Data protection & management for SaaS | W. Curtis Preston - Chief Technical Evangelist Druva

Who is W. Curtis Preston?

Curtis: They call me Mr. Backup. I’ve been in the backup and recovery industry for about 30 years, and I started out as a backup person, in the trenches, at a large bank in the US and then eventually worked in consulting for a while. Then, about five years ago, I joined Druva, which is a SaaS-based data protection company.

What is Druva doing?

Curtis: Well, if you’ve got a data center, laptops, mobile devices, SaaS solutions, or stuff running in the cloud, you’ve got to protect that, right? You’ve got to back that up. You have to be able to recover it. You’ve also got to, especially if you’re talking about cloud. You have to do DR too. But it’s just I think it’s a little bit easier to do DR in the cloud. It’s a bit harder to do DR for a data center. So if you are going to come up with a new solution, you basically have two choices. You can buy hardware and software and run it on-premises or use a SaaS service.

Now, you know, SaaS has taken over the rest of the world, hardly anybody here uses on-prem exchange, right? They use Microsoft 360. People use Salesforce, etc., and we’re just bringing the world of SaaS to data protection. So if somebody wants to protect any of those environments I just mentioned, they must sign up for the service. They don’t have to install any software or hardware. They don’t have to manage any of that, either.

It is self-maintaining in the background. In fact, because our cloud-native services automatically spawn and die, I guess it would be the opposite of spawning to meet the customers’ needs at that moment. And then we just charge you based on the number of things you do. So if it’s a cloud resource, we typically charge you per seed or VM. If it’s a data center, we’re charging you for the number of gigabits stored on your behalf after de-duplication.

How did you start your career?

Curtis: IT was kind of picked for me. I got out of the Navy in 1993 and wanted to enter computers. That’s literally all I knew. I used a connection. My wife was actually an administrative assistant at this large bank, and I used that connection. She was a referral, or I guess I was a referral, and she got me the job as the backup guy at this large credit card company. And I got that job because that was the most available job.

I’ve got a nine-year-old granddaughter, and last night I heard she wants to be a fashion designer. No nine-year-old wants to be a backup person. So that was never my dream. I don’t think that’s anybody’s dream, but it was the job I could get.

I had been there about three years, and I went into consulting at a company that’s no longer here, but I got put into the headquarters of a large oil and gas company and was supposed to be a CIS admin. I wasn’t supposed to be the backup person, but when I got there, I found their backups were broken, and I couldn’t help myself. And so, I ended up spending a lot of my CIS admin time on their backups, and then I actually decided to write a script to back up Oracle.

I decided to publish that script in a magazine. Nowadays, people are like, what’s a magazine? But back then, you know, there was a magazine called Unix Review, which, you know, you could go to your local bookstore, and you could buy that magazine, it would be on the shelves, and they published things like this. So I published that script on how to back up Oracle, and I got emails from around the world, like 75 emails. I just remembered that it was 75 emails, and I’d never seen so many emails in my life. And it was, it was very effusive of saying, you know, you opened my eyes, you turned on a light, etc.

And so it sort of gave me a realization that I had developed a specialty in an area that most people just get out of as soon as possible. And literally, within a few months, I started thinking I would actually write a book about it. It took me three years to write that first book, it was 700 pages long. And then, once I published that, that was it, right? And so now I’m into backup. So I’m a specialist in backup. So I’ve written a book about backup. And that, that pretty much set, set my career at that point, on that trajectory for the rest of my life, I think. So I have become an expert in that field.

Do you like what you are doing?

Curtis: What I do like is the aspect of helping people to save themselves. I’ve always been kind of a teacher-type person. I need to explain things to people, which is an area where there is a lot of misinformation. There is a lot of incorrect information. And as a result, the core thing at the end is whether or not people get their data back when something bad happens, and as a result of all that misinformation, that often doesn’t happen.

So it kills me when I hear about people losing data. It kills me when I hear about people paying ransomware, right? But the opposite happens when I get to help somebody. I get to help them proactively save their data so that they can recover it when and when the worst happens.

Do you still do consulting?

