DevOps Chat: Data Protection in the Cloud, With Druva

As any CIO knows, a data management architecture is essential to caring for one of the organization’s most valuable assets: data. Data management sounds simple but it’s not. Backup and recovery, disaster recovery, data retention, governance, e-discovery … all are parts of any effective data protection strategy.

As businesses move and grow their presence in the cloud, the same capabilities apply in this very dynamic and elastic environment.

Recently, Druva received another investment round of $130 million led by Viking Global. Mike Palmer, Druva Chief Product Officer, joins us on this DevOps Chat and talks about Druva’s planned use of those funds as well as Druva’s approach to providing a SaaS-based data protection platform.

As usual, the streaming audio is immediately below, followed by the transcript of our conversation.


Mitch Ashley: Hi, everyone, this is Mitch Ashley with and you’re listening to another DevOps Chat podcast. Today, I’m joined by Mike Palmer, chief product officer at Druva. Our topic today is how data protection is in your future, as you move to the cloud. Mike, welcome to DevOps Chat.

Mike Palmer: Thank you, Mitch. I have been looking forward to this conversation with you.

Ashley: Me too. Glad we’re together online and talking about data protection. Would you first start, though? Just let’s introduce yourself, tell us a little bit about what you do, as chief product officer, and tell us a little bit about Druva.

Palmer: Well, as you say, running product is my primary job, as chief product officer, as you would imagine. I run engineering and pricing and strategy for the company and Druva’s an amazing organization, one that I came to around about a year ago, coming from various positions in the industry, watching the evolution of both storage as well as data-protection software and how it’s been evolving in a world of public cloud adoption. Druva is the first and only SaaS player in the data-protection space, which made it super intriguing for me because, as we look at enterprises and how they adopt SaaS, whether that’s been from CRM to ERP to collaboration platforms, what stood out as the next big wave of SaaS adoption was, in fact, data protection. So we’re focused in that space and growing rapidly.

Ashley: You guys are doing real well. Matter of fact, a little bit of old news here, about 30 days, but you had $130-million investment. I think Viking Global led that for you. Congratulations, by the way – that’s awesome.

Palmer: Thank you very much. I don’t think $130 million ever feels old.

Ashley: [Laughs]

Palmer: But it was a great validation of the strategy and Viking is a tremendous investor. Most folks in the industry know kinda their origins, dating back a couple of decades, and we’re glad to have them aboard. They were a great partner in talking through the evolution, both of our business as well as the industry over the next what we consider to be kind of five to ten years. And they saw what we saw, which was kind of a relentless pace of adoption in cloud and cloud storage, the desire for enterprises to find ways to simplify their current environments and move technical skills from some of the legacy areas, like data protection, into some of the more advanced ones or next-generation ones, like machine-learning and analytics. And we stood at the intersection of these trends and they got on board with us and have been a great partner.

Ashley: _____ see a good future for you. Let’s talk about – so this $130 million and the other investments that you’ve had. They didn’t give that to you to put it in the bank; they want you to put it to work. So what does the future of Druva look like, as you start to invest those kinds of funds?

Palmer: Yeah, it’s a great discussion because we are competing, frankly, on a few different axes, looking forward. Number one and the basic one is “How do we drive the best possible PCO for enterprises who have increasing amounts of data to manage, increasing amounts of risk and liability related to the regulatory environment surrounding that data?” “How do we expand the applications and the workload coverage for them, as they support current apps but also the ones that they’re adopting in the native cloud?”

And then, as we look a little bit forward, as I was told by an investor, “This is either a good investment or a great investment,” and it’s gonna hinge around how we can expand the “data protection” definition into one in which customers get more value from that copied and stored data. If we can find ways to help them use that data and extend it into the ecosystem, get better visibility into it, we’ll have effectively not only changed the architecture, but we will have changed the entire value proposition. And that’s what we’re shooting for.

Ashley: Now you’re operating in AWS, an elastic environment. You know, storage is right there. You want some more, you just grab it, use it. I would imagine that’s very easy to get out-of-control proliferation. You need some data-management capabilities around what you have, as well as the whole process of backing up data, restoring, recovering, you know, making sure you’re not losing information, all of that. What are some of the key things that are different about operating in a cloud environment, versus maybe a traditional, on-premises data center?

Palmer: Great question and let me start by giving us some background statistics to frame up how big this challenge is and the opportunity is. You know, the thing that we keep most in mind is, if you look at Amazon’s five-year kegger of cloud storage pricing, it’s negative-60 percent. And, in a world like that –

Ashley: Going down.

