Veeam executives discuss data protection trends, future IPO

The data protection industry continues to evolve based on surrounding conditions. Vendors are still merging security features into backup products, some are weighing the decision of going public. Customers are exploring virtualization options because of increased VMware costs.

Veeam is active in each of those data protection trends.

At VeeamON in June, Veeam executives continued to shine light on the prevalence of ransomware attacks -- a major reason why backup and security are converging. Veeam introduced its Data Cloud Vault, an immutable and encrypted cloud-based backup storage service. That launch followed other recent security developments for Veeam, including its acquisition in March of incident response vendor Coveware.

Virtualization migration was another hot topic at VeeamON, as VMware customers could face price increases after the company's acquisition by Broadcom. Other hypervisor vendors are seeking to capitalize on those concerns. Veeam, which began as a VMware backup company, has since added support for hypervisors such as Hyper-V and Red Hat Virtualization, with Proxmox protection due later this year.

Veeam, which claims 550,000 customers, has had a potential IPO target for several years. Rubrik was the most recent data protection company to go public, and Veeam's move is in the cards, according to its CEO.

In this combined Q&A from VeeamON in Hollywood, Fla., Veeam CEO Anand Eswaran, Veeam COO Matthew Bishop and Coveware by Veeam CEO and co-founder Bill Siegel detail how the company tackles backup and security needs, how they're approaching the IPO phase, best practices for ransomware recovery and how customers are dealing with VMware. Eswaran and Bishop sat down together, while Siegel was interviewed separately.

Editor's note: The following was edited for length and clarity.

How do you mix backup and security effectively and still be able to say that you're a backup company?

Anand Eswaran

Anand Eswaran: Backup is one of the critical components of what we do. But for me, the entire frame is around data resilience. … I look at backup, recovery and freedom as one critical thing that needs to work well in tandem. Then I view security and intelligence as two things that need to come in, in a meaningful way, to make data resilience happen.

There are companies that are ashamed to use the word "backup." They use euphemisms for backup. The whole concept of data resilience starts with backup and making it effective. But then you get to do a lot of other things -- have a great recovery plan because you are going to be breached, have a great portability plan. Security is a foundation of how any platform and service needs to be built, and AI is going to create an enormous value out of this for everyone, in addition to making this platform more safe, more secure and more proactive.

It's how all of this comes together under the construct of data resilience. So I would say Veeam is unapologetically a data resilience company where backup is one of the critical elements.

How can you tell if a company is prepared to recover from a ransomware attack? How can you tell if a company is not prepared?

Bill Siegel: You can just listen to them and whether they're beginning to execute on a plan that they've practiced before. … 'This is what has happened. Here are the steps we've taken to date. Here are the recovery work streams that are currently in flight.'

Things are flying already versus you get on a call and they say, 'We've got everybody in the room and we're in front of a whiteboard. Who's got a copy of the ransom note? Let's put that up on the screen.' And then you say, 'This is not going to go well. It's clear none of you have ever practiced before.' No one's doing work right now. They're all in the same room trying to figure out what to do for the first time.

What can companies do to put themselves in a better position to deal with a ransomware attack?

Siegel: You have to consistently practice different aspects. Bring the teams that are going to have to work together. Put them through scenarios, put them through tabletops, identify weaknesses, get stronger, do it again. Do it every year.

There are companies that are ashamed to use the word 'backup.' They use euphemisms for backup. The whole concept of data resilience starts with backup and making it effective.

At VeeamON, there were many references to Broadcom's acquisition of VMware and the potential cost increases customers are facing. What are customers feeling about the situation?

Eswaran: Anytime your price jumps up more than three times, you're going to be anxious. They're trying to think through what's happening. They're also trying to think through their options. It's not as easy as waking up and saying, 'I'm going to move to something different.' We are there to enable their choice, whatever decisions they make.

Whether they stay with VMware or go to Hyper-V, Nutanix -- wherever they go -- we have an easy button for them to be able to back up their data, protect their data and restore their data into a different environment natively.

Are you seeing a lot of customers already moving off VMware?

Matthew Bishop: I would say not so many at the moment. We get a lot of inquiries about how they can do it. We see some of our partners, whether it's Red Hat or Microsoft with Hyper-V, we're seeing them get a lot of inbound inquiries.

If you get a bill that's a 350% increase, you're going to think hard about it.

Eswaran: We personally got a bill that was 3.5x as well for our VMware estate. So we see both sides of the equation.

Veeam executives have talked in the past about potentially going public. Is an IPO still on the table?

Eswaran: We don't need to go public to raise cash, like other people do. But we are watching the macro. Absolutely, going public is on the horizon for us. We intend to be a public company. We're working through the timing on that. It brings in goodness like enterprise credibility, as we have plans for massive expansion. We'll make a call at the right time. We are not under any pressure to do so.

Is there any general timetable?

Eswaran: No. We have the financial profile to go public right now. From a process, compliance, governance standpoint, we are ready to go public right now. We're just going to wait to see how the IPO market evolves, how that macro evolves broadly, and we'll make a call. There's no specific time. It could be a year from now or later.

Paul Crocetti is an executive editor at TechTarget Editorial. Since 2015, he has worked on TechTarget's Storage, Data Backup and Disaster Recovery sites.