Life At Druva

Welcome to the future: an introduction from Stephen Manley, Druva’s new Chief Technology Officer

Stephen Manley, CTO

Welcome to the data protection revolution. On my one year anniversary at Druva, and in my first week as corporate Chief Technology Officer (CTO), I see the future is finally within our grasp. I spent two decades desperately trying to keep pace with data growth by building snapshots, replication, and deduplication into NetApp and Data Domain storage appliances. Then, the cloud changed everything. 

Cloud both irrevocably breaks the legacy backup architecture and provides the framework for the future – a world where software automatically protects business applications, streamlines application development, and manages information. For the first time, I see a clear path from where we are today to the future. 

Today, data is still growing, and is now stored in more locations within an increasingly diverse set of applications. As data becomes more important, protection requirements are also expanding to include cyber security and data privacy. The answer is an application-centric, cloud-native data protection service that scales globally, rapidly adds new application support, and dynamically delivers new use cases. 

Snapshots revolutionized short-term recovery. Deduplication disrupted backup storage. Data protection as-a-service will transform the industry with zero touch data protection.

Data sprawl changes backup

For the last 15 years, backup companies competed to build the biggest, baddest, and fastest backup appliances. Since data centers were growing but homogenizing – VMs, Oracle and SQL, and NAS/file servers – the only metrics that mattered were throughput, capacity, and cost. 

Brute force protection no longer scales because data exists in more places. Since most data growth is either in the cloud (cloud applications, hybrid workloads) or on the edge (endpoints, Internet of Things), backup appliances are not an option. A data protection solution must reach outside the data center and back up each data source wherever it lives. Backing up TBs of data from the cloud to on-premises or “cloud virtual” appliances will not scale. 

Only cloud data protection can protect organizations from the dangers of data sprawl. A cloud data protection service can scale, connect to any data source, and meet local data residency requirements. As workloads shift from on-premises to cloud, the protection environment must shift with it.

Protecting applications, not data

As the “speeds and feeds” discussion subsides, the data protection industry is finally shifting its focus to protecting businesses applications, not just raw data.

For decades, backup software has known very little about the applications it protected. Customers protected VMs, file shares, and databases. Neither the backup team nor the backup software could determine what components were part of a billing service, HR tool, or a technical application. Not surprisingly, backup, recovery, and retention management did not connect with the needs of the business. 

In the last five years, however, it has become mandatory to understand the applications we are protecting. Microsoft 365 and Salesforce offer complete application solutions and customers expect to back up those applications – not just the data. Kubernetes applications span across hundreds of containers and application teams expect to protect and recover their application – not just individual containers or data volumes. The combination of application complexity and user expectations means that simply backing up all of your data is no longer sufficient.

Fortunately, modern application vendors have added APIs that define the customer’s application. Microsoft, Salesforce, and Kubernetes expose the metadata about how they connect an increasingly complex set of underlying components (datasets, containers, etc.). Therefore, data protection must back up and recover application definitions, platform configurations, and data. Otherwise, customers are left with, as one admin put it, “a bucket of bits.”

With access to the metadata defining a business application, data protection can finally evolve into application protection. Application protection solutions will optimize backup, recovery, long-term retention, and accomplish so much more. 

New threats, new requirements

Over the next five years, application-centric protection will help solve today’s problems and emerging business challenges.

Today, organizations struggle with the cost and complexity of application disaster recovery (DR). Application-centric cloud protection simplifies disaster recovery because it begins with a well-defined application. Then, with the cloud’s dynamic resources, there is no “redundant infrastructure” cost for standby DR infrastructure or DR test environments, so an organization can test application DR for every application, every week. 

In the future, disaster recovery will evolve into meeting the DevOps goal of “application is code.” If you can “spin up” an application after a disaster, you can do the same as part of a CI/CD pipeline. There will be work on managing security, data distribution, and tracking versions, but the principal flow will be in place. 

Today, organizations are fighting the relentless scourge of ransomware with bolted-on air-gapped copies that are expensive and difficult to manage. Application-centric cloud protection automatically creates a secure, offsite copy of the application enabling you to recover quickly and confidently from ransomware. Analytics on the backup can even help detect anomalies to limit the scope of the attack. 

Looking forward, application-centric data protection will be a core component of application data management for security and privacy. Ransomware attacks have already begun to exfiltrate data before encrypting it, so organizations will need to know where their sensitive data lives. Meanwhile, privacy regulations will dictate that organizations store, secure, and delete sensitive data according to compliance standards. As the only service with central visibility across all applications, data protection will evolve to help manage end-to-end data privacy and security.

New architecture – metadata-centric, cloud-native

Application-centric cloud-native data protection will be powered by a metadata engine. Metadata tells the story of your applications, your data, and your environment. What defines an application? Where is your data growing quickly and who owns it? What data changes reflect a security or privacy risk? With a centralized metadata engine, you can connect to your applications, optimize your protection, and finally get visibility into your environment. 

To power the metadata engine, the protection data store must split the metadata from the data. That way it can add, analyze, and scale the metadata independently from the data. Meanwhile, the service can store backup data in any tier and region to reduce cost, increase performance, and meet data residency requirements. With a protection data store designed for the cloud instead of a box, the metadata engine can run at full power.

The next step is to build a cloud-native platform around the metadata engine. The metadata engine is the heart of the platform, but scalable security, compliance, policy, and API management bring it to life. The platform then uses a development pipeline that is as elegant as it is simple – develop, commit early and often, test continuously, and deploy seamlessly every two weeks. By continuously adding features and functions, the data protection platform can unleash the power of the metadata engine to rapidly support new applications and use cases.

Zero touch data protection

The future, however, is more than new features and functions. At Druva, we have a simple, but audacious goal – zero touch data protection.

Our goal is to eliminate backup management, because no matter how nice the GUI, no one likes managing backups. Imagine a world where you define policies while the protection platform identifies the applications and assigns them to a policy. The platform then optimizes the protection to meet your service levels at the lowest cost. In this world, your applications are always safe, secure, and compliant because the data protection platform is watching out for you. This world is no longer something to imagine – it is something to anticipate. 

With the metadata engine, the cloud platform, and the most innovative team in the industry, Druva has all the components to deliver zero touch data protection. 


The data protection revolution has begun. With more data in more applications running in more locations with more requirements, this is the time to change. A simple, flexible, mature data protection solution is the safety net that enables the rest of your business to innovate with confidence and agility. The path to the future is clear, so it is time to start your journey. 

Explore how Druva’s innovative cloud-based platforms eliminate risk and provide cyber resiliency, as well as enable Zero Touch Data Protection at DxP, Druva’s cloud and data protection summit. The event begins on November 17 and features an impressive lineup of speakers. We hope you join us and invite you to register now.