Druva offers the industry’s first data resiliency guarantee – and it’s $10M

Start listening

Druva’s new data resiliency guarantee covers more than any other guarantee in the data protection/data resilience segment. It was also written with no silly exclusions (like some other guarantees) that are simply there to keep from having to pay anyone. It requires only a certain service level and that the customer follows Druva’s best practices. It protects against the five areas of risk, including cyber, human, application, operational, and environmental. It includes SLAs for uptime, backup success, restore success, immutability, and confidentiality. This week we have Stephen Manley, Druva’s CTO, to tell us about this new guarantee.


[00:00:31] W. Curtis Preston: Hi, and welcome to Backup Central’s Restore it All all podcast. I’m your host W. Curtis Preston, AKA Mr. Backup and I have with me, my wireless access point consultant, Prasanna Malaiyandi. How’s it going Prasanna.

[00:00:44] Prasanna Malaiyandi: I’m good Curtis. Although, um, I don’t know if you should take my advice on wireless access points since I’m struggling a little with the stuff in my house now. I blame it on you.

[00:00:53] W. Curtis Preston: you just bought like the expensive one, And

[00:00:57] Prasanna Malaiyandi: now comes the things like where you buy the expensive one, but now you gotta fine tune it to work. It’s not one of those things where

[00:01:03] W. Curtis Preston: I don’t tune, I don’t

[00:01:04] Prasanna Malaiyandi: know, but that’s what I’m going through right now.

[00:01:07] W. Curtis Preston: As you know, my problem is that I made a change to my, my internet provider and that the, the box that provides the internet is it’s. I went with the Verizon. 5g box and the problem is it doesn’t know how to not be a router and a, and a NAT.

So I had to turn off my router and NAT and just turn it into a wireless access point. And it has been misbehaving, uh, since, um, it’s

[00:01:39] Prasanna Malaiyandi: thinks wifi is so easy, but if you scan your

[00:01:42] W. Curtis Preston: yeah, everyone is wrong.

[00:01:44] Prasanna Malaiyandi: well, if you look at like how many wifi access points there are just around you and how everyone picks the same channels and everyone cranks up the power to high, and you get all this interference and people are like, why is my access point?

Why is my wifi down? It’s like, yeah. Oh, speaking of which, remember we had that episode. Why is my wifi down?

[00:02:03] W. Curtis Preston: We did. We did what?

[00:02:04] Prasanna Malaiyandi: That’s when we had our mystery guest, I think that was like one of our very, very first ones.

[00:02:08] W. Curtis Preston: Yeah. Yeah. All I know is it’s been annoying. And so now I’m on, I’m hardwired on my laptop because

[00:02:14] Prasanna Malaiyandi: That’s how everything should be. Everyone’s like, oh, everything’s gonna be wifi that it’s like, oh yeah. Now we’re just gonna hardwire everything because it’s more accurate. And now there’s a new standard wifi, six E, which gives you actually a new spectrum. So it’s now six gigahertz wifi, but there are very, very, very few devices which actually support that.

And most of the

routers that need it are very.

[00:02:35] W. Curtis Preston: my most mission critical app, uh, in the house is wifi only, you know what that is right.

[00:02:43] Prasanna Malaiyandi: Uh, streaming.

[00:02:44] W. Curtis Preston: Yeah, the streaming is wifi only, so, uh, anyway, well enough complaining about my problems. Our guest today is, uh, a repeat offender and he’s been an it about as long as I have just mostly on the, on the vendor side.

Whereas I spent my time all the way on the other side and, um, He is Druva’s CTO. Welcome to the podcast, Stephen Manley.

[00:03:12] Stephen Manley: Good to be here. I have no idea why you invited me Curtis, but, uh, I think the important thing is between what I’ve learned about wifi and ideally hoping to

get 6 cents back from, uh, from my taxes. This should be productive.

[00:03:26] W. Curtis Preston: It should be good. It should be good. I’ll have to throw out our usual disclaimer, even though on this episode, we’ll be talking primarily about Druva.

This is not a Druva podcast. This is my independent podcast. And, uh, the opinions that you hear are mine and Prasannas. We work for different companies see, actually happens to work for Zoom. And I do work for Druva, but again, this is not a Druva podcast. Uh, if you do, uh, if you do enjoy what you hear, please rate us at ratethispodcast.com/restore.

If you don’t like what you hear, no need to rate us. .

[00:03:56] Prasanna Malaiyandi: And

[00:03:57] W. Curtis Preston: If you’re interested. Yeah. If you’re, yeah. If you’re interested in what we, uh, in what we’re doing here, And you’d like to join the, the conversation, just reach out to me @wcpreston on Twitter, or wcurtispreston@gmail and we’ll get you on

here. And, uh, but it’s been a, it’s been a big week for Druva. Stephen actually it’s been a big month because it wasn’t that long ago that we had the security release, Right.

