NetApp - Dave's Blog

I often consider the competitive landscape of storage companies—both larger and smaller than NetApp—but sometimes it's good to consider the bigger picture, so I decided to identify all of the major companies that we co-exist with in enterprise data centers:

To generate this list, I started with Forbes's Global 2000 and Largest Private Companies lists, and identified companies that sell hardware, software and services into big data centers. I excluded component suppliers like Intel, and I excluded companies like Sony and Apple that are more consumer-focused. Next, I added Hitachi Data Systems and Fujitsu-Siemens which are subsidiaries of larger companies. Finally, I made a special exception and included Brocade, even though it's not large enough to make the Global 2000. They are just so critical in our part of the data center that it felt wrong not to have them on the list. (I used bold for the companies that are most relevant in our part of the data center.)

The biggest surprise for me when I first put this list together was how few IT companies there are at this level. I may have missed a few key players, but I think this fast and dirty approach gives a pretty good sense of the IT landscape.

From the perspective of a startup, it seems like there are a bazillion different companies, and there are always new ones appearing and old ones disappearing, but when you consider major companies in enterprise data centers, it's a pretty small set and it doesn't change very fast. In a sense, for a large IT company, these are your neighbors, and it's important to understand your relationship with them. Which ones are or could be competitors? Which ones are or could be partners? Who most wants to kill you? Do any prefer that you succeed? For NetApp, I won't answer these questions in public, but it's a big topic internally.

Of course, it's also useful to have an opinion about what new companies might show up on the scene, especially if they are disruptive, since those are the most dangerous, but you shouldn't focus so much on the newcomers that you lose sight of your long-term neighbors.

[Note: This data is based on Forbes "Global 2000" on 03/29/2007 and 3/30/2006 and Forbes "Largest Private Companies" on 11/09/2006. Fujitsu Siemens data is from their March 2006 annual report. The Hitachi Data number is 4x their March 2007 quarterly report, with the conversion from Yen done on June 20, 2007. This was a fast and dirty effort, so I apologize in advance for any errors.]

You live in a small village on Shark Island. Your village has about 100 people, and the island, a remote paradise in the South Pacific, has a total of ten villages, all the same size. The island's name has always seemed a bit odd to you, because you've never seen a shark. In fact, nobody in your village has ever seen a shark, and even in the stories of your great-grandparents and great-great-grandparents, nobody ever saw a shark. There is one story, though, from another village, far on the other side of the island, and a hundred years ago, about a shark that ate a swimmer.

So here's the question. It's a hot, humid day, and a dip in the cool ocean water sure would be refreshing. Do you take a swim, or does that shark attack in a far away village in a far away time scare you off?

I've asked many people, and almost always they say, "That doesn't sound dangerous. I think I'll take a swim."

Here's how Shark Island plays out with modern mass media. Shark Island had a thousand people, and one person died in a hundred years. That's a death rate of one per hundred-thousand. Greater Los Angeles has a population of about 13 million, so the equivalent death rate there would be 130 people per year. Based on the media excitement that one shark attack generates, I'm sure that 130 deaths in one city would have people fleeing the beaches in droves, all across America.

The problem is, our brains are wired for an environment more like Shark Island than like Los Angeles – small groups of small villages – so media reports spanning millions of people baffle our risk intuition. The exact same death rate that seemed safe in our evolutionary environment causes mass hysteria in our modern environment. No wonder watching television news causes fear in children. What's worse, there are problems much riskier than sharks that don't make the headlines because they aren't "newsworthy". (Auto accidents kill 40,000 people per year. Sharks get better ratings.)

This started as a rant against mass media and bad risk assessment, but there is a lesson for IT:

Don't let mass media drive your risk reduction strategy!

Headlines are not a good indicator for the most important risks in your data center. After 9/11 and again after Katrina, many customers suddenly had a keen interest in remote data replication. After a series of headlines about how lost backup tapes exposed millions of credit card records and social security numbers, people had a sudden interest in encrypting backup tapes. And after headlines about lost medical records from stolen laptops, attention switched to protecting mobile devices.

