We have questions. Cohesity has answers

We had the opportunity to ask Cohesity VP of product marketing Chris Wiborg some questions about cloud data management, data storage growth, ransomware and Cohesity’s future. Enjoy reading his answers.

Cloud Data Management

Blocks & Files: Is it likely that the three main cloud suppliers move up stack and start offering their own data protection and then data management services on top of compute instances, storage classes and Serverless functions?

Chris Wiborg.

Chris Wiborg: One can never predict what areas CSPs may dive into next should they see the market opportunity as worthy of their attention. However, given the hybrid and multi-cloud nature of many customer deployments, most of the customers we talk to today prefer a third-party alternative. 

Any given CSP being good at just protecting their own offerings likely will not be sufficient — similar to why even though database vendors have offered a certain level of data protection themselves for years … most customers have moved towards a provider whose support spans across many different sources (unstructured data, containers, VMs, other DBs, etc.) in the interest of consolidating silos as opposed to managing multiple flavors and instances of data protection and management.

Could one or more of the three big CSPs buy data protection and data management suppliers so as to acquire needed technology? For example, Google acquired Elastifile to gain file system technology.

It’s always a possibility. There certainly have been independent vendors that at times have shopped themselves around as an alternative exit strategy.   Effectively integrating acquisitions not architected in a cloud era into a commercially viable cloud offering another discussion entirely.

Will external data protection and data management service suppliers — as opposed to in-house AWS, Azure and GCP supplied services — naturally gravitate towards multi-cloud vendor offerings?

Absolutely. The modern enterprise IT world is de-facto a hybrid, multi-cloud one — and likely to be so for the foreseeable future.  

What other competitive differences might they have from in-house CSP-supplied services, like functional superiority? Would these be sustainable?

Well, one example would be a conflict of business interests. Let me explain: Would you expect Microsoft to be incentivised to play nicely with AWS (or vice versa) in providing robust support for workloads offered by the other?  This is where more neutral third-party options likely will have room to navigate for some time to come: by providing the features customers need irrespective of the native hosting environment.

Data Storage/Management

We are facing a seeming relentless rise in unstructured data. Petabyte-level backup and archive data estates are becoming commonplace. Will these develop into exabyte-level estates and then zetabyte-level ones? 

Given the continued exponential growth of data, yes. In fact, given this is the prediction season, this may be sooner than we imagine. I don’t want to put a date on it, but with 5G rollouts occurring globally now too, I would bet on it happening very soon. 

Surely the cost of storing zetabyte-class unstructured data, some of it or even most of it with very low access rates, will lead to mass deletion exercises and a cap on data growth?

This is one reason that capacity efficiency with capabilities such as global (as opposed to, for instance, per-volume) dedupe is critical even today. And, yet another reason why data governance has an important role to play in data management going forward. What’s really worth protecting or keeping — and for how long? Businesses are still not on top of this.

This will increasingly play into the data management strategies of large organisations as they wrestle with the balance of the costs/regulatory requirement/SLAs equation as appropriate within their organisation.


Might we have a situation where we could view ransomware as an effectively solved problem? 

Sadly, not very likely as cybercriminals continue to evolve their tactics and techniques. We’ve witnessed the shift from attacking production data only, to going after the backup data first, to now the rise in exfiltration and double extortion schemes — a progression we’ve seen unfold over just the past couple of years. And, sadly, the next extension of ransomware’s blast radius is likely being cooked up right now. 

Are immutable and threat-cleaned backups along with fast recovery needed as normal business data protection practice for this to happen?

These should be table stakes for every organisation looking to harden their ransomware security posture with next generation solutions today.

How far off are we in your view of companies widely having this type of recovery as standard?

Within the past year or so, it’s the first thing on a customer’s lips when they meet with us and want to have us help them with. And what’s not surprising perhaps is that it’s not just IT Operations, but also SecOps now at the table helping set these requirements.

Cohesity focused

We have several large data protection suppliers, most of whom are engaged in developing SaaS offerings. For example, Cohesity, Commvault, Druva, Rubrik, Veeam and Veritas. They are also extending into cyber-security to fight ransomware. There appears to be a looming lack of greenfield customers.

Apart from the NewCorps out there, were there ever really any greenfield customers? Since we arrived with our initial offerings it has been about displacing more established legacy IT rivals. As our results show, we are adept at providing a next generation approach to age old IT problems. That  is how we’ve been disrupting and gaining market share since the beginning, and we are very prepared for more competitive battles. When prospects see what we can do in a fair POC, our technology shines.

How will a company like Cohesity grow once it is competing for customers in a relatively static data protection and data management market against other large suppliers? 

Vendors differ in what data management really means to them.  Some are using those words while really just focusing on addressing the backup and recovery problem.  

The legacy generation of data protection tools — which IT teams still grapple with to perform and manage routine backup and recovery functions — poorly scale to do more data management tasks such as file and object services, secure data isolation, governance and audit support, dev/test copy management, and running analytics to obtain insights.

More importantly, these tools are not just failing IT — they are also failing the business in terms of its online reputation, its operating efficiency, and its ability to use data as a strategic asset. If you look at tackling ransomware — most of the companies we are up against predate modern malware attack vectors.

Our view on this has always been more expansive, taking on other workloads. Our perspective is that the long game is really about supplying a platform and set of services that our customers need across the lifecycle of their data in a distributed (core/edge/cloud), yet not decentralised (single point of administration) fashion. Data protection is just one phase in that broader lifecycle of data management, but when I look around there’s a lot of Frankenstein’s monsters and not much built for the next generation of requirements.

Could Cohesity move into the very fast-growing analytics space?

We already are there at a “primitives” level — we supply building blocks for others to take a step further. We also view third-party extensibility as a key platform design tenet for us, and therefore believe that there is room to both grow and aggressively partner in this space — guided as always by where our customers lead us.