On this episode of the Moor Insights & Strategy Insider Podcast, host Patrick Moorhead talks about the challenges of SaaS data protection with HYCU Founder and CEO, Simon Taylor. Their conversation covers:

• HYCU’s mission
  
• Simon’s previous experience before HYCU
  
• HYCU creations and challenges
  
• R-Cloud
  
• Interest for R-Cloud and Future Expectations

This is a fascinating conversation that you won’t want to miss!

Be sure to subscribe to Moor Insights & Strategy, so you never miss an episode.

You can listen to the episode here:

TRANSCRIPT

Patrick Moorhead: Hi, this is Pat Moorhead with Moor Insights and Strategy, and we are here for another Moor Insights and Strategy Insider Podcast, where we chat with the most influential executives at the most impactful companies. It’s my pleasure to introduce Simon Taylor, founder and CEO of HYCU. Simon, how you doing, my friend?

Simon Taylor: I’m doing great, Patrick. Great to be here with you today.

Patrick Moorhead: Yeah, really appreciate that. Are you keeping warm in Boston?

Simon Taylor: Never, never.

Patrick Moorhead: I grew up in the Midwest and my winter job was shoveling driveways. Once I got enough money shoveling, I bought a snowblower and that was like modern stuff.

Simon Taylor: Oh yeah. I saw meme on Instagram the other day of somebody with one of these flame throwers burning the ice off their driveway. Probably not exactly the safest thing I’ve ever seen, but it was amusing, to say the least.

Patrick Moorhead: I saw that too. If I could charge five more bucks per driveway when I was 13, I’d probably do something like that. Yeah, that was about as entrepreneurial as I got before I started my business. But now Simon, you are definitely by your background what I would consider a serial entrepreneur. You spent time at Comtrade, you sold it to Citrix, you raised a boatload of money for HYCU, which is always a feat and something that I’ve only had to do once, but it’s pretty cool. But hey, I would love to talk about HYCU kind of overall, talk about the company, and I want to introduce HYCU to the folks that tune into my podcast. So maybe we start off with what is the company and what do you do?

Simon Taylor: I love it. I love it. As you can imagine, Pat, I’ve given this explanation quite a few times, and my PR gurus have told me I need to sound more casual when I describe the company. [inaudible 00:02:13].

Patrick Moorhead: Tell it the way you want to tell it. I mean, you run the company, right?

Simon Taylor: But I’ll tell you, HYCU is the world’s fastest growing multi-cloud backup as a service company. So very simply put, we’ve got 3,600 customers in 78 countries that really depend on HYCU for backing up and recovering all of their mission critical infrastructure and data. I always think about the fact that there’s now a ransomware attack once every 11 seconds. When you put data protection in that context, you very quickly realize that unless you have a simple, easy to use data protection solution that can protect all of your data, no matter what data silo it sits in or where it is, you could be in a lot of trouble. So we always say our kind of mission in life is to keep the world safe and to build a safer world, and I think that’s never been truer than in the last couple of years.

Patrick Moorhead: Yeah. I mean, you, in about a minute, rattle off three words that at least in the analyst community we talk about a lot. The first one is multi-cloud, the second one is data, and the third is security/ransomware. So it seems like you’re really at the epicenter of some important stuff here. And I’m curious, we talked a little bit about your background at Comtrade, but what did you do before this to get you ready for this role at HYCU?

Simon Taylor: Yeah. Somebody described me recently as being an eclectic CEO, and I said, “I don’t know if that’s a good thing or a bad thing, but I’ll take it.” And I guess I do have a relatively eclectic background. I started my first company when I was 24 years old. I had this wild idea, as you would only have in your early twenties, which was hey, there’s this area of the world called Eastern Europe, it has an enormous amount of software engineers. I should go find them and then connect them to buyers in the US. So I literally sold everything I had, moved to Eastern Europe, moved to Prague and the Czech Republic. I traveled all over Estonia, Latvia, Lithuania, Romania, Bulgaria, and I would just go and meet tech companies and I built a great database of software engineers, connected them with the US and then I sold that business to somebody in Eastern Europe who wanted to leverage it for their own business.

I then built a great partnership with the founder of Comtrade Group, Veselin Jevrosimović. I moved back to the US, I set up a company called Spinnaker New Technologies. I got my MBA in Spain, and then I built a company called Comtrade Software that had monitoring tools for Citrix. I sold that to Citrix in 2015, and it was actually in Las Vegas where we were celebrating that success of that exit where I met my current co-founder, Goran Garevski. He and I bumped into each other in a bar, had a great conversation about data protection, and four years later, here we are.

