 From around the globe, it's theCUBE with digital coverage of VeeamON 2020. Brought to you by Veeam. Hi everybody, welcome back to theCUBE's ongoing coverage of VeeamON 2020. It's a VeeamON line 2020. I'm Dave Vellante and Rick Van Overis. Here's a senior director of product strategy at Veeam. Rick, it's always a great pleasure to see you. I wish we could see each other face to face. Yeah, you know, it's different this year, but yeah, it is always great to be on theCUBE. I think in 2018 it had an eight year gap and it's a couple of times we've been back since and yeah, happy to be back on theCUBE. So how's it going with you guys, with the online format? I mean, breakouts are big for you because you're profiling some new products that we're going to get into. How's it all working for you? Well, it's been different. It's a good way to explain it in one word, different. But the reality is I have a part in the language, a side hustle here, where at Veeam I've worked with the event team to kind of bring the best content. And for the breakouts, that's an area that I've been working a lot with our speakers and some of our partners and external experts, users and people who have beaten ransomware and stuff like that. But I've worked really hard to aggregate the content and get the best blend of content. And we kind of have taken an interesting approach where the breakouts are that library of content that we think organizations and the people who attend the event really take away the most. So we've got this full spectrum from R and D, deep level stuff to just getting started type of stuff and really all types of levels in between. And we want the breakouts to focus on generally available products. So I've worked pretty diligently to bring a good spread across the different products and then a little secret trick we're doing is that into the summer, we're going to open up new content. So there's this broadcast agenda that we've got publicized but then beyond that we're going to sneak in some new content into the summer. Well, I'm glad you're thinking that way because what a lot of people are doing is just trying to take their physical events and mirror it to the digital or the virtual. And I think so often with physical events people forget about the afterglow so I'm glad you guys are thinking about it up front. Yeah, it has to be a mechanism that we've used it a couple of different ways. One, to match how things are going to be released because we're always releasing products across the different set. I mean, we have one flagship product but then the other products have their own cycles. So if something works well for that we'll put it into the summer library and then it's also a great opportunity for us to reach deep and get some content from people that we might not have been able to get before. In fact, we had one of our engineers who's based in Australia and great resource, great region, strong market for us but if we were to have the in-person event I can't bring somebody from Australia for one session but this was a great way to bring her expertise to the event without having the travel burden and different variety of speakers and different varieties of content. So there's ways that we've been able to build on it but again, the top level word is definitely different but I feel like it's working for sure. So Rick, give us the helicopter view of some of the product areas that we should really be aware of as it relates to what you guys are doing at Veeamon 2020 and then we'll drill in. Give us the high level though. Yeah, so for people attending the event online my advice really is that we're spread across about 75 to 80% of the content is for technical people 20% of the content in the breakouts is going to be for decision makers or executives that type and then within the context of the technical content we wanna have probably 10 to 15% be like presenters from our R&D group so very technical, low level type discussions highest level architect type stuff kind of after that. Generic use case is a nice in the middle area because we have a lot of people that are getting started with our products maybe they're new to the Office 365 backup or they're new to backing up natively in the cloud. We have a lot of context around the virtual machine backup and storage integration, all those other great things but when the platform is kind of spread out at Veeamon there's a lot to take in. So the thought is wherever anyone is on their journey with any of the products and that's a hard task to do with a certain number of slots we wanna provide something for everyone at every level. So that's the helicopter view. So let me ask a couple of follow-ups on that so let's start with Office 365. Now you guys have shared data at this event talking about that most customers just say well I trust Microsoft to do my backup well of course as we well know backup is one thing but recovery is everything and so explain the value that you guys bring why can't I just rely on the SaaS vendor to do my backup and recovery? Well there's a lot to that question Dave the number one thing I'll say is that at Veeamon we have partnerships with Microsoft, VMware, HPE all the household brands of IT and in many of these situations we've always come into the market with the platform itself providing a basic backup I'll give Windows for example, NT backup. Yeah those you know it's there but there's always a market for more capabilities more functionality, more portability. So we've taken Office 365 as a different angle for backup and we lead with the shared responsibility model Microsoft as well as the other clouds make it very clear that data classification and that responsibility of data that actually sits 100% with the customer. And so yes you can add things to the platform but if we have organizations where we have things like I need to retain my content forever or I need a discovery use case and then if you think about broader use cases like OneDrive for business data especially with the rapid shift of work from home organizations may now be not so much using the file server but using things like OneDrive for business for file exchanges, right? So having a control plane over that data is very