2012 was a big year for big data, and few organizations felt this industry shift quite like DataStax, the company driving enterprise adoption of Apache Cassandra. DataStax is an important partner of Gazzang, and we’re excited to sponsor and exhibit at their NYC* Big Data Tech Day this week.
In anticipation of the event, I spoke with Billy Bosworth, CEO of DataStax about a variety of topics including competing with Oracle, catering to customers and of course, securing big data. You can check out our Q&A below:
Larry: Big Data is a noisy space. What makes DataStax unique?
Billy: We are the first viable alternative to Oracle since Oracle. Let me explain what I mean by that. For decades, people have built their mission-critical online applications on Oracle. But the big data wave has caused a paradigm shift in the way online applications must be written. We tried sharded MySQL for a while, but that was way too complex for most businesses.
Now business continuity, scalability, and operational simplicity are “must haves.” That means distributed systems, with no single points of failure, which can span datacenters and clouds. A new bar has been set for mission critical apps, and we have the best solution on the market for those needs at enterprise scale.
Larry: How has the Big Data landscape changed for you in the past year?
Billy: It has changed in two important ways. First, the market now sees the two sides of big data: the data warehouse (Hadoop) and the online applications (NoSQL). Second, the lines of business realize the value in keeping their data hot within the context of the application.
In DataStax Enterprise, we solve all the hard challenges of scale, simplicity, and business continuity first, then we allow our customers to keep that data indexed for searching with Solr, and also allow for batch analysis with Hadoop. Finally, this is all controlled in a single, comprehensive security model. Having that type of comprehensive platform is crucial for lines of business to move quickly to attack new markets.
Larry: What is in store for you in 2013?
Billy: 2013 is the year that Apache Cassandra and DataStax Enterprise go mainstream. I think we will look back at this year as pivotal in the database industry. Our solution has reached the level of maturity where CIOs can integrate it into the enterprise and manage it like their traditional databases.
We are seeing an uptick of customers migrating applications from relational databases to Cassandra. It's no longer just for the early adopters; companies that aren't transforming their businesses through these modern databases risk being left behind.
Larry: What are some of the primary use cases for Apache Cassandra and DataStax Enterprise?
Billy: Thanks for asking that: I always say, "It's all about the use case." When you have a mission-critical, front of the business, transactional application that needs to run in real-time, and you need it to be built with disaster in mind, and you need to be able to scale it as you grow, then you need Apache Cassandra.
People quickly find that they also need to be able to operate the system simply even if one of their key people moves on, and to search and analyze data within context without slowing things down -- that's what they get from DataStax Enterprise. eBay, Adobe, Netflix, Ooyala, Healthcare Anytime and countless other organizations, big and small, use us for these reasons.
Larry: DataStax Enterprise 3.0 adds security controls unique in the NoSQL space. Why was that important for your customers?
Billy: Earlier I mentioned that this is the year of going mainstream. A significant barrier to adoption has been lack of database security in NoSQL databases. The Chief Security Officer at large enterprises has the power to stop the use of technologies that don't comply with enterprise security requirements. So while DataStax Enterprise, powered by Apache Cassandra, has been solving significant pains for the tech folks, it has been giving the security folks a bit of a headache until now with 3.0.
Larry: Why is Gazzang an important partner for DataStax?
Billy: It's important to note that we are focused on database security. There’s a big difference between security and compliance. When a customer needs a comprehensive security solution, we have found Gazzang to be a very strategic partner for us when we go into accounts that need to be fully compliant with things like PCI and HIPAA. Through our partnership we know we can address their concerns over the most stringent security and compliance standards.
Larry: What can attendees at NYC* Tech Day expect to see and learn?
Billy: We're very excited about NYC* Cassandra Tech Day, because it gives people the chance to network with their peers and learn from them, take a deep dive into different aspects of the database, discover new best practices, meet the experts in the field, and explore larger big data issues, such as use cases and the changing NoSQL landscape.
Rarely a day goes by that I don’t speak with a customer, prospect, industry analyst or reporter about big data. The companies I talk to are typically at the early stages, or “collection” phase. They are implementing the infrastructure and starting to gather streaming information from all kind of sources. In fact, they’re collecting data at a rapid pace, while still unsure how or even what information will be used. Most of these organizations have a vision of what insights will be derived from big data, but at the same time, they also expect their hypothesis to change as the project moves forward.
