Time Is Right To Think Security In Storage: John Thompson
Rubrik this month unveiled the appointment of John Thompson as the new lead independent director of the storage and security company’s board of directors. The move, aimed at helping Rubrik build a team of top cybersecurity experts to improve the security of data backups, follows the June appointment of Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as chairman of the company’s new CISO Advisory Board, and the May appointment of Michael Mestrovich, former CIA CISO, as its new CISO.
Thompson brings a solid security background to Rubrik. In addition to serving in the past as Microsoft chairman and security vendor Symantec CEO, Thompson currently is the lead independent director of Microsoft and a venture partner at private equity firm Lightspeed Venture Partners. As Symantec CEO, he led the company to acquire Veritas, then the largest data protection vendor, as a way to bring storage and security together, but that acquisition ultimately failed and Symantec 10 years later sold Veritas at a significant loss.
Thompson told CRN in an exclusive interview that Symantec’s attempt to bring storage and security together failed because of a significant cultural difference between the company and Veritas and because the market was not yet ready for such a combination.
That, he said, is no longer the case, as the idea of adding security to data protection has become an increasingly common move with companies like Rubrik, which under the leadership of co-founder, Chairman and CEO Bipul Sinha, has moved to become a leader in bringing the two together.
“Quite frankly, everything is in the cloud in some form or another these days,” he said. “Clients want to make sure that they have something that can protect their content wherever it exists, wherever it lives, if you want, be it in the cloud or on-prem or quite frankly in a partner’s ecosystem. They want a company like Rubrik who can not only ensure that it is secure but make sure that the content can be stored in a way that makes it reliable as it gets accessed.”
It is a trend that will continue, especially at Rubrik where Thompson said he is focused on helping the company scale and prepare for an IPO.
“The security segment has captured more investment capital than almost any other segment in the tech space over the last three to five years,” he said. “And I don’t think that’s going to change because guess what? Content is growing exponentially every year. And therefore, you’re going to need new security techniques and technologies to protect the massive amount of content that is going to be created over the course of the next 24 to 36 months.”
Thompson also talked about how he sees security at Microsoft and his expectations about security moving forward. Here is his deeper look at Rubrik, Microsoft and more.
Congratulations on your new directorship at Rubrik.
I am delighted to have the new role. But quite frankly, it’s not going to change what I do one iota. I am there to help Bipul and his team scale this company. And while being the lead independent director is important, and it certainly will become more important as the company starts to think about its journey toward an IPO, candidly, right now, it’s about building a business of scale. And that’s what I’m here to help them do.
You mentioned the journey toward an IPO. What is Rubrik’s timeline on that?
We don’t have a definitive date when we would do it. But clearly the company’s performance has yielded the kind of outcome that we had expected. And candidly, we don’t see anything in the coming year or so that’s going to change that substantially. And so we’ll see how the market behaves. It’s more about the market than the company.
The last couple of years have seen storage vendors like Rubrik rebrand themselves more as security vendors or security specialists. You ran Symantec when it acquired Veritas to bring security and storage together. So what’s going on in this market today?
I think what we are starting to see is that security is more about securing the content, not just the infrastructure or the devices themselves. And candidly, what Rubrik has done is has evolved to help customers migrate to the cloud but to do it in a way that their content is far, far, far more secure. When I first got introduced to Bipul, I was running a Lightspeed Venture Partners company that did not pan out well, but nonetheless, that was what I was doing. When he came in, he said, ‘I have this idea. I want to integrate backup and recovery and security.’ And I’m like, ‘Oh, my gosh, that’s exactly what I wanted to try to accomplish when we bought Veritas.’ But the cultural mismatch between the two companies, and quite frankly, the moment in time where we were, just wasn’t perfect for that particular acquisition.
Nonetheless, what’s happened at Rubrik over time is the company has moved from an appliance that sits on-prem that helps decide which way to move data to the cloud or keep it on-prem, and oh, by the way, secure it at every stitch along the way. And it’s just been an amazing journey for the company. And now they move from candidly an on-prem hardware appliance to a cloud-based service that is growing exponentially every quarter.
Why didn’t Symantec’s acquisition of Veritas work? At the time, it was touted as bringing security and storage together. EMC did the same with RSA at the time. So what happened?
I alluded to it earlier, which is first, it was a huge cultural mismatch that I did not envision, quite frankly. There was a component part of the Veritas team that viewed Symantec not as a security company, but a consumer company. That enterprise group did not want to be a part of a consumer company, and it just created more tension than I ever thought would ever evolve, if you will, from the integration. But then I think also, many people who were buying big backup and recovery solutions weren’t as focused back then on managing the content itself and securing the content as part of an integrated process. And so that was a step in the journey where people went, ‘Whoa, why are they doing that?’ And I just wish it had turned out better. But I think had we not encountered the cultural problems and had done it at the right moment in time, it clearly would have been an early Rubrik, for sure.
So what’s changed since then in terms of making companies like Rubrik able to bring the security component to secure the content along with doing data protection?
