Disclaimer: The Futurum Tech Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.

Transcript:

Camberley Bates: Welcome to the Futurum Group Tech Webcast. I am here in Vegas with my folks from Veritas and I want to welcome Simon Jelley, who is the VP and GM for data protection on all the SaaS products, right? Is that right?

Simon Jelley: That’s right, yeah. Nice to meet you, Camberley.

Camberley Bates: Great, and I’ve got Chris Wilborg, who is the VP of product marketing there at Veritas, welcome.

Chris Wiborg: Great to be here.

Camberley Bates: And we are live here at AWS re:Invent at Vegas. Of course, we’re not live on the show floor, but we’re here at the conference here. What we’re going to be talking about today is really, I think is a bit of the vision that you guys all have with data protection, cybersecurity, and all those things, and kind of as a little background of it. Our group spends quite a bit of time with IT end users, and I think you guys know that. Data protection, data security, cybersecurity, this has all gotten super complex. I can’t believe how complex it is, and it’s to the point now, and the complexity is there because all these guys are in at least two clouds, they’re on-premise, we’re dealing with lots of governance issues. The attack surfaces have spread all over the place. We just kind of keep on trying… The ball keeps on kicking down because the guys get smarter with what they’re doing and we get smarter with what we’re doing and they get smarter. And here we are, still trying to figure out how do we protect the data, and really recover the data. So with that, I want to go to my first question with you guys. Veritas has been on the forefront of data protection. You’ve also been on the forefront of recovery and I know. I was there with 9/11, and everything that you guys did to take care of your customers, what I’d like to do is have it in your perspective, why is recovery so difficult? Why is it so complex? Take it away.

Chris Wiborg: I think you hit on it in some level in your intro there, Camberley, once upon a time, not so long ago, and this is how most people got to know Veritas, it was about recovering from things like executives, fat-fingering, and deleting files or maybe a flood or people would imagine a meteor strike, and those events, while disasters at some level, were easier to anticipate. You know what you need to do to recover from a flood and you know how to do it, mopping it up, and so on. Well, fast-forward to today, not only has the place in which people store data exploded, it’s not just one data center, maybe two, it’s that plus a bunch of clouds, SaaS, we’ll talk about that more, and then it’s also the type of attacks coming at you, the disasters, if you will, aren’t just natural disasters. They’re human and AI-driven. So, the bad actors are out there not only coming at you, but having to make you adapt to their tactics as they do one thing, and we get better at solving that and they do another thing. You have to keep up at sort of an arms race, and then beyond that, when you do get attacked, and most people, it’s a when, not an if anymore, it’s a coordination of a bunch of teams. It’s not just that IT admin that has the five-hour RTO. Remember how easy that was? Like, “Let’s just bring the data back. Boom, put it right back where it used to be.” Well you can’t do that in a cyber attack. And so it’s a lot of different people, different tools, expanded attack surface, and an enemy really that’s adaptive. So it’s just gotten a lot harder, more complicated, different people using different tools, different cultures between IT organizations. Do the SecOps team and the IT ops team know each other? Maybe, and so there are a lot of talk about your DevSecOps, but finding those individuals that do all three, those people are unicorns.

Camberley Bates: Well, and then I would add in the other piece, do the cloud ops people actually know the on-premises ops people when you’ve got data around there?

Chris Wiborg: Yeah.

Camberley Bates: Absolutely, so I see the headline that you had down on the show floor says ransomware fears Veritas, that was the quote, so this is-

Chris Wiborg: That’s marketing, by the way.

Camberley Bates: So we’re blaming you, is that what you’re saying?

Chris Wiborg: You got to come up with something that grabs people’s attention. It creates a memorable moment.

