>> Welcome to this Cube Conversation, I'm Lisa Martin. I'm joined by Derek Manky next, the Chief Security Insights and Global Threat Alliances at Fortiguard Labs. Derek, welcome back to the program. >> Hey, it's great to be here again. A lot of stuff's happened since we last talked. >> So Derek, one of the things that was really surprising from this year's Global Threat Landscape Report is a 10, more than 10x increase in ransomware. What's going on? What have you guys seen? >> Yeah so this is massive. We're talking over a thousand percent over a 10x increase. This has been building Lisa, So this has been building since December of 2020. Up until then we saw relatively low high watermark with ransomware. It had taken a hiatus really because cyber criminals were going after COVID-19 lawyers and doing some other things at the time. But we did see a seven fold increase in December, 2020. That has absolutely continued this year into a momentum up until today, it continues to build, never subsided. Now it's built to this monster, you know, almost 11 times increase from, from what we saw back last December. And the reason, what's fueling this is a new verticals that cyber criminals are targeting. We've seen the usual suspects like telecommunication, government in position one and two. But new verticals that have risen up into this third and fourth position following are MSSP, and this is on the heels of the Kaseya attack of course, that happened in 2021, as well as operational technology. There's actually four segments, there's transportation, automotive, manufacturing, and then of course, energy and utility, all subsequent to each other. So there's a huge focus now on, OT and MSSP for cyber criminals. >> One of the things that we saw last year this time, was that attackers had shifted their focus away from enterprise infrastructure devices, to home networks and consumer grade products. And now it looks like they're focusing on both. Are you seeing that? >> Yes, absolutely. In two ways, so first of all, again, this is a kill chain that we talk about. They have to get a foothold into the infrastructure, and then they can load things like ransomware on there. They can little things like information stealers as an example. The way they do that is through botnets. And what we reported in this in the first half of 2021 is that Mirai, which is about a two to three-year old botnet now is number one by far, it was the most prevalent botnet we've seen. Of course, the thing about Mirai is that it's an IOT based botnet. So it sits on devices, sitting inside consumer networks as an example, or home networks, right. And that can be a big problem. So that's the targets that cyber criminals are using. The other thing that we saw that was interesting was that one in four organizations detected malvertising. And so what that means Lisa, is that cyber criminals are shifting their tactics from going just from cloud-based or centralized email phishing campaigns to web born threats, right. So they're infecting sites, waterhole attacks, where, you know, people will go to read their daily updates as an example of things that they do as part of their habits. They're getting sent links to these sites that when they go to it, it's actually installing those botnets onto those systems, so they can get a foothold. We've also seen scare tactics, right. So they're doing new social engineering lures, pretending to be human resource departments. IT staff and personnel, as an example, with popups through the web browser that look like these people to fill out different forms and ultimately get infected on home devices. >> Well, the home device use is proliferate. It continues because we are still in this work from home, work from anywhere environment. Is that, you think a big factor in this increase from 7x to nearly 11x? >> It is a factor, absolutely. Yeah, like I said, it's also, it's a hybrid of sorts. So a lot of that activity is going to the MSSP angle, like I said to the OT. And to those new verticals, which by the way, are actually even larger than traditional targets in the past, like finance and banking, is actually lower than that as an example. So yeah, we are seeing a shift to that. And like I said, that's, further backed up from what we're seeing on with the, the botnet activity specifically with Mirai too. >> Are you seeing anything in terms of the ferocity, we know that the volume is increasing, are they becoming more ferocious, these attacks? >> Yeah, there is a lot of aggression out there, certainly from, from cyber criminals. And I would say that the velocity is increasing, but the amount, if you look at the cyber criminal ecosystem, the stakeholders, right, that is increasing, it's not just one or two campaigns that we're seeing. Again, we're seeing, this has been a record cases year, almost every week we've seen one or two significant, cyber security events that are happening. That is a dramatic shift compared to last year or even, two years ago too. And this is because, because the cyber criminals are getting deeper pockets now. They're becoming more well-funded and they have business partners, affiliates that they're