Data protection & management for SaaS
Who is W. Curtis Preston?
Curtis: They call me Mr. Backup. I’ve been in the backup and recovery industry for about 30 years, and I started as a backup person, in the trenches, at a large bank in the US and then eventually worked in consulting for a while. Then, about five years ago, I joined Druva, which is a SaaS-based data protection company.
What is Druva doing?
Curtis: Well, if you’ve got a data center, laptops, mobile devices, SaaS solutions, or stuff running in the cloud, you’ve got to protect that, right? You’ve got to back that up. You have to be able to recover it. You’ve also got to, especially when discussing the cloud. You have to do DR too. But I think it’s a little bit easier to do DR in the cloud and a bit harder for a data center. So if you are coming up with a new solution, you have two choices. You can buy hardware and software and run it on-premises or use a SaaS service.
Now, you know, SaaS has taken over the rest of the world. Hardly anybody here uses on-prem exchange, right? They use Microsoft 360. People use Salesforce, etc., and we’re just bringing the world of SaaS to data protection. So if somebody wants to protect any of those environments I mentioned, they must sign up for the service. They don’t have to install any software or hardware, and they don’t have to manage any of that, either.
It is self-maintaining in the background. Because our cloud-native services automatically spawn and die, I guess it would be the opposite of spawning to meet the customers’ needs at that moment. And then we charge you based on the number of things you do. So if it’s a cloud resource, we typically charge you per seed or VM. If it’s a data center, we charge you for the number of gigabits stored on your behalf after de-duplication.
How did you start your career?
Curtis: IT was kind of picked for me. I got out of the Navy in 1993 and wanted to enter computers. That’s all I knew, and I used a connection. My wife was an administrative assistant at this large bank, and I used that connection. She was a referral, or I guess I was a referral, and she got me the job as the backup guy at this large credit card company. And I got that job because that was the most available job.
I’ve got a nine-year-old granddaughter, and last night I heard she wants to be a fashion designer. No nine-year-old wants to be a backup person. So that was never my dream, and I don’t think that’s anybody’s dream, but it was the job I could get.
I had been there about three years, and I went into consulting at a company that’s no longer here, but I got put into the headquarters of a large oil and gas company and was supposed to be a CIS admin. I wasn’t supposed to be the backup person, but when I got there, I found their backups were broken, and I couldn’t help myself. And so, I spent a lot of my CIS admin time on their backups, and then I decided to write a script to back up Oracle.
I decided to publish that script in a magazine. Nowadays, people are like, what’s a magazine? But back then, you know, there was a magazine called Unix Review, which, you know, you could go to your local bookstore, and you could buy that magazine, it would be on the shelves, and they published things like this. So I published that script on how to back up Oracle, and I got emails from around the world, like 75 emails. I just remembered 75 emails, and I’d never seen so many emails. And it was very effusive of saying, you know, you opened my eyes, turned on a light, etc.
So it made me realize that I had developed a specialty in an area that most people just get out of as soon as possible. And within a few months, I started thinking I would write a book about it. It took me three years to write that first book. It was 700 pages long. And then, once I published that, that was it, right? And so now I’m into backup. So I’m a specialist in the backup. So I’ve written a book about backup. And that pretty much set my career at that point on that trajectory for the rest of my life. So I have become an expert in that field.
Do you like what you are doing?
Curtis: What I do like is the aspect of helping people to save themselves. I’ve always been a teacher-type person. I need to explain things to people, which is an area where there is a lot of misinformation. There is a lot of incorrect information. And as a result, the core thing at the end is whether or not people get their data back when something bad happens, and as a result of all that misinformation, that often doesn’t happen.
So it kills me when I hear about people losing data. It kills me when I hear about people paying ransomware, right? But the opposite happens when I get to help somebody. I get to help them proactively save their data so that they can recover it when and when the worst happens.
Do you still do consulting?
Curtis: I am not in consulting anymore, at least not now. Right now, my main way to help people is to explain how they could benefit from using SaaS for data protection. And, you know, my title’s Chief Technical Evangelist, which means I explain things a lot. So it’s still helping people, but just helping them in a different way and the.
