 From the SiliconANGLE Media office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Stu Miniman. Welcome to a special presentation in theCUBE, here from the Wikibon office in Marlboro, Massachusetts. Happy to welcome back to our program, Paula Long, who is the co-founder and CEO of Data Gravity. Paula, always great to see you. Good to see you too, Stu. All right, so Paula, the storage industry has been going through so much change recently. We just finished the Dell's kind of merger acquisition of EMC, the largest acquisition in the enterprise tech space. We've seen over the last couple of years Pure Storage IPO, Nutanix IPO, big companies, small companies, lots of changes going on. Tell us what's happening in your world. So, storage has gone through great transformations and there's some amazing storage companies out there with a rich set of features. When Data Gravity first came out, actually we were in the storage arena. We were adding security and data intelligence to storage, then back in 2012, 2011, storage was still maturing in its ability to both have enough IOPS to handle rich applications and to be able to handle the computes. So when we came out, we came out as a storage array. We got to market, we had some great success, but what we learned during that success is storage is gonna continue to commoditize. The places where people are gonna be investing in storage are really gonna be in the all flash or in the converged. And for the intelligence in storage, people want that ubiquitous across all their storage. So we took the bold move to say, instead of competing with the storage vendors, let's partner with them and the security vendors and let's bridge the gap between security and data. Because it's sort of ridiculous that when you talk to security people, they know nothing about data. That's kind of an overstatement, but not untrue. You talk to the data people and they know nothing about security. So we said, you know what? Where our sweet spot is marrying those two? Let's come out and let's all be friends. We don't sing kumbaya, but let's all come out and put that all together. And that's our new company, has taken the same value proposition when we started and we've basically merged it with being able to go across all virtual storage now. So 100% of the virtual storage out there can be secured and you can get data and Linux out of it. Very simply, very quickly. Yeah, so Paula, it's not like you went from an appliance to now software defined storage. You are a service that works with storage, correct? So I think there's a ton of really good software defined storage out there. There's not a ton of good, actually very little, really good data security companies out there. And we decided that it's better to partner with Best and Breed and add what they don't have and instead of duplicating them. I've had this saying for years that if you can't differentiate in something and be the best of it, then you shouldn't do that piece and you should invest in the places where you're the best. And we're one of the best. I mean, obviously I'm not unbiased. In data security and that's where we doubled down. Okay, so Paula, what environments can you fit into? Is that like the VMware vSAN and, you know? All storage is virtualized. Okay. So if you've got Nutanix, we have Nutanix customers who have virtualization. We have Nimble customers, Tentree, vSAN. So it's virtualization at the host side, not the storage side. Well, we actually virtual, basically what happens is with our product you can either look at it from the storage side and just connect to a VM or you can look at it from the virtualization side from the VM manager. So think about how VM has revolutionized backup for VMs. Where are we revolutionizing security for VMs? So our manageable object is a VM. So basically you point us at a VM and you say secure it and we'll go through and we'll do all the data sensitivity tracking, we'll look at all the activities that are happening to and from the clients from that data and we'll give you a full map of where your data is at risk. We can help you with what something we call behavioral based data protection. So everybody thinks about data protection in the storage space as some time based thing and they talk about RPO and RTO. But really what you want to talk about is time is great but events are better. So you really want to be able to take a snapshot of what's going on when something's about to get into trouble. So you want to have a preemptive snapshot. So we have behavioral based data protection where we can actually watch activities on your VMs and in your storage and take protective points on it. And Paul, to your point earlier, the storage people traditionally they knew that security was an important thing but I think back 15 years ago when network storage when you were like doing the equal logic stuff it was can we lock the cabinet and make that secure? You know physical security we kind of got but when it got to logical pieces, security was important but tended from a budget standpoint to get kind of pushed to some other port of the organization. So who's making the decision? You know, who are you talking to and how does your solution kind of get into the environment? So there's really two customers, the IT people who are worried about things like ransomware since we helped with that and we can talk about that and then there's all the security people who are interested and we're working really in the small and medium enterprises and oftentimes they're the same people but they're worried about sensitive data, they're worried about insider threat, they're worried about data dumping. I have, and this is way more fun because when I was doing storage I was talking about my snapshots are better than your snapshots who cares or I can do more IAPs than you can so you can go zero to 60 now what, right? Or I can go really fast to get milk. And so now I get to talk about your data is a crime scene. So it's