Acronis CEO Serguei Beloussov On Security, Data Protection And The Need To Tie The Two Together

‘There’s about probably a $250 billion industry segment for software and services for security and data protection. And there are zero companies in this space who have a single agent, single UI, single policy, single product and single vendor strategy. This is the core of our strategy,’ says Acronis CEO Serguei Beloussov.

Bridging Data Protection And Security

There are security vendors and data protection vendors and attempts to bring the two together have not always been successful—think Symantec’s acquisition of Veritas.

Now think Acronis. Acronis is a unique hybrid company, one of the few that actually combines data protection and security as part of an integrated offering aimed for the most part at the service provider community. The company started as a data protection technology developerand eventually brought that technology to the cloud before the addition of cybersecurity capabilities in 2018, followed by the integration of the two.

Acronis CEO Serguei Beloussov recently sat down with CRN to discuss the company’s blend of security and data protection and where those offerings might change in 2021. He also talked about the company’s differentiation in the market and how it takes advantage of an increasing number of acquisitions.

Here’s a look at the present and future of Acronis, according to Beloussov.

Just what is Acronis?

This is a company which is building cyberprotection software and services to protect workloads, which is a collective word for all data applications and systems.

[We build it] from the standpoint of safety so nothing gets lost—accessibility, everything‘s accessible at all times; privacy—so you know who accesses your data, applications and systems and you can give and take away rights; authenticity—making sure that the data, applications and systems are not modified and it’s clear where they come from; and security—so the bad guys don’t have access to it. And we do it by building a single product which we call Acronis Cyber Protect, which is doing it from the standpoint of prevention. So we try to predict what will happen with your system and reconfigure or patch your system in such a way that it’s better protected. [It includes] detection so we can detect that something’s happening in real time, and then at this point we can basically stop it, or maybe we can change something to maybe protect it better at this point if we cannot stop it. And it includes recovery, making sure that if something actually happened and your system is broken or it’s not working, we can recover with very little inconvenience, cost or downtime. And then finally forensics.

What is Acronis’ unique value proposition?

We are the only company which builds a single agent, single policy, single user interface, single product, coming from a single vendor, which is doing all the things mentioned: safety, accessibility, privacy, authenticity, and security at the same time and doing it in both a preventive way and an active detection and response way, and recovery and forensics at the same time for all the vectors: safety, accessibility, privacy, authenticity and security.

[Most companies] doing security are focused on prevention, detection and response. Some of them do forensics. Very few of them do recovery. There are some companies who are doing safety and accessibility, for example, companies doing data protection. Most of them are doing recovery. Almost none of them doing prevention, detection, response and forensics for safety. But we do it all for all. The reason why is we just believe that in the future you cannot do it in any other way. That‘s what’s different. The difference is that you install a single agent and it works on your workload, and it actually covers you from all these five directions in all these five ways.

How has Acronis been doing as a company? Is it profitable?

The company is profitable. It‘s growing in its cyberprotection business by around 100 percent. And it’s about a $300 million run rate. We actually believe that the best way to do cyberprotection is to offer it through our service provider partners. We primarily work with managed service providers, hosting service providers, cloud service providers, network service providers and security service providers, which serve all kinds of businesses. A very large percentage of our business, 75 percent, comes from small deployments, which could be small businesses, but about 25 percent of our business comes from large businesses.

Has Acronis considered an IPO?

We are privately owned. We have Goldman Sachs as an investor. As any company with professional private equity, we‘re looking at a variety of exit options, including M&A, IPO and so on. So we definitely are looking at it. It’s not necessarily our mission. Our mission is to protect workloads or data applications and systems. But if it’s useful for our mission, which it could be because it might allow us to be more aggressive in buying other companies, in hiring top-level executives and employees, in growing our head count, in general, then we will do it. So yes, it’s not impossible.

Is Acronis an acquisitive company?

We have actually done probably five or six acquisitions in the past. We did two in 2020. [We have some we are] processing right now. Part of our strategy is a platform which makes it real easy for us to buy smaller technology companies and integrate whatever they have into our Acronis Cyber Platform.

So which two companies did you acquire in 2020?

