Sponsored by our friends at Veeam Software! Make sure to click here and get the latest and greatest data protection platform for everything from containers to your cloud!

Sponsored by the Shift Group – Shift Group is turning athletes into sales professionals. Is your company looking to hire driven, competitive former athletes? Shift Group not only offers a large pool of diverse sales candidates from entry level to leadership – they help early stage companies in developing their hiring strategy, interview process and build strong sales cultures that attract the best talent for early stage companies.

Sponsored by the 4-Step Guide to Delivering Extraordinary Software Demos that Win DealsClick here and because we had such good response we have opened it up to make the eBook and Audiobook more accessible by offering it all for only 5$

Sponsored by Diabolical Coffee. Devilishly good coffee and diabolically awesome clothing

Does your startup need strategic technical content? The team at GTM Delta delivers SEO-optimized, compelling content that connects your company with technical users to help grow your credibility, and your pipeline.

Need Podcast gear? We are partnered up with Podcast Gear Pro to share tips, gear ideas and much more. Check it out at PodcastGearPro.com.

Danny Allan is the CTO at Veeam Software and shares updates and news that we will see happening at VeeamON in Las Vegas May 16-19. On top of that, we cover why system-level protection is a fundamental need, plus some great discussion on why data protection for containerized apps is the new normal.

Check out VeeamON here: https://www.veeam.com/veeamon (includes virtual registration for free!) Grab all the latest news on Veeam products here: https://vee.am/DiscoPosse

Transcript powered by Happy Scribe

Oh, yeah, that’s right. Welcome to the DiscoPosse podcast. Thank you for listening. And hey, thank you for watching. If you’re heading on over to youtube.com/discoposse, make sure you go get a like, subscribe to the channel because we’re spinning things up in big way over on the visual side as well. And this is a great chance for you to see the one and only – someone who is fantastic, love having him on the show. This is Danny Allan. Danny is the CTO at Veeam Software. Also got to give a shout-out of course, because Veeam are some of the supporters of the podcast. So this is cool because I get to talk, shop with Danny. We talk about the Ransomware challenge because, hey, Ransomware is a disaster. And I mean literally, if you’re not ready and thinking business continuity and disaster, we talk about methodologies and real stuff that I remember from the field. So this is a good exploration. Plus, of course, they have their VeeamOn -their annual conference, which is going on in Vegas right now. It’s super cool to see that they’re back in person and doing some really neat stuff. So big thanks to Danny, of course, for coming on.

And of course, like I said, if you want to check out more about Veeam, you can go to vee.am/discoposse and you can get all that you need for your data protection needs because they got you covered in all sorts of ways. Actually, it was just a bonus. I had Danny on just because I wanted to talk to Danny. Just so happens that he’s from Veeam. And speaking of great supporters, of course, I got to give a shout out to JR and the team over the Shift Group. Because if you are running a company and you need to bring on a sales team that’s going to make the difference, Shift Group is in turning athletes into sales pros. So if you’re looking to hire driven, competitive former athletes or even thinking how do you build a go-to market that can actually scale both efficiently and effectively? Shift Group is not only offering a huge pool of really awesome diverse sales candidates from everything – from entry-level to leadership, but they’re also helping you to develop your overall hiring strategy, interview process, and truly building a culture of success and talent. What you need in those early stages. So get on in, head on over shiftgroup.io and you can find out more about that. And while you’re at it, of course, one last little shadow. Do you like coffee? So do I. Go to diabolicalcoffee.com. It’s super good! It’s tasty, it’s devilishly good, diabolically awesome. And hey, we support a bunch of podcasts. Oh, by the way, it’s me. Full disclosure, it’s my coffee company. So check it out. All right, this is Danny Allen from Veeam.

My name is Danny Allen. I’m the CTO at Veeam Software. Very excited to be with you. And you are listening to the DiscoPosse podcast.

Another all Canadian episode. It’s a rare treat when I get to have fellow Canadians on. We actually had a fun one. There was a team of folks that do a podcast called The Produce Stand. It’s actually for a very Canadian show called Letter Kenny. And the amount of Canadianness that came out in that episode was laughable. It’s so funny how we all kind of like, especially if you talk about something that’s really based in Northern Ontario but has sort of Eastern Canada roots. We all very much adopted good, strong Canadian accents by the end of the hour.

I’ve watched all the Letter Kenny episodes. They’re awesome.

Nice. So, Danny, thanks very much. This is great to have you back because we’ve been apart for a while as humans, as society and as technologists. We’ve seen them move towards virtual for a couple of years for very obvious reasons. And we saw a real fundamental shift in kind of how we engage with people. And I was lucky for the podcast has been greatly successful because people are tapping into this type of learning and exploring these conversations. But at the same time, good golly, it feels good to know that when you were talking before we started to record here that we got plane tickets booked, we’ve got VeeamON, which is live in Las Vegas. So you’ve got a real in-person event coming up. So maybe if you want to just first of all, give a quick intro for folks that are brand new to you, and then let’s talk about VeeamON and kind of the excitement around that right away.

Sure. So my name is Danny Allen and the CTO at Veeam Software. We’ve been in business now for almost 15 years doing data protection. Which I point out is not just backup, but also recovery, recovery at scale, doing it instantly and doing all the things around the management of that data over its life cycle. Along the way, over the past decade or so, we have created and been privileged to have behind us a green army that loves the Veeam software. And one of the things that we’ve done since 2015 is an industry conference. And so coming up next week, it begins May 16th. We are having an in-person event in Vegas for the first time in three years. But I want to highlight for people, we are going back to the in-person event, but it will be hybrid. There will also be a virtual experience. And one of the things that we’re very focused on is making sure we have an equitable experience for those who can be there in person and we can shake hands and have fellowship together. We plan to do that. But also we want to make sure that the information and the content we’re providing is equally available for those who are attending virtually. So we’re very excited to have this event coming up.