To give you one example, one of the things that I end up explaining a lot is, yes, you need to back up your SaaS solution. So people have Microsoft 365 or Salesforce or G Suite, and they’re like, “Oh well, I’m in the cloud, right? I’m using SaaS. I don’t have to worry about backup anymore”. And I explained to them a hundred different ways why that is not the case. It’s still your data, and they’re not backing it up for you, so you must ensure you’re backing it up.
But the big thing, I think the big thing, the overriding thing that I try to point out is backup and recovery is not in your contract, right? So they make all these different statements, “Oh, well, they have these features and these features.” So I’m like, “Yes, but where in the contract does it say they’re backing up your data?”
I mean, maybe it’s in there. Maybe you’re a Salesforce customer and opted for their additional feature. They now have a backup service you can pay for. So you can buy native Salesforce backup or backup with Druva. We’re not the only ones that do it, but you have the choice of doing third-party or the Salesforce service. Well, then backup and recovery would be in your contract, right? But outside of that, it’s just simply not there.
When should companies start thinking about backups?
Curtis: From the very beginning. The good news is it’s cheap then, right? When you’re four people, you fall into the prosumer category. When you’re just a couple of computers, maybe three or four laptops, Druva would not be where you would go because we tend to go with companies with at least 25 employees like that. That’s about as low as we go, not from a technology perspective but from a paperwork perspective. If you sell to the prosumer world, you must be completely automated, with automated billing and everything else. We don’t yet have that.
Let’s say you’re a small startup, and you’ve been working for a year or two, and all of your work is stored in, say, Google Drive, right? It’s very common nowadays to use something like Google Drive and to store all of your intellectual property on Google Drive. For example, a company in the San Francisco area did this – they stored everything in Google Drive, and then their CIS admin accidentally deleted their account. As a result, the entire company ceases to exist. So yes, when you first begin, You should be backing up.
Why should people choose Druva?
Curtis: I think there are two different things. The big thing is risk mitigation. So the risk you have today is the risk of a physical disaster. We are recording this while they’re still recovering from Hurricane Ian in Florida. I grew up in Florida, and my family in Florida went through the hurricane. They were affected, but they’re fine. So you can have that kind of event or a much better chance of suffering a ransomware attack.
Those are your risks and especially with the ransomware attacks. So we had a survey via IDC recently showing that a ransomware attack had successfully attacked 47% of the companies. Your odds of that happening to you are quite high. So if your primary risk is a cyber-attack, you need to account for the cyber security of your backup system. If you go with an on-prem backup system, the cyber security of that system is your responsibility.
You are responsible for updating the services. You are responsible for updating the OS. You’re responsible for setting the firewall rules & monitoring the ingress and egress to that server. You’re all responsible. And so all of the risks are on you. If you go with a SaaS service like Druva, the risk is now on us. We’re responsible for updating the software. We’re responsible for securing the infrastructure. And also, there’s inherent security that comes with it.
In data protection, we talk about having at least one copy of air-gapped from the thing it protects, right? Meaning there’s a gap of air between the two. When you use an on-prem system, your data isn’t air-gapped. It’s sitting there in the data center, waiting to be attacked. When you use a SaaS-based data protection system like Druva, your data is stored in the cloud in a different authentication system. So it’s a completely different environment.
So, one of the concerns that people have is that they use LDAP and then use the same LDAP credentials for their backup server. LDAP gets hacked, and now their backup server is compromised. You could have a complete LDAP failure in every account in your LDAP environment.
Were there any attacks on Druva?
Curtis: We are constantly attacked. We are constantly probed there. There hasn’t ever been a successful attack against Druva. But being that we’re a cloud vendor, we are constantly attacked. Also, we are constantly attacking ourselves, right? We use penetration tests constantly and provide those results to our customers. We support the idea of immutability and worm in the backup.