Like it all blurs together. After a while

[00:04:25] Stephen Manley: Yeah. I mean, if we, if we, if you, if you view month as 30 consecutive days, as opposed to, you know, the arbitrary, you know, calendars, cuz you know, it is

[00:04:34] W. Curtis Preston: Right, right,

[00:04:35] Stephen Manley: then. Yeah. It’s true. If, if you’re counting three days into

August, I feel like you’re probably overreacting.

[00:04:42] W. Curtis Preston: Yeah. Let’s first talk about the security release and, you know, it’s interesting the way we do things, right? Because we, we come out the way we do development. We come out with lots of little features, uh, you know, we release them one at a time, uh, via that agile development process.

You would know that more than I would. Uh, and then we. Batch them together into what we call a release and we had the, the security release. And how, how would you summarize that

[00:05:13] Prasanna Malaiyandi: Real briefly, before you talk about security release, can you briefly give a description of what Druva is for some of our listeners who may not have


[00:05:21] W. Curtis Preston: a good point.

[00:05:22] Prasanna Malaiyandi: about our podcast before or the company?

[00:05:24] Stephen Manley: Sure. I I’m happy to do that. Uh, so, so Druva is a data protection as a service company. So if you’ve got laptops, desktops, data center, applications, cloud native applications, SaaS applications, like Microsoft 365 Google workspace, Salesforce. And you wanna have that data protected for you. So you’re not managing boxes, you’re not managing processes.

You’re not managing, you know, capacity planning. And it just all happens for you. That’s Druva. Then on the backend, we’re storing the data. We’re archiving the data we’re doing Dr. For you. We’re doing ransomware protection. You know, we’re doing compliance governance. We’re giving you insights into the data.

And again, the main point behind all this is, we do all the work for you because. I have yet to meet a person who says I’d love to spend more time working on my backup environment.

[00:06:12] Prasanna Malaiyandi: Curtis. Yeah,

[00:06:13] W. Curtis Preston: Yeah, that to me. Although, although, although I will say I much prefer doing restores.

Oh, oh.

[00:06:21] Stephen Manley: used the working

like spending time with the backup

environment, but the working


[00:06:29] W. Curtis Preston: Yeah, I, I will agree. I mean, I mean, one thing, you know, I’ve been in backups for, in not too many months, it’ll be 30 years. And one thing that’s never changed is that nobody wants to be the backup person. Right. Um, it, it that’s literally. I mean, that’s how I got my job right back in, uh, January of, of, of 1993.

Right. Um, that, that this guy didn’t wanna be the backup person. And so he gave it to me cuz he wanted to move on to be a, a real SIS admin. Right. Uh, so yeah, so, and that’s but the thing is it’s wouldn’t you agree, Stephen, that it’s moved. To the front though, like backups have gone from this sort of back of the room, back of the shelf, uh, thing it’s moved to the front because of what’s happened with ransomware.


[00:07:21] Stephen Manley: All three of us on this podcast might actually have all started as our first jobs as, as be, I know mine was, was like yours, Curtis. There was somebody at NetApp who had worked on the backup stuff. Uh, and it wasn’t actually working, but he was far more senior to me.

I was the new college grad and like, Hey, you could go fix this person’s work. Uh, because they don’t wanna do it. Um, and I think Prasanna, you came in kind of the same way on some data protection stuff too. Right. So, so, so I think the shift is that we went from, oh, you’re doing this because no one really wants to do it.

No one cares to now it’s, it’s so scary and complicated and there’s so much writing on it. You almost don’t want to do it because it’s all, there’s all the downside and the upside’s not great. So because it’s it’s front and center because it’s so

hard, you, see a lot of people going, Ooh, I don’t do I really can’t.

We make that someone else’s problem.

[00:08:14] W. Curtis Preston: Are you, are you saying it’s the third rail in the data center?

[00:08:17] Stephen Manley: It, it’s getting awfully close to that. I, I probably, there’s probably something in networking. That’s probably worse at this point that, that P you know, cuz everyone always goes, oh my God, the, you know, wifi maybe. Uh, but, uh, but yeah.

[00:08:32] Prasanna Malaiyandi: Well, well, and I think some of it also comes down

to it’s a little bit about risk management, right? Anytime you’re there in an environment trying to reduce risk, right. It’s not the same way as like increasing revenue or productivity or other aspects. And so you kind of have that stigma associated with it as well.

[00:08:48] W. Curtis Preston: Well,

[00:08:48] Stephen Manley: if you get it right, everyone says, you know, yeah, that’s what we paid you for. If you get it wrong,

you’re fired.

[00:08:54] W. Curtis Preston: right. right. No, you’re, you’re either invisible or you’re fired.


