 Live from Nashville, Tennessee, it's theCUBE. Covering Commvault Go 2018, brought to you by Commvault. Welcome back to Nashville, Tennessee. This is Commvault Go and you're watching theCUBE. I'm Stu Miniman with my co-host Keith Townsend. Happy to welcome you to the program. This is a user conference, so we love digging in with the users. I've got David McCurdy, who's the CTO from the great state of Colorado. Thanks so much for joining us. Great to be here. It's a great event. I'm happy to be here. We're here to evangelize the great work Colorado's been doing with Commvault and just in general. All right, great. So we're from Chicago, Boston, and Colorado, Denver. So we're not going to talk football, but tell us a little bit about, you know, your CTO, love talking to the CTOs. What's your technology charter? Give us a little bit of the thumbnail as to kind of, you know, what divisions you support, how many people you have, that sort of thing. Yeah, so the way the state's set up is I work underneath the governor. We're an office of the governor, so it's actually the governor's office of information technology. We support all the traditional branches of government that people think of in terms of agencies, like Department of Health and Human Services, Medicaid, Department of Corrections, DMV, Department of Revenue. So all the big agencies all fall under our department, and then about 800 of the 900 staff inside of OIT report to me directly. And that's all the infrastructure and application stacks, all the strategy, chief data office, chief transformation office. Lot of responsibility, lots of fun, lots of long weekends, but it's been a good role for the last four years. David, before we dig into some of the data protection stuff, I love you talk about like, you know, innovation. You talk about, you know, technology transformation. First of all, IT in general and government specifically often get, you know, labeled with the, oh well, they do things the old way and they've got no budgets and they never make any changes. I've had some great case studies. I've talked with people in roles like yours. So give us a little bit of what's it like to be, you know, working in a state government this day and age with 2018 with technology? It's very exciting. It's very exciting to work for Colorado specifically. I don't know if it translates to all other states. I've talked to other CIOs and CTOs around the country, but we have a very supportive governor. He just announces a campaign to run for president. Maybe we'll see how that goes. But outside of that, he's very innovative. He took a business trip to Israel, came back and set up a cybersecurity lab in the state because he thinks there's a major need for more cybersecurity and those disciplines. In Colorado today, we're running negative 14% unemployment for security jobs. So it's just huge opportunity outside of that. My boss, Summa Nalapati, a state CIO, right underneath him, it's all about innovation. How can we make Colorado number one in everything we do? And that's really the goal. What the governor said, the way he talks about technology, he wants technology to be elegant. That's not a word you hear a lot, but when you think about that and apply it to technology, there's a very specific outcome you're trying to get out of that. All right, well, David, at this show, we're all talking about data. And everybody's, you know, it's what can I do with my data and how do I make sure that things don't get wrong? Well, anybody that's been in IT for a while is Murphy's Law sometimes does play out. So you've actually had a couple of experiences, some good things you've learned, but some challenges that you had, maybe Sheriff says, you know, what happened? Yeah, I mean, one of the things I'm here to talk about is we kicked off an initiative called Backup Colorado. And what it was, it was consolidating all the backup and recovery services for all those agencies that I just named, plus some more, right? Monster project, monster tax. It was all born out of a major data failure the state had. You know, we were a fairly new organization. We were immature. We were still running things in a siloed environment. Most of the country, most large organizations have gotten down the IT consolidation path. We were a few years down the road and we got hit with a major data loss event. And it was specific to marijuana data, which makes some people smile, some people frown, but it's a very interesting topic. It wasn't interesting to lose customer data though. I don't care if your private organization or public organization, this was real data loss. And it highlighted the need for a focused approach to solving this problem. So we went about just kind of transforming the whole space. First, put a proposal on the table, going to the general assembly, going to the governor, saying this is what we need to do. They signed off on it. And then we implemented it, right? We got tens of not hundreds of people together around the state. We coordinated agencies. We got people on board that didn't want to be aboard. They liked the silo approach. They liked their agencies doing their own thing. But you can't do anything right 16 different ways. You don't have to do it one way, but it can't be 16. But we took a standardized approach and we worked with Commvault as our partner to deploy a complete backup and recovery system for