It also brings up as excited as many of the folks in the industry are to get back together, there’s still a lot of trepidation around travel and personal risks like this. Everybody’s got their own sort of their comfort level with getting back, especially in big crowds. So I do like that you’re taking the hybrid approach. And it’s a tricky balance like to have information be broadly shareable, but then have an experience that like you described to make it an equitable experience so that people in the remote situation have almost their own show that we can add other elements to it. Because it’s been a real challenge I think, as an industry, for us to have meaningful engagement through conference experiences because we’ve often turned them into 7-hour webinars. Which it’s tough, like good golly, 1-hour webinar is enough to put anybody into a nap mode. So it’s been tough to maintain meaningful engagement and meaningful collaboration as well. So that will be one thing. Danny, I’d love to get your experience, like looking back over the last little while, how have you and the team stayed really collaborative with both customer and just general industry peers?

Well, one of the things that we have certainly gone deep on is online meetings, virtual meetings. Starting out, I told everyone I want your video cameras on because I want it to be like we’re in the office together and seeing one another. And what you learn over time is you mentioned something very important. Everyone is different. Some people like being together. Some people don’t like being together. That’s true. Not just across the industry, but within a company and within teams. We have people who are more comfortable than others being together. And you need to or I would argue you need to. Some people say you want to. I say you need to accommodate for that. That’s why the hybrid is so important. But to share with you one of the learnings that I learned, we switched to video meetings all day long. I sat in front of this webcam, and this is what we did for 8 hours a day or I did for 8 hours a day. But even that, I learned over the past two years, sometimes that is exhausting for people. And so I actually change the models. If I do one-on-one meetings for example, I still have the camera on. But if I’m doing a one to many meetings, I don’t require cameras to be on.

And what you find is everyone is different. Everyone adapts a little bit differently. And the important thing is to seek to understand the person on the other side of 100 milliseconds of latency and help them to be the most productive that they can possibly be. And so whether it be meetings within Veeam or industry conferences, I do believe that this is the shift, the 2020 shift that happened. And as we go forward over the next decade and decades, I think the norm will be this hybrid experience that does its best to accommodate individuals where they are.

And it speaks to the power of empathy. Right. We’ve kind of over injected that phrase into, you know, it’s like customer centric. People say it a lot. And it looks great on a brochure or, you know, a header on a web page. But it’s activity and action that prove empathy in real life. And actually seeing it in motion the way you just talked about it is important because we’re now seeing the return to work and return to office wave and you can see that it’s having a pretty significant impact on people’s sense of what the current culture and future culture they want out of their organizations is. Both as the organization leaders as well as the broad base of employees. They don’t want to say rank and file, but especially you think if you’ve got a thousand people that are normally coming to an office and then out of those pretty significant numbers are going to say that, yeah, we’re good back here. I’m just going to be at home. You call me when you need me. But it’s a real shift, which is, I mean, it’s exciting to see us navigate it and I think we’ll get to something unique and new, but I think it’ll become as normal as normal can be described these days.

Yeah. If you think about the generations that have come out of college in the last two years, this is all they’ve ever known. They have learned to be productive in this world. And so if we don’t seek to accommodate that and empathize with that, then we won’t have a bridge or a place to start. One of the interesting things that has occurred for me in the last little bit as we started to go back to in-person meetings, they don’t tend to be in an office. It tends to be at a coffee shop or at a restaurant. And even when I have team meetings now, I don’t look to sit around a table and hammer out our strategy for the next year. Typically my team meetings are let’s get together and have a meal and establish that relationship. But we don’t focus on the tactical things. So it really has changed every organization is my belief.

And let’s just hope we all take the good lessons and the tough lessons and merge those together into new ways of doing great things together. Because it’s a very empowering thing when you can now enable remote workforce and embrace it because look, we remember how many companies have I worked for and talked to over the years that just said straight up like no, we can’t support a remote experience for our employees. It would impact the business too much. Now we didn’t have a choice and, good golly, we’d have all in the world traded the reason for the result. But now that we’ve had to live through it because of lack of choice. Now all of a sudden when choice is brought upon us, we’re like, oh wait, we do have choice and we can tackle it a different way.

Yeah, and I would push back on the, it hasn’t been successful because, well, if you take when the pandemic first hit and people started working from home, we had over 30 releases of products within the first year. I would argue that our research and development at Veeam and I know this isn’t Veeam, but we were even more productive when employees were working at home. The cadence and of the product releases that were coming out was incredible. And I do think the key to all of this is data, which ironically, of course is what would be protects because organizations will be able to go back and look at that data and examine how people operated and what made the most productive. And so I think we’re going to find those nuggets of information within the data that we’re creating or have created over the last two years that will help all of us within the industry to evolve and increase our productivity.

I think it brings up a good, I’ll say a parallel topic on the new way of doing business. And I see you’ve got a cast and logo on and looking at the evolution of application architectures, the evolution of the way that we run businesses and build IT services and applications now, obviously now it’s been a while since cast and been integrated through acquisition so, congratulations again on that continued success and seeing the growth there. But early on, we got a lot of I’ll say “we” as an industry, there was a lot of push back on data protection doesn’t belong in containerized micro services architectures because the thrust behind the architecture is that it’s completely immutable. But it was really like saying security doesn’t belong because you could just destroy it and rebuild it again and it would be secure when you rebuilt it. You’re like, no, that’s not how it works actually. And we have data persistence, we have legacy. So Danny, I’d love to hear about now, especially that you’re further in, what is the impact of new application architectures and now seeing where data predictions being recognized as critical function.

Yeah. Well, two things I would point out. I’m a big believer in containers as the future of architecture and we see this just from results. I mean, we had 900% growth with our Kasten K10 products last year and that’s because containers are taking off. No question about it. There’s not a lot of migrations, I’ll say, from traditional applications to the new container-based application, but all the greenfield opportunities, every organization that I’m talking to is building on containers and they’re doing that for all of the benefits that container based architectures give, which is elasticity and portability and it’s more modern, it’s more resilient. All of those benefits come into play. So all the greenfield opportunities are going in that direction. But the other interesting thing that I’ve seen, and this connects with the data. When containers first came out, everyone said I’ll put all my stateless workloads in there and I’ll connect it up to some stateful location. Stipulate for a moment that that is true, you still need to protect the container architecture because the configuration at any given point matters when it’s talking to that data warehouse or data repository, whatever that happens to be.

And we’ve seen multiple kinds of repositories. We see structured data, we see a lot of unstructured data, we see message queues, we see object storage, lots of stateful data that is offline, I’ll say, from the containers. But the most fascinating part of this journey to me is in the last 12 months-18 months, we’ve actually beginning to see more stateful data pools end up in the containers themselves. People are saying I’m not going to run RDS over here on the side, I’m going to take PostgreSQL and put it inside the containers. And I expect that to continue as well. So people who say it’s for that stateless environment doesn’t need protection. I’d say wrong in both cases, you still need to protect it if it’s stateless. But we’re seeing more stateful environments too.