So you can configure your backups. Again, this is an optional feature, but you can configure backups in such a way that, let’s say, you’ve got 90-day retention, right? You could specify that once I back up something in this 90-day retention policy, no one can delete it, including you, right? So what that protects you from is that even if a hacker were to gain access to the credentials you use to log into Druva, they wouldn’t be able to delete your backups, right?
Why should people follow you?
Curtis: I use Twitter a lot, and I use LinkedIn a lot. I don’t do too much on Facebook. Facebook is for friends and stuff, and I’m not a talker. Nobody wants to see me dance on TikTok, primarily on Twitter and LinkedIn.
I tend to support other people. I tend to post links to other people’s content that I find interesting on LinkedIn. So I changed how I work on LinkedIn. I do much fewer posts, and it’s a way that I’ve learned actually to get better engagement is to do a lot fewer posts on LinkedIn.
I have two different podcasts that I do. So I Backup Central’s Restore it All and have Druva’s No Hardware Required. So those are my two podcasts. For the first one, I do that every week. And so we’re three years old now. We’re coming up on 200 episodes. It would be a few months, but we’re approaching 200 episodes.
Any advice for people starting in your industry?
Curtis: I would say – be careful from whom you get advice. Make sure you know any extra motivations a person might have, right? For example, are they being compensated by a group to say a particular thing? And if they are, it doesn’t mean they’re liars. It just means you have to take that into account.
I, for example, am being paid by Druva, but on my independent podcast, we talk about data protection and resiliency in data security. We don’t, we don’t talk about, I mean, we do talk about Druva, but it’s not what we talk about all the time on the podcast, right? So you have to take what I say and take it into, and take into account when I say something. When I say something, I often say – I know you’ll think I’m saying this just because I work for Druva, but I’ve had this opinion for ten years. So many people hide those allegiances, especially on social media.
And a prime example. This is outside of the world. To back up, you saw Kim Kardashian got fined by the SEC for promoting crypto on her social media channel without divulging the fact that she had been, well, she didn’t just promote crypto, she promoted particular crypto without divulging the fact that she had been paid to promote that particular crypto. And she got fined a million dollars.
The other piece of advice is just to read and listen a lot. And so the second one sort of helps diffuse the first one. So if you don’t pick just one person, only read and follow what they do. Look around, and get diversified opinions about things. The last one I would say is to pick one thing that excites you, is interesting to you, brings you joy, whatever that is, and go with that thing. A great phrase says to pick something you enjoy, and you’ll never work a day in your life. I enjoy talking & I enjoy technology. I enjoy backup and recovery & I enjoy helping people. Well, this is my job right here.
How hard is this? This is great. It’s not like, you know, this morning I woke up, and I was like, oh my God, I have to talk to Cristian on the right. No, I was like, oh, hey, I get to talk to somebody else, you know? So find something that excites you. A related advice would be to find an area in increasing demand. Right now, I think that’s cyber security. If you’d asked me 20 years ago, I would’ve said storage because there will always be more bits. Storage is one of the areas of it where it just gets bigger and bigger. We’ve never made data smaller. Well, de-duplication helps.
But today, if you were to say – hey, Curtis, what should I specialize in? My first answer would be – well, what excites you? I mean, God forbid you to go into cyber security, and you end up in crypto, and you know, and you’re like – oh God, this is so boring. Well, don’t do that. Pick something that has a future.
What’s your favorite software?
Curtis: I have a really good answer to that question. So my current favorite new piece of software that’s new to me, but I’ve had it for about six months, is called Descript. Isn’t Descript amazing? They’re coming out with a new version, which isn’t ironed out, and I’m not so happy about the status of the new version, but it is amazing software. It changes so much about how you edit podcasts, especially video ones, right?
Descript is amazing because it’s pretty accurate, given that it deals with multiple voices and all kinds of things. But it’s much more accurate because you train it to your voice. You train it how you say things. So, it would learn your accent so you can correct it verbally, right?
Connect with Curtis
Druva: druva.com
LinkedIn: linkedin.com/in/mrbackup