important. So we really base it on the shared responsibility and Microsoft is one of our strongest partners. So they are very keen for us to provide solutions that are gonna consume and move data around to meet customer needs in the cloud and in the SaaS environment for sure. So it's been a very easy conversation for our customers and it's our fastest growing product as well. So this product is doing great. I don't have the quarterly numbers but we just released at the mid part of or the Q4 where we just released the newest release which implemented object storage support. So that's been the big ask for customers, right? So it's that product's doing great. Yeah, so that notion of shared responsibility you hear that a lot in cloud security you're applying it to cloud data protection which security and data protection are now there's a lot of gray area between them now and I think it's security is a or data protection is a fundamental part of your security strategy but that notion of shared responsibility is very important and one that's oftentimes misunderstood because people hear, oh, it's in the cloud, okay, my cloud vendor's got it covered but what does that shared responsibility mean? Ultimately, isn't it up to the customer to own the end result? It is and I look at, especially Microsoft, they classify their software four different ways. On-prem software, software as a service, the infrastructure as a service and the, I forget what the third one is but they have so many different ways that you can package their software but in all of them they put the data classification for the customer and it's same for other clouds as well. And if I'm an organization today, if I'm running data in a SaaS platform, if I am running systems in IaaS platforms in the hyperscale public clouds that is an opportunity for me to really think about that control plane of the data and the backup and restore responsibility because it has to be easy to use. It has to be very consumable so that customers can avoid that data loss or be in a situation where the complexity to do a restore is so miserable that they may not even wanna go do it. I've actually had conversations with organizations as they come to Veeam. That was their alternative. Oh, it's just too painful to do. Like why would you even do that? So that shared responsibility model across the different data types in the cloud and on-prem as well and SaaS models, that's really where we find the conversations go pretty nicely. Right and if it's too complicated you won't even bother testing it. So I wanna ask you something about cloud native. You mentioned cloud native, your cloud native capabilities and I'm inferring from that that you basically are not just taking your on-prem stack and shoving it into the cloud. You're actually taking advantage of the native cloud services. Can you explain what's going on there and maybe some product specifics? Sure, so Veeam has this reputation of number one VM backup. Here in my office I have posters from all over the years and somewhere down here is number one VM backup and that's where we cut our teeth and got our name out there. But now if you're in Azure, if you're in Amazon we have cloud native backup products available. In fact, the last time you and I spoke was at Amazon re-invent where we launched the Amazon product and then last month we launched the Azure product which provides cloud native backup for Azure. And so now we have this cloud feature parity and those products are gonna move very quickly. As well we've had this software as a service product for Office 365 where we keep adding services and we saw in the general session we're gonna add protection for a new service in Office 365. So we're gonna continue to innovate around these different areas and there's also another cloud that we announced a capability for as well. So the platform at Veeam it's growing and it's amazing to see this happen because customers are making cloud investments and there's no cloud for all. So some organizations like this cloud, that cloud are a little bit of these two clouds combined. So we have to really go into the cloud with customer needs in mind because there's no one size fits all approach to the cloud but the data everybody knows how important that is. To that end though each cloud is gonna have a set of native services and you've got to develop specific to that cloud, right? So that you can have the highest performance, the most efficient, the lowest cost data protection solution back up in recovery possible. Is that, I mean, taking advantage of those native cloud services is gonna be unique for each cloud, right? Because AWS's cloud and Azure cloud those are different, you know, technically underneath. Is that right? You're absolutely right. And the cost models have different behaviors across the clouds. In fact, the breakout that I did here at the event with Melissa Palmer those who are interested in the economics of the cloud should check that out because the cloud is all about consuming those resources. When I look at backup I don't want backup to be a cost prohibitive insurance policy basically. I want backup to be a cost effective yet resilient technology that when we're using the cloud we can kind of balance all these needs. And one of the ways that Veeam's done that is we've put in cost estimators which it's not that big of a like the flashy part of the user interface but it's so powerful to customers. The thought is if I want to consume infrastructure as a service in the cloud and I wanna backup via API calls snapshots to EC2 instances only. Nice and high performance, nice and fast. But the cost profile of that if I kept them for a year is completely different than if I used object storage. And what we're doing with the Veeam backup for Azure and Amazon products are putting those numbers right there in the wizard. So you could say, hey, I wanna keep two years of data and I have snapshots and I have object storage. Totally different cost profiles and I'll put those cost estimates in there. And you can make egregious examples where it'll be like 10 and 20 X the price but it really allows customers to get it fast to get it cost efficient and more importantly at the end of