Yeah. This is the intellectual view of it is that, persistent data and especially distributed data architectures inside a container is an anti-pattern, and we’ve long held on to this. So the researchers in the industry have said that the architecture is not designed for it because in fact it’s designed against it. However in practice, we know it’s going on and then if it works in practice, at some point you have to say, it’s like the old picture of UI versus UX, this 90 degree sidewalk and then the dog path that goes 45 degrees across it on the grass. If eventually enough people are doing the thing that’s the anti-pattern, it’s no longer the anti-pattern. Right. If every hipster wears a Monocle and rides a unicycle, then they’re no longer unique.

Right. Do you write code, Eric?

Enough to consider myself happy. I don’t do it full time, yeah.

So the reason I ask is because I write code. I try not to, I’ll be honest, but sometimes I just can’t help myself. There’s a problem I need to solve, and I often will put my structured database in containers. And the reason I do that, it’s so simple. I have a container infrastructure. I don’t have to call up a DBA and say, hey, can you carve me out a piece that needs to look like this and perform like this? I just spin up the database inside the container because it takes me 2 seconds to do and it’s completely ephemeral. I use it, I might destroy it afterwards. I might not. But the simplicity drives me as a developer to want to do it and like you say, I think that anti-pattern is becoming the pattern for the norm within the industry now.

There’s that interesting thing that is, we see adoption and adaptation, and those are two very important distinctions that just like when we saw I often talk about private cloud. Like, here we are. I’ve been a private cloud advocate since I was on the customer side of the world building private cloud architectures, doing bizarre things like getting OpenStack fronting of VMware environment when they weren’t really meant to play together at the time. And successfully deployed a private cloud architecture for self service for my development team. Well, here we are. Now it’s ten years later, twelve years later, and we’re finally arriving at private cloud democratization. And it’s really neat to see. And same thing as what was told to me at that time was like, well, why would you put a different front-end on a legacy back-end? Well, that’s because it’s solution oriented, right. My solution was I needed a developer self service front-end, and I wasn’t going to re-architect my applications and my virtual machines to run on OpenStack and with a different hypervisor. So I made something work that some people think wasn’t really a slick idea. But here we are, same thing. It’s like many years later. Well, what do you think that all these products are? It is merging of traditional architectures with fresh, new, available technologies to solve an actual bloody problem. Which is really what we’re here for, right?

Yeah. It is definitely about solving the problem. We tend to think of it, or at least and I’ll criticize myself in this. We tend to think of it from an IT perspective of I’m here to protect the data or I’m here to make sure that the data is secure. That’s not the motivation at all. The motivation is that the company makes money and we deliver a service that makes people more productive. And recognizing that and fitting in within that pattern is far more important than saying “thou shaltl not put state in containers or thou shall not do this”. And if we facilitate the business because it is about the business, then we will ultimately be successful. My only hope is as we go forward, we don’t forget the lessons that we’ve learned. And we often do that over and over. You know, we learned about the secure development lifecycle. We learned about the essential need to protect traditional physical systems. When we went to the virtual world, we forgot about it for a period of time. Then we brought it in a broken way. And as we go forward to not just containers, but serverless and Lambda-based architectures, we can’t afford to lose the learnings that we’ve learned over the last 50 years.

Yeah. And I often find, especially if you get into very developer centric technologies, that they have their sense of understanding of protection and mitigation. And we’ve talked about you know, as an industry, DevOps was meant to sort of release the reins of the BOFH, right? The old school operator, that’s just getting the way of innovation. But it didn’t take away the need for the practices that still happen on the offside. It just meant that the deployments and the life cycles moved into this more fluid cross team method. And I was using things like get ups and using ways in which that we could have lifecycle management, version control. But version control is not data protection. It’s point in time state capturing. But what’s protecting that? Every once in a while you meet somebody, you grab them by the caller and say, well, what’s protecting your version control? And they’re like, oh, yeah, I never thought about that. And like, well, I’m sure someone has got it on their laptop. That’s not data protection. That’s luck.

We can’t depend on luck, clearly as a strategy. But you find people that say, just use the infrastructure as a model of data protection. Snapshots are backup. And same thing. You see that in Kubernetes, too. People say, well, just take a snapshot of the data at any given point and you have data protection. But unless you think of it, backup is more than that. Thinking about the system in the context of that application or service, which is far more complex than a single VM or a single database or a single snapshot on a storage array. What are all the components that have to come together to recreate the environment at any given time? Because that’s really what the business needs when it’s going to recover. And we see this more than ever now, these massive ransomware attacks that are hitting us, they’re not just hitting a single database or a single component. It’s the whole thing that goes down. And all of a sudden you need to bring up something that is not just multiple terabytes. I mean, approaching petabytes. Sometimes these systems that have to come back online at scale quickly to what it looked like at a given point in time, that’s never just a single system. It’s a very complex array of environment that you have to bring back.

Yeah, this is the challenge. I did disaster recovery and business continuity for a long time, and it taught me this idea of system level thinking in that protecting the data was only as good as the matching protection of the application code, because I’m protecting my application code every 48 hours or every 24 hours, but my data is being snapshotted every seven days. Or maybe it’s completely other side where it’s like I’m getting data protection every 2 hours or every 15 minutes really, like near real time stuff. But none of the other adjacent protected systems align with those schedules. Well, how do you recover the whole system? And it’s this complex symphony of scheduling. And that’s why system-level protection now is finally sort of hitting us. That as much as we like the idea of decentralized IT. The applications are system central and it’s a very tough mindset for people to adapt. They kind of think of it as like, oh yeah, we’re a distributed team, so all we have to worry about is our stuff. You’re like, well, there’s somebody out there who has to know all of the stuff and protect all the stuff and be able to actively recover all the stuff. And I think that backing it up is one thing, but actually recovering it in practice is where the rubber hits the road.