Patrick Moorhead: I love talking to folks like you. I kind of joke, I didn’t have an entrepreneurial bone in my body until I was about 40. Then I grew up, my dad was a big company guy and I thought, “Hey, I’m going to be a CEO of a big public company and it’s going to work out great.” I was kind of moving up the chain and then realized being a big company CEO isn’t actually a lot of fun. I’m going to take my hat out, and then I formed my company. But you sound like you came out of the womb as an entrepreneur, and I think that’s pretty cool and I admire the heck out of it.

Simon Taylor: Well, I’ll just tell you Patrick, one of my favorite quotes, Ernest Hemingway once said, “Live on a knife’s edge until you’re 30 and then spend the rest of your life writing about it.” And I think there’s some truths to that. You can get away with a heck of a lot of stuff in your 20s. Really I think it’s harder to be taken seriously when you’re that young, but you can try lots of things. You can fail fast and you’ve still got some time on the books to recover. So I’ve had a great experience and a great time meeting some amazing individuals around the world. Wouldn’t trade it for anything.

Patrick Moorhead: No, it’s great. I love stories like that. I kind of take my big company experience and advise, and I love that. I mean, I always joke, what’s harder, actually doing it or advise somebody on how to do it? I pick my path, Simon.

Hey. We talked about multi-cloud and obviously hybrid clouds in there as well. We talked about data, we talked about security of that data. What core problems are you solving? I mean, obviously the security part get it, but overall, how do you express that? What are you doing and what problem are you solving?

Simon Taylor: Well, it’s a great question. As you know, Patrick, we just launched what we call R Cloud , which is the world’s first development platform for data protection. If you want, I’ll just talk a little bit about that and the problem it’s solving. When we originally came up with the idea for HYCU, which as you know stands for Hybrid Cloud Uptime. The name coming from this idea that all the data in a language gets condensed down into a small elegant package, just like a haiku poem. Our initial goal was to really provide true multi-cloud data protection, because we looked at the history of backup and recovery, and we said there was somebody really good at backing up Unix, somebody really good at backing up Windows, somebody really well known for backing up VMware. But when all of those companies tried to back up something else or help customers to recover data out of another platform, they almost inevitably failed because all of their technology was designed really to support one kind of homogenous environment, and we know that today, it’s a completely heterogeneous world.

So that’s ultimately what that meant, was that we were able to invent an architectural paradigm that we call the inverted platform that really makes it easy to have equivalent levels of data protection on-prem, public cloud and SaaS. And we were feeling pretty good about that, Pat. For years, we were sitting here going, “This is great, we’ve solved it.” And then I read a stat that blew my mind and made me have to rethink the entire business. The statistic was that today there are not five or six different data silos per company. The average mid-market company today has their data in over 212 different silos, and it was sort of like, oh my goodness.

Patrick Moorhead: Yeah. By the way, that can include the 10,000 employees that have all this corporate data, this confidential data sitting on their laptops, right?

Simon Taylor: That’s right. That’s right. Well, you’ve got that, you’ve got on-prem, public cloud, but the real explosion in data silos was being created by SaaS. In fact, this is what really blew my mind.

Patrick Moorhead: Interesting.

Simon Taylor: Well, there are 17,000 SaaS services in the world today, and I want you to guess how many of them are backed up by the top 10 data protection vendors in the world? 17,000 SaaS services, the answer is five.

Patrick Moorhead: Okay, I was going to guess 50.

Simon Taylor: Yeah, it’s five.

Patrick Moorhead: Yeah.

Simon Taylor: And so 17,000 SaaS services, five of them are backed up. So because of SaaS, the average company is only protecting 22% of their data. So you wonder why there’s such a huge, huge market for ransomware attacks. It’s because almost 80% of the world’s data is completely unprotected. So we sort of sat back and went, okay, 17,000 SaaS services, none of them were protected, 212 data silos per company. There’s no way, that’s an almost infinite number of combinations of different services, and there’s no way for any one backup vendor to build backup for all of them, and that’s when it hit us. It shouldn’t be us building data protection for 17,000 companies. Let’s offer a development platform so that those 17,000 SaaS services can in just a couple of days build an integration to HYCU.

Patrick Moorhead: No, I love this. And by the way, part of the reason I could totally see why there’s only five that are available out of 17,000 is what end customers expect is that SaaS vendor is going to be doing all the backup for them, and it’s never going to go down.

Simon Taylor: Yeah.

Patrick Moorhead: But the reality is that it does. I mean, you get a network misconfiguration. I mean, essentially these folks also leave their security up to the IS provider that they’re sitting on top of, and there’s no guarantee there.