Palmer: It’s going down and it’s – you know, if you talk to Amazon, they will say that that is the path that they will continue on over the next five years.

Ashley: Yep.

Palmer: And I often challenge customers with “Tell me, when you buy an appliance today, how much cheaper is it gonna be next year or the year after or the year after?” It’s like, “Oh, it’s gonna be the same.” So they’ll lose out on the innovation in the industry, even just around the ability to create better price and performance. ESC did a very nice survey and asked CIOs, in their premises data centers, what were the top-five opportunities for cost efficiency? And number one on that list was storage management.

Ashley: Mm-hmm.

Palmer: Enterprises are dealing with this long history and you had talked earlier about your history as a CIO. All CIOs deal with generations of proliferation of storage vendors, as well as the hardware itself, the incompatibility, and just even the ability to track it. Top challenges. And the third stat, which is the one that I find most interesting because it indicates the tipping point is in 2021, so, just about a year-and-a-half from now, we’ll see the crossover point where there are more dollars spent in cloud storage than premises storage. So this will be the point at which companies can effectively be viewed as cloud-first, from a storage point of view, to the point where they’ll have to defend _____ – [break in audio] – and, in that world, your first question about “What do we have to help them with?” We have to help them realize the promise of those savings

You made a good point – it can easily get out of control, especially where you have very distributed teams who are building applications and taking advantage of that infrastructure in a more decentralized way. We have to help them manage the tiering; we have to help them manage the data classification; we have to help them manage not just the cost side but give them advice on performance. Much of this can be automated through machine-learning, so we’re gonna give them a new model for what old terminology, like ILM, or information lifecycle management, or HSM, or hierarchical storage management – we’re gonna turn that, really, into a background automation process and let them focus on what matters, which is “Do I have the right policy? Can I leverage this data for other uses? And can I do that without special skills?”

Ashley: Yeah, you bring up some really good points and that is it’s one thing for a startup or someone who’s building a cloud-data application as a younger company and maybe a one-off kind of application. Enterprises look for environments that are gonna de-risk or things that are gonna move – de-risk their move to the cloud. And I would imagine having a structure that it’s at least familiar so you have not only data protection, data management, but you’ve got governance, things like that. You’re able to do some forensics, predictive analysis, things like that – the kind of functionality that they’re used to having on prem, but maybe in a cloud environment or possibly even a hybrid model.

Palmer: I think, yeah, you nailed it. And one of the words that I use frequently is “conversions.” You know, one of the benefits of cloud is that, because you’re provided with all of the substrate – you’re provided with compute; you’re provided with storage and networking and policy and all kinds of things surrounding you – that the job of a company like Druva and even the job of enterprise developers is just to focus on the application logic. And what that means in our space is, as you mentioned, you have a lot of surround in your data center. Customer that, in my former world, they would buy a product for backup, they would buy a product for disaster recovery; they’d have an e-discovery product; they’d have an archive product –

Ashley: Been there, done that.

Palmer: – they’d buy a data-classification product. Right?

Ashley: Been there on all those stats. [Chuckles]

Palmer: Painful, right? And all you see is your cost going up and complexity going up and different skill sets and you’re training and conferences to go to and, you know, it’s slowing you down. Right? And, when you look at Druva, in a single platform, we simply consider those ancillary value propositions, like e-discovery or data classification, as on-demand, callable apps. So, when you back up with us, you simply tack on the DR service; you simply tack on the data classification. You have a workflow for legal hold. And, by the way, you pay for this on demand. You don’t have to prepay capacity licenses; you don’t have to prepay storage.

Ashley: Mm-hmm.

Palmer: o you have a world in which not only do we replace your current apps, but we have a world in which, as customers come to us and we release new capabilities every other week, that they can put something on a roadmap and see a functional working application in weeks and months over their existing data set, paid for only when they use it. And this is revolutionary for most CIOs.

Ashley: Usually, you have to buy the amount of storage is sort of your top capacity and use it as you go and then potentially upgrade, where, of course, in the cloud, it’s elastic; it’s fungible. We can change, add more as we need it.

Palmer: And, of course, you have to do the same with your software licenses. You have to then integrate those products. You have to find space in your colocation facility. You know, when you really analyze how much cost and effort it is to adopt a new piece of software or piece of hardware, it’s far beyond the obvious. And not to mention, by the way – and this is a stat that I quote to a lot of people – it has been, in my experience, that, when a software vendor releases a new version of a product, it can be 12 to 18 months before even half the install base adopt that version.