Yeah. There’s two folks on my team that are far smarter than I will ever be, who always say ransomware is a disaster. Melissa Palmer and Jason Buffington, they all repeat that all the time. If you’re looking for the silver lining in ransomware and some of the cyber threats that we’re facing now, it’s causing people to think more in terms of the system than in terms of a VM gets deleted or an array goes down or a computing server goes down because you do need to think of it in terms of the holistic system to bring it back. So if you’re looking for silver lining and ransomware, people are thinking more about business continuity and environments where we mentioned Kubernetes earlier, you can have a multi-cluster environment that spread not only across multiple clouds, but you can have clusters that are on premises, too, on Tanzu or Rancher or OpenShift. In these complex environments, you want to bring it back to the point that it was when it was targeted by a malicious attack or whatever happened.

Yeah. It’s exciting to see the work being able to be done now in these like, they’re multi-disciplinary Ops teams now. And we’ve gone away from like, yeah, VMware was the sort of Ops-centric and Ops-focused community for a long time. And now we used to sort of poke fun at HyperV, but if they’ve got a pretty broad adoption public cloud. And what’s happened now is that same 12-year VMware V expert is now AWS certified and learning Kubernetes because we have to. The industry shifting on our behalf whether we want it to or not. And with that, they have to adopt new practices, bring over the lessons of the previous generation, but also not just try and shove those on top of new technologies. So how have you found the sort of human understanding of adopting protection practices across shifting infrastructure patterns?

I guess one of the things that I’ve seen to be very successful and you see this in verticals more than anything else. Financial services certainly come into play here. Technology comes into play. Those who take the approach of my development teams are going to focus on the creativity side of it. So it’s true that they shift left and there’s DevOps and they’re going to agile and new models of development even within Veeam, for example, Kasten K10 team, they drop code every two weeks, we have a new release of our product. So you want to allow the freedom of that creativity to shift left, move faster, deliver code, be more responsive in the service delivery. But the companies that have truly been successful have not told that team, hey, you’re now responsible for performance and backup and security and all the things monitoring and all of that. What they’ve done is they’ve created a team, I suppose the evolution of the IT team, but Platform Ops is what I call it. There’s a team that enables them to turn those capabilities on for the creativity teams while they’re going through their process and not be a burden. Don’t slow them down, don’t go back to the old waterfall way of doing it. So the most successful companies are companies that still have two different teams, the DevOps people shifting left and being faster. But they still have a team that thinks about the architecture and resiliency and building in the properties that we’ve learned over the last few decades.

Yeah. And I guess it’s the thing, if you look at standing up an RDS database does not relieve the need for a DBA. It just changes the way in which they apply their practice. So the act of getting access to the resources is significantly faster. But the requirement for true design still exists. And so that’s another example of that sort of merger. And it’s funny, but we’re also sticky humans, right? We really kind of resist change, but I think once changes around us long enough, we get better at it. I’ve definitely seen even my own adoption of new things. My habit was always like, okay, stand up a VM, run a local instance, build my Ruby on Rails app, deploy my SQL. And also I’m like, let me learn PostgreSQL. So I learned Postgres. It’s better performance, easier to get at. And then also like, okay, let me containerize my application and like, pushing away the crutch of like, I’ve already got a template that I can spin up really fast with Vagrant, and I could be up and running in no time. Like, no, no, I’m going to take a week and I’m going to do it in a new way. And then at that point, I’m like, okay, I want to do it again, but faster. But it’s hard for me to necessitate it for myself. I think that’s on the human interaction side, Danny, how have you found the love of learning of these new technologies? Because people have finally accepted like, that’s it I have no choice now, but they are enjoying the transition.

Yeah, I am by nature, myself personally, just very curious people. How person, how can I do things easier, faster? I mean, I remember the transition you spoke of standing up databases and then making that easier and easier. I remember going to the Lamp appliances because how easy it was to deliver a Lamp appliance and turn things on and now it’s a home command to do the same thing. And so I’m always looking for those opportunities to make it easier for myself. Selfishly. But then to communicate that with other people. That’s why I think containers present such an interesting opportunity, because we can make it easier for the industry. And so it’s not about the technology for the technology’s sake is my own thought on this. It’s how can I make the life of people around me easier? And this is true of everything. I mean, we used to grow all our food in the backyard. Actually, there might be a little bit of going back to that, but now we go to a grocery store, right? We move generate our own energy. We don’t do that anymore. And so on a personal level, I just find it exciting to learn about what the future is bringing and then share it with customers and partners and everyone, because that’s what gets me out of bed in the morning. So it makes me excited.

Yeah. I always say, like I love organic food, or as my grandparents used to call it, food. Never had to go out of your way to certify it as organic. There was just no choice. That’s just how it came.

Yes. But on a personal note, as you denoted, I am by nature a curious person. And then the extension of that is I’m an excitable person because I see the benefits in the new ways of doing that. And frankly, that’s a big role of what my job is here at Veeam is to communicate externally where the industry is going and making things easier for everyone. Making it easier for that DBA who had to spend half of his day doing pointless, repetitive tasks that really provided no value. Can we eliminate those things and let him focus on the things that makes him great at his job?

Yeah. And I think, to me really, that’s where, maybe it’s just because I’m at this point in my career, I’m far more excited by that outcome. Like watching somebody’s life gets better because of a new process they take on, and especially bringing new generations, people who’ve been exposed to technology so early in their life, but then bring use cases to it where they can make a career out of it. That’s what makes me tick now, because I realize, like, I could learn it and I enjoy the process of learning. But there’s nothing more beautiful to me than empowering somebody else to find their journey and help them along it. It’s just something that maybe it’s because I’m an older fellow now. That’s the thing that makes me smile a lot more than just me learning Kubernetes.

No, it’s the same for myself as well. I have six children and thankfully a number of them, I shouldn’t say thankfully. Thankfully, they all follow their passions, but some of them are very computer centric. But I don’t take them back to what I learned in COBOL, and mainframes, and Banyan VINES network. I mean, I want them to focus on the now and the possible of the future. And so, languages for example, my son started learning programming languages. I didn’t start them back on Basic. I said, no, you should start with Go and modern languages and figuring out how to use existing frameworks, don’t go back to assembly. And so I am excited that a lot of the things that we had to figure out are just inherent properties now of the platforms that the future will use.