No one’s ever heard your name or everyone knows your name and neither of those are good. right.

And, and the thing is what, what, I guess what I was alluding to before is that. Backups used to be this thing sort of in the back of the data center.

And, and you didn’t have to worry about the security of the backups itself. Right. But now we know that ransomware groups are specifically targeting backups and they’re, they’re taking the backups out first because they know if they can do that, they can make a much stronger argument to, to get the victim to pay the ransom.

[00:09:36] Stephen Manley: Yeah. Uh, that’s a really good point. And I think that’s one of the challenges that we see in backup teams today is it used to be the sort of thing that they just had to do. And again, it was, it was that, you know, the group that worked in the basement, no one talked to ’em you, you just got your job done.

You put the tapes on the truck and, and then, you know, you, you either went home or you slept in the basement one or the other, um, Where, whereas today the backup admin has to work with the security team because are my backup secure. And when ransomware attack happens, you’re part of the process to, to do forensics and recover.

You’ve gotta work with the application teams, cuz I don’t wanna just recover data. I wanna recover apps. I’ve gotta work with the cloud team. It’s got tentacles everywhere. It’s a complicated, hard job that, that isn’t just about tech anymore. It is. It’s a lot

about connecting with different people.

[00:10:25] Prasanna Malaiyandi: So I know you talked about Druva being backup, compliance, everything else. And now you’re talking about ransomware and having the backup team, working with the security team and the application team. So what is this new security release that Druva just announced?

[00:10:39] Stephen Manley: In my mind, it’s really, it it’s three things, you know, there there’s a lot of parts to it, but when you break down a, a recovery from a ransomware, the first part is always, I need to make sure my backups are there and they’re recoverable because that’s, that’s, that’s the basic. And so in this release, we, we added the data lock option, which really gives you that, you know, this backup can’t be deleted no matter what happens.

And so you know that your backup’s gonna be there. Then the second part is you wanna be able to, detect and minimize the possible damage of a ransomware attack, cuz no matter how good your defenses are, someone somewhere is gonna click on a phishing email and you’re gonna get hit with ransomware.

And so, you know, our security posture really helps you understand, you know, how can you bring your environment up to best practices so that you, you you’ll have minimal impact from, from being hit. And, and then, and then the last part is, is, is that detection piece. So looking at the observability saying we’re tracking what’s happening, not just from a data change, but also, uh, unusual administrator behavior, unusual settings, you know, all the things that could highlight that someone has gotten into your environment that is doing something bad.

Uh, so, so that you can stop it and start that forensics and recovery process as soon as possible. So your business is up and running. So, so it’s really those three chunks that, that we focused on in this release.

[00:11:59] Prasanna Malaiyandi: Gotcha. And going back to sort of Druva as that managed service, I’m assuming in some large companies, right. They probably are doing this in some sort of manual way where they’re standing up sort of SEIMs analyzing data if possible. At least looking at the admin actions. Right. But going back to what you were talking about, like Druva helped you sort of simplify that And gives it all to you as kind of a service.

So you don’t need that person. Who’s an expert at that.

[00:12:25] Stephen Manley: Exactly. And then, and then for those larger companies, we will then feed the, the, the alerts and the things that we’re figuring out into their SEIM, so they can make it part of an even larger rule set because unusual things happening in your backup environment, combined with other, you know, sort of other triggers may, may give you that, that sort of certainty that yes, I am under a

ransomware attack.

It’s time to pull the big red lever and, and get the company in, into ransomware recovery.

[00:12:51] W. Curtis Preston: Now, uh, just curious, uh, although,

you know, I know the answer to this question, but you’re on the hot seat today, buddy. So you, you mentioned about this data lock feature and that sounds good, but didn’t you already previously talk about. That backups couldn’t be deleted. So how is this different than what you already had?

[00:13:12] Stephen Manley: Yeah. Some, someone, I, uh, someone I know well talks about immutability as being, you know, a bit of a, a, you know, a continuum, a sliding window, if you will. And

so if you think about though slightly overpaid, but anyway, the, the, the, the way to think about it is. You know, Druva for the longest time has basically said, look, here’s what we’re doing is your backups are already off-site.

In the cloud under separate account control, because again, SaaS service Druva’s in control your backups. Um, the data is de-duplicate compressed, encrypted, sharded, uh, in object storage. So it’s largely inert in like a big jigsaw puzzle that no one can do anything with. Anyway, until Druva puts it back together, you know, in conjunction with, with the customer’s requests, , in an environment that doesn’t really have persistent compute running. So there’s not even a place for ransomware to, to sort of launch attacks against your backups. So your backups were already, you know, unmodifiable, inaccessible to the ransomware. Um, but what we did find is that, uh, again, the, the ransomware attacks get smart.