Simon Taylor: So I think that’s very true, but here’s what I would say. I think the SaaS vendors themselves probably are backing up their critical infrastructure. The challenge is none of them are able to back up their end customer data. So if you’re a SaaS vendor, I don’t know, an HR SaaS vendor, right? And you’ve got 10,000 customers and one of those customers has a bad actor, an employee or a ransomware attack, and all of their data, all of their employment data gets deleted, right? Maybe each one of those customers has a 1,000 employees. All the payroll data gets deleted, all the performance management data gets deleted. All this highly sensitive GDPR data is now gone. But the first thing that customer’s going to do is call the SaaS vendor and say, “Can you give it back to me?” And the big surprise, the shock is going to be, well, no, we don’t actually do that.

And it’s not because the SaaS vendors, Patrick, are malicious at all. They’re our friends and our partners. The challenge is for them, they have their own business to build. They’ve got a roadmap they’re going after. Time is finite, resources are finite. For them to distract themselves and build their own backup is not an option, and if they call up one of the data protection vendors, if they called up one of our competitors or even us for our cloud and they said, “Hey, would you build a backup integration for us?” We would say, “Well no, because unfortunately your TAM is not going to be enough for us to focus on you.” And that’s really what caused this idea of democratizing data protection, and that’s exactly what our cloud does. We are democratizing data protection by allowing SaaS vendors of all shapes and sizes, giving them the ability to provide their customers with end user backup and recovery. I think this is just something that’s never been done before and is fundamentally turning the industry on its head.

Patrick Moorhead: Just to maybe bring some empathy to those viewers or listeners who don’t fully understand the risk of not having a data protection strategy, a backup strategy. We can leave names out of this, you can add names to it, but what is some of the more recent ugly of somebody who didn’t properly secure themselves?

Simon Taylor: Well, first I’ll hit you with a stat, a nice easy stat to remember. It’s not a nice stat, it’s an ugly stat, but easy to remember, and then I’ll tell a story. Our research indicates that over half of the world’s companies have been hit with a SaaS based attack from ransomware criminals. Out of all of the companies that have been attacked through one of their SaaS vendors, 52% of those attacks were successful. So what that means is once they’re in, there’s nothing you can do. All you can do is hope that you’ve backed up your data and that you’re going to be able to recover it after the attack is finished. That’s all you can do, because once they’re in the doors, no cybersecurity product out there can do much for you. Your last line of defense is that recovery capability. To give you a real life example, and it’s a hard one. I gave a presentation with the director of the FBI, Chris Wray, over at the Boston College Cybersecurity annual meeting.

It’s the FBI, Boston College sort of annual consortium led by Kevin Powers. And Director Wray got up as the keynote, and right before my presentation, which was all on backup and recovery, he told a terrible story about the Boston Children’s Hospital, and the fact that a nation state, a bad actor, a nation state, actually attacked the Boston Children’s Hospital. What they did is they locked out children’s operating procedures so that the children who were there to get operated on, have surgical procedures, would not be operated on. So I think a lot of times when we talk about ransomware and we talk about data, it sounds a little amorphous. It sounds like money, right? It sounds like, oh, we’re going to lose money. But think about a hospital system, think about all the data that’s being transacted daily, that’s actually keeping people alive. Think about mission critical infrastructure, oil and gas. Think about all the resources we depend on every single day that can be interrupted or damaged as a result of a ransomware attack, and that’s when you realize the impact of this stuff.

Patrick Moorhead: Yeah, it’s one thing for your front end website to go down. It’s another thing to maybe your marketing system to go down. I mean, it would be catastrophic to have your customers or credit cards to get exposed, but when you shut down the core activity of what the business is in, and what we are seeing is a much greater adoption of SaaS because of maturity, because of ease of use, only pay for what you use, it seems like that this issue, I mean, has to be getting worse and services that you provide have got to be even more important than they were before. I mean, that’s a stat I had no idea about SaaS, and I’m supposed to be the guy with all the data here, but it is fascinating, yet a little bit alarming out there.

Simon Taylor: Well, I always think about, I try to provide visual descriptions for people to make it a little easier to get their heads around this, because the enormity of this data problem is now so huge and complex that people are blinded by it. But I always think about in 1992, let’s say 20 or 30 years ago, data resembled a six-sided dice. You know, you sort of had six different sides to your data silos. You maybe had some physical Linux, physical Windows, you maybe had a mainframe, maybe you were starting to virtualize, maybe you had Salesforce, but ultimately there were sort of five or six different sides to the dice.

So if you’re a mid-market company and you’ve got 10 people in your IT department, you could theoretically give them each a screen and say, “Sit there and watch this all day.” Right? But now imagine what it looks like today, and try to picture what a bloated 212 sided dice would look like, right? All of these different sides to it. Well, suddenly it becomes fundamentally impossible, forget about for the mid-market, even for a large company to be able to manage. So I think this is the challenge. If we kept going down the path we were going with data protection, we’d end up with 17,000 backup companies to support 17,000 SaaS vendors, and everyone would be sitting there staring at 212 different screens, it wouldn’t make any sense.