really kind of fun, it's like a CSI episode every day. Like people are stealing your data there, there's indecent exposure, the raincoats opening all the time with credit cards and IP data leaking out, there's exploitation, there's stuff going to the cloud that violates all of your internal controls and so we get to help customers understand if that's happening, stop it and then monitor it, it doesn't happen again. Yeah, Paula, I mean, I agree the criticism of the storage industry is always, we talk about it's like, oh, it's the latest, greatest new feature, it's the speeds and feeds. You know, is that still a problem out there or have we solved most of the big Harry storage issues? I think, so I'm a big fan of companies like Nutanix who are actually adding DevOps. So we've solved a lot of the security issues but we haven't solved the application issues that live on top of the security on the data. So guys like Nutanix who've come out with the converge play are adding DevOps or adding security, other people are starting to follow suit but you know, do you do, it's done, everybody's got it. You mind might be better than yours by a few percentage it'll depend on what kind of data you have. Snapshots, you know, it's been done. Application integration, you know, for application aware, whatever, NetApp made a lot of money on it, invented it, everybody's done it now. There's still a new stuff, don't get me wrong, there's still new stuff moving up the stack but it's moving up the stack, right? And you know, you're gonna get faster flash, you're gonna get faster interconnects and there'll be some innovation there but if a customer needs 30,000 ops and you can do a million, the fact that you could do two million, I don't know how interesting that is. I mean it's cool, don't get me wrong, it's cool but I'm not sure how interesting it is from a real life perspective. And so now what you've done is now you've got all this data that's, you know, at risk and someone's gonna protect it and protecting is both virtual threat as physical threat and storage like you said is really worried about physical threat, worried about people and virtual threats. Okay, so what are the biggest threats from kind of the data and security standpoint? You mentioned ransomware, what else? Sensitive data and then it's amazing how many people don't understand that the data they wrote they don't own, right? So there's a lot of data dumping so when someone's leaving a company you see a lot of IP leaving, there's an awful lot of sensitive data exposure, you know, credit cards, I joke around that we see dead people, we had somebody who had corner files and a public share. So there's a lot of data that's exposed that's not supposed to be exposed, there's a lot of permission issues and then there's just an awful lot of, you need to be able to trace for regulatory concerns. So it used to be you could get audited, you'd give them a big stack of paper, you know, they'd check you off. Now you've got to prove that you did what the audit set is supposed to do in regulatory industries and we help you with that as well. Okay, there's a lot of discussion in the industry about just, you know, massive amounts of data, how much data do we keep, what do we get rid of, how do we use analytics on all of them and, you know, security seems to be almost a little bit subservient to some of those other, you know, issues. Yeah, so what we have and within the product itself is we can show you how much your data, we call dormit, which means it hasn't been read or written for whatever period of time you said, how much your data is duplicate, we do hashes on all of your files content and so we can tell you how many duplicates you have and then we can tell you how many files we call it zombie. So the data's around, but the person's not there anymore. So it's like dead data that's sort of living, they're taking up space and so we help you, because part of security is don't have assets that have problems that you don't need, right? So there's a cost benefit for getting rid of it, but there's a security benefit for getting rid of it because a lot of this dormant data has, do you know what, a lot of people used to have their driver's license was their social security number. A lot of places you used to do when you get your student ID, it was your social security number. So a lot of this old data has really scary stuff in it, right, and it hasn't been read or written in years, but it's sitting out there ready to be stolen. So Paula, some security is really an insurance to make sure that something happens. Some of it's cost savings and some of it can actually make our business money. Where does your solution fit? We like to think about it in two phases. We help you get your data house in order. So we help you with data that should really be cleaned up, data that should be secured, and then we monitor and take action when anomalies happen once you've gotten it cleaned up so that we help you get into a good data state and then we help you stay there. So we're bridging both sides because we think both sides are important because if you've got a petabyte of data but you only need 100 terabytes, you've lost quite a bit of just economics there, but also you've exposed yourself because the more you have, the more people can probably steal. Okay, what about things like containers? Is that having an impact on what you're saying? So what we see in containers is they're mostly used for microservices and I'm a big fan of decomposition. I'm a big fan of microservices. The problem with these is they all want to be stateless. And last time I checked, data has never been stateless. So we don't have a lot of customers who are trying to access data at the volumes that we talk about just yet running with containers. So we don't see a lot of questions for containers. We do see a lot of questions for the cloud because people still want to make sure that when they migrate data to the cloud that they're not