So they weren’t just going after the backup server anymore, they were trying to social engineer to get to complete control of our, our customer’s environment. So, you know, passwords access the whole deal. In which case, now the ransomware starts to look like an insider threat because they literally have control of your environment.

And so. Those insiders are smart. They start to go, well, what if I just delete all the backups? I don’t have to, to get into the Druva cloud. If I simply make it look like the administrator’s trying to delete all the backups or set the retention to one hour or stop scheduling backups or any of those sorts of things.

And so the immutability was all about, look, even if someone, you know, becomes Curtis the administrator, they can’t delete those backups. Now we already had protections in place that, you know, if they became you, Curtis, you know, we’d be able to recover those backups for another week. And, and we would again be detecting the unusual patterns, but this just gives you that extra degree of, of belt suspenders and something else that would hold up your pants that I can’t think of.

Right. Anti-gravity

[00:15:28] Prasanna Malaiyandi: so having worked in the storage industry, Stephen, right.

A lot of people have very specific definition of what immutability means. Typically it’s just at a storage layer. It looks like what Druva’s offering is you’re protecting customers by giving them that same guarantee that their backups aren’t going away, which is

what the storage immutability gives.

But you’re doing it at sort of from an admin perspective and protecting the front end as well because normal storage immutability wouldn’t prevent someone from stopping your scheduled backups from happening or other aspects.

[00:16:01] W. Curtis Preston: right. Cuz it’s immutability for, for all aspects of the Druva environment, not

just your backups. We could have used object lock, right? Because we use S3, we could have used object lock, which means that when a backup is made, a customer’s backup is locked by AWS and nothing can ever be done.

You know, there’s no way to get out of that. That does occasionally create, um, Uh, compliance issues where customers comes and says, you know what? I know I told you that I didn’t want to be able to delete any of my backups. There’s this thing that we back up that we really need to get rid of all evidence of et cetera, et cetera.

Cetera, we do have a process that it’s not through the UI. You have to contact support. There’s lots of legal stuff going back and forth to make sure that we’re talking with the right entity. Uh, we are able to selectively allow you to go in and delete that. You wouldn’t be able to do that if we had used object lock.

I wanted to discuss that because I, I really saw that as we needed to come out with those features in order to do the thing that we just announced, uh, we’re actually recording this on the day that.

That the, this thing was announced and this’ll, this’ll go live, um, next week. But, um, talk to me, Stephen, about the, you know, the thing that was announced today.

[00:17:24] Stephen Manley: Yeah. So today Druva announced its $10 million data resiliency guarantee and. You know, you hear that term. And, and the first thing I wanna do is just, just tease apart. What are the two things in this that, that make it make it special? Because there have been guarantees in our, in our part of the industry before.

Uh, and so the first part that I think everyone’s gonna be able to get pretty quickly is that’s 10 million, which is twice as much as 5 million, which was the highest guarantee. So double the size, right? So let’s get that one out of the way. That’s the easy one. The main purpose though behind it, isn’t so much at all.

We, we put in twice as much for twice as confident though. It’s true. Uh, the main purpose was the fact that the guarantee covers a lot more. Because, you know, we’ve gotten so focused on ransomware. Look, ransomware is a huge deal, but you know, if you look at the set of Druva restores and, and people restoring Dr.

Data from Druva. Basically 24 by seven, right? Given we’ve got thousands of customers globally, most of those restores are not because of ransomware attacks. They’re because of, you know, natural disasters or system failures or users do something or applications fail, or administrators configure all those sorts of things still go wrong.

And so the whole point in the guarantee was five SLAs. And it all started with reliability. You know, anytime we talk about recovery and, and, and Curtis loves recovery, but it, you know, to be able to recover, you need a good backup. And so this is where we said, you know, we’re gonna, we’re gonna guarantee 99% successful backups.

Um, then, you know, the, the next thing is all right, so now that, that data’s been backed up. All right. Let’s make sure that it can’t be hit by, by ransomware either, uh, exfiltrating the data or breaking confidentiality or deleting the backup. So a hundred percent guarantee that if you do a backup successfully, You know, you’ll be able to restore that backup, um, regardless of ransomware attack, uh, as well as you know, that data’s never gonna get compromised and spread, then you get to, to the next piece, which is, but of course, I might need to restore this 10 years from now.

That’s not a ransomware attack. That’s, Prasanna’s probably getting sued for some reason, and we need that data back to prove that in fact, he came up with that IP or, you know, whatever that is, that that happens. Uh, and so, so, so now it’s the we’re going to be able to, to, you know, that that durability of data, the five, nine S is gonna be recoverable.