As strange as it may sound, I think this is actually a good thing. It’s great for the market adoption of big data technologies and especially for the up-and-coming companies like 10Gen, Datastax, Cloudera and the like. I think this will be the norm for a while, where big data projects are started with a rough idea of the downstream insights and benefits but not as well defined as may have been in the database projects days of RDBMS.
My advice is to do what I am seeing others do – start collecting. Start streaming available data into your systems. Yes, have a working hypothesis, but don’t wait until it is all baked. I think you, as others, can adapt, as the retained data grows.
And, if you too are in this “collection” phase, please think about securing and protecting the data you are gathering and storing. Make sure that there are safeguards in place so the data can’t leak out.
A best practice is to simply encrypt the data and store the key securely, but even if you don’t, have a discussion with your team on the sensitivity of the data you are collecting. Discuss the potential of negative impact if it were to get outside of the organization or even outside of the team that has access to it.
Over time, I believe this big data market will mature from the current collection phase to more structure, analysis, insights and active decision-making. At that time, I can see huge amounts of “not needed” data being purged, siphoned off or simply ignored. But, we’re not there yet. So, start an experiment or two with big data architectures and start collecting. Your competitors have probably already started.
Epsilon, Northrop Grumman, TiVO, PlayStation, Wii… Every week another data breach? Really? Are computer science students getting extra credit these days for hacking into established companies? Or, is there really a super-secret North Korean facility (12 floors below the empty grain elevators) focused on hacking the gaming and email habits of the West?
All kidding aside, the weekly stories of data breaches are quite concerning. So much so, that testimony is underway for possible federal legislation to attempt to curb the crisis. (That will fix it, I’m sure.) This is a serious problem for all organizations – not just those that collect credit card data – and the use of SaaS and cloud computing makes the dangers even more frightening. Some pundits are using these breaches to declare the demise of all things cloud computing. That is ridiculous. Just think what would have happened if we had turned our backs on the automobile after its first few crashes in the 1900’s?
We don’t have to run from the future, but we do need to take these breaches seriously. Collectively the IT industry must come up with solutions to make data MUCH MORE secure. Today we are already looking at a billion dollar problem. But it will get worse if we don’t correct it. Consumers will lose faith and stop providing the data that they currently entrust to these companies.
This brings me to my point about encryption. We all know what that is – the scrambling of data so that it is unusable without “keys” to make it sensible. This is not new technology and there are a ton of vendors that provide encryption. The problem is that until now, many companies have only used encryption for their hyper-sensitive internal data. If we truly want to stop these breaches, we need to use encryption for customer data – 100 percent of the time. There should be no more excuses. Past objections about high costs or performance lags have been largely overcome. If you store data that you have been entrusted with – you should encrypt it. Period
Recent events have shown that firewalls can be breached. Think of encryption as truly “the last line of defense”. Don’t stop using all of the other security tools, but make sure if the data is ‘stolen,” it is of no value. How? Use encryption. I know, I know, someone will now counter with the argument that keys can be compromised – ok. Then make sure you have a strong key storage system in place and protect that too. Don’t put the key in with the data on the same system or behind the same firewall. Separate the keys and the locks. Could that be compromised? I’ll never say never, but the extra steps you just took could just be the ones to save your customers and your business.
If you’ve been entrusted with data, you should do EVERYTHING you can do to protect it. Not just the credit card fields, but ALL of it – the medical records, email addresses, school transcripts, financial data and more. Encryption may just be your last line of defense.
Stay tuned at Gazzang’s Blog for more information.
In addition to being the CEO of Gazzang, I sit on the Board of Directors for the Austin Technology Council (ATC), a non-profit group dedicated to the advancement of the tech industry in Central Texas. The members of ATC recently presented an award to Texas Governor Rick Perry. The “Technology Champion Award” was given to the Governor for his continued support of the growth of the technology industry and the jobs it creates in Central Texas. Whether you are a political supporter of the Governor or not is a moot point. This award recognizes something unique that we have in Central Texas – A community, an infrastructure, investors, talent, a business friendly environment and political leadership that helps foster tech start ups and large tech expansion in the region. We should never take this for granted. In fact, Austin and the State of Texas have lately received some great press on our job market. According to Richard Fisher, the president of the Federal Reserve Bank of Dallas, some 37% of all net new American jobs since the recovery began were created in Texas. And, according to Simply Hired, Austin’s job growth improved 6.6% in May, which was the fastest rate of job growth in the country.
