 Live, from Las Vegas, it's theCUBE, covering Veritas Vision 2017, brought to you by Veritas. Welcome back to Las Vegas, everybody. This is theCUBE, the leader in live tech coverage, and we're covering day one, this is day one of two day coverage of Veritas Vision, hashtag VITAS vision. My name is Dave Vellante, and I'm here with my co-host, Stu Miniman. Zach Bosun is here, he's the director of information governance solutions at Veritas, and Anna Simpson is a distinguished systems engineer at Veritas, which Anna means you know where all the skeletons are buried, and how to put the pieces back together again. Welcome to theCUBE, thanks for coming on. Thank you. Okay, so let's start with, we've heard a little bit today about information governance, Zach, we'll start with you. It's like every half a decade or so, every decade there's a new thing, and GDPR is now the new thing. But what's the state of information governance today? How would you describe it? Yeah, I mean, I think the primary problem that organizations are still trying to fight off is exponential data growth. We release research every year called the Data Genomics Index, and what came back this past year is that data growth has continued to accelerate, as a matter of fact, 49% year over year. So this problem isn't going anywhere, and now it's actually being magnified by the fact that data is being stored not only in the data center on premises, but across the multi-cloud. So information governance, digital compliance is all about trying to understand that data, control that data, put the appropriate policies against it, and that's really what we try to do with helping customers. I mean, I always wonder how you even measure, I guess you could measure capacity that leaves the factory, but even there's so much data that's created that's not even persisted. We don't even know, I think, how fast data is growing, and it feels like, and I wonder if you guys agree or have any data suggested, it feels like the curve is reshaping. I remember when we were talking to McAfee and Bryn Yolson, it feels like the curve is just going even more exponential. I mean, what's your sense? That's typically what we see, and then you have IoT data coming online faster and faster, and it really is kind of a vertical shot up. And all different types of new file types, one of the other really interesting insights is that unknown file types jumped 30 to 40%. And so things that we don't even recognize with our file analysis tools today are jumping off the charts. So it used to be the PST was the little nagging, I mean, it's trivial compared to what we face today, Anna, but so what's your role as a systems engineer, distinguished systems engineer? How do you spend your time, and what are you seeing out there? Yeah, so I definitely spend my time meeting with customers around the world, speaking to them about information governance, particularly around risk mitigation these days. In terms of the issues we see in information governance, data privacy is a big one. I'm sure you've been hearing about GDPR quite a bit today already. So that's definitely a hot topic and something that our customers are concerned about. Are they ringing you up saying, hey, get in here, I need to talk to you about GDPR, or is it more you going in and saying, hey, are you ready for GDPR? How's that conversation going? It's definitely a combination between the two. I think there is definitely a lot of denial out there. A lot of people don't understand that it will apply to them, particularly obviously if they are storing or processing data which belongs to an EU resident containing their personal data. So I think organizations are either in that denial phase or otherwise they're probably very almost too aware. So they've probably started a project, done some assessment, and then they're either in the panic mode of we have to remediate all these issues before May next year. So what's the bell curve look like? I mean, let's make it simple, three categories. One is we got this nailed, that's got to be tiny. The fat middle, which is we get it, we know it's coming, we got to allocate some budget, let's go, versus kind of clueless. What's the bell curve look like? I would say that there's 2% of companies maybe think they have it nailed. Definitely single digits, low single digits. I think maybe another 30%, at least understand the implications and are trying to at least put a plan in place. And the rest, 66% or so, still aren't very aware of what GDPR means for their business. Wow. And could you take us inside, what's Veritas' role in helping customers get ready for GDPR? We talked to one of Veritas' consulting partners today and it's a big issue, it crosses, I said usually five to 10 different budget areas. So what's the piece that Veritas leads and what's the part that you need to pull another partners for? Sure thing. So in terms of our approach, we have what we refer to as a wheel, which sort of attacks different parts of the GDPR, so various articles. It sort of steps you through the sort of processes that you need to be compliant. So things like locating personal data, being able to search that data, minimizing what you have, because GDPR is really dictating that you can no longer data board because you can only keep data which has business value. And then further downstream, it's obviously protecting the data that has business value and then monitoring that over time. From a Veritas approach perspective, we're tying those articles obviously to some of our products, some of our solutions. And then there's also definitely a services component around that as well. So when you think about e-discovery or regulatory requirements, when the regulators come in, generally they're not necessarily going to be questioning the tools, they're going to be questioning how you're using those tools to be compliant. So it is sort of a combination between tools and services. And then we're also partnering with other consulting companies on that process piece as well. Zach, in the keynote this morning, there's a lot of discussion of there's dark data out there and we need to shine a light on it. I have to imagine that it's a big piece of this. Why don't you bring us up to speed? What are some of the new products that were announced that kind of help with this whole GDR problem? Into that point, right? 52% of data is dark, 33% is rot, 15% is mission critical. Today we announced 23 new connectors for the Veritas information map. This is our immersive visual data mapping tool that really highlights where your stale and orphan and non-business critical data is across the entire enterprise. So new connectors with Microsoft Azure, Google Cloud Storage, Oracle databases, so forth and so on. There's quite a number that we're adding into the fold. And so that really gives organizations better visibility into where risk may be hiding and allows you to shine that light and interrogate that data in ways that you couldn't do previously because you didn't have those types of insights. And then also we heard about risk analyzer? Yeah, that's right. So we just recently announced the Veritas risk analyzer. This is a free online tool where anyone can go to veritas.com slash risk analyzer, take a folder of their data and try out our brand new integrated classification engine. We've got preset policies for GDPR. So you drop in your files and we'll run the classification in record speed and it'll come back with where PII is, how risky that folder was, tons of great insights. And so it's