Yes. It is amazing when you can unlock that with your kids where they can, you can give them that option now that we didn’t have. Like, I remember when I was a kid, like my dad brought home, he bought Sinclair ZX-1000s. And these were like little tiny black things, and they actually had an integrated keyboard. So it was like pressing on a calculator button kind of thing. And it was a 16K expander in the back. Clearly dating myself here when I came up in technology. But just like I have a picture of me as a kid, like just sitting there with this little tiny tube TV plugged into my ZX-81 and my ZX-1000. My sister Ad and mucking around with basic because that was all it was there at the time. And then now to be able to have kids use Scratch as a programming language or use very visual programming languages and no code stuff. And they’re learning process thinking and system thinking so much earlier, I think, or the opportunities there more so, which is exciting. So that when they get to the point where they take it on as a career, they’ve had much more exposure versus, like, we had to grind it out and just say you could do stuff that you didn’t necessarily know you could do and just hope you could pull it off. And now they’ve got opportunity there.

Yeah. And the no code, low code, Scratch type models. The benefit, of course, is that the line of business can focus on delivering what they’re trying to deliver. Because really, do you want your value to be on writing if-then-else statements? Probably not. You want to focus on what it is you’re actually bringing out to market. Now there’s going to be some people that need to focus on the core fundamentals. The challenge that I see, of course, is that the stock is getting so much more complex. It used to be that you could get a Full Stack developer who understood everything from the top to the bottom. These days, in modern infrastructure, there’s not many people. I confess I’m not one of them that can fully understand everything from the top to the bottom the way there used to be 20 years ago.

The sort of mythic Full Stack developer, because I’d say the phrase came because it meant you could write PHP and do MySQL queries like, that was pretty full back. And now it’s like the work that goes on in Visual and just JavaScript frameworks, you can’t sneeze without hitting the JavaScript framework and eleven of its neighbors. But every single one I want to learn, I kind of get overwhelmed because look and say, oh, I should learn Angular and so perfect. Let me stand up something in Angular and then it says, oh, you also need React and then this framework and then you need a package manager. And then I’m eleven products deep and I still don’t know what Angular is versus like, I just do Ruby on Rails. It’s one of my favorite frameworks. It’s just like it’s a beautiful DSL. I know enough Ruby to be dangerous. Stand it up really quick, set up the back end. Understand enough about choosing my JavaScript front end. You know, use something simple like Tailwind or whatever. And that’s enough of my full stack. But true like end-to-end full stack engineers, it’s a tough thing to find. They’re very unicorn-like.

That is true. And even more so with modern platforms that exist today. And truly, can you have a full Stack developer if you’re writing using Lambda functions where you don’t even see or know what is writing on the back end? Probably not. You’re only getting a stub to an API that does something for you. But that’s not to say it’s a bad thing. I go back to the exciting thing about the industry right now is, data is driving all the value within organizations. That’s even more true, I would argue, after the last two years, because we couldn’t be together in person, we didn’t have physical value to drive in the same way. And so data became even more valuable if it was possible. And so protecting that, enabling that, facilitating that, managing the life cycle of that. It just it’s what makes things so exciting for where we are right now in history.

And as we move to ephemeral and immutable being standardized as patterns of infrastructure and application deployment, I’m glad to see that protection, at least at some layers. We hear about the shift left idea of introducing security and protection. Well, like I said, ransomware is a disaster. If we think about disaster recovery and business continuity, ransomware, security, these are vulnerabilities. These are risk components to an organization. I’m in the risk business. I love mitigating risk. It’s probably one of the weirdest things to say you’re in love with, but understanding where the edges are and then mitigating for the edges and then finding that edge. It’s effectively theory of constraints in the risk world. So as you see, chief risk officers and chief data officers, they’re introduced in security and data protection in their mandates now for the organization. Right. So what are you seeing as an evolution on the executive team’s understanding of the impact of protection?

Well, we’re certainly seeing the emergence of chief data officers and risk officers, because there is a balance there and an anti-pattern between two things that you just mentioned, Ephemeral and Immutable. Both things are needed. Sometimes you want to keep things for a little bit of time, sometimes you want them for a lot of time. We just did a study on ransomware, we’re actually releasing it at VeeamON around ransomware specifically, and 94% of attacks now are going after backup repositories because it is the last line of defense they want to delete that, right. And so Immutability becomes really critical. But I think what we’re seeing is kind of two things at a board level. One is how do we balance things being Ephemeral that we use them only for when we need them and keep the things that we actually need to keep. And then for the things that we need to keep, how do we manage the privacy of that? We focused on security now for 20, 30, 40 years. Privacy is coming to the forefront of executive senior leadership teams or board teams. In fact, there was a recent framework just released between Europe and the US around privacy and exchanging of data.

And I’m excited for that because, frankly, there’s been a hodgepodge of different regulations. There’s GDPR and CCPA, and we’re going to see more of those. And that fragmentation kills organizations. So two things that I would say we’re seeing within the enterprises. One is the policies that enable the balancing between Ephemeral and Immutable. And secondly is, okay, now that we have the data that is Immutable that we do need to keep for whatever period of time that is, how do we delegate down access to users if they own the data, that they can control it, and they have some say in the data that we’re collecting about them?

I think we’re probably at the verge, if not already happening, of what we saw with Sarbanes Oxley. Right. So when SOX compliance came in, and I remember being in the financial services and the insurance organization, and we talked about the implementation, and it’s a fairly loose framework. It’s loose and tight at the same time. Very specific, but also general in its specificity, like a typical lawyers speak.


But what was important about the actual implementation was it meant the executive team and the board actually signed a declaration that they hold personal responsibility for maintaining compliance. So you are very personally vested in the success of a program wrapped around compliance in that. And I think we’re going to see that in the data Privacy Arena soon that we are I mean, we already are to a degree, but I think we will see a much more formal standard where you will have officers signing a declaration and saying that we hold this to be true, and I’m to be held responsible if it’s not true.

And that’s a good thing for the industry, of course, because as the saying goes, if you’re not paying for the product, you are the product, which means that organizations are collecting more and more data. And we want to give people the ability to control what is held about them by organizations. So I am grateful and thankful for the elevation of the criticality of this topic. And while SOX was both loose and tight – Serbanes Oxley, I believe, that same model would be very appropriate for data retention as well. Because I have six children. Do I want an organization that I am not paying money to start collecting data about them, their birthdays and their health information and shopping habits and whatever it is that they do? No. I want some degree of control over what is permissible and what is not permissible.

