The virtual roundtable was hosted by Scott Morris, Vice President of Sales for APJ, Druva and Bakshish Dutta, Country Sales Manager, India and Saarc, Druva. Below is a snippet from the interactive session:
Question 1: Is there no commitment from an MSP? Especially in comparison to what’s been followed all these years. So, how is it connected? Can you briefly explain the standard model for this?
Scott Morris, Vice President of Sales for APJ, Druva: Yes, of course there is a commitment. We work on a subscription based service which effectively means it can be turned on/ off instantly. The Druva Data Resiliency Cloud negates the need for MSPs to buy any hardware or software. Ideally, this allows MSPs to begin monetizing right from day one because there’s no need to sink one’s capital into heavy infrastructure. Additionally, our customer base include those that are either existing and/ or serving from an existing capability but wish to migrate into a more efficient and effective way of monetization.
Question 2: Basically, you’re pushing around a service through an MSP, right?
Scott Morris, Vice President of Sales for APJ, Druva: Yes, correct. So it’s an aggregate model. Our minimum monthly commitment is 10 customers a year. This does grow incrementally for each and every subsequent customer they bring on. The underlying minimum commit can either be consumed or increased in order for the MSP’s to make more money and also to obtain a higher discount from Druva the next year of the program.
Question 3: And, would they require any kind of configuration at their end in pushing your service from an infrastructure?
Scott Morris, Vice President of Sales for APJ, Druva: Well, there is no pre-provisioning that is required which means there is no need for maintenance or sizing or upgrades that need to be performed. The idea is to stay focused on the core objective of identifying customers and bringing them into the MSP portal. We have built a unique console for the MSP community which helps create a true multi user, multi-tenant view of the user’s underlying assets. It’s a multi-tenant portal that allows an MSP to see all the customers at a top level, and then individually and securely manage each one of those customers with their own individual capability. So, MSPs now become an aggregator of the complex traditional solutions where they were used to putting in individual siloed solutions from the vendor and manage them as such.
Question 4: Are you looking at putting a class of MSPs that would fit? How do you approach this or how are you offering this program? What’s the like- mindedness that you’re looking for from an MSP point of view?
Scott Morris, Vice President of Sales for APJ, Druva: What we are looking for is partners. MSP partners typically have got a very strong alignment to cloud migration and that is in sync with what both IDC and Gartner talk about- enterprises transitioning to cloud based workloads. Additionally, many of these customers while transitioning the on-prem traditional infrastructures to cloud, are also looking at how to remove other complexities. This is why they generally work very closely with an MSP that is not only helping them migrate, but also then helping them manage these complexities in the background. So, they become ideal candidates for us. And clearly, as you look at those MSP priorities, any MSP that views backup and recovery, either as a top priority or a growth area, becomes an immediate prospect.
Question 5: And would there be any play for players like Amazon, or the hyperscalers?
Scott Morris, Vice President of Sales for APJ, Druva: So, we already have a hyperscale offering. We’ve built our platform on AWS which means we’re already a native in cloud solutions. In fact, we are the third largest ISV in the APJ (Asia Pacific and Japan) community today. Druva sits as one of the largest storage consumers globally. So we, in our own right, are a very strong partner to AWS and, we’ll be working closely with them to look at who are the most aligned service providers that we could potentially partner with by adding this incremental backup capability.
Question 6: Druva achieved 100% growth last year, this year, how do you find the landscape to keep your flock together, specifically OEM partners, ISV alliance partners and service providers in the region? Also, how are you looking at the strategy to engage with startups this year, as we are witnessing lots of soonicorns in this region?
Scott Morris, Vice President of Sales for APJ, Druva: Growth continues to drive us. In fact, the data resiliency cloud really is the last bastion of on-prem infrastructure. Today, it is nearly automatic for people to think, “Well, we’ll take a SaaS solution for that”. Some, 5- 10 years ago, you wouldn’t have considered a relational database in the cloud but it’s now automatic- relational database, CRM systems etc. Even email is considered on G- Suite or 365- it’s natural to now assume a software as a service provider becomes almost your default starting point as opposed to an on-prem solution.
Today, Druva is on that pinnacle. And while you see the growth that we’re seeing, backup is yet to be defaulted to software as a service as the primary mode. Druva is unique in the fact that we’ve been doing this now for 10 years. There’s a lot of startups in the backup and recovery space, all clamoring to provide software as a service solution. Druva has done this at an enterprise scale. We’ve got thousands of customers globally, protecting and being protected by this platform, and roughly 15% of these customers are in the Asia Pacific marketplace, and we continue to witness very strong, continued growth. India was one of our first markets that we opened up in Asia Pacific.
We introduced the multi-cloud concept which is wherever you choose to put your workload and how you decide to protect that under a single platform approach, ensuring that it gives you the highest level of security, recoverability and protection.