hiring, each one of those has their own methodology, and they're getting paid big. We're talking up to 70 to 80% commission, just if they actually successfully, infect someone that pays for the ransom as an example. And so that's really, what's driving this too. It's a combination of this kind of perfect storm as we call it, right. You have this growing attack surface, work from home environments and footholds into those networks, but you have a whole bunch of other people now on the bad side that are orchestrating this and executing the attacks too. >> So what can organizations do to start- to slow down or limit the impacts of this growing ransomware as a service? >> Yeah, great question. Everybody has their role in this, I say, right? So if we look at, from a strategic point of view, we have to disrupt cyber crime, how do we do that? It starts with the kill chain. It starts with trying to build resilient networks. So things like ZTA and a zero trust network access, SD-WAN as an example for protecting that WAN infrastructure. 'Cause that's where the threats are floating to, right. That's how they get the initial footholds. So anything we can do on the preventative side, making networks more resilient, also education and training is really key. Things like multi-factor authentication are all key to this because if you build that preventatively and it's a relatively small investment upfront Lisa, compared to the collateral damage that can happen with these ransomware paths, the risk is very high. That goes a long way, it also forces the attackers to- it slows down their velocity, it forces them to go back to the drawing board and come up with a new strategy. So that is a very important piece, but there's also things that we're doing in the industry. There's some good news here, too, that we can talk about because there's things that we can actually do apart from that to really fight cyber crime, to try to take the cyber criminals offline too. >> All right, hit me with the good news Derek. >> Yeah, so a couple of things, right. If we look at the botnet activity, there's a couple of interesting things in there. Yes, we are seeing Mirai rise to the top right now, but we've seen big problems of the past that have gone away or come back, not as prolific as before. So two specific examples, EMOTET, that was one of the most prolific botnets that was out there for the past two to three years, there is a take-down that happened in January of this year. It's still on our radar but immediately after that takedown, it literally dropped to half of the activity it had before. And it's been consistently staying at that low watermark now at that half percentage since then, six months later. So that's very good news showing that the actual coordinated efforts that were getting involved with law enforcement, with our partners and so forth, to take down these are actually hitting their supply chain where it hurts, right. So that's good news part one. Trickbot was another example, this is also a notorious botnet, takedown attempt in Q4 of 2020. It went offline for about six months in our landscape report, we actually show that it came back online in about June this year. But again, it came back weaker and now the form is not nearly as prolific as before. So we are hitting them where it hurts, that's that's the really good news. And we're able to do that through new, what I call high resolution intelligence that we're looking at too. >> Talk to me about that high resolution intelligence, what do you mean by that? >> Yeah, so this is cutting edge stuff really, gets me excited, keeps me up at night in a good way. 'Cause we we're looking at this under the microscope, right. It's not just talking about the what, we know there's problems out there, we know there's ransomware, we know there's a botnets, all these things, and that's good to know, and we have to know that, but we're able to actually zoom in on this now and look at- So we, for the first time in the threat landscape report, we've published TTPs, the techniques, tactics, procedures. So it's not just talking about the what, it's talking about the how, how are they doing this? What's their preferred method of getting into systems? How are they trying to move from system to system? And exactly how are they doing that? What's the technique? And so we've highlighted that, it's using the MITRE attack framework TTP, but this is real time data. And it's very interesting, so we're clearly seeing a very heavy focus from cyber criminals and attackers to get around security controls, to do defense innovation, to do privilege escalation on systems. So in other words, trying to be common administrator so they can take full control of the system. As an example, lateral movement, there's still a preferred over 75%, 77 I believe percent of activity we observed from malware was still trying to move from system to system, by infecting removable media like thumb drives. And so it's interesting, right. It's a brand new look on these, a fresh look, but it's this high resolution, is allowing us to get a clear image, so that when we come to providing strategic guides and solutions