We acquired a company called CyberLynx, which is security software for virtualization. And then we acquired a company called DeviceLock, which is data loss prevention.

So your acquisition strategy is focused on bringing companies into your Acronis Cyber Platform?

There’s about probably a $250 billion industry segment for software and services for security and data protection. And there are zero companies in this space who have a single agent, single UI, single policy, single product and single vendor strategy. This is the core of our strategy. The reason why it‘s important is because only in this way do we make it easy enough, reliable enough, and secure enough for a very large number of workloads. So yes, of course, whenever we buy a company, we have to integrate it not just into our offering, but integrate into our agent. Our agent is a piece of software we install on a workload, install on your Mac or on your PC or on your server or in your hypervisor. And so it’s very important for us to be integrated. We have a special technology for it as a part of our Acronis Cyber Platform called the Acronis Cyber Bus. So we can integrate it in such a way that the new functionality will be part of a single policy, single UI and single agent.

As you think about 2021, what are some things that you would like do with Acronis? What are some of the directions that you'd like to move in?

Just continue the same direction: Make our protection better. You see, protection can be deeper or can be broader. But one thing which is actually happening today is that people don’t have enough expertise. Complex protection is expensive. And then because it‘s complex and expensive, [customers] actually only have parts of protection and so it’s really not complete. And so security is not there, for example, in full, because there are some attacks possible and it’s not very reliable. And so we believe the only way forward is to have it as a single solution. And having it as a single solution is very challenging. So we just need to continue to build on top of what we’re doing: cyber protection, cyber cloud and the Acronis Cyber Platform. That’s the way forward for us. We’re just going to continue doing the same things.

Of course, we‘re going to buy more companies and we’re going to build more products [and] constantly build functionality. We have monthly releases. So we’re making cyberprotection better from the standpoint of protecting our customers from more potential threats. The threats are not always security. You know, there are many misconceptions about protection. One of them is that you have to worry only about the bad guys. But the vast majority of problems [don’t come from] bad guys, but by user mistakes, for example, and so you have to protect people against user mistakes, including mistakes of system administrators.

And you also have to protect people against external events. For example, COVID-19 is not an IT calamity, but it definitely put stress on information technology because you had to move to remote workplaces because workload dynamics have changed. And so it‘s really much more holistic than just security. And so we just need to make it better.

What is Acronis doing in terms of helping prevent ransomware attacks?

We actually have the best-in-class solution because our solution has extremely good machine learning-based detection. We also have very good prevention. But most importantly, we have recovery and forensics. We have a protected solution. We make continuous backups of your systems. In case of a ransomware attack, we can reconfigure [the system] in real time so that you lose a minimal amount of data. In case something happens, it‘s recovered automatically. You can do it with other solutions, but you will have two solutions. One of them will do security. Another solution will do backups. You will have to protect your backup in case a problem happens and your security solution didn’t stop it. You’ll have to manually recover from the backup. Arguably, for a lot of workloads, that may mean that you lose some hours’ or days’ worth of data. ...

But in addition to that, in reality ransomware attacks are quite often deployed by very special people. They‘re deployed by insiders. They’re deployed by your potential customers or vendors or partners. And so you need to do forensics. And our solution is the only solution available. There’s no other solution which allows you to do very, very good forensics. ... We actually are by far better than any conventional security solutions against ransomware. And so none of the famous ransomware attacks, which are described by the media, would cause any problem for a customer if they use our products.

Does Acronis do most of its development organically or do you depend heavily on acquisitions for future product development?

By default, we plan to do everything in-house. Our acquisitions are opportunistic. I would think that in the next three years, 90 percent [of our development] is in-house, 10 percent is acquisitions. With our strategy, acquisitions also mean in-house development because we can‘t use the products we acquire right away. We have to make them part of our product and our platform, and that requires internal development.

At the end of the day, we‘re very lucky with acquisitions. We can have 75 percent organic development, but worst-case scenario 95 percent organic. But we’re going to continue doing acquisitions. We are very interested in offering better protection. Of course, we are a business. We want to make money. But the most important thing we do is to protect workloads, data, applications, and systems through our partners for our customers.