One-on-One with Sanjay Poonen at AWS re:Invent
RAG is revolutionizing data protection and Cohesity is driving it forward to pull insights from secondary data. Host Patrick Moorhead is joined by Cohesity’s President & CEO, Sanjay Poonen, on this episode of the Six Five On The Road at AWS re:Invent. They discuss the intersection of cybersecurity, innovation, and the future landscape of the tech sector.
Tune in for more on ⤵️
- The future of data protection, AI, and the $7 BILLION Veritas acquisition
- Emerging trends for 2025: IPO, M&A activities, AI regulation, and investment changes
- The current M&A climate of within the security sector
- The 5 S’s of data strategy: Sanjay shares his framework for building a winning data strategy: Speed, Scale, Security, Simplicity, and Smart (AI)
- The critical role of cyber resilience in ensuring business continuity, informed by Cohesity’s Global Cyber Resilience report findings
- The data goldmine: The importance of not just protecting data (defense), but also using AI to unlock its full potential (offense). Think “Snowflake meets Palo Alto” 🔒💡
Learn more at Cohesity.
Watch the video at Six Five Media at AWS re:Invent, and be sure to subscribe to our YouTube channel, so you never miss an episode.
Transcript
Patrick Moorhead: The Six Five is On The Road here in Las Vegas at AWS re:Invent 2024. It has been an incredible conference and, unsurprisingly, a lot of discussion about AI. With any major transition, you always get back to the basics, and some of these basics are getting your data estate in order and securing your data estate. In fact, one of the number one impediments to enterprise AI is securing the data estate and also the governance around all of this data. Security is top of mind. Securing that data when it’s in movement, when it’s in storage, when it’s being processed is key, so security is top of mind here. In fact, one of the first things that AWS said on stage was security, and I can’t think of a better guy to talk about security than the CEO of Cohesity, Sanjay Poonen. Sanjay, welcome back to The Six Five.
Sanjay Poonen: Thank you, Pat. Great to be with you, and congratulations on all you’re doing with Six Five.
Patrick Moorhead: No. I appreciate that. Gosh, I have a lot of fun talking to you. I feel like we’re friends together, known each other for a while. It’s almost like-
Sanjay Poonen: Many years.
Patrick Moorhead: I want to start macro here. You have this impending acquisition of part of Veritas’ business here, but I want to go larger than that. Let’s talk about some of the trends in M&A in the security market, and what are you seeing there?
Sanjay Poonen: Yeah. I think, if you look at the deals that have been done this year, they’ve been more sort of tuck-in acquisitions. Palo Alto has been acquiring a few, Zscaler, a few others, CrowdStrike. At the moment tuck-in acquisitions have been nothing major. The last big one was Cisco buying Splunk.
Patrick Moorhead: Right.
Sanjay Poonen: So we’ve tracked those. We play in infrastructure and security in our space. The Cohesity transaction to buy the Veritas data protection business is the biggest in our industry probably since EMC bought Data Domain, so this one will certainly record up there as the biggest in our industry. It’s a seven, seven and a half billion dollar transaction, and it’s a very exciting one. And we talked about this seven, eight, nine, 10 months ago, February I think when we announced it. And we expect to close by the end of this year, and I’m very excited about it. So it has a lot of excitement. I’ve been meeting customers here. They’re all very excited about the potential.
Patrick Moorhead: Yeah. It’s funny, probably starting about seven or eight years ago, and this is classic for what we see historically, you get a lot of point products that are out there, a lot more point products, and then, customers, they want to deal with less vendors because, by the time you stitched all of these things together, you’re typically not in the same revision. This makes perfect sense. I’m curious, why is cyber resiliency becoming so important? Is it this AI data explosion? Is it something other than that? I mean, all we seem to want to talk about these days is data driven by AI.
Sanjay Poonen: Yeah, I think you’ve hit, I think, the two reasons. And I think you called it well in your prelude, which was Matt Garman started off his keynote with security.
Patrick Moorhead: Yes.
Sanjay Poonen: So, when you have, whatever, two, 300 services that they have, I think him of grounding, and I thought he did a great job. As you know, I’ve been a friend and fan of his for many, many years. I think there’s two reasons that there’s a lot of interest in resilience in general. Number one is what you described, data is exploding, but it’s also sprawled.