in defense, and also even working on these takedown efforts, allows us to be much more effective. >> So one of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. You said, I don't think that we've hit that ceiling yet, but are we at an inflection point? Data showing that we're at an inflection point here with being able to get ahead of this? >> Yeah, I would like to believe so, there is still a lot of work to be done unfortunately. If we look at, there's a recent report put out by the Department of Justice in the US saying that, the chance of a criminal to be committing a crime, to be caught in the US is somewhere between 55 to 60%, the same chance for a cyber criminal lies less than 1%, well 0.5%. And that's the bad news, the good news is we are making progress in sending messages back and seeing results. But I think there's a long road ahead. So, there's a lot of work to be done, We're heading in the right direction. But like I said, they say, it's not just about that. It's, everyone has their role in this, all the way down to organizations and end users. If they're doing their part of making their networks more resilient through this, through all of the, increasing their security stack and strategy. That is also really going to stop the- really ultimately the profiteering that wave, 'cause that continues to build too. So it's a multi-stakeholder effort and I believe we are getting there, but I continue to still, I continue to expect the ransomware wave to build in the meantime. >> On the end-user front, that's always one of the vectors that we talk about, it's people, right? There's so much sophistication in these attacks that even security folks and experts are nearly fooled by them. What are some of the things that you're saying that governments are taking action on some recent announcements from the White House, but other organizations like Interpol, the World Economic Forum, Cyber Crime Unit, what are some of the things that governments are doing that you're seeing that as really advantageous here for the good guys? >> Yeah, so absolutely. This is all about collaboration. Governments are really focused on public, private sector collaboration. So we've seen this across the board with Fortiguard Labs, we're on the forefront with this, and it's really exciting to see that, it's great. There's always been a lot of will to work together, but we're starting to see action now, right? Interpol is a great example, they recently this year, held a high level forum on ransomware. I actually spoke and was part of that forum as well too. And the takeaways from that event were that we, this was a message to the world, that public, private sector we need. They actually called ransomware a pandemic, which is what I've referred to it as before in itself as well too. Because it is becoming that much of a problem and that we need to work together to be able to create action, action against this, measure success, become more strategic. The World Economic Forum were leading a project called the Partnership Against Cyber Crime Threat Map Project. And this is to identify, not just all this stuff we talked about in the threat landscape report, but also looking at, things like, how many different ransomware gangs are there out there. What do the money laundering networks look like? It's that side of the supply chain to map out, so that we can work together to actually take down those efforts. But it really is about this collaborative action that's happening and it's innovation and there's R&D behind this as well, that's coming to the table to be able to make it impactful. >> So it sounds to me like ransomware is no longer a- for any organization in any industry you were talking about the expansion of verticals. It's no longer a, "If this happens to us," but a matter of when and how do we actually prepare to remediate, prevent any damage? >> Yeah, absolutely, how do we prepare? The other thing is that there's a lot of, with just the nature of cyber, there's a lot of connectivity, there's a lot of different, it's not just always siloed attacks, right. We saw that with Colonial obviously, this year where you have attacks on IT, that can affect consumers, right down to consumers, right. And so for that very reason, everybody's infected in this. it truly is a pandemic I believe on its own. But the good news is, there's a lot of smart people on the good side and that's what gets me excited. Like I said, we're working with a lot of these initiatives. And like I said, some of those examples I called up before, we're actually starting to see measurable progress against this as well. >> That's good, well never a dull day I'm sure in your world. Any thing that you think when we talk about this again, in a few more months of the second half of 2021, anything you predict crystal ball wise that we're going to see? >> Yeah, I think that we're going to continue to see more of the, I mean, ransomware, absolutely, more of the targeted attacks. That's been a shift this year that we've seen, right. So instead of just trying to infect everybody for ransom, as an example, going after some of these new, high profile targets, I think