the state. Highly successful project, rolled out, standardized, everything you could want. While we're doing that, we are completely changing our application and infrastructure stacks. We are consolidating all of our servers and the three data centers in the state. We're bursting into the cloud. We're replatforming on software as a service. All those, I'm responsible for each one of those stacks. Mind it, what my guidance was, just go and change the world, right? And in a very senile way or non-senile way, we went out there and we were like, how can we do this thoughtfully? How can we do it but push, blades, new trails, that type of thing? And the story that I've been sharing is, we got to see the end results of that. What kicked it off was a public disaster, but the state was hit with a ransomware attack, very targeted, very coordinated. They hit one of our larger agencies. We had good security in place, but there's always stuff that can happen as you kind of alluded to. And because of this project, because of the team coordinated effort, because of the technology, because of the stuff we were leveraging, we were able to bring that agency back whole, which a lot of organizations cannot say, right? A lot of technologies cannot say, with as many systems that were impacted for the time period they were, to bring that agency back whole and actually have the executive director of the agency doing very similar conversations as we're doing now, how can dots around the country roll out a plan very similar to this? So David, people process technology. You guys are changing processes. You're changing technology, extremely disruptive. Talk about the impact on your people. What mindset or what changes that you have to make organization-wide? 800 people is a lot of people to get in line. What did you start? What did you do? What was successful? Not so much. Well, first I had to get my customers on board, right? And compelling events help bring customers on board. I don't think that's the best way of doing it, but always leverage a compelling event. In this case, we had a compelling event we had the onus from our executive branch and a legislative branch. So we had the hammer if we needed it to get it done. The team actually came together. We were in a very successful RFP. We baked off competitors in the space and it was a beautiful thing to see all my server engineers, all my desktop guys, all my database guys and gals coming in and working together to make this project happen. I didn't have to sell them on it. They came to me and said, we think this is the best technology stack for the state. When I recognized, when I heard them, they all got on board and we were able to roll it out. And so I think it was that team approach, not top down, but let's all come together and find the right thing for the state. I think that was why it was so successful. It was a team approach and we had executive buy-in. We were able to get it done. You talked about how Commvault hoped with that transition, 16 different breakup products. If the state would like any other organization, there's at least 15, 16 different backup products. People like what they use and transitioning to something new requires training, support. How did Commvault help you guys in that transition? They were a great partner, all the way through the RFP process to bringing in and doing training. We have a big thing at the state and admire the technology stack. We do lunch and learns. So there's lots of training. Commvault brought a lot of resources. We had engineers specifically assigned from Commvault to help with the project, to roll out, and then the transition. So a very effective partner in terms of helping us along the way. It never helps to have that kind of hammer, as I said before, to push it forward. But I really couldn't have asked for anything more. And I spoke a little bit about this the other day. When we had this compelling event with the ransomware this year, I picked up the phone and I got an answer right away. And I said, we're going to need you once again. And they showed up. Commvault showed up. The great thing was we didn't need them, right? My engineers had an effective turnover in training. They got the initial alerts before anybody did, before any of our security groups, anybody. Commvault detected this ransomware really before any of my tool suites because of the way it came into our organization, which was kind of cool. But just in general, a great partnership. They were there all the way through the recovery of CDOT as support for our team, but really weren't needed just because of the effective transition. Yeah, that's an interesting point you talk about. You would think it would be the security tool that would be alerting you. Commvault and companies like it sit in an interesting position. You've got data, you've got metadata. That surprised you that that was the tool that helped you alert you in the first? Shocked me, shocked me, right? I mean, we spent a lot of money building stacks of tools to protect the state and very effective tools. So it is nothing against those tool suites specifically. We're actually rolling out another tool that week that ultimately would have prevented it. That being said, stuff happens and the way this ransomware came in bypassed that visibility. But Commvault, looking at our backups every night, taking differentials of them, saw