When it comes to then designing protection systems. Now, this is interesting when you think about like right to be forgotten and this is why I’d love to sort of hear your view on the approaching it systematically across the whole environment now. Because as the right to be forgotten and the right to be protected are now system wide. The interlinking and using sort of centralized platforms is much more critical now. Right. It’s no longer I’m going to protect my VMware with this, I’m going to protect my containerized stuff with this. I’m going to protect my cloud with this. The system level understanding for data awareness and traceability now is critical because you have to be able to get rid of it systematically on demand, but also be able to recall it systematically on demand. It’s a really complex challenge.

It is. And it’s one that Veeam has been very focused on from the very beginning. If you go back a decade, people don’t realize this often about us. But if you take security for example, before we get to privacy, we were leading the industry in a lot of the capabilities now that people just take for granted. Immutability for example, or tagging data. The first step of the NIST cybersecurity framework is identify your data. Right. And that capability we have carried forward from security to Privacy. So with GDPR, we would tag data that this data belongs in Germany, can’t leave Germany. This data is in the US, it can’t be recovered elsewhere. And so those concepts of securing the data, identifying, classifying the data, knowing who can have access to it, where it’s allowed to be spun up is something that we’ve built into the platform from the very beginning. We’ve been very thoughtful and intentional about. Now, I know the latest hot topics are zero trust this and whatever the buzzwords are around those things. But we’ve been building this into our platform for the last decade, and it’s why we have such a large customer base and so many passionate customers coming to our conferences.

I always tell people that I’m a firm believer in zero trust security and that I have zero trust in your security. The thing that I had to learn through business continuity was both the systematic level of managing business continuity and data protection and application protection, as well as the human element. Because this was an interesting thing that we saw play out because it was active in a huge multi-million dollar program. And I covered, distributed my 1200 servers that I had to do protection for. And this is everything, every organic service that was everything that was oxygen from up like DNS and active directory like the order of recovery. I had to have this all done at a systematic layer. Like, can I recover it as much without human touch. But also then, understand the availability of humans for it. And we’d often like, I feel bad in hindsight, right? You get a little bit gallows humor, but say, okay, so imagine the data center blows up. So it’s just a big smoking hole, right? You start to create these images and then somebody from human resources, can we please not say that? That’s really not appropriate.

I’m like, oh, yeah, sorry. But imagine we lose access to the building. So we had to understand the availability of human elements because if, let’s just say we lose access to the entire environment or a major attack occurs or a power outage, you also have to weigh out availability of human resources like actual people. And so when we again thinking system approach, how have you seen the change in automating recovery and adoption of more automation in these protection systems?

It’s exploded in the last few years, Eric. And the reason I say this, we have a product orchestrator that does exactly this, that stands out in the industry because it orchestrates complex environments. What I say by that, I mean by that is anyone can spin up a few VMs or any good backup vendor. Of course, that does back up can recover a few VMs. But what they can’t necessarily do is I need to spin up 46 VMs in this specific order, create some VLANs. I need you to move this from here to there. I need you to change DNS. That is a very complex, orchestrated workflow that I argue that organizations will need to do, whether it be for natural disasters, whether it be cyber events, because you’re going to have to prove to your cyber insurance company or to your board of directors that you can actually recover. And the events of the last four months have highlighted this more than anything. We had a development team in Ukraine, for example. So you can imagine the types of things that we had to think about at a people level because your systems can go offline. But what happens if your people are no longer available to work on a project? So automation not just of the technology stacks but of the people involved becomes absolutely critical.

Yeah, this is the and it’s automation by people. So we’re taking people processes and automating it. Not eliminating the need for them but ultimately freeing them from those extreme situations where you need it. Because that’s exactly it. Right. These are complex, multi-tiered, multi-faceted systems. And it’s just not feasible that you would have somebody who’s got anecdotal tribal knowledge to do recovery. Not at any decent scale. It’s tough. And that’s why I’ve always liked that your approach through Veeam has always been like the core out versus a lot of folks that have kind of like, folks that focus purely on disaster recovery. But then they had to build data protection and then try to build continuous data protection. But it was never their focus. It’s much easier to go this sort of Spider diagram outwards to like if this is your core and you always go back to the core while adding containerized complex recovery in a second environment. We already have all the images, we have all these, all the data. We’ve got a second cloud. It speaks Kubernetes, do it. Right. That if you didn’t have the core nailed down, you’re writing the whole system top down, which is a horrifying way to build a company.

Yeah, you’re speaking my language now because the core of what Veeam has always focused on is – protect the data and recover it as fast as humanly possible. Right. That is the essential core of what Veeam does. And we’ve done that for virtual systems. But over time, we expand that into physical and into cloud and into SaaS and into containers and all of these different models to protect and recover that data. But you don’t stop it at protecting and recovering the data. You want to orchestrate complex workflows and migration and copies of data for other people. And what really gets me excited, and I think that Veeam is positioned better than anyone else in the industry. Of course, I’m biased. I work for Veeam, but we own all of the data. You know, an interesting thing, Eric, people come to us and say, I want you to tell me where I have malware in my environment, where I’ve ran somewhere. And I think, why would you do that on a secondary system? Like, why don’t you do that out at the edge in your IDs or your IPS or your firewall? Why? If you’re discovering it in the backup, it means you’re already too late.

But here’s the interesting thing. It’s because we have every piece of data that they have in their entire estate, whether it’s in the cloud, on premises, I shouldn’t say “or”, it’s “and”, right? In the cloud and on premises and in SaaS, we have the best data warehouse lake pool that is possible to have. And from that, you can of course protect it and recover it. But you can also begin to use that data for new and interesting things. And that’s what’s really interesting. If you own all of the data that you generated in the last two years during COVID, where are you going to go to to find out, how do I make my company more productive? What are employees actually doing? You’re going to go to the person who houses all of that information, which is a man, you’re going to spin up copies, and you’re going to begin applying TensorFlow and machine learning techniques and artificial intelligence to make the business smarter about all of the data that it already has.