Patrick Moorhead: Right.
Sanjay Poonen: In the private cloud, it’s going to be VMware, Red Hat, OpenShift, Nutanix. In the public cloud, it’s going to be AWS, Azure, Oracle, Google. And then you’ve got SaaS applications, too, so, you put that all together, their data is exploding. Many of our customers, the amount of data they protect with us is doubling every six, 12 months.
Patrick Moorhead: Right.
Sanjay Poonen: So that’s one. The second factor is I think, in the last five years, there’s been ransomware attacks that have one every few milliseconds, 200 every second, not all of them successful, have all been on secondary and backup data largely because you could think of backup data, secondary data, as just a time series index of everything that you have over the history of time. So the bad guys decided, “If we can go after secondary data, we can probably incur a lot more damage to you. We could also exfiltrate and you probably pay us the ransomware.” So I think that, for those two reasons, data exploding being fairly complex and sprawled, and ransomware attacks being often on secondary data has really put a lot of focus on speed of cyber recovery.
Patrick Moorhead: Has the fractalization of the enterprise increased or is it leveling out? I mean, we have traditional on-prem. You have on-prem cloud, you have the edge, you have enterprise SaaS, and then you have the hybrid multi-cloud out there as well. Has that calmed down a little bit, or do you see more data sprawl? Is it actually increasing or is it flatlining?
Sanjay Poonen: Yeah. I think this is a question I asked myself for the eight years I was at VMware. As you know, I was COO there. I’d say a couple of things I’ve noticed in the last 12 months. Number one, there has been an increased balance of private cloud and public cloud because of the notion of sovereign clouds especially outside the US. Many of the customers I’ve met here are in foreign countries, Germany, Middle East. They’re all thinking about sovereign clouds, so I do think that the pendulum hasn’t swung so much just to public cloud. It’s not going to be a 99/1 or 90/10. It might be 70/30 or 50/50 over time.
The other aspect is in the private cloud. There are options. It’s going to be VMware, but there’s also now, because of some of the things that are going on in the industry, Nutanix and Red Hat have an opening. I think VMware will do very well. I’m still a fan inside their enterprise of, let’s say, 1,500, 2,000 accounts. But there are 200,000 customers of VMware who many of them are going to look at some optionality potentially. And Nutanix and Red Hat have an option, so those phenomenon have been more… And then I think the third thing that has led to a little bit more fractalization, to use your word, has been proliferation of most SaaS apps and customers realizing, “I can’t depend on the SaaS vendor for resilience of my data.”
Patrick Moorhead: Right.
Sanjay Poonen: So, if all my documents are in OneDrive and Azure goes down, it’s my documents, and I need to be responsible for my emails, my documents. Same with Salesforce, same with Workday, so, if all of your documents are in a drive of that kind, if your customer master is in Salesforce, if you’re accounting master is in some ERP system, and if your employee master is in Workday, it’s your data, you probably want to have one repository controlled by, hopefully, a tool like Cohesity to bring all your data resilience. So I think there’ll be a balance. It’s not going to be 300 SaaS apps. There’s probably 10 that you care about. It’s not going to be 300 public clouds. There’s going to be four or five that you care about. There’s probably not going to be 300 private cloud options. There’s going to be two or three, so what we’ve done is map for our customers the matrix of what the possibilities are, and then we go workload by workload and map out what their resilience strategy should be.
Patrick Moorhead: It’s not like you have it covered.
Sanjay Poonen: I mean, we thrive in heterogeneity. We’re like a Switzerland company, right?
Patrick Moorhead: Sure.
Sanjay Poonen: If the entire world was AWS, you don’t need Cohesity because they’ll go do backup for AWS. So the fact that there’s full public clouds, we love that. VMware, Nutanix here, we love that, so not infinite amount of heterogeneity, but enough heterogeneity that there’s a proposition for a Switzerland company. That’s just great.
Patrick Moorhead: Yeah. I mean, I view you as a hybrid multi-cloud fabric for what you do. I want to get back to, I want to talk about cyber resiliency. And you recently did a study, a global cyber resilience report. Can you tell me a little bit about what the report brought out? What were some of the surprises that came out of there?
Sanjay Poonen: I think I’m surprised when I see any of these reports, whether it’s ours or others, how much people are still worried that they can’t recover fast enough from a cyber attack. They worry that they-
Patrick Moorhead: And that’s not just restore, it’s actually getting back up and operational.
