 Well, hi everybody, John Walls here on theCUBE and thank you for joining us here for this CUBE Conversation today. And we're talking about data. Of course it's a blessing in the respect that it's become such a valuable asset so many companies around the world. It's also a curse obviously because it is certainly can be vulnerable. It is under attack and Drova is all about protecting your data and preventing those attacks. And with us to talk about that a little bit more in depth is Jaspreet Singh who's the founder and CEO at Drova and Stephen Manley, who is the company's CTO. Gentlemen, thanks for being with us here on theCUBE. Good to see you. Thank you, John. Yeah, so Jaspreet, let me just begin with you. Let's talk about the larger picture of data these days. And we read it seems as though every day about some kind of invasion, some ransomware attack, it's become all too commonplace. So if you would maybe just set the stage a little bit for the state of ransomware here in 2021. That's right, John. I think ransomware is now a new national security threat. And as you've seen it all around us, there's almost every single day we hear about businesses getting hit with a new ransomware attack. Ransomware 1.0 was more a malware situation impacting our data. And as the pandemic transformed the entire data landscape, the application, the entire supply chain delivery model has to be more online, more connected, which poses more risk towards this whole approach towards malware coming in. But also we're seeing ransomware 2.0 which is all about like insider threats or in general security misconfiguration which could lead to data being exfiltrated or traded off in the market. So in general, as data is far more connected, far more expected to be online, security threats from either malware or human oriented security issues are becoming more and more dominant threat to our entire data landscape, right? Yeah, so Stephen, if you would, I'd like you just to follow up on this with a landscape to take one of Jaspreet's terms here about what you're seeing in terms of kind of these evolving threats now. Used to be probably, I don't know, five, six years ago as a very different set of problems and challenges and companies maybe weren't as laser focused as they are now. Maybe take us through that process. What has happened with regard to the client base that you see and you're working with in terms of their recognition and now the steps that they need to take going forward as they modernize their operations? Yeah, I think there's two things we see from sort of a technical perspective. The first one is in Jaspreet called the ransomware 1.0. Ransomware 1.0 is mainstream at this point. So you can go out there, you don't have to be an expert hacker. There's ransomware as a service. Your average teenager can basically download a ransomware attack kit, get a pretty lightweight cloud account and attack school districts, hospitals, municipal organizations, whatever it is. With what we would consider the traditional ransomware and that's become ubiquitous and that's why we see all these reports of there are multiple ransomware attacks every minute in the United States and around the world. So that's one part which is you're gonna get hit. Now you'll probably get hit again with the more traditional ransomware but like any industry, the ransomware people have evolved. And so as Jaspreet said, they are constantly innovating and so what we're seeing now from sort of a marketplace standpoint is getting smarter about the ransomware attack. So laying low longer, sort of corrupting or attacking data a little bit more slowly. So it's harder to detect, specifically attacking backup infrastructure so that you won't be able to recover. Exfoliating data so that now you can have sort of two types of threats. One that your data is encrypted and the other is if you don't pay us we're just gonna post it on the internet. So you've got stage one which is ubiquitous and you've got to protect yourself against that because anyone can be attacked at any time. And then you've got stage two where it's getting smarter and that's where organizations then have to step up their game and say I've got to keep my backup safer. I've got to be able to detect things a little bit more easily. And I need to start really understanding my data footprint so I understand what could be exfiltrated and what that's gonna mean to me as a business. So Jaspreet to that point that Stephen was just talking about how organizations need to get smarter in terms of your communications that you're having with the folks in the C-suite. Is that point, is that if they readily identified today? I mean, do they get it? Is the communication going out to their stakeholders? Are the business priorities being aligned appropriately? I mean, what are organizations and specifically on that executive level, what are they doing right now in terms of preparation, in terms of protections that again are so necessary, what are they doing right now with that? Yeah, absolutely. So I think we do see customers truly making strides at solving the problem. There's not a one solution fits all problem either, right? So there's a whole protective nature of preventing a ransomware detection and response. There's a readiness aspect of it. What happens when it do get hit? There's a recovery element to it. How do I recover in time, in shape, from a threat like this? So customers are evolving their understanding. At the same time, they're actually deploying appropriate technologies to put all the three aspects of solving the solution holistically. Like any of the security challenge, this is not a one application solve all problem. Typically there's a overlapping controls