 Live from Chicago, Illinois. It's theCUBE, covering VeeamON 2018. Brought to you by Veeam. Welcome back to the Windy City, everybody. You're watching theCUBE, the leader in live tech coverage. When we go out to the events, we extract the signal from the noise. This is our second day at VeeamON 2018, our second year on Dave Vellante with Stu Miniman, my co-host. Phil Goodwin is here as a research director at IDC's Storage Systems and Software Group. Phil, thanks very much for coming on theCUBE. It's a pleasure to be here today. So, you've been to more VeeamONs than we have, so you've seen even a greater evolution. Although we've been to a lot of VeeamONs, we saw a lot of green. So, this company has painted Chicago in green. What's your take on the progression and ascendancy of Veeam, beyond just being a virtualization specialist? Sure, obviously the most interesting thing about Veeam is how they really have become the high growth leader of this industry, and in many ways kind of the darling of the industry, because they've got a lot of the momentum, a lot of the attention that's going on in the data protection and recovery software space. I think what has really struck me over the years of these VeeamON conferences, and really from the very first one that I attended three years ago, is the degree to which there is an ecosystem that's been built up around the products that they have for things like disaster recovery as a service, backup as a service, and so forth, where people take the Veeam software, build it into their own products, and go to market with that. And I think that's totally unique in the way they've done that compared to many of their competitors. Let's see, we're talking about 800 plus million dollars in bookings, mid 30% growth rates. I presume the data protection market's not growing that fast. No, although it's surprisingly strong. Last year, it grew at about 7% rate. We don't expect it to keep going that fast, but if you compare that to other storage software, which is one to 2%, or in some cases even negative, it's actually an area that's quite bright. Yeah, it's growing much, much faster than the overall IT business, right? Oh yeah, absolutely. And so, why? Why is it growing faster? Well, part of it's driven by capacity. A lot of the vendor models are associated with the capacity, and so they charge upgrades every year, and as data is growing at about 40% per year on a compound annual growth rate, that does cause customers to upgrade their licenses. But we're also seeing an acceleration in the deployment of applications, so we expect IT organizations, according to our research, to add an additional 200 applications over the next 36 months. That's not a lot of new applications. What we find in many cases is what we would call the traditional incumbent vendors who have their footprint within the enterprise, maintain that footprint in many cases, but those new applications have the opportunity to bring in new products, and that's really where the opportunity for Veeam is. So part of the growth is somewhat artificial, if I understand it, and that it's pricing driven. Absolutely. And so that would suggest, given that data protection is largely insurance, that some, you know, the CFOs are going to look at that line and say, oh, this isn't sustainable. Right, right. Unless, and I want to run this by you, research indicates that Fortune 1000 companies over a three to four year period, billions of dollars each on the table because of just not the most end to end or well thought out architected data protection solutions. And so, maybe that expands the TAM a little bit, but is that kind of growth sustainable? You've already sort of indicated it's not, but maybe talk about that a little bit. Right, the nature of threats has really changed a lot over the years too. So if you look back on computing, it used to be system failure, human error, and to some degree natural disaster were your biggest threats. Nowadays, it's actually ransomware, malware, and other things that are much bigger threats than the traditional types of threats that organizations have dealt with. So as the evolution of data protection has come about, what we've found is very much a willingness among IT organizations to not simply try and go with a single product, but to rather buy a best in class product for specific platforms. So in the case of Veeam, I think they really did a very successful job of writing the virtual infrastructure wave when most of their competitors were architected specifically for second platform types of applications. Yeah, Phil, and one of the interesting to watch in Veeam is their expansion beyond that virtualization. What insight can you give us about data protection in SaaS, in public cloud, in service providers? A lot of those environments, you would think the platform or the provider might have a choice, so how does Veeam get in there? How much do customers really have choice there? That's really a great point because what is happening is we're moving data protection from the system level. We've moved it up to the virtualization layer, and now it's really moving to the application layer, where it is the application developer who's building that data protection directly into their application. So what we're seeing is those application developers, which as you mentioned are many are SaaS applications on the web, building the data protection into their specific environment. But the other thing that's happening is IT organizations are suddenly realizing that much of that data that is in the web or with those SaaS applications is not being protected according to the SLAs of the organization. So they're using third-party tools and applications like Veeam to bring that data back on site and to protect it according to what the requirements and government's requirements are. Okay, so let's unpack some of this. So if I understood it correctly, is that a, go back to the developers as architecting in the data protection approach. Is that a result of the DevOps trend, infrastructure as code, or is it something else driving it? I think it's more being driven by the fact that these are discrete applications outside the data center. So if I'm inside the data center and I'm trying to protect a hundred different applications, I may try and apply the same techniques to all of them in the same policies. But these are applications like Salesforce.com or Payday or other applications that are really, for lack of a better term, a single application. And so that environment really doesn't have to consider the other systems within a data center. So it's a SAS guy saying one size fits all. There you go. For them, yes. That's exactly right. Which, by the way, is an age-old problem inside the data center. It was like either you were not protected enough or you were paying too much. So do companies like Veeam solve that problem by providing more granularity and maybe aligning better with this? Yeah, they go attack the problem in a couple of different ways. First of all, they certainly have their traditional business within the data center, but they're also partnering with many of the cloud-based organizations like Azure and Amazon and others to be able to help organizations protect data they have in the cloud. Plus they're working with specific applications to be able to provide that kind of protection for a SAS app. Okay, and I want to go back to something you were talking about, let's do a best of breed. So we do a lot of these shows. You talked to a lot of customers and a lot of technology companies. You get two ends of the spectrum. You get the best of breed guys like Veeam. So hey, we're best of breed. Why would you buy that old clunky outdated backup