And then the last part is, look, if this is a service. Better be up and running because if I need to get something outta my service and I get the, you know, the spinning circle that says it’s not running, that’s super bad. So we have the 99.5% availability, uh, guarantee as well. So we wanted to make sure people knew we’re guaranteeing their end to end data protection, not just like one little piece in saying, and the rest is all up to you.

Good luck. Uh, but that, again, as a service, we’re covering the whole thing.

[00:20:28] Prasanna Malaiyandi: I like the five points. I like that. It’s very simple. And you articulated it really well. Um, one question I had is why was like the percentage for backups at 99. I think you said 99%, right. And not a hun. Yeah. And not a hundred percent successful backups. why

why that 1%.

[00:20:50] Stephen Manley: And the reality is I think anybody who’s, who’s been in the industry for, for a long time knows.

Yeah, backups fail for reasons that, that, you know, the Druva cloud can be up and, and everything’s going well, but your server goes down, your network goes down, um, you know, your system is overloaded. Uh, you know, because we do endpoint backups, you know, someone shuts off their laptop.

It’s really hard to get a backup of a system that’s shut down. Yeah. So, so, so, so the, the reality is, as you know, We’d love to get to a hundred percent, but we do live in the real world. And in the real world, there are external factors that can cause backups to fail. And, and so we went through our numbers and said, this is, this is a, a credible reasonable number that Druva is able to deliver. Let’s put our stamp on that.

[00:21:40] W. Curtis Preston: I would put that next to the durability, uh, guarantee, because what we’re saying is 99% of the time you ask us to do a backup we’ll, we’ll get that done. Right. And if that one doesn’t work, we’re gonna retry and, and get another one and get that one successful. Right. But once we get that backup done and successful, we’ve got five nines of durability that once it’s backed up, we’re guaranteeing that we will be able to recover that backup.

[00:22:06] Stephen Manley: We did mention we’re on S three. Um, and, and some of our metadata is stored in, in other other AWS tools. Um, itself has certain reliability durabilits guarantees. So again, as I look out. 10 years, 20 years, life of patient plus seven years. Um, you know, we are potentially talking about restoring data from 50 year. Well, obviously we don’t have 50 year old data yet, but, but as, as you know, as that time goes. And so, so there is some room there for, you know, how do you manage bit rot and things like that.

[00:22:37] Prasanna Malaiyandi: so are there certain things A customer has to do in order to qualify? Like I know you mentioned okay. You wanna make sure that your backups are successful. There are certain things that are outside of your control. Um, are there other things A customer has to do in order to qualify for this guarantee?

[00:22:53] Stephen Manley: A absolutely. That’s one of the things that is important to me about this. And, we were talking to, to someone in the press who said, you know, is this release really just sort of a marketing fluff thing meant to get some attention or is this real?

And frankly, that’s a really good question, because I would imagine a lot of people who have been in this industry for a long time, right? Whether you’ve seen Tommy boy or not, you know, that warranties and guarantees, don’t always mean something real. And so some of what we wanted to do is we, we did wanna put some, some, some teeth behind it to make sure that, you know, the, the, the customers treat it seriously as well.

And so, uh, so some of the gates here are you do have to have the, the, the data lock feature enabled. You do have to, uh, you know, get the observability suite so that you can be monitoring for the ransomware protection. You are gonna have to go through sort of a security health check with us to make sure that again, you’re configured reasonably, right?

I mean, if, if you’ve got the world’s worst setup, then I’m not gonna get 99% backup reliability or the security because. You know, you’re handing out your password to, to everybody that’s posted on your, your window outside. That’s that’s not gonna work for us. So,

[00:24:04] Prasanna Malaiyandi: And that’s probably some like the best practices. That’s probably things companies should be following already. And if they’re not like, I know we had Curtis, we had snorkel 42 on the podcast, right. Talking about, Hey, here are some basic security things. Even if you don’t have a CISO, you should be doing.

And a lot of ’em were very basic things that most companies can do and prevent a lot of ransomware attacks or other intrusions.

[00:24:28] Stephen Manley: Yeah, well, one, one of the things that I, I talk to our customers about a lot

is. Because almost like Curtis’s point on immutability, never being a hundred percent, you’re never gonna be a hundred percent protected from ransomware because you do have users, you do run a business. Security is always risk management, but the customers that I have seen that are more successful, there’s two things they do.

And this is almost that model of, you know, you drive through a neighborhood and you see people with like the thing in their lawn that says protected by XYZ security. of what you’re trying to do is just show external attackers that you’re probably well protected enough that there’s an easier target somewhere else.

And I know it, it sounds bad because it’s basically saying go hit my neighbor instead of me. But the reality is this is your business. This is your livelihood. So if you follow these best practices, there are enough easier targets out there that most of the ransomware, you know, attackers will focus on those.

