 From Boston, Massachusetts, it's theCUBE. Covering Activio 2019, Data Driven. Brought to you by Activio. Hi everyone, welcome back to Boston. This is theCUBE, the leader in on the ground tech coverage. My name is Dave Vellante, Stu Miniman, and John Furrier have been here all day. We've been plowing through some great interviews. This is Activio's Data Driven 19 conference, the second conference they've had of this kind. About 500 people here in Boston. Shaheen Peruz is here, he's the chief technical officer and chief information security officer at Data Indoor, CUBE alum. Good to see you, thanks very much for coming back on. Thank you, thanks for having me. You're very welcome. So, let's talk about backup. You gave a talk today. What has your backup done for you lately, essentially? So, interesting question, right? You look at the data, a lot of customers are rethinking their backup. We sort of saw this with the ascendancy of virtualization, we're seeing again with cloud and digital transformation. What was the theme of your talk? What was the catalyst behind the thoughts there? I really walk through the concept that storage has continued to evolve so aggressively and so fast with Moore's Law and everything else. And what has really proliferated part of that is that our data keeps growing and growing fast. And a very big contributor of that is copy data management. So, we take a backup of something but we don't ever reuse that backup. We restore it and now we have a second copy of production so that development can do work in it. Then we restore it somewhere else so that analytics can happen against it. Then we restore it in another place and pretty soon you have four, five, six, 10, 20 copies of the exact same data. And that proliferation keeps growing and growing and it's time to think about backup differently and almost all traditional backup players have not changed the way they operate, have not changed the way they deal with backups. They continue to do it the same way and their programs were written to go to tape versus to cloud or to do copy data management properly. So, let's add some color to that if you would. So, you said to do it the same way it was meant to go to tape, meaning what? It's just designed to be essentially a serial process. Exactly. Designed, maybe recovery is sort of a hope we never have to recover kind of thought. And that's it, backup and no other additional value. And file it somewhere, so just in case something, it's an insurance policy. So, how should it be done? So, before I get into how it should be done one of the other attributes that makes backup a challenge with traditional players is they convert the data into their proprietary format. So, you can't use the data unless you rehydrate it and put it back into its native format. Then you can start doing analytics or AI or whatever you want to do against it. So, what Actifio has done differently which is what I feel is that how you should do it is they keep the data in native format and then when you need to access that copy of that data they create a virtual copy of that data. So, you're not taking up any disk space but it's performant because the underlying disk subsystem that you assign to Actifio is whatever performance you want to assign it. So, now you can spin up 10 copies of the same server without ever taking up 10 copies of storage and give all of your constituents the development team, the analytics team, the whatever teams, the ability to access it in real time. Why do the traditional vendors do it that way? Is it because they want to reduce it to save cost? Is they want to optimize on performance or they want to have control from a catalog standpoint? Why is that approach popular? If you go back to tape, tape was really slow and it was a serial right like you were saying earlier and so you had to write software that would know how to take advantage of that slow speed and not make any mistakes and then be able to recover from it. So, they were converting it to a format that was easier to write and easier to read but that format doesn't play anymore in today's world. However, they haven't really adopted their technologies to today's world and what Actifio did differently when they came out 10 years ago, they said we need to reshape this whole backup landscape and they created this copy data management space and all other backup players are trying to add copy data management to compete but Actifio isn't a backup solution, it's a copy data management solution and backup is a nice artifact. Okay, so you deliver services on top of this and other technologies, maybe talk a little bit more about your business and what you're going to market with. Yeah, we help companies that our whole go-to market is around this concept of digital resilience so the ability to survive and thrive in the middle of an attack and whether that be mother nature or that be a cyber attack or that be your system scratching on you and in order to do that, let's just pick security, let's parse that for a second. If you have a ransomware attack, for example, you can have the best controls, however, if a foothold gets into your environment and encrypts your data, your only choice is recovery and if you can't recover, you have to pay the ransom to get the encryption back. We had a customer who had challenges and their backups were on the virtualization platform which got encrypted and they weren't able to recover so their only option was to pay the ransomware and fair to say they weren't a customer until after that happened but the reality is that solutions like Acifio in by nature of the way they act, the way they store the data off-premises in cloud or the way they store it so that it's not easily, it's immutable, it makes it a lot easier for a organization to leverage it and be able to recover quickly from it and have off-site copies or multiple data center copies. So that's the challenge I would say that a solution like Acifio solves for our customers. I've got to take a little tangent for a second and ask you as CTO and a CISO. I was taking a little security knowledge, sort of a test your security knowledge and I actually did really well. I was like 90% and but one I got wrong was if you get hit with ransomware, it said you should pay it and I said well yeah, I guess so and they said nah, you're wrong. I'm like well how else would I get my data back if that's the, you know, I could avoid it if I work with, I hope it's like yours but should people pay the ransom? So the odds of getting an encryption key that allows you to recover your data are minimal. What usually happens is they don't want to get caught