trial and get a terabyte for a month. And then it was $6 a month for terabyte after that. I said, we can try this out in a very low stakes way to see how this works for us. And there was a couple of things we were trying to solve at the time, it wasn't just a place to put backup, but we also needed a place to have some files that might serve to some degree as a content delivery network. Some of our software applications that are deployed through our mobile device management needed a place that was accessible on the internet that they could be stored as well. So we were testing it for a couple of different scenarios and it worked great. Performance wise, fast, security wise, it has all the features of S3 compliance that works with Nutanix and anyone who's familiar with S3 permissions can apply them very easily. And then there was no egress fees. We can pull data down, put data up at will. And it's not costing us any extra, which is excellent because especially in education, we need fixed costs. We need to know what we're gonna spend over a year before we spend it and not be hit with bills for egress or because our workload or our data storage footprint grew tremendously. We can't have the variability that the cloud providers would give us. So Kevin, you explained to your hypersensitive about security and privacy for obvious reasons that we discussed. Were you concerned about doing business with a company with a funny name? Was it the trial that got you through that not whole? How did you address those concerns as an IT practitioner? Yeah, anytime we adopt anything, we go through a risk review. So we did our homework and we checked. The funny name really means nothing. There's lots of companies with funny names. I think we don't go based on the name necessarily, but we did go based on the history, understanding who started the company, where it came from and really looking into the technology and understanding that the value proposition, the ability to provide that lower cost is based specifically on the technology in which it lays down data. So having a legitimate reasonable excuse as to why it's cheap, we weren't thinking, well, you get what you pay for. It may be less expensive than alternatives, but it's not cheap. It's not, it's reliable and that was really our concern. So we did our homework for sure before even starting the trial, but then the trial certainly confirmed everything that we had learned. Yeah, thank you for that, Drew. Explain the whole egress charge. We hear a lot about that. What do people need to know? First of all, it's not a funny name. It's a memorable name, Dave. Just like theCUBE, let's be very clear about that. Second of all, egress charges. So, other storage providers charge you for every API call. Every get, every put, every list, everything, okay? It's part of their process. It's part of how they make money. It's part of how they cover the cost of all their other services. We don't do that. And I think, as Kevin has pointed out, that's a huge differentiator because you're talking about a significant amount of money above and beyond what is the list price. In fact, I would tell you that most of the other storage providers, hyperscalers, their list price, first of all, is far exceeding anything else in the industry, especially what we offer. And then, right, their additional cost, the egress cost, the API requests can be two, three, 400% more on top of what you're paying per terabyte. So, you used a little coffee analogy earlier in our conversation. So, here's what I'm imagining. Like, I have a lot of stuff, right? And I had to clear out my bar and I put some stuff in storage right down the street. And I pay them monthly. I can't imagine having to pay them to go get my stuff. That's kind of the same thing here. Oh, that's a great metaphor, right? That storage locker, right? Yeah. Can you imagine every time you want to open the door to that storage locker and look inside, having to pay a fee? No, no, that would be annoying. Or every time you pull into the yard and you want to put something in that storage locker, you have to pay an access fee to get to the yard. You have to pay a door opening fee, right? And then, if you want to look and get an inventory of everything in there, you have to pay, it's ridiculous. It's your data, it's your storage, it's your locker. You've already paid the annual fee, probably, because they gave you a discount on that. So, why shouldn't you have unfettered access to your data? That's what Wasabi does. And I think, as Kevin pointed out, right? That's what sets us completely apart from everybody else. Okay, good. That's helpful. It helps us understand how Wasabi's different. Kevin, I'm always interested when I talk to practitioners like yourself in learning what you do, you know, outside of the technology, what are you doing in terms of educating your community and making them more cyber aware? Do you have training for students and faculty to learn about security and ransomware protection, for example? Yeah, cybersecurity awareness training is definitely one of the required things everyone should be doing in their organizations. And we do have a program that we use and we try to make it fun and engaging too, right? This is often the checking the box kind of activity, insurance companies require it, but we want to make it something that people want to do and want to engage with. So even last year, I think we did one around the holidays and kind of pointed out the kinds of scams they may expect in their personal life about shipping of orders and time for the holidays and things like that. So it wasn't just about protecting our school data. It's about the fact that protecting their information is something you do in all aspects of your life, especially now that the folks are working hybrid, often working from home with equipment from the school, the stakes are much higher and people have a lot of our data at home. And so knowing how to protect that is important. So we definitely run those programs in a way that we want to be engaging and fun and memorable so that when they do encounter those things, especially email threats, they know how to handle them. So when you say fun, it's like you come up with an example that we can laugh at until of course we click on that bad link, but I'm sure you can come up with a lot of interesting and engaging examples. Is that what you're talking about, about having fun? Yeah, I mean, sometimes they are kind of choose your own adventure type stories. They stop as they run. So they're telling a story and they stop and you have to answer questions along the way to keep going. So you're not just watching a video, you're engaged with the story of the topic. And that's what I think is memorable about it, but it's also, that's what makes it fun. It's not, you're not just watching some talking head saying to avoid shortened URLs or to talk to make sure you know the sender of the email. Now, you're engaged in a real life scenario of story that you're kind of following and making choices along the way and finding out was that the right choice to make or maybe not. So that's what I think the learning comes in. Excellent. Okay, gentlemen, thanks so much. Appreciate your time. Kevin, Drew, awesome having you in theCUBE. My pleasure, thank you. Yeah, great to be here, thanks. Okay, in a moment, I'll give you some closing thoughts on the changing world of data protection and the evolution of cloud object storage. You're watching theCUBE, the leader in high tech enterprise coverage.