 Hey everyone, and welcome back to Las Vegas. Viva Las Vegas, baby. This is theCUBE live at AWS re-invent 2022 with tens of thousands of people. Lisa Martin here with Dave Vellante. Dave, we've had some great conversations. This is day one of four days of wall-to-wall coverage on theCUBE. We've been talking data, every company is a data company, data protection, data resiliency, absolutely table stakes for organizations to be able to. And I think ecosystem is the other big theme and that really came to life last year. We came out of the pandemic and it was like, wow, we are entering a new era. People no longer was the ecosystem worried about AWS competing with them. They were more worried about innovating and building on top of AWS and building their own value. And that's really, I think the theme of the 2020s within the ecosystem. And we're going to be talking about building on top of AWS. Two guests join us, two alumni join us. Steven Manley is here, the CTO of Druva. Welcome back. Jason Crudett as well is here. CIO and CTO of Summit Carbon Solutions. Guys, great to have you back on the program. Thank you. Jason, let's start with you. Give the audience an understanding of the company. What do you guys do? What do you deliver value for customers? All that good stuff. Yeah, I know for sure. So Summit Carbon is the world's largest carbon capture and sequestration company, capturing close to 15 million tons of carbon every year so it doesn't go into the atmosphere. Wow, fantastic. Steven, the risk landscape today is crazy, right? There's been massive changes. We've talked about this many times. What are some of the things, you know, ransomware is a, I know as you say, this is a, it's not a if it's going to happen, it's when, it's how frequent, it's what's going to be the damage. What are some of the challenges and concerns that you're hearing from customers out there today? Yeah, you know, it really comes down to three things and everybody is terrified of ransomware and justifiably so. So the first thing that comes up is, how do I keep up? Because I have so much data in so many places and the threats are evolving so quickly. I don't have enough money, I don't have enough people, I don't have enough skilled resources to be able to keep up. The second thing, and this ties in with what Dave said, is ecosystem. You know, it used to be that your backup was siloed, right? They'd sit in the basement and you wouldn't see them. But now they're saying, I've got to work with my security team. So rather than hoping the security team stays away from me, how do I integrate with them? How do I tie together? And then the third one, which is on everybody's mind is, when that attack happens. And like you said, it's when and the bell rings and they come to me and they say, all right, it's time for you to recover. It's time for all this investment we've put in. Am I going to be ready? Am I going to be able to execute because a ransomware recovery is so different than any other recovery they've ever done. So it's those three things that really are top of mind for me. How so? What are the key differences if you could summarize? I mean, I don't know. So the first one is, you can't trust the environment you're restoring into. Even with a disaster, it would finish. And you'd say, okay, I'm going to get my data center set up again, and I'm going to get things working. You know, when I try to recover, I don't know if everything's clean yet. I'm trying to recover while I'm still going through incident response. So that's one big difference. A second big difference is, I'm not sure if the thing I'm recovering is good. I've got to scan it. I've got to make sure what's inside it is all right. And then the third thing is, what we're seeing is the targets are usually not necessarily the crown jewels because those tend to be more protected. And so they're running into this. I need to recover a massive amount of what we might call tier two, tier three apps that I wasn't ready for because I've always been prepared for that tier one disaster. And so those three things, they go, it's stuff I'm not prepared recovering. It's a flow I'm not used to having to check things. And I'm not sure where I'm going to recover to when the time comes. Yeah. Jason, go ahead. Yeah, that's right. I mean, I think for me, the biggest concern is the blind spots of where did I actually back it up or not? You know, what did I get it? Cause we always protect our ERP. We always protect these sort of classes of tiers of systems. But then it's like, oh, that user's email box didn't get it. Oh, that, you know, that one drive, it didn't get it, you know, or, or whatever it is, you know, the infrastructure behind it all. I forgot to back that up that to me, the blind spots are the scariest part of a ransomware attack. And if you think about it, some of the most high profile attacks, you know, on the, on the colonial pipeline, they didn't go after the core assets. They went after billing. That's right. The billing brought everything down. So they're smart enough to say, all right, I'm not going to take the, the castle head on. Is there, is there that? Exactly. And so how do you, I get, I mean, you can air gap and do things like that in terms of protecting the, the data, the corrupt data. How do you protect the corrupt environment? I think that's, that's a really challenging issue. Is it? I don't know. I mean, I'll, you can go a second here. I think that what's interesting to me about is that's what clouds for. You can build as many environments as you want. You only pay for what you use, right? And so you have an opportunity to just reconstruct it. That's why things, everything is code matters. That's why having a cloud partner like Dhruva matters so you can just go restore wherever you need to. And a totally clean environment. So the answer is, you got to do with the cloud. Yeah. What if it's on prem? So if it's on prem, what we see people do is, and this is where testing and where cloud can still be an asset is you can look and say, a lot of those assets I'm running in the data center, I could still recover in the cloud. And so you can go through DR testing