A good risk management plan should take into account hurricanes, lost tapes, lost laptops, and maybe even terrorist attacks, but realistically, headlines typically don't highlight the most important risks. You are much more likely to lose data from human error or inadequately tested backup and recovery processes than from floods or attacks, but inadequate processes don't make good headlines. In addition, headlines fade quickly – if something becomes frequent it's often less newsworthy, but the risk remains. Our more sophisticated customers, like financial institutions, build risk management models that already include the items most likely to show up in the headlines, and if they use media reports at all, it's to update some aspect of their model, like the probability of a particular event, or the impact and cost.

In summary, don't worry about terrorists until restore from your nightly backup is well tested.

Many people think the patent system protects the little guy who has a great idea and is trying to get started. Perhaps it was supposed to do that, but today – at least in the computer industry – it has evolved into a taxation system that lets companies with more intellectual property impose a tax on companies with less.

Here's what it feels like if you are a small company. Lawyers from a really big computer company – let's call it BigCo – show up and say, "We think you are violating these five patents. You should license our patent portfolio." The patents don't impress you. You write a document criticizing each patent – either it doesn't apply to your design, or you found some prior art that invalidates it. Hard work, but worth it to avoid that licensing fee.

A week later, BigCo's lawyers show up again and say, "Here are five more patents we think you are violating. Did you know we have sixty-seven thousand patents? We really think you should license our patent portfolio." You can spend the rest of your life rebutting BigCo patents, or you can pay. Plus, you have a nagging fear that BigCo's patents may cover something you do, given how many they have. (I could discuss whether too many patents are being issued, but I am describing how the patent system does work, not how it should work.)

BigCo wants your money, but also access to your patents, so the cross-licensing negotiation begins. You try to identify patents that cover their products, and they try to identify patents that cover yours. In the end, you balance how much of your revenue their patents cover, and how much of their revenue your patents cover. The little guy usually loses. Ironically, patents on your super-special technology often don't cover any of BigCo's products, so "miscellaneous" patents may be more important than the ones you thought were so valuable. BigCo has so many patents that it's hard to examine them all, so they will do a statistical analysis showing how many patents they have that might apply to you. Why not save the lawyers fees and just assume that some percentage does apply? (NetApp was in a cross-licensing negotiation with a large semiconductor company, and since we don't design or manufacture chips, we got them to remove those patents from their analysis.)

Fortunately for NetApp, our CTO Steve Kleiman explained the system to us early on, based on his experience at Sun. We invested a lot in our patent portfolio, and it paid off when the negotiations began. (I hope this note will help other companies the same way.) The big reason to file patents is not so much to defend your ideas as to save money in cross-license negotiations.

Don't patents ever protect your good ideas?! In theory, they should, but in practice it doesn't usually work that way. Suppose your small company wants to protect its ideas against a big company. Filing suit will accelerate the cross-licensing negotiation, and you'll probably end up paying. Better to let sleeping dogs lie. Patent battles between small companies work poorly because they are so expensive and take so long. Better to fight it out in the marketplace. Big companies suing small companies have a harder time than you'd imagine, because the courts recognize that an incorrect decision, especially against a startup, can cause irreversible damage. Courts are reluctant to impose injunctions, even if the patents really do apply. In the case of two big companies, both almost always violate each other's patents, so they end up cross licensing. (I'm not saying that patents never help to protect good ideas. If someone steals your patented idea, it's perfectly reasonable to go after them. I'm just saying that it seldom works out as well as you might hope.)

I know that some people are so frustrated with the patent system that they want nothing to do with it. The problem is, there's no good way to opt-out. If you don't file any patents, then the inevitable cross-licensing negotiations will be much more painful. What's worse, if you keep your ideas secret, instead of patenting them, then someone else might patent them and file suit against you for infringement. (Sounds crazy, but – in some countries at least – that's how the system works.)

In the end, my conclusion is that the patent system really is a lot like the tax system. You may not like it, but you are better off participating. Small companies should patent their "secret sauce", to protect against copycats, but more general patents will actually be most useful in cross-licensing negotiations. Larger companies have invested so much in their patent portfolio – given how the system works they really have no alternative – it only makes sense for them to collect the cross-licensing "tax" like everyone else. It helps pay for the cost of doing the patents.

My goal here is not to defend the patent system. It helps big guys more than little guys, and I don't think it encourages innovation very well. My goal is to describe as best I can how it seems to work. You may not like a system, but if you understand it you'll do better than if you don't.