Curtis: I am not in consulting anymore, at least not now. Right now, my main way to help people is to explain how they could benefit from using SaaS for data protection. And, you know, my title’s Chief Technical Evangelist, which means I explain things a lot. So it’s still helping people, but just helping them in a different way and the.

To give you one example, one of the things that I end up explaining a lot is, yes, you need to back up your SaaS solution. So people have Microsoft 365 or Salesforce or G Suite, and they’re like  “Oh well I’m in the cloud, right? I’m using SaaS, I don’t have to worry about backup anymore”. And I explained to them a hundred different ways why that is not the case. It’s still your data, and they’re not backing it up for you, so you need to ensure you’re backing it up.

But the big thing, I think the big thing, the overriding thing that I try to point out is backup and recovery is not in your contract, right? So they make all these different statements, “oh, well, they have these features and these features.” So I’m like, “Yes, but where in the contract does it say they’re backing up your data?”

I mean, maybe it’s in there. Maybe you’re a Salesforce customer and opted for their additional feature. They now have a backup service you can pay for. So you have the option of buying native Salesforce backup or backup with Druva. We’re not the only ones that do it, but you have the choice of doing third-party or the Salesforce service. Well, then backup and recovery would be in your contract, right? But outside of that, it’s just simply not there.

When should companies start thinking about backups?

Curtis: From the very beginning. The good news is it’s really cheap then, right? When you’re four people, you fall into the prosumer category. When you’re just a couple of computers, maybe three or four laptops, Druva would not be where you would go because we tend to go with companies with at least 25 employees like that. That’s about as low as we go. Not from a technology perspective but from a paperwork perspective. If you sell to the prosumer world, you must be completely automated, with automated billing and all that stuff. We don’t yet have that.

Let’s say you’re a small startup and you’ve been working for a year or two, and all of your work is stored in, let’s say, Google Drive, right? It’s very common nowadays to use something like Google Drive and to store all of your intellectual property on Google Drive. For example, a company in the San Francisco area did this – they stored everything in Google Drive, and then their CIS admin accidentally deleted their account. As a result, the entire company ceases to exist. So yes, when you very first begin, You should be backing up.

Why should people choose Druva?

Curtis: I think there are two different things. The big thing is risk mitigation. So the risk you have today is obviously the risk of a physical disaster. We are recording this while they’re still recovering from Hurricane Ian in Florida. I actually grew up in Florida. I have family in Florida that went through the hurricane. They were affected, but they’re fine. So you can have that kind of event or a much better chance of suffering a ransomware attack these days.

Those are your risks and especially with the ransomware attacks. So we had a survey via IDC recently showing that 47% of the companies had been attacked successfully by a ransomware attack. So your odds of that happening to you are quite high. So if your primary risk is a cyber-attack, you really need to account for the cyber security of your backup system. So if you go with an on-prem backup system, the cyber security of that system is your responsibility.

You are responsible for updating the services. You are responsible for updating the OS. You’re responsible for setting the firewall rules. You’re responsible for monitoring the ingress and egress to that server. You’re all responsible. And so all of the risks are on you. If you go with a SaaS service like Druva, then the risk is now on us. We’re responsible for updating the software. We’re responsible for securing the infrastructure. And also, there’s inherent security that comes with it.

In data protection, we talk about having at least one copy of air-gapped from the thing that it’s protecting, right? Meaning there’s a gap of air between the two. When you use an on-prem system, your data isn’t air-gapped, it’s sitting there in the data center waiting to be attacked. When you use a SaaS-based data protection system like Druva, all of your data is stored in the cloud in a different authentication system. So it’s a completely different environment.

So, one of the concerns that people have is that they use LDAP and then use the same LDAP credentials for their backup server. So, LDAP gets hacked, and now their backup server is compromised. So you could have a complete LDAP failure in every account in your LDAP environment.

Were there any attacks on Druva?

Curtis: We are constantly attacked. We are constantly probed there. There hasn’t ever been a successful attack against Druva. But being that we’re a cloud vendor, we are constantly attacked. We are also constantly attacking ourselves, right? We use penetration tests constantly and provide those results to our customers. We support the idea of immutability and worm in the backup.