and you can start to define what's in your on prem so that you could make it, so you can make a cloud recoverable. Now, a lot of the people that do that then say, well, actually, why am I even running this on prem anymore in the first place? I should just move this to the cloud now. But there are people in that interim step, but it's really important because you're going to need a clean environment to play in. And it's so hard to have a clean environment set up in a data center, because it basically means I'm not touching this, I'm just paying for something to sit idle, whereas cloud, I can spin that up, get a cloud foundation suite and just, again, infrastructure as code, spin things up, test it, spin it down, it doesn't cost me money on a daily basis. Jason, talk a little bit about how you're using Druva, why Druva, and give us kind of a landscape of your IT environment with Druva. So when we first started, we did have a competitor solution and it was only backing up, we were a startup, it was only backing up our email. And so as you pointed out, the ecosystem really matters because we grew out of email pretty quick as a startup and we had to have real use cases to protect and the legacy product just wouldn't support us. And so our whole direction, or my direction to my team is back it up wherever it is, go get it. And so we needed somebody in the field, literally in the middle of Nebraska or Iowa, to have their laptop backed up. We needed our infrastructure and our data center backed up and we needed our SaaS solutions backed up. We needed it all. And so we needed a partner like Druva to help us go get it wherever it's at. Talk about the value with Druva being cloud native. Yeah, to us it's a big deal, right? There's all sorts of products you could go by to go just do endpoint laptop protection or just do SaaS backups. For us, the value is in learning one tool and mastering it and then taking it to wherever the data is. To me, we see a lot of value for that because we can have one team focus on one product, get good at it and drive the value. That consolidation theme is big right now, the economic headwinds and so forth. What was the catalyst for you? Was that something you started years ago? It's good practice to do that? Well, no, I mean, luckily I'm in a very good position as a startup, I don't define it. But I've been in those legacy organizations where we've got a lot of tech debt and then how do you consolidate your portfolio so that you can gain more value, right? You only get one budget a year, right? So I'm lucky in the learnings I've had and other enterprises to deal with this head on right now. As we grow, don't add tech debt, put it in right today. Talk to us a little bit about the SaaS applications that you're backing up. We talk a lot with customers, the shared responsibility model that a lot of customers aren't aware of. We're using that competing solution to protect SaaS applications before Druva and talk about the value in that going, the data protection is our responsibility, not the SaaS vendor. No, absolutely. I mean, and it is funny to go to, it's like Office 365 applications and go to our CFO and a leadership and be like, no, we really got to back it up to a third party and they're like, but what? It's in the cloud. And so there's a lot of instruction I have to provide to my peers and my users to help them understand why these things matter. And it works out really well because we can show value really quick when anything happens. And now we get, I mean, even in SharePoint, people will come to us to restore things. When they're fully empowered to do it, but my team's faster. And so we can just get it done for them. And so it's an extra for me. It's an extra SLA or never service level I can provide to my internal customers that gives them more faith and trust in my organization. How are the SecOps teams and the data protection teams, the backup teams, how are they coming together? Is data protection backup just morphing into security? Is it more of an adjacency? What's that dynamic like? So I'd say right now, and I'll be curious to hear Jason's organization, but certainly what we see broadly is the teams are starting to work together, but I wouldn't say they're merging, right? Because you think of it in a couple of ways. The first is you've got a production environment and that needs to be secured. And then you've got a protection environment. And that protection environment also has to be secured. So the first conversation for a lot of backup teams is, all right, I need to actually work with the security team to make sure that my backup environment, it's air-gapped, it's encrypted, it's secured. Then I think you start to see people come together, especially as they go through, say, tabletop exercises for ransomware recovery, where it's, all right, where can the backup team add value here? Because certainly recovery, that's the basics. But as their log information you can provide, or their detection pieces that you can offer. So I think you start to see a partnership. But the reality is that the two are still separate, because my job as a protection resiliency company is I want to make sure that when you need your data, it's going to be there for you. And I certainly want to follow best secure practices and I want to offer value to the security team. But there's a whole lot of the security ecosystem that I want to plug into. I'm not trying to replace them. Again, I want to be part of that broader ecosystem. So how do you guys approach each other? Yeah, so in my organization, we are one team. And not to be too cheesy or whatever, but as Amazon would say, security is job one. And so we treat it as if this is it. And so we never push something into production until we are ready. And ready to us means it's got a security package on it, it's backed up, the users have tested it, we are ready to go. It's not that we're ready just to provide the service or the thing. It's that we are actually ready to productionize this. And so it's ready for production data. And that slows us down in some cases, but that's where DevOps and this idea of just merging everything together into