Tech Journal The Audacious Ambitions of an Idealist CTO
Q&A With Danny Allan, CIO & SVP of Product Strategy, Veeam
By Insight Editor / 13 Dec 2021 / Topics: Featured Backup & recovery Cybersecurity Software
By Insight Editor / 13 Dec 2021 / Topics: Featured Backup & recovery Cybersecurity Software
I'm an idealist at heart. I want to change the world. At every company I go to, I have this big, hairy, audacious personal goal to change markets. My first company was a security company, and my bold vision was “we are going to secure every application that exists in the whole world.” It was a very exciting, successful endeavor for me. Eventually, we were acquired by IBM.
At my next organization, I set out to secure all the desktops. My belief was that if you took every desktop and you put it in the cloud, then you could enable the required controls that even if a user did something by mistake, they were protected. With this idea, we started a whole new category of Desktops as a Service (DaaS) and the objective to deliver secure desktops from the cloud. And again, it was an ambitious goal, but it was very exciting. We changed the market and ultimately we were acquired by VMware. In some ways I'm doing the same thing that I did at the start of my career — securing applications and securing desktops. Except now, I'm securing data for organizations.
The most ambitious thing I’ve ever done in my personal life is an interesting story.
In 2009, I read a book called Due to Enemy Action about a lost shipwreck off Portsmouth, Maine. It was the last U.S. Navy warship sunk in the Atlantic Ocean during World War II, two weeks before the end of the war. There were 13 survivors, and a few said they saw a German U-boat after their ship exploded. But the Navy said no way, there's no U-boats operating off the coast of the U.S. a few weeks before the end of the war. The Navy looked for the sunken ship for several years but never found it.
I'm a technical scuba diver and I find shipwrecks in my free time. The most audacious goal I've ever set was deciding that, with three of my friends, we were going to find the shipwreck the Navy couldn't find. And we were going to answer the question of whether it was torpedoed by a German U-boat, or did the boilers explode?
After five years of searching, we found the ship. Ultimately, it was data that helped us find the wreck. But finding that shipwreck and determining it was not the boilers changed lives for both the victims and their families. I’m very proud of that.
When the pandemic first hit, we decided we wouldn't just pick up the in-person events we’d been doing and just move them into the virtual format. Instead, we would tailor it for the virtual format. For example, we would give keynotes on stage, and that was very much a one direction communication. When we switched to virtual, we said, okay, let's moderate all the sessions and interact live with the audience. We've pivoted very successfully in that area.
I do wish I had realized earlier how much impact the pandemic was having at a human level. I wish I'd focused a bit more on mental wellness and ensuring that teams and individuals were doing well. Of course, now we're very focused on that. In fact, we just gave everyone at Veeam a day off for mental wellness.
We are focusing on both internal needs and customer needs — that’s an important point, but we had an unfair advantage. One of the things we've been doing internally even before the pandemic was to secure our systems. Even though we're not offering direct services, we went through the process ourselves of getting an ISO 27001 certification. And we were in the process of launching something known as Veeam Government Solutions, which required a lot of security certifications. On a software level, we were doing things like making sure the components we use were FIPS 140-2 compliant and going through numerous security certifications and process validation internally.
But one of the things I'm most proud of is what we've done for our customer base. At the same time as COVID-19 hit and the world changed, ransomware and malware started attacking the market. And what does Veeam do? We protect data. In fact, you could argue that backup is your last and best line of defense. We’re focused on making sure that our customer data is protected.
We’re putting reporting and analysis within our product that help our customers have better outcomes and be more intelligent about their own business. For example, we’re adding reporting right in our product that tells clients which data should be made immutable so that if you do get ransomware, bad actors can't come in and delete your backups or encrypt your backups themselves. I do expect that the threat that we face will continue to increase, but Veeam is in a very strong position to help the industry.
I'd say a company that most impressed me is Leidos. Leidos is a Fortune 500 information technology company. They were delivering services the traditional way where it took months to create a service. But they moved to the cloud and completely reworked how they develop applications, using something known as portable DevSecOps. Essentially, it's a way of using continuous integration, or continuous development, where they could deliver services in hours — not days, not weeks, not months, but literally could deploy services within hours and still be fully compliant and secure and doing all of the things that they needed to. I was very impressed with their story. They essentially completely reworked and transformed their business and Veeam was a part of that casting. And those are the kinds of stories that are very exciting because it's companies that are disrupting themselves and delivering solutions more quickly and more securely than they ever had in the past.
Maybe in data privacy. I really believe that the big challenges that face society today — think healthcare, climate change, sustainability, education — a lot of these things can be solved if, as an industry, we were more willing to share our data with one another. But of course, the challenge with sharing our data with one another is that we're sharing our data with one another. Users have a right to privacy to their own data. And 40 years ago, right after the RSA encryption technology came out, there was a thesis put out around something known as homomorphic encryption.
The idea was that you could manipulate data without decrypting the data. And I think we're missing an opportunity as an industry to find ways to share data, but to do it in a secure way that is fully compliant for homomorphic encryption. We've come a long way in the last 40 years. But I think we could be more ambitious as an industry. And I think we need to be. I think we need to share data to solve some of these big problems.
I think the next generation, the next big wave is going to be containers, and Kubernetes specifically for orchestration of containers. Everyone said that the biggest shift in the industry was from physical to virtual to cloud. Actually, I think the better way of looking at it is, the big shift is from physical to virtual to containers. The cloud was really virtualization on someone else's hardware. It was a go-to-market model, and I'm not discounting that in any way. It's a massive benefit to having a go-to-market model where you can pay in a consumption basis. But I think containers do something that is unique and extremely valuable for the organization. To be honest, it's still complex. We still have to cross the chasm, but I believe we will. There's enough very smart people that are looking at this that I have no doubt that we will cross that chasm.
It's probably not groundbreaking what I'm going to say, but it would be prioritization. Prioritize, prioritize, prioritize. I'm not going to say what I believe is the top priority because frankly, I think it's different for every organization. But as a leader, one of the things I challenge myself with every day is to answer, what are the top three things that I care about? And I'll focus on those. There are more things to distract us than ever before. Inflation, pandemics, cloud, Kubernetes, security, malware, talent shortage, talent drain and now, the “Great Resignation.” We should be figuring out how to not lose that talent, but still give them what they need to be mentally well.
One of the things that we're very focused on is data protection and protecting the data within the cloud. There’s good, broad awareness that if you have a data center, you need to protect the data within it. But that understanding isn’t true for the cloud. And I'm grouping a whole lot of things in cloud — certainly the hyperscale public cloud, but also SaaS cloud services. If you look at Office 365 or Salesforce or Workday or Service Now, less than 10% of cloud-hosted workflows are being protected. And I look at that and think, we need to protect the data. So, my ambitious goal is to create awareness within the industry that we need to protect the data that’s not just in your data center, but also when it's out in the public cloud.