So if you do those best practices, right, and you get the basics, you know, again, you don’t have to be faster than the bear just gotta be faster than you. Uh, that that’s one. And then, and then the second one is if you get hit and you are able to recover quickly and not pay the ransom again, the, the odds of you getting hit with lightning twice drop a lot, because what’s the point of hitting somebody that’s already shown that they can resist.

So this is the old perfect is the enemy of the good. Do the right things, do the basic right things, you know, do the health check with us and the chances of you being attacked actually drop a lot. Not because your security will be perfect, but because it’ll be better than everybody else’s.

[00:26:06] W. Curtis Preston: Yeah, I like that. And by the way, I do have it on good authority that. If you happen to go to eBay and you buy the signs from XYZ security company that you put in front of your door that say protected by XYZ security company, but you don’t actually have the service. Um, you will receive a call from XYZ security company that says, Hey, um, we noticed you have signs out front of your house that say you’re protected by us, but you’re not. Would you like to actually have service? I’m just saying on good authority that that’s what will happen

[00:26:41] Prasanna Malaiyandi: well, I, well, and here, but here’s the other thing about that challenge with that though? Curtis is there have been alarm systems in the past that have had, vulnerabilities and actually advertising that you have XYZ system may actually not be the best approach because it can also help the people identify, Hey, that’s a house I should actually.

So it kind of goes both ways.

So you have this guarantee in place. You help the customers go through, make sure everything’s set up. What happens if or when they get hit, like, are they supposed to reach out to you? Right.

Like what does that look like? How do they know? Because I know usually you have a ransomware playbook.

When we had Tony Mendoza from spectralogic on and they got hit with ransomware. He was walking us through the fact that they had no playbook. and so they worked with their cyber insurance company to sort of get things going. What happens for these customers? Like how is Druva helping them with that playbook?

If you will.

[00:27:33] Stephen Manley: So I’d break that into, into two questions and, and, and so the first one is, uh, again, one of the press people called, how do I win? Right. So, so it’s the, how do I get this payout? And, and to your point, Uh, basically it’s, it’s, it’s a real simple form that if the customer feels like I’ve had a lot of backup failures lately, or again, you know, I wasn’t able to recover my data.

You know, it’s, it’s a real simple form. They file, uh, with Druva and then obviously we, we work with them to, to diagnose and, and job one’s gonna be first, let let’s get your environment up and healthy. And then job two is, is, you know, Let’s figure out what sort of compensation you deserve. Uh, so, so yeah, so again, the goal here is to make it pretty easy for them just to, to submit a claim and then, and then, and then process that now I think the second part is if they’re hit with ransomware.

Yeah. Druva has a lot of playbooks in terms of. This is how you respond to a ransomware attack. Um, you know, ranging from these are your first step, you know, core. Your backup should be quarantined to here’s the logs you’re gonna need for your forensics to here’s how you’re gonna do sort of a sandbox recovery.

Here’s how you can scan for malware. So you’re not gonna recover it. Here’s how you get a golden image of, of your data. That, that has sort of the latest, good version of every file. Here’s how you can bring that data back into your environment and get yourself up and running. So, so, so we definitely wanna help them recover from ransomware, but again, if something goes wrong, if we don’t meet our SLAs, then absolutely we would make it easy for them to file a claim so that they can, uh, quote unquote, win.

[00:29:09] Prasanna Malaiyandi: And I think,

[00:29:11] W. Curtis Preston: Oh, I’ll, I’ll put something on top of that, Stephen, cuz I know one of the, you know, we we’ve been working on this for a little, you know, for a minute as the young kids would say. One of the things that we had to do was to give the customer easier. Uh, an easier way to see what metrics they have.

Like we already had these metrics, we were monitoring the metrics, but we didn’t have an easy way for each customer to see what their personal metrics were. Right. So I know that we, we did some work in the back end, so that the customers could see what their SLAs, you know, whether they’re being met or not met, which would be sort of the first step of, Hey, I’m at a 97% success rate on my backups.

Then they go to that they go to that, uh, that form

[00:29:57] Stephen Manley: It’s one of the things, obviously, you know, if people. Don’t know on this podcast Prasanna. And I worked together for about a billion years, including at EMC. And, and one of the nice things about being in a SaaS company is you look and say, boy, I’d really love that statistic.

I’d love that piece of telemetry and you pop it in. And two weeks later, you know, the, you get your, you get your update and suddenly you’re getting that telemetry. So you can get that reporting. You contrast that to back in the old days. Where it was like, all right. So we know we need this piece of data.

All right. We’re gonna get it in the next release, the next release ships in 18 months. Okay. So then after it releases in 18 months, it’s probably about six months before any customers really deploy it outside of like their test environments. And then another 12, pass that before the enterprise customers really roll it out in fury.