When it comes to OEM partners, Dell is our first, globally and it still is a new relationship with two full quarters in. At all levels, across US, Europe, and Asia Pacific, we are engaged absolutely in lockstep- sales team to sales team in the field. Dell has a huge install base of traditional on- prem solutions that reaches this huge target market and all of their competitors are consistently pecking away at them from the outside. Dell EMC PowerProtect Backup Service is 100% OEM and powered by the Druva platform. This now gives Dell a very credible story of how they went from traditional on-premise to a cloud based software as a service offering while maintaining and protecting their customers without having them eroded away to these other vendor competitors.
We see many collaboration points, of course, as we continue to develop the product. SFDC from a Salesforce Sandbox Seeding point of view becomes a potential point of leverage. The relationship that we have with the ability to leverage VMware’s VMC product in terms of disaster recovery- be it on- premise or on cloud. The Druva Data Resiliency Cloud capability allows them to not only back up the virtual machine infrastructure into the Druva cloud platform, but as DR (Disaster Recovery) capability helps them move back up into a production workload back to on- premise. We become an enabler for these organizations. So, in short, now, as we go forward, you’ll start to see tighter integration from a security standards perspective.
Question 7: IDC and other studies show that SMBs, particularly in APAC, are highly targeted by ransomware attackers. SMB companies depend on MSPs for security. How are you enabling MSPs to help recover their data after a ransomware attack? What about immutable backups and the 3-2-1 backup model? How does this fit into the Druva cyber resiliency cloud?
Scott Morris, Vice President of Sales for APJ, Druva: We do subscribe to the 3-2-1 backup model. But there are multiple availability zones in the cloud- multiple redundant copies of that. One must remember that today, malware and ransomware is becoming extremely clever. It’s not just the software that’s running around, its individuals and people that create the risk of a bad act getting in. So, when we think of a security to overlay that, we simply follow a zero trust security model, which means never trust anybody, always assuming that somebody is a bad actor. And, so with that sense of heightened security, it allows us to do some really interesting things.
Now, when it comes to encryption as a key capability, we have a general encryption capability that only allows the customer to de- encrypt their own data. We don’t see our customer’s data. The architecture and design of our platform only allows the customer with their key to see their own data. So, tomorrow even if a government came along and asked us to give us all of the records for company XYZ, it wouldn’t mean anything, because we couldn’t encrypt or de- encrypt it, even if we tried.
Even in the case of dual access (wherein two people have admin capabilities), our secure ops perspective catches some suspicious activity such as if one admin does a mass delete and we confirm the same with the secondary identified person. Druva has a failsafe, which means we need a secondary person in the organization to validate an activity or capability.
Bakshish Dutta: A 3-2-1 model indicates three copies of data on two different media and one copy off site. To deploy this kind of architecture and if it is on- premise, then the customer has to invest a lot of hardware and a lot more to make things work. And, if an MSP is doing it, then too there’s a lot of effort and investment of time and putting things together. Now, we offer our SaaS on AWS and the way we architect our solution is that we ensure that the data that’s backed up to the cloud is stored in multiple regions and we move some unique blocks of data to the cloud making the backup process secure.
It is truly a 3-2-1 backup model and the ease for MSP is that there is no need to re-invent or establish another or to do anything at all, to make it 3-2-1 compliant. Our software also detects anomalous behavior and more importantly we also recently introduced a ransomware recovery module. What this essentially does is that it ensures that ransomware cannot be executed even while storing an infected backup copy on the cloud. So your secondary copies are always safe. In addition, we also have the capability to scan the backup data which allows us to go to the customer and inform them about a possible ransomware manifestation within their environment.
We ensure that in case a customer’s primary data gets infected, the secondary will not because the data with us is air gapped and on another cloud. We can build a golden copy of the snapshot with which the customer can restore faster and thereby get back to business faster.
Question 8: How do you leverage next gen Tech’s like AI to address security issues?
Scott Morris, Vice President of Sales for APJ, Druva: We have a strong AL and ML focus. We use it when detecting anomalous behavior. We are also looking at patent matching technologies to apply to things like governance and compliance. So if you think of GDPR or personal information policies that are implemented by governments around the world, we’re able to look for information in the background. This helps us to be able to drive alerts and it was again using API’s that plug into either your security alert platforms. We’re looking for patterns and analyse these patterns of behaviour.
Bakshish Dutta: One of the key problems that customers face is also that they keep backing a lot of data and they don’t really know the data that they’re backing up or how frequently they are accessing it. There is a need to understand the composition of that data that is stored on the cloud and we can give these insights to the customer so that they are aware if they are not really accessing the data. The customer can also think of either taking the data off or pushing it out to archival so that the cost goes down and we take the same cost benefits.