migrating anything that has regulatory, even if you can, they've got policies inside that don't allow them to. And they also want to make sure that when someone says, where is all my data? They have a full view. We have a dashboard that'll let you see what's on-prem and in the cloud and we'll let you see everything that's going on in your data. So that's also helpful. Okay, and customers, the word gets thrown out hybrid. What we always see is customers are using SaaS and increasingly more, they're using public cloud and then they've got their own data center stuff. Do you view across all of that or how does that work? So we're more on-prem and then things that are moving to the cloud but we're not really looking at SaaS apps yet. Okay. Is that something, I think about kind of my security, my data, is that there's somebody that's attacking that piece of it? It's being, the SaaS vendors themselves are actually putting some of that in there and then you see some people with Office 365 which is sort of a SaaS app but I guess it is in the broadest sense and Salesforce is where people are kind of focusing where there's a lot of data. But a lot of that data comes back to being on-prem or into a backup for a cloud repository as well. Okay, we mentioned Office 365. Microsoft's been making huge moves of the last year or so. They've got Azure Stack coming out next year. We've got coming up soon, Amazon's big show. How's the public cloud impacting kind of your business and what you're hearing from customers? So it's funny, we have not now, we're targeted at regulatory customers in the small and medium enterprise and very rare do we get asked about the cloud and when we do get asked about the cloud we get asked about how do I know if I move my backup to the cloud that there isn't, I haven't moved some sensitive data there. The other question we get sort of interesting is on the backup side is, you ever watch the movie Groundhog Day where the same thing happens over and over again? Over and over. They want to start to analyze their backups because if there's a virus in there they don't want to restore the virus. If they've just cleaned up all the sensitive data they don't want to restore. So they've asked us to start looking at the backup as well so that when you restore you don't redo what you just cleaned up. Yeah, I mean the stats we've heard is most people, once it's six months after you've been infiltrated by some security problem is when you find it, how do people clean up? You mentioned that issue, ransomware, some of these. How do we make sure we remediate after all that's been done? So unfortunately for some customers we've worked with as they've been hit by ransomware and so I've had the opportunity to look at a ransomware crime scene. So when people talk about ransomware they talk about stopping it which is incredibly important. What they don't talk about is okay so let's go look at what just happened and it looks a little bit like data in a blender. If you actually look at the file structure after ransomware is hit they've renamed stuff, they've hidden stuff, they've moved stuff around and so when you look around and they've created files as well and you can imagine them contaminating some of those files so you can get it back. So a lot of the things that remediate unless you're gonna do a full restore which means you're gonna lose data leaves a lot of this stuff around. What our product does is it helps you get a view of what happened and helps you sort of clean up and come up with what I would say is the action plan on restoring because sometimes when you get ransomware what you wanna do is just restore the files of the person who got hit but that person probably the ransomware software's pretty fast. You could probably have hit in a couple of seconds it's hit thousands to 10 thousands of files. The rest of your organization's probably changed 20 files. So sometimes it's better to roll back to the point before the ransomware hit and then just apply all the clean data back and sometimes it's the reverse but you need to understand and get a blueprint it's like anything else when you're fighting a battle you gotta kind of see what just happened and kind of see what move you wanna make and our products help you do that so because we understand data we can understand how to restore it because restore from a backup is one way to do it but you're gonna lose a lot of data. It's been said that going forward everybody's gonna be a software company. You're now running a software company you've run infrastructure companies. I'm curious lessons learned thing that you talk to people that are starting a business or looking at being a software business what would you say to them? I said we're having a lot of fun. The ability to do assessments is much easier because you're not shipping equipment. The problems you're solving are more business related problems with more nuances and the probably the most important thing is the ecosystem you're gonna go into. So we're working really hard to tie in with a lot of the security and the storage infrastructure. So example we partner with Phantom Cyber for their playbook software. We with Phantom Cyber we can actually integrate with Carbon Black for endpoint. We integrate with Newtonics on the storage side. We integrate with all the Sims for the reporting. Believe it or not Slack is how people wanna get notifications these days, right? Remember it used to be first it wasn't email then it was first it was your pager then it was your email then it was some kind of messaging now they wanna get it on Slack. So we integrate with Slack to send your IT messages over to Slack that you have security issues. So it's sort of interesting so it's a much bigger ecosystem that you have to live in and you have to look at you have a pretty big data surface and you have a network surface and so you gotta make sure that you're cooperating if you wanna win in sort of a security fight. Yeah, absolutely. We've