we're going to continue to see that happening from the ransomware side and because of that, the average costs of these data breaches, I think they're going to continue to increase, it already did in 2021 as an example, if we look at the cost of a data breach report, it's gone up to about $5 million US on average, I think that's going to continue to increase as well too. And then the other thing too is, I think that we're going to start to see more, more action on the good side like we talked about. There was already a record amount of takedowns that have happened, five takedowns that happened in January. There were arrests made to these business partners, that was also new. So I'm expecting to see a lot more of that coming out towards the end of the year too. >> So as the challenges persist, so do the good things that are coming out of this. Where can folks go to get this first half 2021 Global Threat Landscape? What's the URL that they can go to? >> Yeah, you can check it out, all of our updates and blogs including the threat landscape reports on blog.fortinet.com under our threat research category. >> Excellent, I read that blog, it's fantastic. Derek, always a pleasure to talk to you. Thanks for breaking this down for us, showing what's going on. Both the challenging things, as well as the good news. I look forward to our next conversation. >> Absolutely, it was great chatting with you again, Lisa. Thanks. >> Likewise for Derek Manky, I'm Lisa Martin. You're watching this Cube Conversation. (exciting music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomena that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke at it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomenon that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

>> Narrator: From around the globe, it's theCUBE with digital coverage of IBM Think 2021 brought to you by IBM. >> Hello everybody, welcome back to IBM Think 2021, the virtual edition. My name is Dave Vellante and I'm pleased to welcome back a long time Cube alum, Jim Whitehurst, who's the president of IBM. And I'll call him chief cultural evangelist, welcome Jim. Great to see you again. >> Great to see you, Dave. Thanks so much for having me. >> Yeah, it's really our pleasure. And I want to start off, it's just over a year as president of IBM. And I wonder, you know, when you're a little kid or, you know, early in your career, computer science class, did you ever think you'd be president of a company that was founded in 1911? I mean, amazing. I wonder if you could share what's the most important thing you've learned in your first year? >> Well, look, I mean, as you said, I would've never thought it. Yeah, I was the first kid to have an IBM PC on the block and was always into technology but never saw myself as like, you know, running a big tech company. So it is humbling. I would say that there are tons of lessons in the first year. I guess the two that strike me most is one is just related to strategy and that's, you know, Red Hat and most technology companies, we're very customer focused. But it's around whatever technology we're bringing to market where IBM has fundamentally transitioned. And kind of transformed itself over time to make sure it can meet customer needs. So it's sold off businesses, it's bought other businesses, it's created new businesses. So it really shows the kind of the focus and value on serving our customers and doing whatever it takes to do it. And that's been a fundamental kind of different strategy than most companies have had. I think one of the reasons that we've been around for over a 100 years. The second is I'm deeply into culture and I've talked a lot about the difference of running Red Hat, it's all about innovation versus Delta Airlines where I was before, which is driving efficiency. IBM is both and so really trying to think through how you run an organization that needs to run the financial systems of the world, that extraordinary reliability and drive roadmaps on things like quantum computing. At the same time be able to innovate iteratively with our customers and in open source communities. And kind of getting that balance right as a leader. It's, you're kind of doing what we did at Red Hat and what we did at Delta but kind of doing it together. And I think that stretched me as a leader and kind of taught me a lot about how we're thinking about continuing to evolve the culture at IBM. >> Now, of course, you do this leadership series, you put out things out on LinkedIn and words matter. And that's what I take away from a lot of the little short hits that you do, which I really appreciate. My stuff that I put Jim on LinkedIn, it's just, you got to invest like 15, 20 minutes. So I really appreciate the short hits. But you do that regular series and I'm curious do you do that to reach more IBM people? Are you an open source culture? You're trying to help others. And I'm curious as to sort of why that platform as opposed to sending around an internal thing an IBM. And I'm wondering if your principles and how they've evolved kind of post pandemic. >> Well, so first off, maybe that comes from Red Hat but I think IBM shares