Cohesity CEO Sanjay Poonen: Storage And Security Are Now A ‘Blended Conversation’

Storage vendors have been emphasizing security. Traditionally, security is more of a separate issue than related to storage. So what’s going on?

Eighteen years ago, I was at Veritas when it merged with Symantec. The joke was, ‘What’s in common between storage and security? They both start with the letter ‘s.’ I don’t know at that time whether Veritas and Symantec clearly figured out the commonality between those topics. That led to them splitting apart.

But back in 2004, when I was there, and it all happened, web-scale architectures didn’t exist. One of the reasons Cohesity has been enormously successful replacing legacy vendors, whoever they are, most of them born in the 1990s or early 2000s, is our web-scale architecture, which means we can just do things simply faster. When I asked my largest customers what was your before and after ROI or TCO, it’s like a weight loss commercial: ‘It used to take 45 minutes, and now it takes four minutes. It used to need expensive hardware storage and labor, and now I don’t need as much, either on-prem or in the cloud.’ So web-scale architecture gives us a significant advantage.

But the other thing that didn’t exist 10 or 15 years ago were the threat vectors of ransomware in security discussions. Because once you’ve protected the perimeter network, endpoint and identities, you’re getting to the last line of defense, which is typically a backup And if the bad guys could take out not just those perimeters but also your last line of defense, you’re very vulnerable. So as a result, CISOs and CEOs and CIOs are talking about topics like immutable backups, air-gapped solutions, cyber resilience, cyber vaults, being able to be able to recover really fast from a black swan event and how to plan for it effectively. Just like you are doing COVID testing, you need to be threat hunting for data to understand sleeper cells in your stuff.

So do you call it a storage conversation or security conversation? 

It’s a blended conversation. It’s an infrastructure and security discussion. I wouldn’t say it’s storage. This is sort of like hyperconvergence. Is hyperconvergence a storage discussion or a storage and compute discussion? It’s the same. It’s an infrastructure discussion on data, which does have relevant people under the CTO and folks who own storage that will come to the discussion. But the discussion often also has people who are from the security team, the SOC or the CISO. And the budgets for many of these projects like cyber vaulting and a bunch of things we’re doing come from the CISO, even if they’re being implemented by an infrastructure team. When you go to the cloud, many of these teams are blended. You can’t say it’s a cloud storage team. It’s a cloud team dealing with many aspects of infrastructure. It’s compute, storage, networking, databases. It’s a blended team. You don’t want to have tunnel vision on where the world is. I encourage people to think more broadly of infrastructure if you were traditionally a storage person. You need to be very aware of what’s happening in the security world. And vice versa: For security people looking at topics of infrastructure, you can’t have a CISO without a strong collaborative relationship with the CTO and infrastructure leaders.