Sanjay Poonen: Right. Your applications need to be up, and your applications might be tier 0, so speed of cyber recovery. I’ve often been surprised that it’s not just our survey results, but everybody tells us they don’t have confidence that if they were attacked that they can recover fast enough. That’s something that we as an industry have to. Let’s just take the most recent. It wasn’t a cyberattack. Okay? The CrowdStrike incident was not a cyberattack.
Patrick Moorhead: Right.
Sanjay Poonen: But what we learned from that incident was the fact that enterprises were restoring their laptops manually, and it took many of these companies and airlines and other people who were affected days. That’s unacceptable. So I think speed of recovery, whether it’s a cyberattack, I mean, the next time, if it’s something major, is that we should be able to just restore things in minutes and hours, not days and weeks. I think what I found interesting in all the survey, including what we’ve seen in our surveys, is people are putting their data in public clouds and they don’t know for sure, “Is that going to be a place where it’s as safe?” and so on so forth, so we have to-
Patrick Moorhead: Interesting. That’s still out there.
Sanjay Poonen: I mean, listen, if I put documents in a OneDrive, am I comfortable that it’s going to be completely safe as it is on-prem? Will I have access to it safely? Am I comfortable with my customer data sitting in Salesforce?
Patrick Moorhead: Right.
Sanjay Poonen: And I think a derivative of that is, when I use an LLM that’s a public cloud LLM, I’m sending data to it. If I have a private cloud LLM, then it’s within my firewalls. So companies need to get very comfortable. Many of them have disabled early use of OpenAI and ChatGPT because they didn’t want people sending out their press release to get a more perfect version into a public cloud. So many of those things now mean that, the way in which you think about data security in a AI-driven world, in a world where the data’s proliferated, has to be rethought. But from our perspective, the number one takeaway is speed of cyber recovery is something that needs to improve. That’s the hallmark of what Cohesity does. It plays well to where we want to continue to focus our attention with our customers.
Patrick Moorhead: And I have to give you credit. I do like you kind of reset the metric. It’s not just how quickly you can back up. It’s not just how quickly you can restore. It’s literally how quickly you can get back online with what you want to do because, in the end, that is what your customers care about.
Sanjay Poonen: Yep.
Patrick Moorhead: That’s good.
Sanjay Poonen: We’ve focused a lot on the simplification of our message, Pat, around speed, scale, security, simplicity, smarts. We call it the five Ss. And I remind people the sixth S isn’t Sanjay.
Patrick Moorhead: It sounds very much a Sanjay thing.
Sanjay Poonen: That’s a simple way of being able to explain things to people.
Patrick Moorhead: Right.
Sanjay Poonen: And I tell our engineers, “We need to distinguish our platform by the excellence of those five Ss. We have to be the simplest and easiest to use, the smartest in AI. Last time we talked, we talked a lot about Nvidia and AI and what we’re doing with them. Securities, obviously, we spent a lot of time talking about, but speed and scale go together. They’re two sides of the same coin.
Patrick Moorhead: No. I like that. That’s good. I want to go macro again.
Sanjay Poonen: Yeah.
Patrick Moorhead: I want to look at 2025. We’re almost done here. Let’s talk. What are your thoughts on IPO market, M&A market and maybe even some thoughts about the new administration?
Sanjay Poonen: Let’s take it one at a time. I mean, obviously, in our industry, this is the biggest M&A deal that’s been done, so we’re excited about it. We’ve got to make it successful. As it closes, we’ll go into 2025 as the new Cohesity. That closes out. The last fiscal year is 1.7 billion, approaching a 2 billion run rate, so we will be the biggest in revenue, a rule of 40-plus companies, so we’re very excited about that possibility. IPO, in our space, Rubrik went public. I think the market could support three or four companies being public. Commvault and Rubrik are going public. It’s possible we could go public. Veeam could go public. There’s at least four, and there are other spaces where that’s resonating, so I think 2025 and 2026 will be even better. IPO in 2024 was okay. It will be even better.
So I see M&A and IPO being active, being good. Interest rates coming down is helpful for the general macro in terms of finance, and banks are very optimistic. 2022 and the end of the COVID era was a tough time as people recalibrated. But profitable growth is the imperative. I mean, part of the reason we did this deal was to improve our profitability and keep our growth. And now-
Patrick Moorhead: Right. By the way, if-
Sanjay Poonen: … company is fantastic.