Patrick Moorhead: That’s about the ugliest thing you brought. I thought the hospital example was ugly, but the 200 screens is even uglier. I am glad to see though, we are into the reality. I mean, if you remember, security used to just mean keep people out of the perimeter, and we never really planned for once they got in what would actually happen. Then we got real, and the average enterprise has three IIS providers and about 20 SaaS providers that they’re using. And just when we thought it was safe to go out and everybody said, “Hey, we’re going all public cloud.” Then you have private cloud that is surprisingly, not surprisingly, I called this maybe a few years too soon. So the future reality is we’re going to have multiple IIS providers, we’re going to have sovereign clouds, we’re going to have private clouds, multiple SaaS vendors, and there needs to be a simple way to guard that data. On our cloud, where are you seeing the most kind of pockets of interest? Is it vertical, is it horizontal play? Where are you seeing it?

Simon Taylor: So I would break it down to two distinct categories. So you’ve got obviously your on-prem, public cloud, that’s all supported. You’ve got your tier one SaaS vendors. Everybody understands Office 365 and Google Workplace. So they understand, hey, if I lose my OneDrive access or my SharePoint access, that’s bad, I can’t do my daily work. So it’s very intuitive to people that they need to back that up and recover it. So we certainly see a lot of interest there. We’re also, as you said, things like Marketo, all of the marketing automation tools. The marketing teams are starting to say, “Oh goodness, if I get locked out of this and I lose access, I’m going to be in trouble. This is going to be a problem.” And the third area I would say is financial data. So obviously when it comes to however you’re managing your financial data in-house, that today is mostly delivered via SaaS.

Certainly I think those solutions and all of the data that goes into them are mission critical for companies. But Pat, I think you bring up a very good point around the fact that it is verticalized. So one of the things we did in our cloud is we built what we call R Graph. And what R Graph is, what we want to do is we sort of said, if you’ve got 212 different data silos, that’s really confusing. Even to look at in one product, that’s confusing. So I had this idea, which was could we build almost like a beautiful tree that would department by department list out all the SaaS services per department, and then tell a customer if it’s protected or not? And I think through R Graph, we’re going to really, really simplify the way that people manage their data and give them that true visual experience of really being able to see where all that data is.

Patrick Moorhead: So there’s R Cloud, there’s R Graph, and there’s R Score.

Simon Taylor: That’s it.

Patrick Moorhead: Man, you guys are fancy on the marketing side. This is good. No, do all three of these Rs work together somehow?

Simon Taylor: Well, certainly. So if you think about R Score, and it’s R from the perspective of the customer, think about stage left, stage right?

Patrick Moorhead: Yeah.

Simon Taylor: So if I’m a customer, R Score actually tells us our ability to recover from a ransomware attack and it quantifies that ability and then provides actionable recommendations to help a customer better recover. R Cloud allows you to eliminate all those data silos and manage all of your data protection under a single pane of glass. Then R Graph actually visualizes where all of your data is and allows you to set those policies in real time.

Patrick Moorhead: Oh, that’s great. So anything you’d like to spill here on the Moore Insights & Strategy Podcast about the future? You’re more than welcome to. I mean, I’m an industry analyst, so we don’t cater into pre-announcing products on the show, but if you’d like to. But no, seriously, what can we expect this year and beyond? What are you focused on for 2023?

Simon Taylor: Well, I mean, obviously R Cloud. The launch of R Cloud really is a fundamental shift in the entire industry. And you know me, I’m not one to make those kind of bold claims lightly, but there just simply has never been a way for SaaS vendors to approach data protection companies like us and really easily build an integration into sort of a tier one backup and recovery business. So I think the extent to which we can help educate SaaS vendors worldwide, and the extent to which we can surpass our goal of adding 100 SaaS vendors to the R Cloud marketplace, in calendar year 2023, is the extent to which we’re going to be able to help more customers and provide exponential levels of value across the marketplace.

Patrick Moorhead: No, I love it. We kind of hit our time here, but Simon, man, it’s always … I mean, time flies. We’re having fun. Always enjoy talking with you. I really appreciate you coming on the show.

Simon Taylor: Hey, Patrick, it’s an honor to be here. Great to see you again.

Patrick Moorhead: Yeah, good luck with everything. We’d love to check in soon.

Simon Taylor: Thank you.

Patrick Moorhead: So this is Pat Moorhead with Moore Insights & Strategy for another insider podcast. We have the most influential executives from the most impactful companies, and today we had Simon Taylor, founder and CEO of HYCU. We’re talking about data protection, we’re talking backup and R Score, R Graph, R Cloud, R everything. So I’d like to thank you for tuning in. If you like what you heard, hit that subscribe button. If you’d like to give me feedback, you know where to find me on social media. I spend way too much time on there. Thanks again and take care.