So if we put these numbers in today three years from now, we’ll finally start to get data. So, so yeah, it’s been nice to be able to just say, yep, you’re right. We need that stat put that stat in and now, you know, to your point, Curtis, we can, we can, we can actually calculate and share these numbers.

[00:31:05] Prasanna Malaiyandi: I was just recalling those days and it’s like, yeah, if you didn’t plan ahead of time for when the first release goes out of, Hey, here’s all the telemetry and stats I need, then good luck trying to get it in. Anytime later.

[00:31:17] W. Curtis Preston: yeah, it’s on that huge list of why SaaS. Right. And, and why, when we look at these other vendors, you know, I won’t name any of them specifically, but other vendors that are lift and shift. Right. They have a traditional development model for their software. That’s based on a traditional delivery model. And then if they have a, if they also have a SaaS based service, they’re basically behind even that.

Right. I mean, maybe they’re on par, I don’t know, in terms of their release dates, but it’s essentially. It’s a traditional delivery model. It’s not features released every two weeks. That’s a really good, that’s a really good point. Uh, Stephen.

The other thing, Prasanna, is that when you were asking about, there was a question you asked earlier, I can’t remember as you can’t remember which one it was, but when you, you were asking about what’s the, like how you qualify for the guarantee. One other area, when we compare our guarantee to some others, right?

Is that they have some odd exclusions. That we do not have. Our exclusions and inclusions are all, I would say common sense. You need to have health checks. You need to be following our best practices. You need to be using the appropriate level of service that has the features in it that we’re counting on in order to deliver these SLAs.

We don’t have weird things like, oh, and by the way, if you’re the reason you got ransomware, we’re not gonna pay the guarantee. Right. There are other vendors that have guarantees. As I make quotes in the air that, that have weird legalese exclusions in them that say things that sound like if the reason you got ransomware was internal negligence.

Um, what we’re saying is like, we don’t care how or why you got. We’re not looking for excuses to not pay a guarantee. We’re just wanting to make sure that we’re all on the same page here. Right? You follow the best practices. We follow the best practices, you know, you’re using the right level of service, et cetera.

Um, I, I, you know, I participated in the review of this document, uh, that, you know, the, the actual legal document and we worked very hard to have limited legalese nonsense. I mean, it’s a legal document, so there’s, it’s full of legalese, but I, I don’t recall seeing anything that, that seemed like, oh, we’re, this is just there. So we don’t have to pay anything. I don’t know if Stephen, you have a comment on that.

[00:33:57] Stephen Manley: I think you were the one that pointed out initially the, the, yeah. If it’s internal negligence, I was like, man, what ransomware attack isn’t because of internal negligence, it’s always because someone clicked on an email or a text or they went to a website they weren’t supposed to, or something to that.

How else do ransomware attacks get in or, or, or someone shares a document and maybe you should have scanned it or something. But, so, yeah, so to me that was why I think so many people in our industry, anytime they see one of their guarantees, their very first thought is okay, so yeah. So what’s the fine print.

How, how are you going to make sure that you never pay me? I agree, you know, our, our goal was. We believe in our service and something that I think you pointed out is on most of these things, they were already part of our contract anyway, so we’re drawing attention to it, but this isn’t like a whole bunch of new stuff.

We came up with to make a press release. It’s like, oh man, if other people are making noise about stuff that isn’t even that realistic, we should probably make noise about the stuff that we do, that, that affects people on a daily basis.

[00:35:06] W. Curtis Preston: Yeah. And, and I know, I know the clause that I’m making allusion to in that other company’s ransomware guarantee . Um, and I know that they argued it doesn’t mean what we’re saying that it means.

And I’m like, but it sure really reads that way. Like, you know, I don’t know if you’re familiar with the the plain English interpretation concept in law.

And it’s like, so what does a, like a regular person reading that What does that mean? And, and it reads that, way, but, but what’s worse. What’s worse is the language is actually, at best, ambiguous and you could interpret it to mean either thing. And that is not a good place to be in. If you’re on the, you know, the potential receiving end of a guarantee, that’s poorly worded.

[00:35:52] Prasanna Malaiyandi: I think what Druva is doing and even some of the pseudo, so I should say guarantees in quotes. Right. I think though, in the end, it’s good for the end customer and the end user, right. Because it’s actually putting focus on yes. There are ways to protect yourself from ransomware. Taking hold of your environment, right?

Deleting all your backups, which is your last line of defense. Right. And being able to detect it. So I think all of these things are good for the end user and I’m hoping more companies take Druva as sort of a guiding principle or a, uh, A thought leader in this space of being like, Hey, by the way, now I wanna make sure that the products I build are following that similar, uh, vein, because consumers should be asking For, the exact same sort of protections.