identifying the PII, sort of how much there is and how siloed it is. Are you sort of measuring that? Or what are you actually measuring there? So we're actually giving you a risk score. So when we're analyzing risk, you might find one individual piece of PII or you might find much more dense PII. And so depending on the number of files and the types of files, we'll actually give you a different risk tolerance. And so what we're doing with the risk analyzer is giving you a preview, just a snapshot of the types of capabilities that Veritas can bring to that discussion. Okay, so who do you typically talk to? Was it the GC? Is it the head of compliance, the chief risk officer, all of the above? Yeah, it's definitely all of the above. Some person who has a combination of those responsibilities, right? Yeah, exactly. So it's usually, if we're talking GDPR specifically, it's usually information security, compliance, legal. And particularly in organizations now, we're definitely seeing more data privacy officers. And they're the ones that truly understand sort of what these issues are, GDPR or other personal data privacy regulations. So okay, let's say I'm the head of the compliance, security, risk, information governance. I wear that hat. And I say I'm new to the job and I call you guys and I say, I need help. Where do I start? Obviously you're going to start with some kind of assessment. Maybe you have a partner to help you do that. I can run my little risk analyzer, sort of lead gen machine. And that's good, but that's just scratching the start. I know I have a problem. Where do we start? What are the critical elements and how long is it going to take me to get to where I need to be? Yeah, so I think visibility is obviously the first step, which Zach already kind of spoke to. You really have to be able to understand what you have to then be able to make some educated decisions about that. So generally that's where we see the gap in most organizations today. And that's particularly around unstructured data. Because if it's structured, generally you have some sort of search tools that you can quickly identify what's within that. And to add on just that, you actually have 24 hours. We can bring back 100 million items using the information map, so you can get a really clean snapshot in just one day to start to understand where some of that risk may be hiding. So let's unpack that a little bit. You're surveilling what all of my data stores, and it's because you see that because you've got the backup data. Is that right? The backup data is one portion of it. The rest is really coming from these 23 new connectors into those different data stores and extracting and sweeping out that metadata, which allow us to make more impactful decisions about where we think personal data may be, and then you can take further downstream actions using the rest of our toolkit. And what about distributed data on laptops, mobile devices, IoT devices? Is that part of the scope or is that coming down the road or is it a problem to be solved? So it's a little out of scope for what we do. On the laptop desktop side of things, we do have e-discovery platform, formerly known as Clearwell, which does have the ability to go out and search those types of devices, and then you could be doing some downstream review of that data or potentially moving it elsewhere. But yeah, it's definitely a place, I guess we don't really play right now. I don't know if you had any other comments there. Well, you got to start somewhere. Start within your enterprise, but even this has always been a challenge. We were talking off camera about FRCP and email archiving and I always thought the backup, the backup company was in a good spot to analyze that data, but then there's the but. But even these are backed up kind of laptops and mobile devices, but do you see the risk and exposures in PII really at the corporate level or are attorneys going to go after the processes around distributed data and devices and the like? I think anything is probably fair game at this point, given that GDPR hasn't come in, it's not being enforced yet, so we'll have to see how that plays out. I think the biggest gap right now or the biggest pain point for organizations is on structured data because it kind of becomes a dumping ground and people come and go from organizations and you just have no visibility into the data that's being stored there. And generally, people like to store things on corporate networks because it gets backed up, because it doesn't get deleted and it's usually things that probably should not be stored there. Well, it does sound like if I think back to 2006, 2007 timeframe with federal rules of civil procedure, which basically said electronic information is now admissible. And it was a high profile cases, I think, I don't want to name the name because I'll get it wrong, but they couldn't produce the data in court, the judge penalized them and then they came back and said, we found some more data, we found some more data, we found some more data. Just an embarrassing thing, it was a $100 million fine and that hit the press. So what organizations did, and I'm sure, Anna, you could fill in the guesses, but they basically said, listen, it's an impossible problem, so we're going to go after email archiving. We're going to put the finger in the dike there and try to figure the rest of this stuff out later. And what happened is that plaintiff's attorneys would go after the processes and procedures and attack those, and if you didn't have those in place, you were really in big trouble, so what people did is try to put those in place. With GDPR, I'm not sure that is going to fly. It's almost binary. If somebody says I want you to delete my data, you can't prove it, I guess that's process-wise. You're in trouble in theory. We'll see how it holds up and what the fines look like, but it sounds like it's substantially more onerous from what we understand, is that right? Yeah, I would 100% agree. So from an e-discovery standpoint, there's proportionality and what's reasonable relative to the cost of e-discovery and things like that. I actually don't think that is going to come into play with GDPR because the fines are so substantial. So really, I don't know what would be considered unreasonable to go out and locate data. Zach, you have to help us end this on an up note, so get into the onerous task. Wait, I wanted to keep going into the abyss. So we talk about the exponential growth of data and we've been saying big data was supposed to be that bit flip of turn it for, oh my God, I need to store it and do everything I need to be able to harness it and take advantage of it. So is GDPR an opportunity for customers to not only get their arms around their information but extract new value from it? Absolutely, it's all about good data hygiene, it's about good information governance. So understanding where your most valuable assets are, focusing on those assets and getting the most value you can from them. Get rid of the junk, you don't need that, it's just going to get you into trouble and that's what Veritas can help you do. Yeah, so a lot of unknowns, I guess the message is get your house in order, call some experts. I mean, I call a lot of experts, obviously Veritas, we had PWC on earlier today, number of folks in your ecosystem I'm sure can help. So guys, thanks very much for coming on theCUBE and scaring the crap out of us. All right, keep it right there, buddy, we'll be back for our wrap right after this short break.