encrypted files on Dix, sent out an alert, the teams knew exactly what to do, got executives on the phone, got security ops on the phone, and it kicked off from there. So yeah, shocked, happy that we caught it. Not the way I would have wanted, but that's why you got layers of security. That's why you got layers of teams to support each other. So speeds and fees outside of the support capability that Commvault provided and one, helping you guys get alerted to the event and then the support reacting to the event. Talk to us, what did it take to recover from the event? Was this a multi-muff thing, multi-week, multi-hour? How did you guys recover and how much did you recover? It took us a little over a month to recover. It's actually a great conversation, maybe for another time, but building a structure in an open attack, like when you have coordinated resources from other countries trying to do the United States or the state of Colorado harm, the first thing you're going to do is make sure they're outside of your environment. So for about the first two weeks, we had everybody from the National Guard to Defense Department in there, helping us evaluate the situation, getting it to a place where we felt comfortable bringing the department back up. Once we reached that point, and there's never a clear line in the sand, there's a role for the CIO and the CTO in that place to say, hey, now's time, we've done everything we can. And then we very methodically started bringing desktops online and servers online and Commvault played a huge role in that as well as some other vendors, but in all, we restored about 192 servers. Some were infected, some weren't, but just from a sensibility stake, we wanted to go back to clean backups, clean restores, a place where the customer felt comfortable. We were able to do it in a way that there was no data loss to the customer, or at least managed data loss, meaning in some cases, there were systems they wanted to go really back on because their data didn't change very much in there. My biggest pain point in this whole process is I want to bring that department up much faster, right? But you got, there's two sides that you're looking at. How do you protect the department in the short term and how do you protect them in the long term? So I had to look at both sides of it. A very interesting experience, don't wish it on anybody. David, last thing I want to ask is the role of data. How do you inside the state of Colorado look at the rolling, the role of data and the changing role of data? And as you look at Commvault, they are really expanding where they play. They're playing in multi-cloud. They've got artificial intelligence helping them. They're helping with governance and compliance. How do you see them lined up? Where do you see your relationship going with them in the future? Well, you know, obviously, you know, I like to stay with partners that take care of me. So there's obviously an affinity there in terms of how they've helped the state in the last year. You know, the data is really two parts. The agency's data and then the resident and the customers of the state of Colorado's data, right? So you first got to look at who owns and who is the steward of the data. And as IT for the state, our role is protecting that data, both in the short and long term, but as it becomes more and more of an asset and we all know data is an asset today. It's almost the most critical asset. So protecting it is just as important as how you're going to innovate with it. So we're very excited about how we're going to be leveraging data in the future. Some of the initiatives we're talking about, the Department of Transportation wants to take their data for Rodex and change how people drive, you know, very similar to how you may use ways and stuff like that. The dots around the country want to take that data and leverage it all over the place. And so you're not only taking an asset that was leveraged for a very different purpose 10 years ago and completely transforming industries, you're doing that all across state government, right? So it just, the impetus, the need for protecting it, using it, I'm very excited with, you know, where they're going and how they look at data, Commvault specifically, you know, I had a great conversation with their CTO last year about, you know, I'm storing all this data on fast disk and array, why can't I use this as a data lake? You know, how can I get metadata for your customers? How can I take this in places where, you know, maybe the founders of this company didn't even envision 20 years ago. It's very excited of how they're looking at the technology and where they can take it. AI is one of my, you know, my focus areas for the year, so, you know, I'm going to listen to everybody's pitch and I'm going to choose the right ones because I do think it's transformative. If they can do it correctly and ultimately lessen the burner on IT, that's what we're looking for, right? You know, that's what AI should bring to the table is the ability for IT to do more with less and so that's what we're looking for. I'm excited what they're going to do with it. All right, well, David McCarty, we really appreciate you joining us, sharing your story. For Keith Townsend, I'm Stu Miniman. We'll be back with more coverage here from Convult Go in Nashville, Tennessee. Thanks for watching theCUBE. Thank you.