the day have that protection that they need. And that's something I've been trying to evangelize at this cost estimator is a really big deal. Yeah, it provides transparency so that you can let the business drive sort of what the data protection level is as opposed to sort of either whether it's a one size fit all or you're under protected or over protected and spending too much. I asked Anton is gonna kind of how do you prioritize because basically the answer was we look at the economics and then ultimately you're giving tools to allow the customer to decide. Yeah, you don't wanna have that surprise cloud bill at the end of the month. You don't wanna have waste in the cloud. And Anton's right, the economics are very important. The modeling process that we use is interesting. I had a chat with one of the product managers who is basically in charge of our cloud economic modeling. And to the organizations out there this is a really practical bid is think about modeling, think about cloud economics because here's the very important part. If you've already implemented something, it's too late. And what I mean by that, the economics if they're not right when you implement it so you're not modeling ahead of time. Once you implement, you can monitor it all you want but you're just gonna monitor it off the model. So the thought is this is all a backwards process. You have to go backwards with the economics with the modeling and that will lead you to no surprises down the road for sure. Okay, let's. I wanna ask you about the COVID impact generally but specifically as it relates to ransomware. I mean, we've had a lot more inquiries regarding ransomware. There's certainly a lot more talk about it in the press. What have you seen specifically with respect to ransomware since the pandemic and since the lockdown? So that's something that's near and dear to my heart. On the technology team here at Product Strategy everyone has like a little specialization, industry specialization, ransomware is mine. So good ask. So the one thing that sticks out to me a lot is identifying where ransomware comes in and around, I have one data point that indicated around 58 or so percent of ransomware comes in through remote desktop. And the thought here is if we have shifted to remote access and new working models what really worries me, Dave is when people hustle, when people hurry and the thought here is you can have it right or you can have it right now. In mid-March we needed to make a move right now. So I worry about an incomplete security models, right? People hurrying to implement and maybe not taking their security right especially when you think about most ransomware can come in through remote desktop. I thought fish attacks were the main attack vector but I had some data points that told me this. So I have been and I just completed a great white paper that those watching this can go to Veeam.com and download but the thought here is I just completed a great white paper on tips to beat ransomware. And yes, Veeam has capabilities but here's the logic Dave, I like to explain it this way. Beating ransomware and we had a breakout that I recorded here at the event encourage everyone to watch that. I had two users share their story of how they beat ransomware with Veeam two very different ways too. Any product is or is not necessarily ransomware resilient. It's like going through an audit. And what I mean by that is people ask me all the time is Veeam compliant to this standard or that standard. It's 100% dictated how the product's implemented, how the product's audited. Same with ransomware. It's 100% dictated on how Veeam is implemented and then what's the nature of the exploit. And so I break it down to three simple things. We have to educate. We have to know what threats are out there. We have to know who is accessing what data and then the big part of it is the implementation. How have we implemented Veeam? Are we keeping data in immutable buckets in the cloud? Are we keeping data with an error gap? And then three, the remediation. When something does happen, how do we go about solving that problem? I talked to our tech support team who deals with it every day and they have very good insights, very good feedback on this phenomena and that they've helped me shape some of the recommendations I put in the paper. But yeah, it's a 30 page paper. I don't know if I can summarize it here. That's a long one for me, but the threat's real. And this is something we'll never be done with, right? I've done two other papers on it and I'm gonna have another one soon after that. But we're building stuff into the product. We're educating the market and we're winning. We're seeing like I had the two customers beat ransomware, great stories. I think I learned so much hearing from someone who's gone through it and that you can find that in the Veeamon broadcast for those attending here. Well, you touched on a couple. You take advantage of the cloud guys who have these immutable buckets that you can leverage. A lot of people don't even know about that. And then like you say, create an error gap and presumably there's best practice around how often you write to that bucket and how often you create that error gap. You maybe change up the patterns. I don't know, other thoughts on that? Well, I collectively put, I've created a term and nobody's questioning me on it yet, so that's good. But I'm calling it ultra resilient storage. And what I'm referring to is that immutable backup in the cloud. And it becomes a math calculation. If you have one data point in there, that's good. But if you had a week's worth of data points, that's better. If you had a month's worth of data points, that's even better. But of course those cost profiles are going to change. Same thing with tapes, an error gap, removable media. And I go back and forth on this, but some of the more resilient storage snapshot engines can do ultra resilient techniques as well, such as like pure storage safe mode and NetApp snap fault. And then the last thing is actually a Veeam technology. It's been out for three, four years now. Insider protection. It's a completely out of band copy of backup data that Veeam Cloud Connect offers. So my thought