Ransomware, the cloud, data analytics and the General Data Protection Regulation are bringing changes to the data protection market. Legacy data vendors are transitioning into broader data management platform providers that can provide more than just backup and disaster recovery. They even talk about using machine learning and artificial intelligence so organizations can meet the growing security challenges and threats they face in a globalized world.
We spoke with long-time Commvault CEO Bob Hammer about his views on ransomware, GDPR preparation, data management and changes to some of the largest backup vendors in the market.
How has the change in corporate structures of some of your large competitors -- mainly Dell EMC, Hewlett Packard Enterprise and Veritas Technologies -- impacted the competitive landscape in data protection and management?
Bob Hammer: I think I would flip that around. We have been at this for 20 years. We are highly focused on the fundamentals on not only what to do today, but future investment. We are investing heavily in analytics, machine learning and pattern recognition. Those are massive investments. When everyone got disrupted, we actually doubled down in our investment; not only in technology, but in all the fundamental services that go around this, whether it's professional services or support services or managed services.
Every one of the competitors you mentioned are on legacy architectures and we've been continually evolving a more modern architecture. We have the ability to solve these more complex data management issues a lot better and more cost effectively. The answer is, if we have been running a race, all of a sudden we found ourselves out front.
Data backups are considered the best defense against ransomware threats. Do you anticipate that ransomware hackers will start to hit the core backup applications? If so, how are backup and data protection vendors preparing for this?
Hammer: Well, you have to define what you mean by backup. People talk snapshots as a backup or replicated copy as a backup or point-in-time as a backup. But they are all different. You want to detect early and shut these guys out through that detection. Also, everyone is figuring out backup is not the issue here. It is about how I recover and what kinds of cost do I want to burden my organization.
Bob HammerCEO, Commvault
Ninety-five percent of vendors do not index. If you don't index, you will be vulnerable. If you do snapshots and replication, your vulnerability is significantly higher. There are very few companies in the industry that do fully indexed, object-level, point-in-time, encrypted, secured copies with layers of securitization that are tied to authentication and authorization. If we go back 10 years, the authentication and authorization was pretty simple. In our securitization services, I think there are nine processes today. If I had to predict in five years, it is going to be 30 processes.
What role does blockchain technology play in mitigating ransomware attacks?
Hammer: Blockchain is going to be an important technology for this. Blockchain is going to be everywhere. It's just another element that you have to manage.
There is a lot of discussion about GDPR preparation to meet the European Union's May 2018 deadline for compliance. What types of questions are you getting from Commvault customers about GDPR preparation?
Hammer: The legislation is quite comprehensive and most organizations are woefully unprepared in how to deal with this. The technology, including our own, has to be enhanced significantly to solve the broader issues around GDPR preparation.
[But] it's not just technology. It is about, 'How do I provide the consulting services to lay out a game plan in how to comply?' It's very complicated and not very well understood. But you cannot do it unless you have a thorough understanding of what data [you] have tied to the compliance requirements [you] need for GDPR preparation. Even within our own platform -- that whole data classification capability -- we have to take [it] up a level or two to deal with it.
Commvault is shifting to becoming a data management platform vendor. What type of business analytics capabilities are you adding to your software?
Hammer: If you get into analytics, it's about getting a better understanding of the data that you have and enriching that understanding by using artificial intelligence or machine learning. The first thing is to get the right data to the algorithm or analytics engine. That is not so easy and that requires dynamic indexing and a more capable search engine than we had before. There are a lot of additional capabilities we are building into the platform now. We will get into a lot more detail at our Commvault GO conference in November. We may launch something before then but certainly after that GO conference we will go GA with a number of these things.
If your business collects data online, be prepared for GDPR
Quick tips for solid backup against ransomware
Commvault to 'GO' from data protection to data management