capability? And then without naming names, you get the integrated full-stack companies going, why would anybody buy from some tiny little company? Yeah, okay, they're 800 million, but they can't do digital transformation and big data and SAS and blah, blah, blah. So why would anybody, who cares about backup? Okay, so you have two completely counterpoised positions. Yep. How can you help us parse through that? I think a lot of it comes down to who is the actual consumer and buyer of the solution and that's indeed changing. What we're seeing much more is the application developer, the application provider, or even the line of business making the decision as to how those or what applications are being deployed as opposed to the central IT organization. So whereas a central IT organization say, maybe this is part of digital transformation, the business unit may be buying other applications. We talked a little earlier about money being left in the table. I don't know what your research shows, but clearly there's opportunities there that's not being harvested today. From a cost-benefit analysis standpoint, I know it's one area that you focus on and spend some time there. Is it a reasonable expectation that CFOs will actually look at that lost opportunity, that soft revenue that they're losing, which really is not that soft, and say, hey, we actually need to increase our spending in this area? Some of them, yes. What you really find is a maturity curve, of course, where you have some organizations that really have a very traditional view and have not tried to move forward. But our research is showing that about 60% of organizations have embarked on some kind of digital transformation and that about 70% have a cloud-first perspective. So those organizations really are looking at those kinds of opportunities, both in terms of cost, opportunity, cost, or absolute cost, and saying, how can we optimize this environment entirely? Yeah, I mean, if I were the CFO, and let's say I had the cash, so I wasn't capital constrained, I would still say, look, this is insurance, so figure out a way to get more value out of this data, get all this data in the backup repository. What can we do with that? What analysis can we do? Can we maybe be more efficient with regard to how we do security? Can we, you know, it's like the U.S. government. Can we have this agency talk to that agency and figure out a way we can get more leverage? I can really be putting pressure on them to do that. Is that an unreasonable expectation for CFOs? No, and in fact, what our research has shown is that about 40% of organizations use their backup data sets for analytics. They also, about 30% of them, 33% use it for other purposes such as development and test, staging others, so organizations really are trying to leverage that vast amount of information that they have for other purposes. One of the challenges that come out, though, is GDPR, the European regulation to the right to be forgotten and the way organizations have to be able to manage that data. Going into those data repositories, including backup data sets to say, okay, this is data that we have to expunge by regulation. Yeah, Phil, I wonder there's, you know, we've been talking about the threats of GDPR and, you know, you might get sued or everything. For years, the last few years, we've really been talking about how we get insights and data, you know, insights and, you know, can transform businesses around data. Is GDPR a threat to this whole wave of getting value out of data? I don't think it's a threat to getting the value out of the data. I think it's a threat to how you manage that data. And the threat is much more widespread than many organizations realize. If you're doing business with anyone who is European or has traveled to Europe, and really any kind of footprint in that regard can potentially put your organization at risk if you're capturing any of that data. But I mean, that stat you just threw out was pretty interesting that 40% of the organizations that you surveyed are actually doing some types of analytics with their backup data. I would think that governance and compliance, GDPR-related stuff, they're going to take, those 40% are going to take a similar approach to GDPR. Say, okay guys, we got to do this. Find some more value out of it. There you are, or else, get you in a headlight. So, right? I mean, that's a huge number of things. That's right. And one of the ways you do that is, and that Veeam has done, is to open up APIs, application program interfaces, to allow third-party organizations to leverage that data repository and do that kind of analytics. Veeam themselves or any other backup vendor can't really leverage, or can't really do that, but by opening that up to third parties, it increases that ecosystem and increases the value that IT organizations can get from their data and their investment. Some of your research, maybe you could highlight some of the stuff you're proud of, fun stuff you've been working on, things that are current, recent that you want to highlight to the audience. Right, I think some of the interesting things, the trends in the industry really are that the kinds of things like backup and recovery and high availability and disaster recovery, we see really going into a continuum of availability, where if I can move data across geographies and I can recover my application seamlessly, regardless of where the data is, why do I ever need to have disaster recovery again? And in fact, that's where we believe availability is going. And in fact, the theme for Veeam at this show is hyper-availability. One of the ways you do that is by placing the data in the right locations for that kind of recovery. So, watching from the days of backing up once a day onto tape to continuous availability is actually a pretty interesting development. So who's doing a good job in this space? I mean, it sounds like Veeam is getting it done, obviously, and the numbers speak for themselves. You got the startups, Cohesity, Rubrik, Zerto, obviously plays in there. You got Veritas, his, you know, suppose you're retooling, you had Bill Coleman in there, from a BEA guy who's supposedly put a lot of R&D into that. You got the leader in Dell, UMC. Obviously, they have a lot of resource, spend a lot of money, they're going through a retooling process. IBM has software defined everything. It seems like it's jump ball right now. It's sort of wide open in this space. It really is, because you look at, you mentioned Dell EMC, they're focusing on IoT. Well, IoT generates a phenomenal amount of data. What data needs to be captured, how does it need to be captured, protected, managed, is going to be a huge issue for organizations. So that's a very interesting target. Veritas has been looking at their 360 data management and really taking a holistic view of data management and they're doing some very interesting things there. Commvault has done actually a pretty nice job of getting into some cloud related kinds of things. So, and then finally, as you mentioned, Rubrik and Cohesity, I would put them along with Veeam is probably the three companies that right now are disrupting this industry the most. They're probably certainly some other ones that are up and coming, but in terms of those that are really providing some disruption, I would probably go with those three. All right, they're breaking down Veeam 2017, the exhibit I'll fill. Thanks so much for coming to theCUBE. Great stuff, really good analysis. Appreciate you having on. Pleasure, guys. Take care. All right, right there, everybody. The trains are packing up. We're trying to jam everything in before they shut down our studio. So, we'll be right back, right after this short break.