Patrick Moorhead: Just the fact you have profits is good.
Sanjay Poonen: Well, we were profitable, barely profitable ourselves, Cohesity. But, now, on a free cash flow basis, now this makes us even more profitable. But profitable and growth, that’s a very, very big key factor to it. I think, with the administration, we’re cautiously optimistic. I think, listen, as business leaders, we don’t take a political stance, Red or Blue. We basically want to work, in our case, to keep the country safe from attacks. So Red or Blue person administration, if their key is to keep America safe, if I could use that term, and they’re competent and capable, we have an incredible country, I think. I’m an immigrant. I came to this country in late 1980s, 1987 to be specific, became a citizen, I think, what, 20 years ago. It’s an incredible country where, if you work hard, anything is possible. I encourage everyone to live that American dream, which is work hard, be a contributing member to society. Religion and politics can sometimes divide people.
So I have my personal beliefs, but I don’t talk about them in a way that could divide. Our customer base expects us to serve them. And one of our key verticals is the public sector, so we have federal customers in both civilian and defense. We have public sector customers in state, local. And many of the things we learn from the US government and especially in the federal become the model. And then we have Kevin Mandia, who was on our board, who ran and built Mandiant. He’s an advisor to many of the key folks. I have friends in the administration and in key positions. We will work with them to ensure we keep the country safe.
I think AI has to be dealt with in a very responsible way, so I expect there to be technology and legislation, executive orders that basically surround and keep AI responsible. But you think, there, also, I mean, gosh, some of the greatest minds in AI, whether it’s Jensen or some of the folks are in the United States. We could use this as an incredible power to harness the next generation of tech just the same way, whether with CPUs or airplanes like Boeing, or software, great companies like Google were all born here. I think the next wave is going to be incredible for the next 10 years.
Patrick Moorhead: Yeah. I’m super interested to see. There’s this push and pull between, “Hey, we want to lower expenses, but then again we want to update the federal government’s IT systems that are pretty aged.” And I think, if we get into this upgrade cycle, this could be huge for companies like yours.
Sanjay Poonen: Yeah. Listen, Department of Efficiency, there’s ways in which the government can be more efficient. I think we, as optimists, tend to look and say, “Listen, we’re going to do whatever we can with the right people who are smart and capable to make the best happen out of the technology, whether it’s a private sector.” I think the thing that I’ve liked about the last several administrations, whether they were Republican or Democrat, is there was a good partnership between the private sector and the public sector.
Patrick Moorhead: Right.
Sanjay Poonen: Pat, that needs to continue.
Patrick Moorhead: Yes.
Sanjay Poonen: And I don’t think that that’s dependent of both President Trump in his first term, Biden in his last term, and I think Trump in the next term. We’ll have that partnership between private and public sector. We have a lot of ideas in the private sector that we can help the government with, and we want to. When we’ve worked with our senators that I know, the folks in Congress and the folks who are elected or appointed in these positions of the departments, and that’s really in our… or the defense side, we find tremendous amount of resonance in these ideas. So my job in terms of working with the government, because there are many government customers, and knowing some of these folks in public policy is to help shape that policy as it relates to cybersecurity and AI.
Patrick Moorhead: Right. I love your optimism. I’m an optimist, too, and I’m pretty excited about 2025 and what’s going to happen in the future. The other thing I’m excited about is deal-close day with you and Veritas data protection, so good luck.
Sanjay Poonen: Thank you.
Patrick Moorhead: I’m looking at the calendar. Let me know when it happens.
Sanjay Poonen: Yes.
Patrick Moorhead: Hit me on the phone please.
Sanjay Poonen: I will text you. I will.
Patrick Moorhead: Looking forward to it. Sanjay, thank you so much.
Sanjay Poonen: Thank you so much, Pat. I appreciate your support.
Patrick Moorhead: Yep. That was Sanjay Poonen, CEO of Cohesity. Great discussion. I love these macro discussions we have here on The Six Five. Tune in to all of our Six Five Media coverage for AWS re:Invent 2024, and also check out all of the videos that we have done with Cohesity. We think you’ll like it. Tune in. Thanks.