Ashley: Mm-hmm.

Palmer: So if agility and speed matter to you, as a business, in adopting capabilities, you have to take risk and wait a long time before you get a capability, whereas, in SAS, you get it on demand, with no effort. Again, completely changes the model.

Ashley: I mentioned hybrid earlier. Something we haven’t talked about yet. Most enterprises can’t lift and shift everything into the cloud. Matter of fact, they may not want to; they may want to keep some hybrid, either multi-cloud or on-premise. Is that an area that you can readily address with them?

Palmer: Yes and thanks for asking that because I – one of the difficulties in being unique in your space is just explaining your model in the first place. And, from a SaaS point of view, while our application architecture is cloud-native, we service customers in their premises data centers and into the public cloud, including their SaaS providers as well. So what that means is, as you said, if you have a customer that has – and most are within this category – have a data center where they have workloads, where their recovery times are perfectly fine to take advantage of all of those benefits I mentioned earlier in the cloud, we helped move them to the cloud and manage and restore and so forth for them to their local premises facility. However, if there is an application that has an RPO or a recovery point or a recovery time objective that requires it to be within the data center, we also can provide them with a virtual appliance that solves that problem as well.

And then, as they build native cloud applications and, for example, Amazon AWS or they adopt Office 365 or Salesforce, we also help data protection and classification, both natively in Amazon as well as with SaaS providers as well. So we really are with them in their current architecture; we’re also with them in their future architecture.

Ashley: Yeah, that’s key to transition, I think. Again, I mentioned earlier about de-risking and part of that is familiarity, as well as giving me a path to get where I wanna go. And I may not fully go to the cloud, right? May always have to have something, as you mentioned, because of RTO or RPO requirements, to be on-prem.

Palmer: That’s right.

Ashley: Tell us a little bit about some of the capabilities that are just kind of native with the product, that – you know, what does it take to get started using Druva? Can I just plunk down the credit card and, like Amazon, I’ve got all of it available to me? Or is there a set of planning processes that are helpful to go through to properly architect a data-protection architecture like this?

Palmer: Oh, and we love this question because, again, coming from the industry where the idea of even doing a POC is a very complicated process of governance rules and software installation and finding hardware and disk capacity, with Druva, you literally sign up in the online platform. We give you access to the agent type that you’re looking for, so let’s use VMware as an example. You can download a proxy, provide it your credentials, put a policy in. Do all of this within about 10 to 15 minutes and you can initiate your first backup. And you can do this – and we have tested this over and over – without having specialist backup administrator skills, which means you can also start delegating privileges to application teams and such, where you as an administrator have the ability to enforce and create overall policy.

So now you have a world where your most mundane, everyday tasks are made so simple that you can delegate them to your customers, your customers from an IT-provider point of view, which increases their satisfaction because they can do these things on demand, and they free up your time to do more important things.

Ashley: That’s awesome. I was breaking out in a cold sweat I was asking that question. Having done this at multiple companies, it is not a fun process to, I guess, stitch it all together with different products and really have to architect it properly ’cause you have to worry about things like how you gonna monitor compliance. You mentioned e-discovery; now we have things like GDPR compliance, as well as their own internal processes about data retention and making sure we’re protecting ourself against ransomware, things like that.

Palmer: And we deal with some of the largest companies in the world and, in one particular use case we service super well on the end point side, where customers are dealing with either legal situations or they’re concerned about end-user behaviors and what they’re doing with data, so we not only provide them the ability to protect devices, but we also provide them with ideas about what’s going on with the data and then certainly with workflows, as you mentioned, to go and pull that data aside or do a hold where they need to. Again, this is all just workflow and an interface; it’s not trying to get one product to work with another product or making sure that versions are upgraded or compatible or patched sufficiently. We take care of all of that.

Ashley: Mm-hmm. As I’m kind of peeling the onion here, remembering things you have to address with a data-management approach, you have to deal things – you mentioned tiered storage earlier. Is de-duping apply in a cloud environment? Does cacheing apply in a cloud environment? Or are those things that you also address?

Palmer: All of the above. And you asked a very good question earlier – if I’m a customer adopting the cloud, what are some of my risk areas or things that aren’t provided to me? And one of those examples is deduplication, so, if I’m going to adopt S3 or I’m going to move data into Glacier, how am I gonna do that efficiently in a world where I’m coming from, potentially, a deduplication position on premises? I’m gonna lose that in the cloud. With Druva, we deduplicate that data for you, so we are minimizing your cloud storage footprint. And, once we’ve done that, we’re also taking care of the tiering into whether it’s S3 IA or Glacier or Glacier Deep Archive. We’re not only replacing your HSM strategy; we’re doing that, as I said earlier, in an automated way.