so they don't want to send you the encryption key. They get the money and run because the more interactions they have with you the more opportunity for somebody to trail them and figure out how to catch them. So you shouldn't pay? You shouldn't pay. Because your chances are infinitesimal that you're going to get your data back. The only way to pay in this customer they happen to have cyber insurance and so their actual out-of-pocket expense was a fraction of the ransom. But not all cyber insurance covers all ransomware scenarios so they're not all cut alike. So it's a really complex question actually. I was wondering if you could do a smart contract. Yeah. Once you get the keys and then you can confirm, right? Exactly, yeah. And then that's the challenge, right? It's like who's, we got to do it at the same time. But yeah, it's typically my recommendation is don't pay but ideally if you don't have a backup then you really don't have an option. So part of your job is obviously information security which is just the fast moving. I mean that market is exploding. It feels like it's a big do-over that's going on. You know, we all know the narrative. It's, you know, there is no perimeter. All the money has been spent, you know, sort of hardening the perimeter, building that moat. But now the queen leaves her castle and so the whole paradigm changes. So how are you addressing that for your customers? So a couple of ways. Number one, the endpoint is the perimeter now. So the device that's sitting in front of you here is an example is where you have to treat the security. You need to monitor the activity, the behavior that's happening on that device. And if there's something that moves away from baseline, so if you're capturing a baseline of how you operate what you do day to day. And if all of a sudden you start encrypting your files and you never did before, the flag should go off. And those flags need to be able to get back to a central location which is the business we operate. We offer a SOC as a service. We deploy tools on the endpoints. We collect data from the perimeter, the firewalls, the routers, the switches so we see the health of the network. But then we also monitor the endpoint to make sure if something's happening at that endpoint we want to know and we want to stop it before it spreads to anywhere else. And it's a managed service, right? So another question around, this is the buzz words of multi-cloud, it's a hot space. But it looks legit, I mean multi-cloud I've always said it's kind of almost the symptom of multi-vendor versus a strategy but increasingly people are saying, okay we need a strategy. There's horses for courses. Certain clouds are better for certain things and that's where we're going. We're going to maybe reign in the shadow IT in the line of business or at least support them. So we need a strategy there. So what are your thoughts on multi-cloud? How are you participating in that space? Is there any role for Actifio there in your view? There absolutely is. Actifio supports all four of the major clouds out there. So they support AWS, Azure, GCP, and IBM. And having that strategy allows a customer who's leveraging Actifio to protect their data to be able to spin up workloads in any of those clouds. And for example, GCP is known for better AI and analytics. So spin up a copy of your data in GCP, do your analytics, and then shut it down. Azure is known to integrate better with any Microsoft platform. So spin up your Microsoft workloads in Azure and use them for whatever purposes, whether it's analytics or other, and shut them down. And each cloud does have its attributes and benefits that are better. AWS is just good. Yeah, well, they have a lead, right? They've done a lot of application ecosystem. And then IBM with Watson is kind of taking a lead in the AI space. So really, as a company, as a cloud architect, you need to decide what cloud has the benefits you need and the ability to move between them with a technology like Actifio is pretty key. Thoughts on security in the cloud? In the early days, that was a real blocker. People were concerned about security in the cloud. And today it's almost becoming an advantage. Do you buy that? So sort of. I've been a CTO in CISO for the last 15 years in early cloud startups. And the number one objection I always got was security in the cloud. You can't put your data there. The reality is the cloud is no different than another data center. It's you can't abdicate your responsibility to secure your infrastructure just because it's in somebody else's data center. You still have to do what you would do, apply your security policies, apply your security controls, and manage it as if it's another one of your colos, for example. And that's where people forget they think just because it's somewhere else, I'm protected. The only benefit that the cloud gives us from a security perspective is the physical security. So nobody can get into that data center because they have great security controls, but that doesn't mean electronically people can't get in. So you haven't really gained anything by going to cloud other than reliability and availability. Yeah, so your point about endpoint security before, a bad user behavior is going to trump great security every single time. Exactly. Okay, final thoughts on this event, your business, your partnership, the marketplace. Take us home. I think this is a great event. Lots of great topics are covered, some great partnerships. We heard some great information about analytics from IBM. I think that Actifio is uniquely positioned where you can take that one backup of your data and then be able to use it in so many different facets of your business, rather than, like I said, creating the copies and exploding your data growth. And so because of that, you're seeing the partnership and the ecosystem coming together. The other attribute that makes it powerful is that they've got that API integration. Anything you can do in the user interface, you can do via API. So that allows third-party companies to come in and do integrations that extend the capability and leverage that data even better. And so I think this event is good to help show people some of those capabilities and how some of those integrations have worked. Yeah, so here it's all about creating incremental value with data as opposed to just blowing out copies. So great, appreciate it. Shin, thanks very much for coming on theCUBE. Thank you. Good to see you again. Good to see you. All right, thanks for watching everybody. We'll be back with our next guest right after this short break. You're watching theCUBE from Data Driven 19.