 Live from the Mandalay Bay Convention Center in Las Vegas, it's theCUBE, covering VMworld 2016, brought to you by VMware and its ecosystem sponsors. And welcome back to Las Vegas, day two here at VMworld as theCUBE continues our coverage here at Mandalay. They looking forward to an exciting day at Great Keynotes already and off and running we are here on theCUBE. I'm joined by my colleague here, Peter Burris who runs research for SiliconANGLE as well as for Wikibon. Peter, good to see you, sir. Good to see you, John. Thanks to be, great to be here. Absolutely. And we're joined by Rod Matthews as the SVP and the GM of Data Protection of Barracuda Networks. And Rod, thank you for being here. It's great to see you, John. Great to see you, Peter. Yeah, let's talk about if we would just jump off with a trend unfortunately that's growing, you know ransomware and some of the examples maybe that you've seen out in the marketplace for people who are going to some extremes to protect themselves and having to come up with some payments maybe that obviously your clients would like to avoid that situation and what you're doing for them. Absolutely, and this is really a conversation that I have on an almost daily basis with our customers where this whole concept of ransomware has really escalated over the last couple of years. And if you look at the last six months to a year it's escalated even more. We recently did a survey with Osterman Research who you probably know, Peter, where we saw about 50% of the respondents come in and say that they'd been attacked by some form of ransomware in the last year. So rampant. And so if you want to protect yourself against that there's really a couple of different ways to do so. One is to have an effective firewall and network security layer in place and to have an effective email security in place so that you can keep those ransomware attacks from getting into your environment in the first place. But unfortunately some of those things actually do get through because the definitions don't keep up with the hackers. And so when that happens you want to have a very effective data protection strategy with an effective kind of retention strategy that allows you to go back to a point in time when that ransomware didn't exist and recover your data without having to pay this ransom to the hackers. So what are people paying? I'm just kind of curious, have you heard of any worst case scenarios of what somebody's been willing to write that check to maybe they didn't do the work on one side and they had to pay for it on the other? Yeah, it varies. We've seen on the consumer side of things sometimes it's a few hundred dollars on the business side of things. We've seen $5,000, $10,000, $15,000 or more kind of ransoms that these hackers are expecting customers to pay to get their data, their stolen data back, it's a real problem. Another problem, executive fraud, that we're hearing about and I'm curious from your side of the fence what you're seeing in that regard and what people can do to protect themselves on that front. Yeah, that's where a really effective email security strategy is super important because there's another trend that's happening where people will impersonate CEOs or CFOs to say, hey, I've got this big customer, I've got this wire transfer, it needs to be done in the next five minutes, here's my swift number, send this wire transfer and it looks like it's coming from the CFO or the CEO and that person goes and does that transfer. There's been a lot of examples of companies that have fallen prey to that and that have not been able to get that money back and so that is something from an email security perspective it'll catch the fact that that email is not really from that person and will help prevent it from being delivered to someone who may not know that that's actually fraud that someone's committing against the company. So, Rob, we've done a lot of research at Wikibon Silicon Angle in trying to understand the dynamics associated with digital business and our observation is that following Peter Drucker that if business is about creating and sustaining customers digital business is about differentially using data to create and sustain customers which means overall the industry's becoming much more focused on the value of data as an asset and what it means to secure that data and appropriate returns to your shareholders and your customers with it. That's why this ransomware issue is not just a small problem but we can expect that the ransoms are actually going to go up over time as the hackers themselves start to understand the value of the assets that they've appropriated. And they've gotten very sophisticated. You know, one of the things that we've heard from a number of customers who've gotten attacked by this ransomware is that when you do go pay the ransom they actually provide customer service and they actually help you get up and running. So this is actually a business model that a lot of these hackers are putting in place that as you mentioned, right? It's only going to get more sophisticated as they continue to do these attacks. So a lot of large organizations and small organizations are moving to the cloud. We're using more and more effectively public infrastructure, common components, common interfaces, common delivery methods. The challenge of that is that the more that you connect things together, the more likely you are that his problem becomes her problem. Talk to us a little bit about how security is attacking that issue and providing separation while at the same time facilitating this very rich connection that's driving a lot of the changes in the industry today. Absolutely, and one of the things that's happened, and this is over a longer period of time, it's over the last 10 years, we've seen things move from being a physical server that was either in your office or in a data center, maybe a co-location facility. That got virtualized and VMware really drove a lot of that shift in the marketplace where now everything didn't have to be on a physical server. That evolved into a cloud architecture where now things aren't even necessarily in your environment, so they could either be in a private cloud that someone's hosting or it could be in a public cloud type environment and people have moved to software as a service where companies used to run and still do run their email infrastructure on a local exchange server. It was a very rapid movement for all that stuff to move to the cloud to something like Office 365. And so now you've got data that's spread out in a whole bunch of different places that you don't necessarily control in your own physical environment and that's where it's really important to have a strategy and a solution that allows you to protect all of that in a simple way and in a consistent way so it doesn't matter where the data is, you can still protect it. So talk to us about the perimeter. Does that mean that the perimeter is defined differently or it's perimeter less? What is the emerging domain or zones of security that we're going to be looking at going forward? Yeah, and that's where it gets really hard to define what that perimeter is because a lot of what we talked about and what you heard in the keynote yesterday was some of the things about being able to easily move your data between different clouds and between your local infrastructure. When you do that, now you're sort of creating a borderless world where it doesn't really matter where that data is and in the world we're moving into that's more DevOps oriented and rapid deployment oriented. It's one of the things that I do at Barracuda is run our public cloud. It's very easy for people to say, hey, I know I have this option here to deploy this application and data but maybe I want to use this option over here and things tend to spread out pretty organically and so you don't really always know where that border is and that's one of the challenges as companies that we have is making sure A that we can control that through operational processes and operational efficiencies but secondarily making sure we can protect it because many times the best choice you have if you want to expand