So you can configure your backups. Again, this is an optional feature, but you can configure backups in such a way that, let’s say, you’ve got 90-day retention, right? You could specify that once I back up something in this 90-day retention policy, no one can delete it, including you, right? So what that protects you from is that even if a hacker were to gain access to the credentials you use to log into Druva, they wouldn’t be able to delete your backups, right?

Why should people follow you?

Curtis: I use Twitter a lot, and I use LinkedIn a lot. I don’t do too much on Facebook. Facebook is like for friends and stuff for me, and I’m definitely not a talker. Nobody wants to see me dance on TikTok, primarily on Twitter and LinkedIn.

I tend to support other people. I tend to post links to other people’s content that I find interesting on LinkedIn. So I actually changed how I work on LinkedIn. I do much fewer posts, and it’s a way that I’ve learned to actually get better engagement is to do a lot fewer posts on LinkedIn.

I have two different podcasts that I do. So I Backup Central’s Restore it All and have Druva’s No Hardware Required. So those are my two podcasts. For the first one, I do that every week. And so we’re three years old now. We’re coming up on 200 episodes. It would be a few months, but we’re coming up on 200 episodes.

Any advice for people starting in your industry?

Curtis: I would say – be careful from whom you get advice. Make sure you’re aware of any extra motivations a person might have, right? For example, are they being compensated by a group to say a particular thing? And if they are, it doesn’t mean that they’re a liar. It just means you have to take that into account.

I, for example, am being paid by Druva, but on my independent podcast, we talk about data protection and resiliency in data security. We don’t, we don’t talk about, I mean, we do talk about Druva, but it’s not what we talk about all the time on the podcast, right? So you have to take what I say and take it into, and take into account when I say something. I often say that when I say something, I’ll say – I know you’re going to think I’m saying this just because I work for Druva, but I’ve had this opinion for ten years. So many people hide those allegiances, especially on social media.

And a prime example. This is outside of the world to back up, you saw Kim Kardashian got fined by the SEC for promoting crypto on her social media channel without divulging the fact that she had been, well, she didn’t just promote crypto, she promoted particular crypto without divulging the fact that she had been paid to promote that particular crypto. And she got fined a million dollars.

The other piece of advice is just to read and listen a lot. And so the second one sort of help diffuse the first one. So if you don’t pick just one person, only read and follow what they do. Look around, and get diversified opinions about things. The last one I would say is to pick one thing that excites you, is interesting to you, brings you joy, whatever that is, and go with that thing. A great phrase says to pick something you enjoy, and you’ll never work a day in your life. I clearly enjoy talking, I clearly enjoy technology. I enjoy backup and recovery. I enjoy helping people. Well, this is my job right here.

How hard is this? This is great. It’s not like, you know, this morning I woke up and I was like, oh my God, I have to go talk to Cristian on the right. No, I was like, oh, hey, I get to talk to somebody else, you know? So find something that excites you. A related piece of advice would be to find an area in increasing demand. Right now, I think that’s cyber security. If you’d asked me 20 years ago, I would’ve said storage because there will always be more bits. Storage is one of the areas of it where it just gets bigger and bigger. We’ve never made data smaller. Well, de-duplication helps.

But today, if you were just to say – hey, Curtis, what should I specialize in? My first answer would be – well, what excites you? I mean, God forbid you to go into cyber security, and you end up in crypto, and you know, and you’re like – oh God, this is so boring. Well, don’t do that. Pick something that has a future.

What’s your favorite software?

Curtis: I have a really good answer to that question. So my current favorite new piece of software that’s new to me, but I’ve had it for about six months, is called Descript. Isn’t Descript amazing They’re coming out with a new version, and the new version isn’t ironed out, and I’m not so happy about the status of the new version, but it is amazing software. It changes so much about how you edit podcasts, especially video ones, right?

Descript is amazing because it’s pretty accurate, given that it deals with multiple voices and all kinds of things. But it’s much more accurate because you train it to your voice. You train it how you say things. So, it would learn your accent so you can correct it verbally, right?

Connect with Curtis

Druva: druva.com

LinkedIn: linkedin.com/in/mrbackup