Starting a new business is a risky proposition, but it is worth if for the entrepreneurs and for the community. It is where most new jobs are created. It generates wealth that stays local. It increases tax revenues. Central Texas and specifically Austin, is one of the best places to take this challenge. Thank you to our legislators and especially to our Governor for continuing to make this a great place to start and grow a technology company.
I have been thinking about the software tools market and how it has grown, expanded and evolved over the years. For sure, very iterative. We have added, extended, and broadened the reach of our tools, but there has not been a lot of net new revolutionary approaches developed. That is actually ok and good. People are best at building on what they know, expanding from what works and adding on to models that have acceptance. A whole new set of tools for data and process management in the “cloud” have come to market. Most of them are applying proven processes to this new platform and paradigm. Many, like Gazzang, are targeted at the ever expanding use of open source products and the LAMP stack that has emerged. But, very few are “crazy out of the box” approaches, most build upon current best practices. Yes, there is innovation, in fact,Gazzang’s approach of creating a “virtual encrypted file system” is new, but by all means, we did not invent transparent data encryption (TDE) as a concept. That has been around and is considered an accepted best practice.
Where am I going with all of this? The point I will attempt to make is that iterative and adaptive product development is tried and true and is a good thing. We at Gazzang, and many others in the industry, believe highly in adaptive development from a solid base and we believe in the notion of bringing highly functional products to market and then tweaking and adding to them over time. The SaaS and cloud models have made this much easier to actually pull off in the market. It is our design philosophy here at Gazzang. Let me deviate from the specifics of software for a moment, but to add to my case.
Most have heard the story of why the US standard railroad gauge (the space between the two rails) is 4 ft. 8.5 inches. It is a story of adaptive iteration. You see, as the story is told, it has a history back to the same measurement that was used for early railroads in England. Railroads were being built earlier in England and the craftsman, tools and plans came mostly from there. Why did the English build them to that unique measurement? Because the first railways were built by the same people that built the early tramways to that measurement. But why that gauge? Because the tramway builders used the same jigs and tools for wheel spacing that were being used at the time to build wagons and carriages. Why were wagons and carriages using that spacing? If they used different spacing, the wagon wheels would break on some of the old, long distance roads in England — because of the spacing of the deep wheel ruts in the ground. We continue. So who built those original roads that established those ruts? Turns out that they had been built more than a thousand years previously by the Roman legions as they occupied ancient England. The roads have been used ever since. Roman war chariots first formed the initial ruts, which all later travelers had to follow for fear of destroying wagon wheels. Since the chariots all came from the Roman Empire, they all followed the same design and measurement – 4 ft. 8.5 inches, which is the distance needed for two side by side horses to pull a chariot. So, to bring it back to the point of this blog. This is a classic example of iterative adaptive development, improving on a beginning foundation – from over almost 2,000 years of adaptation. But, one last fact of interest. The story continues into outer space. When the NASA space shuttle solid rocket boosters (those long skinny engines on the side of the external fuel tank) were being designed by the Utah-based Thiokol company, they had to build them in a way to be fully assembled in Utah and then shipped to Florida by rail. Turns out railway tunnels are designed with an amount of reasonable extra space beyond the standard rail gauge of 4 ft. 8.5 inches. The rocket boosters had to be sized to fit through the tunnels. So, even the space shuttle design was influenced by that first Roman best practice of building chariots to a specified width (of two side by side horses).
Iteration and adaptation are alive and well and we see it in software tools development today (I am sure that some bright engineer may be able to trace binary code or Java statements back to the Romans – I will leave it for them in their blog) . My parting words — Adapt, iterate, improve. It is good best practice.
Executives – I have another thing that you may lose sleep over. Losing corporate data (from theft, corruption or otherwise) is a growing concern. It concerns me as CEO of Gazzang because internal data is critical to run our business AND the product we sell is all about protecting data from theft or unauthorized access (through encryption).
In the past year alone we have seen a lot of businesses lose crucial data and thousands of dollars due to hacking, data theft, failed hard drives and insufficient backups. This data and money could have been saved by taking a few preventative (and affordable) measures.