Yeah, it’s an interesting thing. Right. Like you said there’s at Ingress and Egress. Right. So that’s where IPS ID systems come into play. But any true sort of CISO worth their salt will tell you assume you’ve been compromised. And how do you do that? Right. Well, it’s going to be data at rest or data in flight during process -internal processing. So assuming that you’re not going to it’s already in here, and it could have come in by a USB stick or by a laptop that accidentally plugged into a Starbucks and connected to a WiFi pineapple instead of an actual WiFi. Right. Then it goes in and it bypasses ideas, IPS, and it gets backed up. And that data now is in some beautiful static Immutable repository. You can do all sorts of exciting intelligence on it at that point. But again, to the core story being first, do that fantastically. So, you know, that’s what you can do things on top of versus go figure out how to build a machine learning company to go through data. But like, what data you’re going to go through? There’s all sorts of assumptions where you’ve eliminated the assumptions because we own the data.

The edge should be informed by the core, right? You don’t want your Tesla, self-driving Tesla, going down the road figuring out what a stop sign is. That’s already been figured out in the cloud and has been instructions have been given to your self driving vehicle. This is when you stop. This is when you go. And so it’s not that IDs and IPS and data loss prevention systems and all of these security tools are going to go away. It simply means that they’re going to be informed and configured by the Core where you have all of your data. And so if you know what all of your data looks like, you know what’s in there, what’s normal. You can begin to do the heuristics and anomaly detection that actually does the configuration because you don’t want humans doing that if you can avoid it. You don’t want a human programming the Tesla and what a stop sign is. The Core is telling the Edge how to configure itself. And so in my mind, all of those platforms become more critical, but they’re configured by the central repository of your data, which VeeamOn is all of that.

Yeah. And again, it’s that thing that assume you’ve been compromised has to be the default state of any offset system security person. Because even if you’ve got incredible endpoint protection and DLP, all it takes is for you to be one signature late. And I’ve seen this in practice where you start to get weird errors. Like, you know what? We’re getting a weird error. The signatures aren’t updating. Tell you what, just hit OK on the error message. It’s all good. 4 hours later, found out that we’ve been ravaged by a system which was ultimately trying to become a botnet. And then seeing all this stuff, which is doing all this phone home stuff. So all of those edge systems are coming into play. So what do you do? Well, we shut down the edge, we literally closed the door. Well, now what do you do? How do you find where the data lives? How do you go back to the most recent immutable backups and ultimately find the origin, build the heuristic and enable the end point? It’s an orchestration of all these incredibly complex systems. But again, if you don’t have safe origin, immutable source, everything is a variable and you cannot, it’s the traveling salesman machine learning problem. It’s impossible to solve, but yet we get stuck on like, oh yeah, just put up better firewalls.

Yeah, it’s owning the data, managing the data, tearing that data. In my mind, it’s what gets me out of bed in the morning. And frankly, a lot of that comes from our customer base too. It’s not just Veeam engineering and isolation. We’re constantly talking to partners and analysts in our customer base. And we have an unfair advantage because of the size of who we are, perhaps. But I think the best is still out in front of us.

Unearned advantage, I would call it. Because it’s proof in staying a core mission, delivering a product and a method by which people can adopt it that it’d be successful. Right. The stuff doesn’t happen by accident, for sure. And we know we’ve all every company will. There are things you never want to be in the news, and certainly a victim of ransomware. It’s like my only goal in life is to never be referred to as embattled. I don’t even know what it actually means, but it seems like when you get that tag, it’s a problem. And these affect shareholder value when somebody gets affected by ransomware. So we have a vested interest in succeeding in adapting the ways in which we can do it because the systems are changing.

And the mindset there should be, we should just assume that we are going to be compromised by ransomware. Then what? Now, clearly we don’t want to be. In that study that we just did recently, 76% of organizations had at least one ransomware event in the last year. And I would argue that probably the other 24% may not be aware that they had a ransomware in the last year. But you should start from that as the starting point. Okay, what is our plan if we get hit by ransomware? Do we start at the firewalls, at the edge, at the core? And I’m not here to dictate you, do this or do that, but you should start with the plan of managing your data and operations and business continuity from the expectation of we’ve been compromised. Now what?

Yeah, I always as a track cyclist, we have a famous saying we have there are two kinds of track cyclists, those who’ve crashed and those who are about to. And that’s exactly it. Right. 76% say they acknowledge they’ve been hit by it and the other 24% are just closing their eyes and hoping that it’s not true. So that’s it – “assume compromise, now what?” And build system to be prepared for it. And it’s good. So I’m excited. I’m going to be watching a lot of the content for VeeamON. What are the big ticket items that people can be watching for as far as, like, cool sessions and stuff that’s happening on the ground at the event?

So the core is as many organizations right now are very much highlighting security and our security capabilities that we’ve been developing over the last weekend. So you’ll see, in the technology sessions, we go deep on security and hybrid cloud and multi-cloud and containers. But if you’re really interested in the sessions, everyone loves our flagship product, Veeam backup and replication. We’re going to be giving a sneak peek at version twelve of that.

In that long already, it’s amazing to see the growth in the product. And then the version numbers are indicating how long we’ve been at this.

A very significant footprint. I mean, we have over a million installations, real installations out in the wild now of the flagship product. But then everyone is really interested to hear and see what we’re doing on our cloud products. We have a cloud-native product for AWS, Azure, and GCP, and we have new releases of all of those coming this quarter. So as you might imagine, there’s some really good sessions on that. And then you started by asking how we were doing during the Pandemic. We’re communicating via teams. Everyone is. So our Veeam backup for Microsoft 365 product. Very excited about that. We’re going to be demonstrating that on main stage and what we’ve done to reduce costs and make it more self-sufficient for users to go in and recover their own data. And the one that I am personally most passionate about probably is our orchestrator product. We talked earlier about a systems mentality. We’re going to be talking about recovering from ransomware. So taking that security concept and applying it from an orchestration point of view to bring organizations back in line. So we’re going to be breaking news on coming features within product, but also focusing heavily on security and hybrid cloud incoming products.

Amazing. Yeah. As a long-time person trying to hack together systems to do what orchestrators are able to do, it’s amazing to see every time I would think of like, you know, what I would have needed to do and see it show up in there. And the fact that it’s being created as a framework, more so than a pure core product that people are sort of writing SDKs against. I like that it’s flexible in the capabilities. And then we’re going to see, thank goodness for API bi-directional API access to so many things now that it’s very easy to trigger really clean workflows and you don’t have to depend on you building it as a Veeam core function. But now I have the ability to adapt my own systems, add my own chat Ops, add my own external integrations. Super cool. So framework for the Win as far as I’m concerned.