built by a multiple group and multiple parties to make sure you're ready to response towards a threat like this. And just to jump in, because one of the things I find fascinating as we go through this, the customer conversations I have, I've been doing sort of data protection for a long time. We won't get into that, but most of my time, I'd spent talking to VPs of IT, maybe I'd see a CIO. It's fascinating now. We will have conversations with boards of directors because it becomes such a big issue. And the focus is so different, right? Because they understand that this isn't just like a usual backup and recovery or even the traditional disaster recovery that you might do from a natural disaster or some sort of hardware outage. They're seeing that there are so many stages now to an orchestrated recovery. These customers we work with where it's not just about, I need a little bit of technology. They're really looking for, how do I operationalize all this? Because once you're up at the board of directors, this is no longer a, which product is better than X, Y or Z. It's a discussion about who can really insulate me from the risk? Because these can be business-ending events if you're not careful. Right, I mean, you raised a great point. And actually, Stephen, I hadn't really thought about these fiduciary responsibilities that boards have. And obviously, we think about operations. We think about P&L, right? We think about all, but I hadn't really thought about how also data protection, and I want to talk about data resiliency, how those come into play as well as those board decisions are made. So let's talk about resiliency. I want you guys to explain this concept to me. So what's the distinction between protection and resiliency? Because to me, they're maybe not exactly synonymous, but they're kind of cousin in some respects. So Jaspreet, if you will, talk about resiliency and how you define that. Sure. So as Stephen mentioned, right? Protection was more about how do I actually safeguard my data to actually recover from an incident, right? Residency is all about being ready to truly respond in time, right? The forward-leaning posture of making sure, am I ready to not just recover from a very age-old problem of application failure or human errors, but also a cyber attack or a true-age incident or a cyber recovery or a security incident, which I'm prepared to respond in appropriate SLA across the board, right? And resiliency also goes beyond just the nature of data itself, right? You're talking about applications, environments, ecosystem, to truly understand that the enterprise operation needs, IT needs, data needs to be holistically thought through. How do I get my business online faster, right? And that's the true nature of differentiation between protection going towards resiliency. And it's obviously driving a lot of your product development, right? And I know you've got the data resiliency cloud service that you're offering now. So, Steven, let's dive into that a little bit. What was the genesis of that offering? And what do you see as its primary advantages to your clients? Yeah, so I think there's really those two key words there. It's resiliency in its cloud. So, Jaspreet kind of walked about how your resiliency, it's that step forward, it's that shift left, whatever term you want to use. To me, the best part about the cloud is, and like I said, I've been doing this for a long time and I've yet to meet a customer who's come to me and said, I really wish I could spend more money and more time on my data protection infrastructure. I love sticking together multiple separate products. It's just a great use of my time, right? Nobody says that, you know, what they really say is, could you just solve this problem for me? This is, this is hard, capacity planning and patching and upgrades and tying together all the different components from up to seven different vendors. This is hard work and I just need this to work. I need this to work seamlessly. And so we looked at that cloud part and we said, well, when you think of cloud, you think of something that's flexible. You think of something that's on demand. You think of something that does the job for you. And so, when we talk about this data resiliency cloud, it's about, you know, moving onto your front foot, getting aggressive, being ready for what's coming, but having, you know, frankly, Druva do it for you as opposed to saying, here's some technology, good luck, you know, Mr. and Mrs. customer. You know, we've got this solved for you. It's our job to take care of it. And to add to it, you know, this entire resiliency question cannot be solved through a simple, a software-based approach is a fundamental belief because the same network, the same principles of operation, the same people involved, you know, those are involved around the primary application. You know, the resiliency aspect has to be air-gap appropriately, not just at the data level, but IT and operations level as well, right? So a notion of a cloud, almost a social distancing for your data, right? And your key jewels for the enterprise that if anything happens to my primary network application stack data, my secondary cloud, my resiliency cloud is ready to respond in appropriate defined SNAs to recover my business holistically as a combination of integrating with SecOps, as a combination of truly integrating disaster recovery elements with cyber recovery elements, truly understanding application recovery from a backup and recovery point of view. So holistically understanding the nation of resiliency and simplifying it through the elements of public cloud. And so how do you bend that for your clients? Because as you both have pointed out, they