Camberley Bates: They fear Veritas, there we go. So, what is the strategy? What are you doing to assist customers to combat the ransomware issues? I know you got broad kind of tools there, but wouldn’t you take the lead-

Simon Jelley: Well, so I think the thing that we are bringing together is really what the heritage to some degree and also the secret source that maybe we haven’t broadcast as readily previously in Veritas. And that is one, doing what we’ve always known for, data protection. That’s our legacy, that’s what we’ve been known for for many years, but bringing new techniques, AI, ML into that in terms of bringing not just cyber recovery, but cyber preparedness as well. Detecting the threats through the backup data, through that shadow data we ultimately have of all of the Fortune 100s primary enterprise data, but putting that together with our data governance and also data resiliency capabilities. There may be things that people don’t know us so well for, but we have deep heritage, again, in helping customers really drive governance to their data and also make sure they can very resiliency recover and disaster recover that data overall. I think what’s key-

Camberley Bates: And I’ll stop there for a second, because you do have, and I’m not sure if everybody understands how deep you have been in compliance and governance. It’s not something that’s been added on recently. This thing goes back-

Chris Wiborg: This is not new.

Camberley Bates: This is a decade… I’m going to age myself, it’s a long time coming. I didn’t mean interrupt you, but I need to let people know that this was not a newcomer situation.

Simon Jelley: Actually, I joined as part of one of our first compliance acquisition, I joined Veritas back in 1999, so very much appreciate the deep history there. And why I referenced that is what we’re seeing is this evolution from, as Chris mentioned, the five-hour RTO where you’re just looking at that recovery event. That’s not straightforward anymore. What you really need to be doing is that cyber recovery preparedness, because ultimately organizations, the bad actors are trying to impact and infect your data. So even before you start that recovery window, you really need to understand, where is your data? Is it clean in terms of recovery environment that I have? Is there exposure I need to look at publicly as a public company in terms of sharing to my customers my base out there?

Chris Wiborg: Does it contain PII? All these things that, to Simon’s point, you need to know and prepare and plan for before anything bad ever happens.

Camberley Bates: And that’s a great point because one of the things that Randy just got back from doing a week long with IT clients, and one of the big things he was talking about is all the cybersecurity stuff. And the thing that he emphasizes over and over and over again when we’re consulting with him is recoverability, start with recovery. Yes, prevention is part of it, but you got to… I start from the top of the stack, the recovery. Can you recover and can you honestly look at your executives and say-

Chris Wiborg: That’s what you’re trying to solve for.

Camberley Bates: Absolutely, yes.

Chris Wiborg: That’s what the business cares about, and that’s why this whole, how do you deal with ransomware and have resilience against attacks, is a board level issue.

Camberley Bates: Absolutely, so let me go to the next question. Cybersecurity is a team sport. I’ve heard you say that, you say that as well.

Chris Wiborg: Absolutely.

Camberley Bates: We definitely see the CISO and the CIO coming together, so that’s one team. We are doing table talks, we’re doing planning, we’re doing all those things in order to be prepared for recovery accountability, but you’re taking it another level, and you say there is no one vendor can actually address all the cybersecurity issues and resiliency challenge codes. So, you take off with that and give me your perspective on it.

Chris Wiborg: It’s a great question. I firmly believe that solving for things like ransomware has to be a team sport these days because look, there’s really two sides of things. One is the vendors that are trying to help you prevent an attack, and there are a lot of great ones here at the show that you should go check out down on the show floor, and then there’s the resiliency side of the coin. So when things do go sideways, because despite all the prevention, we see this in the headline news all the time, it’s still happening. And so, there’s really nobody that does both of those things. And so from a Veritas perspective, because we’re more on the resilient side of things, we have controls within our own products to make sure we can’t be attacked and your data is immutable and isolated and all these good things. But it’s the integration with some of our partners that complete what we call Veritas 360 defense. And so we announced this recently, it’s a combination of what we were just talking about before, what we do around data security, data protection, also the data governance bit that give unique capabilities to our customers, but we’re not really 360 on our own. We have to partner up with other folks in the cybersecurity space to really give the best solution to our customers. And this is folks like CyberArk, CrowdStrike, and those are well-known names in the industry or in the security side of things, but we’re also working with less known vendors like Semperis that you may have heard of, a smaller company, US-based. Founded, and a lot of their engineerings over in Israel, and what they do is they look at how you can prevent malfeasance from getting into your active directory forest in a very complex way. So, we partner with them to be able to back up what they do with immutability and be able to do things like malware scanning and so on. And then when you’re doing your recovery of active directory, which by the way is one of the first workloads you typically want to bring back when you’re attacked, they can also check that, “Hey, nobody’s snuck in there and fiddled some bits around,” and now suddenly open up bigger holes that create opportunity for more attacks later once you do a restore.