Ashley: Mm-hmm. What’s nice too is, again – [chuckles] I’m kinda having the negative flashbacks here. The old process of “What’s your tier one? How much in-memory storage are you gonna have at you first tier of storage? How much you’re gonna have at this speed? How much you gonna have in your third-tier speed?” With the different services that Amazon provides, that’s what you’re bringing together in one collection, in a full data-management architecture, so you can, of course, dynamically allocate any of those as you need them. But that’s what you’re tying into, is those services, as well as what you provide.

Palmer: Capacity planning is a non-issue in a cloud and SaaS world. Of course, we will work with you where – as you mentioned earlier, where you have RPOs and RTOs on site, where you know that the use case doesn’t apply to a remote data center, we’ll work with you with a virtual appliance. We also have customers that will always want a land-speed restore, but they’re increasingly colocating in places like Equinix, for example, where they can cross-connect into the cloud provider. So, even where you have requirements that look like data-center requirements, it’s almost as if your data center is moving to the cloud, in certain colocation facilities, where you can take advantage of SAS, even without the virtual appliance.

Ashley: Where do you feel like is the biggest pain point that you address for customers? Obviously, they have needs, functionality capabilities, all of that kind of thing, but, when someone comes knocking on your website and says, “I think I need this,” what is most commonly the biggest problem that they’re trying to address?

Palmer: There’re two problems, but the compelling events are different. So the two problems we’re solving for them are cost. They look into the future and they realize their costs are going up, not down, and cloud can help solve that problem. And the second one is complexity – they don’t want to have to hire more storage administrators or backup administrators, track different vendors. They don’t wanna have to do hardware refreshes. They don’t want to have siloed systems. These are problems that are all solved with SAS providers, like Druva and the public cloud, so those are the core problems.

The compelling events, on the other hand, can be very different. We have Fortune 100 companies that have data centers all over the world and their cloud journey can include moving the satellite facilities to the cloud today and increasingly looking at cloud in the core data centers tomorrow. So they have a more data-center migration, consolidation use case. We have others that have remote offices or field facilities, where supporting an appliance is expensive, if not impossible, because they don’t have the staff _____ refreshes and getting equipment out of the facilities is a second one.

Ashley: Mm-hmm.

Palmer: We have customers that come to us because of ransomware, where we offer an air gap solution, where the only alternative on-premise is with tape. So we give them the same security via encryption and have an air gap solution to their primary network that no one else can. So they’re adopting the cloud with the safety of tape.

And then, of course, your basic use cases of backup and disaster recovery, where customers want not just to be able to restore data but move an application, have the full orchestration capability and instantiate that without the additional costs of owning their own architecture or frankly even managing their own cloud integrations. So we integrate a DR capability in our platform, so customers come. They get native backup, they get native disaster recovery all in one interface, without other products or other training.

So we have compelling events and the saving our customers 50 percent based on their existing legacy architecture – and we have proven that a few different times via external experts, as well as customers themselves – and complexity and really taking all of the legacy, mundane tasks and skills and making them obsolete.

Ashley: Well, Mike, I’d like to thank you for joining us. We’ve run out of time there. I think we could talk another hour about data and data management.

Palmer: For sure.

Ashley: Share some war stories along the way too. So I’d like to thank you, Mike – Mike Palmer, chief product officer at Druva – for joining us.

Palmer: Mitch, thank you very much. It was a great time talking to you. Maybe we’ll do it again.

Ashley: That would be great. We’d love to hear an update, as things kinda move forward and you spend some of that money. And I’d, of course, like to thank you, our listeners, for joining us today. This is Mitch Ashley, with and you’ve listened to another DevOps Chat podcast. Be careful out there.

Mitchell Ashley

Avatar photo

Charlene O’Hanlon

Charlene O’Hanlon is Chief Operating Officer at Techstrong Group and Editor at Large at Techstrong Media. She is an award-winning journalist serving the technology sector for 20 years as content director, executive editor and managing editor for numerous technology-focused sites including, CRN, The VAR Guy, ACM Queue and Channel Partners. She is also a frequent speaker at industry events and conferences.

charlene has 55 posts and counting.See all posts by charlene