According to the National Computer Security Association, 85% of business users are “very concerned” about losing important data. Some more interesting statistics:
These numbers are indeed eye-opening. Data loss can be caused by disk drive failure, hacker (internal or external) malicious attacks or outright theft of the data. While data encryption can’t protect against disk failure, it can protect against the other common sources of the problem. An effective backup strategy can (and usually does) protect against drive failure. If you are implementing back up policies, I suggest that you encrypt the back up. If not, it can be just as vulnerable, or maybe even more so, from theft.
So, when considering the business impact of data loss – you should consider encryption technology in your overall strategy. You may sleep better at night.
Last week I read a great blog post by Om Malik, founder of GigaOmniMedia, the company that publishes the group of blogs including GigaOM, NewTeeVee, Earth2Tech and Web Worker Daily. It was entitled, “What Works: The Economics of Good Enough”.
It’s a great read and got me thinking of the other messages I think early stage company entrepreneurs should hear, so I post this blog with my thoughts and musings.
I am the CEO of a venture-backed start-up and before that I was CEO of another start-up that was acquired by BMC. Prior to that I held several VP of marketing roles, including at one company that IPO-ed and another one that was acquired by Siebel Systems. I have lived this “movie” of start-ups again and again. And I’ve learned that you must always keep moving and use your agility as your main weapon. Why? Because the big guys just can’t move that quickly. At times, agility is your only advantage. The key is to face a problem and address it as best you can, then be ready to adjust course if it wasn’t the absolute perfect decision (because btw, it never is). Here are a few tried and true lessons I always share with young entrepreneurs that align with Om’s message of “The Economics of Good Enough”:
First, don’t manage with “Death by Duck bite”. Make the tough decisions that make a difference and do them completely. Don’t try to nibble away at an issue, instead address it head on. Little partial decisions will destroy your company, one small bite at a time. If you are way out of line with expenses and you must reduce, do it to make a difference. Don’t do six separate layoffs over the next three quarters; do one big one now and then go double motivate those employees that remain.
Next, maintain a “Healthy Paranoia”. Act as if there are three folks in a garage gunning for you. Don’t let the thought freeze you in your tracks, but always be ready for a competitor to come out of left field when you least expect it. Success and bigness often breeds complacency. There is always someone ready to take your market position. Think in advance about what you would do if that came to pass. It makes me think of the “the background noise of the big bang that can be heard by radio telescopes”. It is there, but it shouldn’t affect your everyday culture. Pull the management team together once a quarter or twice a year and have the discussion: what could trip us up, or up end us? And then discuss. The “healthy” part is to be prepared for competition, but not obsess about it.
Finally, remember what I call “iiwii” or, “It is what it is”. Focus on what you can actually impact, and nothing else. Some things are simply out of your control. I’ve also found this is a great way to move a meeting or conversation forward that is going nowhere. When someone says, “but, the interest rates are low and the price of oil is high and Microsoft is bundling X and …”, my response? “iiwii”. It is what it is, what do WE have control over to impact our destiny?!
This is not a political comment blog, this is a plea to other technology executives to speak up to their government representatives. Regardless of your political party, or even if you claim none. Say something. The crushing debt our country is carrying is not a political issue, it is a common sense business issue. As executives we run companies and understand how finances and debt work. My deep fear is that few of the people in Washington, DC have ever come close to that. We owe it to our industry and to our country to communicate our frustration (if you feel like I do). I’m not taking a stand here on how to solve the problem; I just want to ask that you take the time to understand it and then speak up if you are dismayed.
Let me put the current state of affairs into a perspective that all of us can understand. We have all, executives and not, applied for home loans, car loans or credit cards. We understand how business and/or household budgets work. So, let’s for a moment, think of the US government as an individual consumer applying for a loan (only zeros have been removed, to make it easier to understand). Let’s consider the numbers.
My question to you: Do you think this “applicant” is handling their finances well. Should they get more debt? Do you run your business or household this same way?
But, you say, there has been a debt deal just agreed in Washington DC -- that will help, for sure, you say. Right? Well, using the above consumer applicant example:
This is unsustainable and, in my opinion is at the root of our economic malaise. Our country’s debt must be addressed with serious and rational discussion. All solutions should be investigated. Look again at the numbers above. They are real – in proportion – this is the problem. If it makes you as mad as I am – then speak up. Say something.
Note: I saw the above figures in the Austin American Statesman newspaper in a column by Scott Burns. He gets the credit for the example.
Our new “next generation” release was just announced publicly and is available for download. What a journey it has been to get this to market. This is the most significant announcement for the company since our Series A venture funding. This release moves us from a “point encryption product” (for MySQL databases) to a full cloud security platform for all data, content, source, binaries and objects. This platform will be expanded further, much is already in the works.
In retrospect, we got to this point quickly, especially being a young, growing company. I want to share some of the behind the scenes activities, but first, a description.
Gazzang ezNcrypt 2.1 has now been expanded to provide transparent data encryption (TDE) for the entire LAMP stack, including any data, logs or files created or managed by any Linux application or service, such as Apache, Alfresco, Drupal, Joomla and Wordpress to name a few. This latest release also includes soon to be released packaged support for PostgreSQL, Cassandra, MongoDB and Drizzle databases (as well as enhancements for MySQL). It is available in two versions: ezNcrypt for Databases™ and ezNcrypt FLEX™. More details are on our website.
We have had a vision of the 2.0 release since the company was funded last November, but we had a lot to do before it could be ready for prime time. During the development of the product and after talking to a ton of customers, it became clear we needed a special edition that would enable encryption way beyond databases and beyond what we could pre-package. An edition that would let customers define their own rules, ACLs and connections to up-stack apps and services was needed. FLEX was born. Turns out, the early customers and prospects are actually most excited about FLEX. With FLEX our total addressable market has just expanded exponentially.
A select group of early customers have been playing with the new release and the feedback has been great. All of it supportive, some of it constructive. These first customers actually found a few things we needed to do better and a few got stuck during the installation process because of a goof or two that we had made. Their feedback was invaluable. We actually finished 2.0 back in early August, but we decided to roll it out only to a controlled list – both quality and customer feedback are important to us; we wanted to make sure we got this one right. Turns out, it needed some tweaks. So, 2.1 was quickly defined, coding continued, testing was increased and more customer feedback was sought. As with any software release, there was a surprise here and there, but we learned and made adjustments. It was only after all of that, that we announced to the world that our next generation had arrived. So, to the Linux world, I can only say: “Go forth and download. You're easy to implement, easy to use, cost effective, data security platform has arrived.”
I just got back from VMWorld in Las Vegas. Wow. I thought the “in-person” trade show was dead. Not so much. Almost 20,000 people scurrying around the Venetian Hotel, badges proudly displayed on lanyards. (Note: The pit bosses at the craps tables don’t really like the badges swinging down and jacking up people’s bets.)
It was a well-run event and VMWare gets kudos for content, tempo, venue and organization. I found a few things quite interesting. First, VMWare’s announcement of a new product – Data Director. Auto- provisioning of databases. First database supported will be PostgreSQL. I am sure more are to follow. My “Gazzang-centric” message as a follow-on to this product announcement: Why not encrypt the database once it is spun up? With all of the current data breaches, why only rely on the firewall to protect information? Encrypt the data as well; it is another line of defense.
Next, a sneak peek was provided on VMWare’s project called “Octopus” – a file sharing service from VMWare. Files show up on a desktop, other servers and mobile. Rules control access and when files should be retired or deleted. Enterprise drop box, if you will. Cool stuff. Oh, by the way, shouldn’t you also encrypt those files so they don’t get in the wrong hands?? Just sayin’.
Next, the expo floor was packed with large and small vendors. Surprise, everything is now “for the cloud.” Was just waiting to turn the corner and see Xerox touting photocopies with no toner “in the cloud”. But seriously, it actually all made sense. The clouds: private, public, hybrid have been made possible by virtualization. More and more tools are emerging to bring tried and true best practices of data centers to these environments. I welcome it. VMWare has been a catalyst and they continue to show forward thinking vision. I am glad I made it to the event. Some really cool early-stage vendors were there doing some interesting things. VMWare has built a true market eco-system.
Finally, in being true to the “compete on all fronts” mindset of Oracle, I got a chuckle that just about every taxi cab in Vegas had a sign from Oracle claiming better performance than VMWare. No trade show booth for Oracle (that I saw), but 2,000 taxi cabs made the point. No idea if the statement is true.
I was nostalgic; it felt like the old days – both that there are still mega “in-person” trade shows (complete with basketball hoops and high heeled, hired booth staff (think Comdex) and that competitors still take direct jabs at each other out in the open. Very old school. I loved it.