Simon Jelley: Well, and I think the other thing that Semperis is the example of that team sport because what they’re really helping you recover is that identity, and obviously data tied to identity is the key that unlocks in terms of that value to the organization. The other things we’re doing is not just partnering in terms of we provide those great expertise on the security side with our great expertise on the resiliency, but how do we share those threat patterns? How do we help understand… We can potentially announce the SOC that’s being run by your security that hey, there’s weird access patterns happening on the data itself because backups are becoming an attack vector themselves in terms if they can get access to that backup data, either to exploit it or to add ransomware signatures there and really damage your recovery ability overall.

Camberley Bates: Actually, I just recently saw some data that was coming out of… I think it was CISO that was talking about how when they get in, that’s the first place they go.

Chris Wiborg: Absolutely.

Simon Jelley: Absolutely.

Camberley Bates: After the backups, let me lock that down and I can imagine if I can get after the active directory, I can shut you guys down for a really long time.

Simon Jelley: Absolutely, you lock out identity, that’s their front door to the data.

Chris Wiborg: This goes back even to the complexity question you asked before. Imagine all the pieces you have to coordinate now, and so this is why working closely with partners is important to us and important to our customers to get a real comprehensive solution in place. It’s a team sport at the end of the day.

Camberley Bates: It’s huge. So, let’s talk about testing. One of the lesser known capabilities you guys have is something called the REDLab.

Chris Wiborg: You take that one?

Simon Jelley: Yeah, absolutely.

Camberley Bates: Hold on, let me do a quick intro, guys. What this is, this is a real lab with real malware. We don’t let that in our lab… Sorry, we’re not going to let you have access to us with this, so hopefully you got this well sealed off from the world, but let’s take the guys through the REDLab.

Simon Jelley: You summarized it well. Ultimately, that we want to make sure that we can provide that guarantee to the organizations we partner together to protect, that we’re doing our utmost really battleground test the solutions that we’re building together. So the REDLab is built, obviously secured from our own networks and making sure we’re not exposing ourselves to risk, but we’re putting the latest signatures in there with our combined Veritas and our partner solutions and really testing that A, are the detection patterns there as well, but also can we provide that recoverability to a customer? So, really it’s a way for us to truly battle harden and battle test our solutions together as this Veritas 360 defense strategy.

Camberley Bates: So, I know this question was on there, but you’re actually going on the dark web and downloading this stuff?

Chris Wiborg: Yeah, that’s part of what the team does is there’s the academics behind how one can do things like anomaly detection, but then there’s actually putting in a lab and testing it and see how it behaves.

Camberley Bates: It’s another.

Chris Wiborg: So, the analogy is like there’s a reason that folks like GM and others put crash test dummies in the cars before they put the cars out on the market. And so, we’re doing the same thing basically, but in this case to try and prevent things like ransomware and then learning from it and continually updating our software and making sure we’ve got validated designs for our integration with partners to help customers deploy and solve the problem.

Simon Jelley: And the other thing that we’re building is, look, this is becoming on both sides, a game of automation with AI and machine learning as well. Those techniques are being applied whether we like it or not, into ransomware attackers. We’re responding in the same way. So, we’re using AI and ML within those labs to learn those patterns as well and build automated recovery plans for customers and with our partners as well.