been having conversations recently about IoT is going to take that surface area and increase it even more. We saw with the recent DDoS that that leaves us open to a lot of security challenges. Yeah, so you're gonna actually see it'd be interesting to see how much of the network security stuff makes it into like your car fabric, right? Because if you think about what they're gonna do with the new cars is there gonna be a whole fabric that's a network fabric that all your can imagine somebody doing an attack on your motor and so on it's a shut off. They're gonna get all this, right? But they're gonna probably leverage a lot of the IT infrastructure security that's already out there about how you segregate networks, how you do things with traffic, how you, but even that's not foolproof. Yeah, I think that the term I've heard is that the perimeter's dead because you need to have pervasive security. Yep, the perimeter's dead for two reasons. You need pervasive security and the bad guys aren't always on the outside. And the bad guys on the inside may not be bad guys. They just may not be informed people so they could be making mistakes and it doesn't have to be deliberate but I don't think anybody, if the data is gone, I don't think you really care whether they did it on purpose or not. That's just a legal aspect of it. You still gotta figure out how to fix it and get it back. Yeah, I'm curious. They used to always say that the best security policies, if you have someone that is lazy and malicious on the inside, they could get in. It seems that there's a lot more external actors that can get to those people or they do fishing, they do various ways to get in so there just seems to be threats from a lot more areas. If you were to look at Dine, it was sort of like if you had, if you'd done a war movie with special effects, it was incoming from all games. If you were playing risk, you're the one guy and everybody else was ganging it up on you. And they did an amazing job. They did an absolutely amazing job. I don't know whether companies would have gotten you up and running but you know what's infrastructure folks? No single point of failure guys. No single point of failure which means even your SaaS company needs two DNS providers, needs two cloud providers, needs two independent networks to different places. We remember you know no single point of failure right now the number of failure places are bigger. When you were on-prem you kind of knew the number of failure places. Now you got to figure out what are all these points of failure and you can't have no single point of failure. Paul, you were quoting Brian Cantrell in a recent blog post that you wrote talking about software, it can't fail. It just needs to work. I fall back, the old line we've heard many times is hardware will eventually fail and software will eventually work. So what does that mean to the software vendors? I actually believe if you're doing enterprise software, you're probably not going to get six nines but you got to get as close as you can because really everything is running on software now and so if it fails you could take a business out, right? And so you just need to make sure it's not you're going to take the old days of your desktop and you're going to reboot it already, I lost five minutes, it's not so bad. If you take a business out for five or 10 minutes that's not such a good thing because you've got hundreds of thousands of people who aren't working. Yeah, so we're getting towards the end of the year here and every year Dave Vellante, my CEO here would say, do I feel more or less secure than I did before? I don't think there's too many people that would say they feel more secure here in 2016 than we did in the past. Are we oversensitized to everything that's going on and getting all the alerts or what is the state of security? I'm writing a blog post now and one of the things I'm writing about is it used to be that the guys who were doing attacks were doing it for fun and to prove they could. Now they figured out how to monetize it. So now there's money in it and so I think you're going to see more creative attacks and you're going to see people taking over not just the data but devices. And that's unfortunate but it's coming to become a lucrative business. So I think we're a little less secure than we were till we figure out how to get a handle on it. All right, so. I was hoping to be more of a bright of sunshine. Yeah, so Paula, we need to leave it on a happy note. What's exciting you, you know, either cool things you're seeing or something that you're looking forward to going forward. So the really cool thing is first of all, I think that what I just talked about is going to get handled because the vendors more than ever are coming together to work together to provide APIs to each other so you can cover that full surface. And so I think, well, no one company can solve the problem but as the companies start to work together you're going to have a much better defense and some offense. You're going to start to see people starting to launch some offense, right? And I think that's going to be kind of interesting but I think it's going to be a fun year because I think we're going to start to move more and more into higher level solutions and the infrastructure team is going to start to lead some of that. Awesome, well Paula, if people want to hear more I know you're running on the Data Gravity blog at any other places they should be looking. Tune into the Data Gravity events and blog and you'll find out what I'm kind of, we're up to and what I'm up to. All right, well Paula, always a pleasure to chat with you. Great, you know, broad spectrum of topics happening in kind of the data and security space. Be sure to check out siliconangle.tv for lots of our coverage at the events here as we wrap up 2016 and head into a very busy 2017. Thank you to Paula Long with Data Gravity and thank you for watching theCUBE. Thanks for having me.