a central, how do we get this done together has worked out really well for us. So it's really the DevOps team's responsibility. It's not a separate data protection function. Nope, we have specialists, of course, because you need the extra level, the CISSP's and those people to really know what they're doing, but they're just part of the team. Talk about some of the business outcomes that you're achieving with Druva so far. Yeah, the business outcomes for me are, I meet my SLAs, that's promising. I can communicate that I feel more secure in the cloud and all of my workloads because I can restore it. And that to me helps everybody in my organization sleep well, sleep better. We transport a lot of the carbon in a pipeline like Colonial. And so to us, we are potential victims of a non-pipeline group, right, attacking us. But it's carbon, we're trying to get it out of the atmosphere. And so by protecting it no matter where it is, as long as we've got internet access, we can back it up. That provides tons of value to my team because we have hundreds of people in the field working for us every day who collect data and generate it. What would you say to a customer who's maybe on the fence looking at different technologies, why Druva? You know, I think, you know, do the research. In my mind, it'll win if you just do the research, right, I mean, there might be vendors that'll buy you nice dinners or whatever. And those are nice things, but the reality is you have to protect your data no matter where it is. If it's in a SaaS application, if it's in a cloud provider, if it's infrastructure, wherever it is, you need it. And if you just go look at the facts, there it is, right? And so I'd say be objective, look at the facts, it'll prove itself. Look at the data. There you go. Steven, Druva recently announced a data resiliency guarantee with a big whopping financial sum. Talk to us a little bit about that, the value in it for your customers and for prospects. Right, so basically there's really two parts to this guarantee. The first is, you know, across five different SLAs, and I'll talk about those. You know, if we violate those, the customers can get a payout of up to $10 million, right? So again, putting our money where our mouth is in a pretty large amount. But for me, the exciting part, and this is where Jason went, is it's about the SLAs, right? You know, one of Druva's goals is to say, look, we do the job for you, we do the service for you, so you can offer that service to your company. And so the SLAs aren't just about ransomware. Some of them certainly are, you know, that you're going to be able to recover your data in the event of a ransomware attack, that your data won't get exfiltrated as part of a ransomware attack, but also things like backup success rates. Because as much as recovery matters a lot more than backup, you do need a backup if you're going to be able to get that recovery done. There's also an SLA to say that, you know, if 10 years down the road, you need to recover your data, it's still recoverable, right? So that kind of durability piece. And then of course the availability of the service, because what's the point of a service if it's not there for you when you need it? And so having that breadth of coverage I think really reflects who Druva is, which is we're doing this job for you, right? We want to make this service available so you can focus on offering other value inside your business. And the insurance underwriters, if they threw holy water on that? They were okay with it, the legal people blessed it, you know, the CEO signed off on it, the board of directors, so, you know, and it's all there in print, it's all there on the web, if you want to look, you know, make sure. One of the things we wanted to be very clear on is that this isn't just a marketing gimmick that we're putting substance behind it, because a lot of these were already in our contracts anyway because as a SaaS vendor, you're signing up for service level agreements anyway. Yeah, but most of the service level agreements and SaaS vendors are crap, they're like, you know, hey, you know, if something bad happens, you know, we'll give you a credit for when you were down. I mean, it's not, you never get into business impact, I mean, even AWS, sorry, I mean, it's true, we're a customer, I read the fine print, I know what I'm signing up for, but so is, you know. We read it a lot and we will not, we don't really care about the credits at all, we care about, is it their force, is it a partner we trust, we fight that every day in our SLAs with our vendors. In the end, right, I mean, we are the last line of defense, we are the thing that keeps the business up and running, so if your business can't get to its data and can't operate, me coming to you and saying, Dave, I've got some credits for you, after you declare bankruptcy, it'll be great, that's not a win, right? It's no value. The goal's got to be your business is up and running, because that's when we're both successful. So we view this as we're in it together, right? We want to make sure your business succeeds, again, it's not about sleight of hand, it's not about just putting fine print in the contract, it's about standing up and delivering, because if you can't do that, why are we here, right? The number one thing we hear from our customers is Druva just works, and that's the thing I think I'm most proud of is Druva just works. So speaking of Druva just working, if there's a billboard in Santa Clara and you're the new offices about Druva, what's the bumper sticker, what's the tagline? I think that's it, I think Druva just works, keeps your data safe, simple as that, safe and secure. Druva works to keep your data safe and secure. Safe for me. Yeah. Druva just works. Guys, thanks so much for joining Dave and me on the program, great to have you back on theCUBE, talking about how you're working together, what Druva is doing, really putting its best foot forward. We appreciate your insights and your time. Thank you. Always great to see you guys. Likewise. For our guests and Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in enterprise and emerging tech coverage.