have different needs, right? And they have different, obviously they're involved in different sectors of different operations with different priorities and all that. How is the data resiliency cloud providing them with the kind of flexibility you need, the kind of adaptability that you need in order to conform it for what you need and not necessarily what someone else in another sector is all about. So for me, there's a couple of things that is great about being the data resiliency cloud. One is we've got well over 3,500 customers, which means that no matter what segment you're looking in, you're not going to be alone, right? If you're healthcare, if you're finance, if you're manufacturing, Druva understands what you and many of your similar sort of companies look like, which enables us to work in a lot of ways and enables us to understand what trends are happening across your industry, whether it's ransomware attacks that are coming across say manufacturing space and how those look or what data growth looks like or what type of applications are important in those industries. So it's really useful for us to be able to say, we understand these different verticals because we've got such a broad customer base. I think the second thing that comes in then is every customer I meet, the number one question they ask me, and that might not be the first one, but it's the one they want to ask. It's always, how am I doing compared to everybody else? And so it's really useful to be able to sit down and say, look, in your industry, this is what we see as the standards right now. So this is where you fall. You're sort of maybe a stage two, everybody else is at stage three, will help you move forward. Your industry as a whole is actually ahead of many of the other industries, but this is what's coming next for others. And so it's really useful for those customers to understand where they sit in respect to sort of the broader marketplace. And so that's one of the values I think we bring is that we do have such a broad understanding of our customers because we are a service as opposed to just selling software. And those customers too, as you talked about, they're looking maybe at their competitive landscape and trying to decide, okay, are we keeping up with the Joneses, so to speak? But all of you, all of us, we're all trying to keep up with the bad guys. And so in terms of that going forward, what is that challenge for you at Druva in terms of being anticipatory, in terms of trying to recognize their trends and their movements and their forward thinking so that you can be that great protective mechanism. You could be that prophylactic measure that stands between a company and something bad from happening. So I'll start and then it's funny because, you know, just this morning we were actually talking about some of the future of ransomware protection. And one of the things that we are using a lot in Druva, I get every company says they're doing it is the use of AIML, especially in detecting sort of unusual trends. But I think we're different than most because the AIML we use is again, across two and a half billion backups every year, right? Because we get visibility across everybody so it's not just isolated. But we're looking at things like unusual access patterns and the data, unusual access patterns based on administrators. Because like Jaspreet said at the beginning, one of the things we see the ransomware attackers doing is they're trying to get entire control of your environment. Because if I control your environment, if I control your phone system, your email, I can get control of your backup application and delete everything. So we're even doing things to sort of prevent, oh, we're getting unusual administrative access patterns. Let's stop that. We're getting unusual recovery patterns. Maybe that's somebody trying to steal data out. Let's track that. So our use of AIML is across a much broader dataset than anybody else. And it's looking at a lot more than just sort of data pattern changes to a much broader set of things. And basically again, it's sort of a bi-weekly meeting we have where Jaspreet comes in with more ideas basically for our team to sort of go, what else can we do? Because the landscape keeps changing. And on top of it, I think also, if you think about data protection or even data storage was never designed from a security point of view. It was always designed from a point of view of the coverability of data through application issues or some basic data corruption. But security or into thinking helped us also fundamentally understand, how do we think about elements of zero trust all around the platform? How do you make sure to what Stephen mentioned, if your IDP gets compromised, if you do have a bad actor enter a data your protection solution like us, how do you still make sure levels of authorization immutability like multiple levels of control that are in place to make sure no bad actor take control and true recoverability resiliency is possible across a variety of scenarios and truly customer-driven SLA. So both found basically we've truly built something which is now very deep in focus and security. The same time as Stephen mentioned through understanding of customer landscape really helps us understand bad actors far more better and faster than many of our industry competition. Well, the need is great, that's for sure. And gentlemen, I want to thank you for the time today to talk about what Druva is doing and wish you continued success down the road. Thanks to you both. Thank you. All right, we've been talking about data, keeping it safe, keeping your data safe. That's what Druva is all about. And I'm John Walls and you've been watching theCUBE.