geographically, for example, is to use something like a public cloud to be able to very quickly stand up a data center whether it be in Singapore or Spain or wherever the country might be. Well, given that your customers are almost always outside of your network, at some point in time you're probably going to have to use a public cloud. Exactly. So we did a major piece of research not too long ago in which we worked with a lot of our CIO clients and asked them how they're starting to talk to the board of directors, CIOs and CISOs and we got an interesting perspective that in the last 12 or 18 months there's been a shift, a shift away from standing in front of the board making a promise we will protect the company too standing in front of the board making the promise they're going to get in, we will limit the damage. That kind of suggests that security companies are going to themselves have to move from a focus a narrow focus in products to also adding some services that help companies limit the damage. Are you doing that at Barracuda now? We're absolutely doing that. So if you look at, for example, what we're doing with our basically cloud oriented next generation firewall and our web application firewall product that's a close companion to that is making it very easy for people to protect the local stuff but when they move into the public cloud to have a firewall solution that's managed the same way, that's deployed the same way, that's designed to be used in a distributed cloud environment. In fact, we were last year the ISV partner of the year for Microsoft Azure with those two products because we help customers solve that problem. When people go to their board and say, hey, I'd really like to go use Azure. One of the questions that comes back is how are you going to protect that environment and how are you going to make sure that that environment is safe? And as we talk to Microsoft and our joint customers, that's one of the places where we've been able to really help customers get comfortable with that security and really help Microsoft drive that business. You mentioned 365 a little bit ago and this migration to public cloud. What's that doing in terms of your business and what is that I guess encouraging or fertilizing if you will in the marketplace? What's happening right now? Yeah, so basically for us there's a few initiatives that we focused on. One is making sure that our products work with those SaaS oriented services or those public clouds. And so I mentioned the things we're doing at Azure. We've had a whole initiative around Office 365 and a product we have called Barracuda Essentials for Office 365 that offers email archiving, email security and email backup for that Office 365 environment. But fundamentally it's not only the products being enabled for those services but it's also how we go to market. And so there's a new kind of way customers are procuring these services through marketplaces whether it be through the Azure Marketplace or through AWS or through Google or through VMware. There's different ways that customers buy those services. And so we've had to really adapt the way we interface with our customers, the way they want to buy them and the way we need to service them in those environments. So it's a lot of change. And I know you're making a big play on IoT. And obviously there's a whole array of security concerns in that regard because you're talking about some cases healthcare, critical information, personal data being transmitted. So what about your play in that space? And a lot of what we do there is through our firewall being able to protect those endpoints as they connect to your environment, making sure we know what those endpoints are doing and doing some mobile device management capabilities that are built into that firewall that help configure that. But one of the challenges is with all of these cloud things is you have to be able to get to the cloud in order to get to those services. So being able to have a secure connection and to be able to have quality of service within that connection becomes very important. And then the thing with mobile devices is everybody brings their own network. So not only do you have people connecting to your network they can easily connect to their carrier network. And so you have to think about how somebody could come in through that vector to get to your network. And that's where having those things connected to a firewall where you can protect your corporate infrastructure becomes very, very important. What will be the role of security going forward in business design? So as we think about companies becoming more digital they're moving from a notion of their brand being defined physically to the brand being defined digitally. How will security, what role will security play in making that real in marketplaces? And I think there was a thing in the keynote this morning about what a data attack can cost a company and the number that was put up on the board was $4 million for a data breach or an attack. And the main thing is try to not let that happen and try to make sure that you're not letting those people into your network. The other thing with something like a web application firewall is if they do come in through something like a SQL injection attack or something along those lines is don't let the data out. So be able to contain things as much as you can as well. So there's multiple ways you protect against these attacks. And as I mentioned earlier, being able to have an archive of your email so you can keep the email environment small so you don't have to back up and protect as much of it and your risk is much smaller. And also being able to back up that information so that if you do get attacked by something like ransomware you've got a nice clean copy of the data that you can go back to without having to pay the ransom. So it's really a combination of the security element and the data protection element. That's where we feel like at Barracuda we're very uniquely positioned because we offer both of those capabilities that are all managed through a single interface and are all managed in a common way. Yeah, we've talked a lot about pain points for customers and obviously with ransomware and executive firm, what have you, what about for you? Like what is it like your worst case scenarios that you're trying to deal with and hopefully come up with solutions because you know there's a lot of bad guys, right? And you're racing against them as well as trying to protect your client. So what's keeping you up at night? Yeah, the main thing for us and in my part of the business and data protection it's how do we go provide all of the protection people need for some of these new services and today very focused on Office 365 but also in public cloud because you still have human error that you have to protect against. There's still these kind of ransomware and malware attacks that you have to protect against. There's data corruption that you have to protect against. So the traditional kind of backup view of if my building floods or burns down I need to protect that physical thing sort of goes away because that data's distributed in a cloud somewhere but you still have to protect against all the other things which is really where most of these issues come in. It's usually human error or data corruption or some of those kinds of things that causes somebody to have to recover from a backup. It's very rarely a physical disaster, right? So there's the perception that people don't need to backup their data anymore or don't need to protect their data anymore which couldn't be further from the truth. We still have to protect against these things that are going to happen. All right, best of luck down the road with that and we appreciate the time here on theCUBE. Hope the show goes well for you. Thank you, yeah. Thank you for watching you down the road. This was always a great show. I think I've been here eight or nine times now so it's a great, great event. And you're becoming a CUBE regular too. I love theCUBE. It's always fun. Good to have you on. Thank you guys. Thanks a lot Matthew. So Barry Cuda. Back with more from VMworld right after this. You're watching theCUBE.