Well, it’s easier for those people who haven’t registered and are listening to this. You’re going to see on main stage and the technology keynote using APIs to do something really interesting. So an API, we discovered some ransomware. What can we do? So that’s a teaser for people. But yes, API is for the Win. We have a very modular framework, of course, that connects together so that you can start with whatever component you need, but you can expand beyond that across your organization to do all the things that your organization needs to do.

I like that. And I can’t remember if I told this to me before, Dave Mcjanett, also a fellow Canadian CEO of Hashy Corp. And I talked with Dave at one point about you’ve got this beautiful, sort of like multilayered set of frameworks that can tie together beautifully, and it truly is a platform. And he’s like, if you squint hard enough, it’s a platform. But we truly treat it as a framework more than a platform, because platform indicates that you require interdependencies, and that’s actually not the case. Their frameworks with layers. So happens they sell you a thing at each layer, but you don’t need to be using that thing at that layer. So that’s why the flexibility of this framework approach in where Veeam core platform still exists. But then having framework extensions, that is a fantastic approach for as a consumer, it means that I’ve got flexibility. And flexibility is something I’m willing to pay for, for sure.

Yeah. My single controversial statement would be, I don’t like platforms. Single glass of pane. Single pane is a single glass of pane. Because the release of that is painful. Right. If you can create a framework with small modular components that are right sized for the environment and there’s a framework for communication, that’s a far more effective solution, I would argue, for every organization, from the smallest all the way up to the largest. And it’s actually why we have the same product. I installed the product in my basement. I have six use of compute. I know most people may not have racks in their basement, but I do. But that is the same software that actually protects our largest service providers with hundreds of thousands of machines or the largest financial institutions with hundreds of thousands of machines and petabytes of data. Same software because it’s a modular framework.

Yeah, I can say that truly. People often ask like you know, you talk a lot about beaming. And obviously, I’ve known you and the team for a long time, and they actually do support the podcast and my blog as well and have been fantastic partners on that side. But I legitimately use it. I actually took a Synology that I loaded up with all of my podcast episodes. So this is the trust. And I just like, unplugged all the drives one by one. And I was like, oh, boy, how this works. Go to the second Synology and all right, start the restore process. And as if by bloody magic, there was all my data. And so the proof is in the pudding at that level to use it and succeed so easily. And then knowing at the enterprise layer. Yeah. The scale that MSP stuff that you’re targeting is incredible.

Yeah, it really is. People don’t realize what a significant part of the business that is for Veeam. We’re the largest as a service provider in the world. And I think I can say that backup as a service provider in the world. I think I can say that based on data, because if you look at the accounts of VMs and users protected from Microsoft 365, we’re in the millions. We’re not small. We’re going to be sharing more numbers of this at VeeamON. But we have a massive business. We drive definitively if you do the mathematical analysis on this, Veeam drives over a billion dollars of revenue in the same as a service space. Forget about the direct to customer sales. These are now cloud service providers delivering services out to market. We drive over a billion dollars of sales in that.

And it’s amazing. They said, well, people may look and it’s so funny, too, because, you know, the logo and we sort of have like, oh, yeah, I remember it’s like, even when I remember doing disaster recovery, my favorite thing is I built the first VMware environment in one organization and then we did disaster recovery on it. And people were like, this is fantastic, right? And so we were using Veeam and very early adopter of Veeam. And it was funny because then all of a sudden it was like five years later. And people just said like, oh, how long will it take us to recover? How many servers do we have? What about 30? I’m like, we have 480 servers now. The last time you counted, apparently was the first time I showed you at work. But to see that growth and the platform adopt and the company grow. And like I said, cast and doing some huge growth numbers. So, yeah, I’ll be watching for sure from afar. Unfortunately, I can’t make it to Vegas, but I look forward to good luck. Have a great trip. Enjoy the event. And for folks that wanted to connect to you, Danny, and find out more about what you and the team are doing. What’s the best way they can do that?

Well, Veeam.com is always the best place for information on Veeam. I’m happy to connect with anyone on LinkedIn or Twitter. On LinkedIn, I’m Danny Allan. @dannyallan and then on Twitter, @dannyallan5 is my handle. I’m semi-active. Not as active probably as you, Eric, but I always enjoy meeting new people so please reach out.

And I imagine you’ll be not watching Twitter for the next week except for seeing your notifications light up and grow because people will be announcing lots of stuff and live-tweeting everything so it’s going to be a great event. There you go, folks. Go check it out. Links down below of course. What’s happening and yeah, excited. So we’ll catch up after. I would love to hear. I’m going to pour over the announcements and watch sort of the analyst view of it and I’m excited on your behalf of what’s coming up.

Excellent. Well, thank you, Eric. I appreciate this time to chat about it and look forward to everyone being able to join us either in person or virtually.

All right. Get it done. Yeah.

Sponsored by the 4-Step Guide to Delivering Extraordinary Software Demos that Win DealsClick here and because we had such good response we have opened it up to make the eBook, Audiobook, and online course, more accessible by offering it all for only 5$

Sponsored by our friends at Veeam Software! Make sure to click here and get the latest and greatest data protection platform for everything from containers to your cloud!

Want to ensure your privacy is protected? I sure do. Privacy is a human right and the folks at ExpressVPN make sure of that. Head over to ExpressVPN and sign up today to protect your safety and privacy across any device, anywhere.

Sponsored by Diabolical Coffee. Devilishly good coffee and diabolically awesome clothing

Dave Russell is VP of Enterprise Strategy at Veeam Software.

Russell has almost three decades of experience and most recently held the role of Vice President and Distinguished Analyst at Gartner. His research focus was on storage strategies and technologies, with an emphasis on backup/recovery, snapshot and replication, SSD/flash optimization software, software-defined storage, and storage management.

We unpack some very interesting data from the Data Protection Report that will be eye-opening for some and good confirmation of position for others in the IT organization. 

Here’s the link to the DPR: https://go.veeam.com/wp-data-protection-trends-2021.html
And with the Exec.Brief: https://go.veeam.com/data-protection-trends-executive-brief

Connect with Dave on Twitter here: https://twitter.com/BackupDave