Camberley Bates: It’s like it’s a new world out there with these guys. So, I’m going to kind of shift here. You all have been doing quite a bit of work as a service, bringing solutions out there, one of the big hybrid cloud technologies. We’ve worked with you on some of your Alta launch and that sort of thing. One of the areas that you guys… Not only you were a big sponsor here, but you were a big sponsor there at CubeCon, and so you made a huge investment into this next generation of cloud native area. So, you want to talk about that and where that’s going and some of those big investments you’ve made?

Simon Jelley: Yeah, absolutely. It’s been a massive investment for us to take our data protection solutions to what we call cloud scale, and that’s really containerizing the core services that we’ve again been known for many years around our core protection layers, our policy engines, our deduplication and storage expertise, and building that into a containerized architecture that is ready-made for environments like EKS with AWS.

Chris Wiborg: It’s cloud native basically, right?

Simon Jelley: It’s built for the cloud, and again, that’s whether we run it ourselves and we are offering now backup as a service, data protection as a service directly or for customers that want to offer that and run it as a service within their own cloud-based architectures, and again, we partner greatly obviously with AWS, but that’s available. As you mentioned, most customers are using two or more clouds, so again, they’re looking to, how do they deploy those architectures into supporting ready-made SaaS applications, but also custom-built as a service applications within their own organizations.

Camberley Bates: And that’s addressing one of the areas that we talk about is complexity, right?

Chris Wiborg: Well, it’s one of the reasons we’re at this show. So if you want to take and run… Own, maintain, and operate your own instance of what we do in EKS, have at it. We can run in that fashion, that actually helps dramatically lower your costs because of all the deduplication technology we have built in that we’ve had for quite some time. And then because it’s not just a lift and shift and taking a VM architecture and putting it in the cloud, it’s actually containerized and work straight via Kubernetes, we lower your costs there operationally as well because you’ll actually go into the AWS console and you can see us spin up when we need to and then we’ll spin down to other containers when we don’t, that lowers your compute spend.

Camberley Bates: And so I’m going to say this and if we need to… Whatever, it’s not your daddy’s Veritas anymore.

Chris Wiborg: Well said.

Simon Jelley: Well said, absolutely.

Chris Wiborg: That’s it. Can we have a T-shirt like that, by the way?

Camberley Bates: Okay, there we go, so last question for both of you, what is it that, Chris, you want them to know about Veritas that they may not know?

Chris Wiborg: I think you touched on it. For people out there that think you know Veritas, you may, because we’ve been around for 30-plus years, and so we’ve had your back as it were in the data center, and that’s maybe what you know us for. But if you haven’t looked closely, you should look again because now, and again, this is why we’re at AWS, we cover you in cloud. Not only can we run natively in the cloud, we can back up all your SaaS workloads, and by the way, and this is important for where we are with re:Invent, we can protect all your paths and your IAS workloads, so EC2, S3, any flavor, and then all the past workloads. Not just one or two, but what we do with Oracle, SQL, MySQL, Maria… I’m leaving something out. Aurora as well, Postgre, that’s the one, and then also, this is relatively new, Redshift, so we really cover your data in the cloud, your compute in the cloud and your storage in cloud. And so it’s very much the future is cloud, and that’s what the whole Alta launch is about. You know us in the data center, we can do the same thing for you we do there, but now in the cloud.

Camberley Bates: Simon, you?

Simon Jelley: Well, I think put simply, look, if enterprise-grade cyber resiliency is what you need, come talk to Veritas.

Camberley Bates: Great. Guys, thank you very much. Chris, Simon, I appreciate you joining us.

Simon Jelley: Thank you again.

Chris Wiborg: Great to be here.

Simon Jelley: Thank you. Great to be here.

Camberley Bates: Thank you for joining for the Futurum Tech Webcast. We appreciate you tuning in.