Cloud Computing

Druva CEO sees 'data search' issues ahead of GDPR

“The majority of storage vendors are still stuck in hardware and software,” says Jaspreet Singh, founder and CEO of cloud back up company Druva, when I meet him in at the Hotel Royal in London’s West End. The old school storage market is capped, he adds, and companies are not talking enough about how net spending on this is not increasing.

The new model is in the cloud, and as such, Druva runs no datacentres of its own for customers. Instead, it utilises AWS and Microsoft Azure locations to deliver backup as a service to clients.

“We were penalised early for not having our own datacentres,” says Singh when I ask, “but the market has grown up to understand the public cloud.” (He places the change at about two years ago.) One downside is that there is less margin to not running our own datacentre, he adds, but the upside is that the company can be faster and more innovative. 

“As we capture information we try to leverage it for more useful things,” says Singh. In this way, Druva is trying to solve four things which he describes as “our differentiator against the on prem[ise] guys”. He lists these as access, availability, search and analysis – but particularly highlights the last two.

The analysis side has the potential to tackle large areas like security, he tells me, while search is especially relevant from a regulation perspective.

GDPR [the EU General Data Protection Regulation due to kick in for all European citizen data next year] is a very relevant search problem,” he says. He believes this is especially clear when it comes to individuals’ specific rights around data, like that it can be erased, along with tightened rules around the official notification of breaches. “It becomes a critical data management issue,” he says.

When I ask how well he thinks most companies are doing at all this currently, he replies that he doesn’t think “they understand yet”. However, contrary to some people I’ve previously spoken to, he believes US companies are doing better than their European counterparts because they have a history of legislation in this area.

The EU has much clearer laws in this area than the US, he says, because US laws are far more vertically focused. “GDPR is not too different from HIPPA [the Health Insurance Portability and Accountability Act of 1996]” he adds. While in his view Asia is “less aware” and is (generally) “still trying to understand where the data is”.

Singh believes many companies are now looking to buy products that are firstly, GDPR aware and secondly, offer something to solve particular risk areas in the legislation, such as finding data, mining data and analysing data. “The first fines will be on gross negligence,” he says so that is the area people are looking to counteract initially.

The second space that Druva is moving into is security. Although Singh is keen to stress that there have been attempts to merge security and storage in the past – like with Symantec’s purchase of Veritas in 2004 – which Singh joined in 2005. Earlier this year, ahead of RSA, Druva announced a new feature to help protect stored data from ransomware. This uses machine learning to scan for anomalies in the data and then flags them to administrators.

“The thing we have to be careful about is false alerts,” says Singh pre-empting my question. This is why the company is initially trialling this within the relatively narrow field of ransomware. “If you narrow it down the false positives are reduced.”

Over the last year or so machine learning has been touted as the answer to every business problem you can think of and yet it clearly has its limitations. “Machine learning is like mobile five years ago,” suggests Singh, who adds that now the hardware problems with machine learning have been solved it all comes down to the use cases. “Some will stick some will not stick,” he says.



Also read:
Druva sees starring role among backup clouds
From insular US firms to spammy marketers: Who will GDPR hit the hardest?
GDPR probably won’t decimate businesses but it might leave some burned
Can ‘good’ machine learning take on global cybercrime?
The future of machine learning in cybersecurity: What can CISOs expect?


« Typical 24: Richard Scholes, Parrs


Cybersecurity must play catch up as more Kenyans move online »


Do you think your smartphone is making you a workaholic?