Quite frankly, everything is in the cloud in some form or another these days. Clients want to make sure that they have something that can protect their content wherever it exists, wherever it lives, if you want, be it in the cloud or on-prem or quite frankly in a partner’s ecosystem. They want a company like Rubrik who can not only ensure that it is secure, but make sure that the content can be stored in a way that makes it reliable as it gets accessed.
So what is Rubrik’s claim to fame? What’s its differentiator from what you’ve seen so far?
Well, I think it is they have done an amazing job of integrating security, certainly around ransomware and elements of that, into their backup and recovery platform. Ironically enough, as the COVID pandemic hit, one of the big things that occurred was ransomware spread. I mean, Rubrik was booking literally dozens and dozens and dozens of customers a week because of all of the ransomware problems that were going on in the early days of COVID. And candidly, that’s helped the company expand its purpose, if you will, around secure content management.
Over the years and the various companies you worked with, have you seen an evolution in terms of the channel and its ability to do bring together storage and security in the way Rubrik is talking about?
Well, the channel today is a lot different than the channel of 20 years ago. Today it’s about the cloud. And it’s about cloud providers and those who are going to have services around that cloud provider. And so with Rubrik having relationships with every cloud provider, but also having relationships with app providers, that’s a really, really important ecosystem, if you will, for them.
So how do you view security in general today? What are some of the key issues that you’re following?
I would say that one of the things I’ve done since I joined Lightspeed is made a decision about investing in early stage companies, not just as a part of the Lightspeed portfolio, but to the extent that the team might want me to have a direct investment, I like to do that. And I tend to do that more around the security space. And I’ve written checks over the course of the last few years to, I’d say, six or eight security companies. And I don’t want to talk about it because I just don’t do that. But nonetheless, it’s still something that’s top of mind for me. One of the challenges of COVID, quite frankly, for me personally has been not being able to be as engaged with founders like Bipul in the early stage of the company as I was when I was in the early stage with Rubrik and Bipul.
How do you see Microsoft in terms of security? Is Microsoft doing the right things?
It’s been an amazing journey for me to have observed. Because I can remember in, I don’t know, 2005 or so, I was going to speak as the kickoff speaker at the RSA Conference. Days before, I got a call that says, ‘Sorry, you’re going to be number two, not number one. Bill Gates is going to be in town. He’s got to leave to go somewhere. And so Bill’s going to speak first.’ So he goes on stage, and then I come up behind him. And I start, like, how many of you believe any of what he just said?
So now page forward. I was the chairman of the board when I bought Satya [Nadella] on board [as CEO]. Satya made it very clear that he had some elements of the portfolio that he wanted to enhance, one of which was security. Well, guess what? Microsoft is now the largest security company on the planet. And I never would have imagined that back in 2005 when I was picking at Bill [Gates] about the state of things at Microsoft. But now, they really have done a nice job of not just providing things for you and me as personal individuals using computers or phones, but also what they do on their cloud platform for securing content that is there.
So what is some of the advice you’ve given to Bipul in terms of what Rubrik needs to do to prepare for 2023?
I think the real issue right now is focus. Because at a time when the market is a little wobbly, if you don’t stay focused, but you decide, ‘Oh, I want to go spend money here, spend money there,’ that’s not a very good idea. Now fortunately, this company is on the path of being cash-flow-positive in 2023. And that’s a wonderful, beautiful step, if you will, along the journey that they’ve been on.
Who do you see as the biggest competition to Rubrik?
Well, quite frankly, as you suggested earlier, a number of the companies now in the backup and recovery space are trying to do more in security, if you will. And I don’t think you can ignore not just the big footprints, but you can’t ignore many of the companies that have been around for a long time. Veritas is still around. I mean, it’s not going to go away. And oh, by the way, the next generation is only four or five years behind Rubrik. So this is about transforming yourself, or being on the journey that transforms you, as customers change in time.
What do you see in the future of security when it comes to ransomware protection and other aspects related to data?
Well, this is not going to go away. And as you well know, the security segment has captured more investment capital than almost any other segment in the tech space over the last three to five years. And I don’t think that’s going to change because guess what? Content is growing exponentially every year. And therefore, you’re going to need new security techniques and technologies to protect the massive amount of content that is going to be created over the course of the next 24 to 36 months. It’s just incredible what’s going on in the world we live in today compared to 20 years ago, or 50 years ago when I joined the industry.
If someone was new to the channel and asked your advice, where would you tell them to focus to be a successful solution provider today?
I think helping customers migrate their content to a secure cloud platform is critically important. And I think many large enterprises move a step at a time. And the question becomes, as the cloud becomes more secure, as it becomes more pervasive, how do you help those customers have confidence that they can move their content there and not get compromised, if you will. And having a company like Rubrik with relationships with all of the cloud providers and many of the app providers, and oh, by the way, those who will deliver the services to the individual companies that need it, that’s the path we all have to be focused on.