Druva’s Journey to Seamless Secure Software Development with ActiveState

Druva enables cyber, data, and operational resilience with the Data Resiliency Cloud, a fully managed, 100% SaaS platform that protects customers’ data wherever it lives. Druva’s innovative approach to backup and recovery has transformed how data is secured, protected and utilized by more than 5,000 businesses, including 60 of the Fortune 500. The Data Resiliency Cloud eliminates the need for complex infrastructure and related management costs, and delivers cyber and data resilience backed by a $10 million Data Resiliency Guarantee.

 The Challenge

Druva has always been committed to security for its customers and has embedded secure-by-default processes directly within its corporate policies and internal processes. 

As a result, Druva engineers were actively monitoring all third-party components incorporated within the platform. This process ensured that Druva was using the latest and most secure version of the component. They were up to date on any new vulnerabilities, and all available security fixes and patches were applied immediately.

As Druva’s platform rapidly grew, the team realized that engineers were constantly juggling the need to develop new features with monitoring and managing existing third-party components. Soon it became evident that engineers’ time was best utilized building and developing features that met customer needs, rather than maintaining third-party software.


SaaS – Data Protection & Data Resiliency


  • Engineers had to work on both continuous updates to third-party components and feature development in parallel work streams
  • Dedicated resources were needed to monitor third-party software
  • Rapid remediation of vulnerabilities as and when they arose, decreasing both risk and Mean Time To Remediation (MTTR)
  • Freed up vital engineering resources, accelerating time to market

Download the PDF

The Approach

In 2019, Druva was looking for a way to ensure security at scale for their third-party components while working through scheduled upgrades for a few of those components. The Druva engineering team had their work cut out for them with long-term research and analysis of the complexities of the upgrade. The transition included the need to determine all of the potential compatibility issues the team faced. 

Druva needed a boost to help scale their efforts, gain greater visibility into the upgrade issues, and speed up the remediation of security vulnerabilities, if any. At the same time, the company needed to balance the need for innovation, process improvement, and productivity as Druva continued delivering innovative features to its customers. This meant engineers had to work on two different, high-priority projects in parallel — and context switch between feature development and component upgrades. 

Simply throwing time and resources at the problem was a non-starter for management, so Druva went looking for a vendor to partner with and quickly found ActiveState. 

The Solution – ActiveState a Trusted Partner

ActiveState provided Druva access to a centralized repository of secure third-party components that could scale to support all of their development teams. If new vulnerabilities were found in any third-party component, ActiveState provided Druva’s team with the fixes that they could simply apply, thus freeing up their resources to focus on customer needs and delivering on the high-value business goals the executive team wanted to see progress on.

New engineers don’t even know about ActiveState, the team is focused on business and the functional parts. ActiveState is so seamless that the business can function even with turnover and little training. The lights stay on and engineers don’t have to worry about what language they are using to add value. That is the beauty of the partnership.
Ashish Saxena
Director of Engineering

Benefits & Results

It wasn’t long before the development teams seamlessly integrated the ActiveState solution into their development processes because of the benefits ActiveState provided:

  • Observability into third-party components so they no longer had to track it themselves.
  • Scalability by freeing up their resources to focus on more value-added tasks, such as speeding up the upgrade process.
  • Rapid remediation of vulnerabilities as and when they arose, decreasing both risk and Mean Time To Remediation (MTTR).

New engineers who join the team don’t need to familiarize themselves with managing third-party components or how ActiveState works behind the scenes. Instead, they can focus squarely on business requirements and their functional implementation. ActiveState seamlessly integrates into their workflow, making sure the lights stay on and everyone can keep adding value without worrying about maintaining third-party code.

ActiveState simplified the process to such a degree that new developers can dive right in, tackling the problems customers face and moving the business forward without skipping a beat.

The ActiveState Difference

In the dynamic landscape of software development, Druva’s journey towards seamless and secure software development found a steadfast partner in ActiveState. ActiveState’s commitment to innovation and expertise played a pivotal role in empowering Druva to navigate the complexities of evolving technology ecosystems. By leveraging ActiveState’s cutting-edge solutions, Druva not only achieved enhanced security protocols but also streamlined its development processes, ensuring a seamless experience for its teams.

ActiveState’s distinctive approach, mirrored in the success with Druva, revolves around providing tailored solutions that align with the unique needs of each client. The case study vividly illustrates how ActiveState’s technology prowess and collaborative approach fostered an environment where Druva could thrive in the ever-evolving software landscape. The partnership not only enabled Druva to meet the highest standards of security but also positioned the company for sustained success in an industry where adaptability and innovation are paramount. This case study stands as a testament to the transformative impact that the ActiveState difference can bring to organizations navigating the challenges of secure software development.

Still Running Python 2 Past EOL? Get Python 2.7 from ActiveState

Extended support offers our exclusive Python 2.7.18.x builds which include security patches addressing vulnerabilities identified in the core Python 2 release.

Why Download Python From ActiveState?

ActiveState has been programmers’ trusted provider of Windows, Linux, and macOS Python distributions for more than 20 years. We offer the latest versions of a number of open source programming languages, including Python, Perl, and Tcl.

We specialize in stable, secure, and easy-to-deploy Python environments. Our universal package manager, the State Tool, allows you to build your runtime from source code, reducing your exposure to vulnerabilities. We also provide advanced dependency management, reducing the need for bug fixes.

With ActiveState, you can install Python and the State Tool directly in the command line, or you can use a Windows installer for Python 3.8 or 2.7. We allow sign-up with GitHub and provide numerous tutorials in our community forum.

Recent Posts

Scroll to Top