If they’re using a different backup product as well, being like, Hey, Druva’s offering this guarantee, how are you protecting me from making sure my backups aren’t deleted or being able to detect when settings are changed and other things.

[00:36:53] Stephen Manley: And, and, and I think from an infrastructure’s perspective, I think it’s also a signal of the shift that we’ve been trying to do. And you, you and I certainly for, for 20 years is shifting the discussion away from. Here’s a piece of technology. Good luck with it to look you’re, you’re buying this to, to for some end result.

Right. And the more that we shift towards these SLA type discussions versus I do deduplication well, great. You know, but, but really all I care about is that my backups are done and they’re done on time and they’re recoverable and how much you’re gonna charge. Frankly, I don’t care what technology you use underneath.

I just want the result. And I think the more that the technology industry shifts towards results away from mechanism. I think the happier customers are gonna be.

[00:37:42] W. Curtis Preston: that. And I’m gonna take that as a super easy segue to the final topic, which we’re just gonna talk about for a couple of minutes. And that is the fact that Druva was announced again, as a visionary in Gartner’s latest magic quadrant for enterprise backup and recovery solutions. And also, um, you know, we are definitely pointing out that we are the vendor that moved the farthest in both, both axes, right? Completeness of vision and ability to execute. Uh, it’s difficult to move in these quadrants as you know, anybody who’s been in this space is aware, uh, but we moved more than any other vendor on both, uh, axes.

And I, I think that’s a pretty big, um, you know, pretty big deal. Any, any thoughts on that?

[00:38:26] Stephen Manley: I think for me, one of the things that, that, uh, you know, We see again, last year, Gartner shifted the quadrant from data center, backup and recovery to enterprise data protection, which was a huge shift because it was acknowledging that data’s not just in the data center anymore. I think that what we saw this time through, you know, why did Druva move so much?

I think part of it is, again, as, as we’re growing, we’re getting new customers, we’re getting larger customers. We’re getting, you know, customers with with more depth with, with more, you know, sort of. More more workloads and applications. Again, I think Gartner takes a lot of phone calls from customers.

They’re seeing the trend that people are shifting more to this new model because they want the results. Um, and, and so, so I think to, to me, you know, it’s reflective of all the hard work that we’re doing in combination with the fact that I think it, it is meeting what the market wants. I think Gartner is, is, is recognizing, you know, what we’re doing.

And, and I think where the market’s going.

[00:39:26] Prasanna Malaiyandi: Sometimes it takes time for the ship to turn. Right. And it looks like now you have that validation, right. From a large industry leader, like Gartner.

[00:39:36] W. Curtis Preston: mean, you know, are we disappointed we’re not in the leader quadrant? Of course. Right. But you know, the thing is, And again, reminding this is an independent podcast, um, you know, Gartner and a lot of, I don’t think a lot of people realize this, but Gartner puts a lot of weight on revenue size.

Right. They put a lot of weight on revenue size and also. How big are your biggest customers. And that’s what determines what, that’s not the only thing obviously, but that is one of the things that determines what quadrant you end up in. And, um, you know, the other folks that are up there, they are bigger companies than we are. Much bigger in some cases.

Right. And so they will continue to have that advantage, but we are moving and we’re catching up, uh, and we’re moving in the right. direction.

[00:40:25] Prasanna Malaiyandi: Is there a place that Druva is offering a read out of the magic quadrant for our listeners or,

[00:40:32] W. Curtis Preston: Druva.com.

[00:40:34] Prasanna Malaiyandi: okay.

[00:40:35] W. Curtis Preston: we’ll put a link, we’ll put a link in the show description, but yeah. Thanks for, thanks for that softball question there. Uh, Prasanna, but yeah. Um, yeah. Yeah. Druva.com and, um, anyway, well, let’s, you know, um, Stephen, thanks for coming on and, you know, taking the questions.

[00:40:53] Stephen Manley: It’s always fun talking to you guys. And, uh, again, I think the important thing that everyone should walk away from this podcast on is, you know, just like your wifi, your backups should just work. You know, if you’re spending a bunch of time tuning it, you’re probably doing it wrong.

[00:41:10] W. Curtis Preston: Wow. What do you think of that Prasanna.

[00:41:13] Prasanna Malaiyandi: That.

[00:41:18] Stephen Manley: don’t

[00:41:19] W. Curtis Preston: persona.

[00:41:20] Stephen Manley: don’t cry. don’t cry. It’s

[00:41:23] Prasanna Malaiyandi: Yeah.

[00:41:24] W. Curtis Preston: Don’t

[00:41:24] Stephen Manley: some people like to

[00:41:25] W. Curtis Preston: cry. All right. Well with that, I will put an end to his madness. Uh, thanks everyone for listening. And, uh, you know, you’re why we here and, uh, remember to subscribe so that you can restore it all.

%d bloggers like this: