This week, we talked to Serguei Beloussov, Founder of Acronis, the global leader in cyber protection solutions. Serguei holds Singaporean citizenship, is a self-made entrepreneur, and a business executive with an excellent track record of over two decades in building and leading high-performing tech companies in North America, Europe, and Asia. He holds a Ph.D. in computer science from one of the world’s top physics and technology universities.
Read on as he discusses why Acronis is considered a leader in cyber protection solutions, what sets them apart, the latest acquisition of DeviceLock, and their strategy for the Indian market.
J: Acronis is known to be a leader in offering backup solutions for a very long time. There is a big shift from being a backup company to be a cyber protection company. What was the conscious decision to move towards this strategy?
S: We believed that we needed to solve customer problems and offer our partners access to those solutions – and in our experience, customers’ problem is not with backup. Backup is just a tool. The problem is to have your computer or a cloud application, or a mobile application working safely – which means your data must be either never lost, or easily restored. But even then, backup only allows you to restore after something happens, so you will have something broken for a while – and that’s not completely safe in our opinion. Fact is, having to restore data is inconvenient and takes time.
The second problem is accessibility – you have to be accessible at all times. The traditional solution for applications, computers and systems is disaster recovery, for data – it’s File Sync and Share. But, this is a reactive solution – it only gives you the files when requested and only recovers data after a failure.
Another critical issue these days is privacy – you can have a workload that you consider safe and accessible, but then it can be accessed by an unwanted third party.
He/she may leverage your workload against you, steal your data, expose you to threats – with compromised privacy, your data is as good as gone.
Another problem is when your data is not gone – but tampered with. Data authenticity will be more and more critical. You won’t notice data missing, but you must have a way to see – and prove – which documents, photos, audio, video files have been changed.
And lastly, your workload can be broken simply because it’s not secure, lacking basic cybersecurity defenses. Safety, Accessibility, Privacy, Authenticity and Security – the 5 vectors of cyber protection that we developed and named the concept SAPAS.
That’s the only way you get ultimate protection – and before our technology, you needed multiple solutions to do this. Now you can do it with one.
Naturally, you can have 5 different products for this, and the combined functionality will be potentially equal to cyber protection – but it’s a lot harder to manage, and will be far more expensive. It’s expensive, complex and it’s not really secure or reliable – plus, it’s not controlled.
When you manage to combine multiple solutions into one – one agent, one UI, one policy, one engine – you can get a much better product and unique capabilities. Whether it’s desktop PC or a server, you don’t need to care what happens to it – even if it’s a hard disk failure or ransomware, or overheated CPU or some perpetrators who were able to break in and make your private data public. Your workload needs to deliver whatever you expect from it – and that can only be done if you approach the problem holistically.
So, the customer’s problem is to stay protected from every possible angle – and that’s why we switched to cyber protection. Because that’s the only way to go to protect the customer’s information.
J: One news that is hot off the press is that Acronis acquisition of DeviceLock, a leading provider of device control and endpoint data leak protection solutions. How will this help Acronis partners and their customers?
S: We’re going to add data leak prevention as a feature. We believe that in the future, it has to be extremely easy to stay protected – and data leakage is one of the potential vectors of attacks. It should not be a separate product – it should be another part of our cyber protection solution.
When you have a device, one way you lose data is that you have the attackers break-in from outside and steal it. But it’s another case when you have somebody with legitimate access to the device performing unauthorized actions.
And that’s what data leak prevention is all about – it’s about making sure that users cannot abuse their access to the application, server, or device.
J: Okay, so it will be offered as a feature in the Acronis solution.
S: To put it more accurately, it will be offered as an integral part of Acronis Cyber Protect. The solution has a lot of modules, each module has separate features – they can’t be separated. If it were a separate module, it could’ve been sold separately, but it’s just enhancing the capabilities of Acronis Cyber Protect. It will be included in some editions – and in some, it will be an extra feature.
J: Let’s talk more about that. A while back, you had launched this innovative cyber protection solution by the name of Acronis Cyber Protect. Tell us how this single solution can address cyber threats in the market today? And what sets Acronis cyber protection solutions apart from other cybersecurity products?
S: It’s a complex question, but the complete integration into one solution is what sets it apart from most. The majority of modern workloads are not fully protected – because it’s too complicated to protect them with multiple solutions. So, Acronis Cyber Protect literally combines 9-10 different tools – today. In the future, it’ll combine 15 different tools’ capabilities. Imagine relying on that many separate solutions to fully protect your workload.
And so, the only way to do it in a simpler and cheaper way is to have one single integrated solution. That way it’s affordable from the standpoint of price, but more importantly – from the standpoint of effort to install it on every workload, and that’s what makes it unique. Of course, you can use some third-party tools to integrate multiple solutions, but it’s never going to work the same way as if you’ve had a single product.
So, the main differentiator of Acronis Cyber Protect is that it provides complete protection that’s both very easy and cost-effective to use. And that allows us to protect a lot of workloads. It does have more unique capabilities, such as forensic – being able to perform deep inspection of backups – but most importantly, it just works. Because it’s one fully integrated solution.
J: Now what sets Acronis cybersecurity capabilities apart from other security products that are offered by well-recognized players in the market.
S: We always stress that we are not cybersecurity, we are cyber protection company. We believe that standalone security products will soon die. There is no more security without safety, accessibility, privacy, and authenticity – the other vectors.
We believe that with the growing number of workloads, computer applications, and systems, you can’t just have only security. You have to have prevention, detection, response, recovery, and forensic, which is offered by most security solutions. But you can’t have just the detection and response – and that’s what most security solutions are offering. And that’s what sets us apart.
In addition to that, our anti-malware feature has an extremely low false positive and false negative rates – for that we have a number of awards and were acclaimed by independent labs. And so far, we’re the only ones who made such integration possible.
Ultimately, if you only consider security, what you need is a low false negative, low false positive, ability to recover, and the ability to do forensic. Because every security solution at some point may miss an attack, so it needs to recover fast – and needs forensic to not miss it again. So far, lab research shows we have the best forensic and the best recovery – along with great detection, response, and prevention. And that’s exactly what our customers need.
When you deal with a small number of workloads, for example, in a large enterprise, you have the resources to juggle multiple solutions. But when you deal with edge solutions in a small SME, there’re so many workloads, you will die dealing with multiple products on so many workloads.
J: India is focusing on boosting digital adoption. With more technology adoption comes new surface areas that hackers can exploit to gain unauthorized access. How can an organization deal with such critical threats? What ways do you recommend for ensuring business continuity during these pandemic times?
S: Well, I think there are really three important steps. The first step is to realize you have to deal with those threats, that by default, you are vulnerable and if your infrastructure is down – you are helpless. Even this call between us would be impossible without IT support – this stuff has to work.
At this point, having operational IT is almost more important than having electricity. Naturally, electricity is required for IT operations – and in the past, if electricity was gone, you would be worried about light or heat going out. But today, if the electricity were to go down, you would be worried about your computer and the Internet not working, isn’t that right?
The second step is to understand that digital adoption is complicated, and in my opinion, it is much better to work with service providers. For example, if you were getting sick, you could, of course, call your grandmother or the family expert. But if you were to fall seriously ill, you would need to see a qualified doctor, a professional. Similarly, for most companies, it’s better to deal with managed security service providers (MSSPs) to help them stay operational and protected – it boils down to the difference between engaging professionals and doing it yourself. MSSPs have service level agreements with you, they’re liable if something doesn’t work on your side.
In my opinion, for IT leaders, it’s more feasible to hire external people to deal with security or edge workloads, like desktops and servers on the edge.
And the third step is to remember that the only way to be protected is to be fully protected – no matter what the mainstream media and analysts say. You have to prioritize safety, accessibility, privacy, authenticity, and security (“SAPAS”) at the same time on all the workloads.
Suggested Reading: Modern cyber protection – 5 vectors you need to know
That’s the only way to do it – if you don’t deal with your workloads, it’ll become your Achilles heel. And it won’t matter how small a spot you left unprotected – even the smallest crack in your defenses is lethal. Your IT infrastructure is one – if a single unit is vulnerable, your whole infrastructure is vulnerable.
J: What specific expansion plans does Acronis have for the Indian market? Why do you think service providers need to add Acronis to their portfolio?
S: Acronis is absolutely unique in terms of our product lineup and value offers for service providers – from the standpoint of the partner program, margins, and prices. Plus, the model is hybrid, so it can actually be deployed in any region – and for the Indian market, we have a very aggressive plan.
We have a team in India and are actively recruiting service providers this year – cloud distributors too. We believe we created the best product for those looking for complete cyber protection. It allows you to make money and satisfy customers at the same time. Our revenue in India is growing very quickly, though it’s not huge at the moment. It will grow quicker now, I believe – in the current situation, people are starting to appreciate that IT is mission-critical.
There’s no arguing – IT has become something you cannot live without. There may still be some areas of India, or some industries running without IT, but it will quickly pass. Soon, it will be everywhere. IT is a basic human need. People in India eat food, drink water, breathe air and they have shelter – in the same way, they will need IT, and IT needs to be protected.
J: Acronis was recognized as a unicorn company after the investment from Goldman Sachs to the value of dollar 147 Million last year. Can you help us understand where has some of the investment gone in and where are more investments planned?
S: It’s easy to see where investment has gone. We’ve just acquired DeviceLock, the data loss prevention vendor – that’s the second acquisition we announced, and there are more in the pipeline. We have also increased our engineering capacity and have invested into our partner program. Those are the three main areas: all to develop more valuable products within our company and explore new ways of helping our partners be successful. Our main counterparts are the service providers and ultimately what we do is we enable them to be profitable and to grow while offering cyber protection to customers.
J: How can Artificial Intelligence and Machine Learning technologies in Acronis products help organizations overcome cybersecurity challenges in the future too?
S: I believe there are around 50 billion smart devices today – and about 5 billion of them deserve to be protected. The other 45 billion are relatively simple devices. In the future, 100% of those will be protected – but then the number of devices will grow to 500 billion in 10 years. It might actually grow more than 10 times over the next 10 years.
And what’s the number of IT people managing these devices today – maybe 10 million, right? So, 10 million people have almost no time to protect 5 billion devices with current tools – they can maybe protect 2 billion devices and that’s what we have. Meaning, more than half of the world’s important devices are left unprotected.
As we move forward, the number of devices will move from 5 billion to 50 billion or to 100 billion – one thing we know, it will be a large number. But the number of IT people will not grow 10 or 20 times over the next 10 years. It’s impossible – we’d have to have 200 million IT people, but we don’t have anywhere near that number of eligible candidates.
That means, the only way to help the situation is to make the protection autonomous. And by autonomous I mean protection which can sync and figure out what to do by itself most of the time – one based on AI. It should only involve humans under very unique circumstances. This will allow to grow the productivity of IT teams by the factor of 10, 22, or by the factor of 100 – which is what we all need. Because without such growth, you just cannot deal with a number of problems coming up these days. And that’s exactly what we do here. AI will make most of the IT autonomous – today, it’s worked in security and safety, and in the future, it will be worked into every aspect of protection. We will eventually need to involve people less and less.
Our goal, our mission is SAPAS-driven cyber protection for all data, applications, and systems and that means all of them. If we rely on humans alone to protect all data applications and systems, it simply won’t be possible.
J: You have been in this industry for a very long time and have been involved in multiple entrepreneurial initiatives. So, what do you do when you want to unwind and relax?
S: That’s a really interesting question! First of all, this COVID-19 pandemic has changed my behavior quite a lot, the same as everyone – and so, I have acquired a few new habits. For example, now when I do work, I also do exercise at the same time. I have different health machines all over my home office, like the elliptical machine and specialized AI-driven home bike and others – and I literally work out while taking calls.
And secondly, when I need to unwind, I just jump to new projects. So, my hobby is to find and develop a new project. I’m currently building several new machines. I also started a new project recently – founded a university which is connecting science, technology, and business in Schaffhausen. It’s called the Schaffhausen Institute of Technology or SIT. So, my hobby is actually building new companies. That’s what I do to unwind.