here is that these ultra resilient types, those are the best defense in these situations. And it becomes a calculated risk of how much of it do I want to keep because I want to have the most restore options available. I want to have no data loss, but I also don't want it old, right? There's a huge decline in value taking your business back a year ago because that's the last tape you had, for example. I want today's or yesterday's backup if I'm in that type of situation. So I go through a lot of those points in my paper, but I hope that those out there fighting the war on ransomware have the tools, I know they have the tools to win with Veeam. Well, thanks, we were talking about before and ransomware is a really good example of the blurring lines between security and backup and recovery, of course. What role do analytics play in terms of providing transparency and identifying anomalous behavior in the whole ransomware equation? Well, the analytics are very important and I have to be really kind of be completely transparent. Veeam's backup company, right? We're not a security tool, but it's getting awfully close. And I don't want to say the long form historical definition of IT security was something around this thing called a CIA triad, maintaining confidentiality, integrity and availability of data. So security tools are really big on the confidentiality and integrity side of it, but on the availability side, that's where Veeam can come in. So the analytics come into our play pretty naturally, right? We have the Veeam has had for years now an alarm that detects abnormal behavior in regards to CPU writes or CPU usage and disk write IO. Like if both of those are abnormally high, that is what we call possible ransomware activity. Or if we have a incremental backup that is like 100% change rate, that's a bad sign, right? Things like that. And then the other angle is even on PC's desktops like this computer I'm talking to you now on we have just simple logic of once you take a backup, eject the drive so it's offline, right? So analyzing where the threats come from, what kind of behavior they're going to have when we apply it to backup, Veeam can have these built-in analytic engines that are just transparently there for our customers. There's no deep reeducation necessary to use these, but the thought is we want a very flexible model that's gonna just provide simple ease of use and then allow that protection with the Threatscape to help the customers where we can because no two ransomware threats are the same. That's the other thing. They are so varied in what they do, everything from application-specific to files. And now there's these new ones that upload data. The ransom is actually a data leak. They're not encrypting the data. They're just, the ransom is to take down potentially huge amounts of data leakage, right? So all kinds of Threat Actors out there for sure. You know, with last kind of line of questioning here, Rick, as I've said a number of times, it's ironic that we're entering this new decade and this pandemic hits and everybody talks about the acceleration of certain trends. But if you think about the trends, you know, last decade, it's always performance and cost. We talked a lot about granularity. We talked about, you know, simplicity. You guys expanded your number of use cases, the support, the compatibility matrix, if you will. All those things are sort of things that you've executed on. As you look forward to this coming decade, we talked about cloud. I mean, we were talking about cloud, you know, back in 2008, 2009 timeframe, but it was a relatively small portion of the business. Now everybody's, you know, talking cloud. So cloud, cloud native, the whole discussion on ransomware and maybe even broader, business resiliency, digital transformation, we've been, you know, given lip service in a lot of cases to digital transformation, all of a sudden that's changed. So as you put on, you pull out the telescope and look forward to the trends that are going to drive your thinking in Veeam's decision-making. What do you look toward? Well, I think that Veeam's laser focused on four things. Backup solutions for cloud workloads and there's incredible opportunity there, right? So yes, we have a great Azure story, great Amazon story and in the keynote, we indicated the next cloud capability, but there's still more. There's more services in the cloud that we need to go after. There's also the SaaS market. We have a great Office 365 story, but there's other SaaS products that we could provide a story for. And then the physical and virtual platforms. I mean, I feel really confident there. We've got really good capabilities, but there's always the 1% and, you know, what's in the corner? What's the 1% of the 1%, right? And those are workloads we can continue to go after. But my thought is, as long as we attack those four areas, we're gonna be on a good trajectory to deliver on that promise of being that most trusted provider of cloud data management for backup solutions. So my thought here is that we're gonna just keep adding products and it's very important to make it sometimes a new product. We don't wanna just bolt it on to backup and replication V11 or V10 for that matter because it'll slow it down, right? The cloud native products are gonna have to have their own cadence, their own independent development cycles and they're gonna move faster, right? Because they'll need to. So you'll see us continue to add new products, new capabilities and sometimes it'll intermix, you know, and that's the whole definition of a platform when one product is talking to another from a management side, a control plane, given customer portability, all that stuff. So we're gonna just go after a cloud virtual, physical SaaS and new products and new capabilities to do it. Well, Rick, it's always a pleasure talking to you. Your home studio looks great. You look good, but nonetheless, hopefully we'll be able to see each other face to face here shortly. Thanks for coming on. Thank you, Dave. All right, and thank you for watching, everybody. It's Dave Vellante and our continuous coverage of Veeamon 2020, the online version. We'll be right back right at this short break.