that it's if you have something really, really valuable, you want to share it. And look, when I am out talking to our customers, CEOs and some of the biggest companies in the world, honestly we rarely talk about technology 'cause other people are more detailed or deep in that. We primarily do talk about culture. And how you think about again, how do you take an organization that's been built to drive efficiency and scale on a global basis and make it able to be more nimble and more innovative? And so, and obviously, hopefully that's all with IBM and Red Hat technologies. But ultimately most of my conversations at a senior leadership level are about culture and leadership style to drive that. And so if that's valuable for CEOs of some of the world's largest companies, it's valuable to leaders kind of across all spectrums, all sizes. And so I think LinkedIn is a good way to kind of take some of those messages and make sure we were able to share those much more broadly. So certainly I spend more time talking about it inside of IBM and I spend a lot of time with our clients talking about it. But I think many of the lessons are applicable more broadly. And so why not share them? And LinkedIn's a great platform to be able to do that. >> How about you, how have your principles, how have your principles sort of changed and how have they evolved post pandemic? >> Well, I think a couple things, so one is the pandemic kind of forces you to get more precise about it. And what I mean by that is so much of leadership is about building credibility and trust and influence. And when you're seeing someone in 3D live, visual cues can kind of mean a lot in the water cooler conversations. Or who you run into in the hall can all help kind of create that level of trust. But you can't do that in 2D. As great as Zoom and other platforms are, you just can't quite do it. And so you have to be much more thoughtful in how you're creating opportunities to kind of create trust. So I'd say I've gotten more surgical in thinking about kind of what those elements of leadership are that do that. I think the second thing I've really learned at IBM again is back to this. We have to be able to do both, drive a future state in a known world as well as, I call it seek a future state in an unknown world. So driving a roadmap for quantum computing takes a number of different technologies coming together in one year, in two years, in five years. And that really does have to be pre-planned, which is very very different, that I'll call the iterative innovation approach that we use at Red Hat and open source communities and working with our clients. And we have to do both. And so as a leader you really have to understand the problem you're trying to solve and apply slightly different kind of leadership tactics against that. So when you're executing a known versus you are trying to create something in an unknown, does require different approaches and we have to do both in IBM. And I think that's the struggle a lot of companies have, every company needs to do that. If you're Delta Airlines, you don't want anybody innovating on the safety procedures before your flight. Yet you want a lot of innovation happening on your website and your mobile app. So how do you bring those together? And as a leader you can have a common set of values, but recognize you have to bring different tools to the table, depending on the context in which you're leading. And so I learned a lot more and gotten a lot crisper with that since being at IBM. >> Interesting, I mean, the pandemic, we all know it's been terrible but one of the upshots has been we had a glimpse of the future sort of shoved into a forced march of digital in 2020. And so obviously the next 10 years ain't going to be like the last 10 years. And one of the things we've been talking about is ecosystems and partnerships and the power and leverage that you can get from those. And Arvin has said, laid it out, we are returning to growth company. And so I wonder if you could talk to how partnerships and ecosystems play into that return to growth for IBM. >> Well, first off a key part of our strategy we talk about hybrid cloud and AI. It's not just about, hey, a platform that runs across all the different deployment models is convenient. It's also because innovation is coming from so many sources today. It's coming from a by-product from the web 2.0 companies, it's coming from open source. It's coming from an explosion of startups because of the amount of capital in venture capital. It's coming from traditional software companies. It's coming from our clients who are participating in open source. And so you have so many sources of innovation. Much of what we're doing is landing a platform that allows you to consume innovation safely and reliably from wherever it's coming from. So a core part of a platform by definition is the ecosystem around it. Having a platform that runs everywhere is great but if you don't have any applications that run on it who cares. And so ecosystem and partners have always been important to IBM, but for this strategy of this horizontal platform oriented strategy, it is critical to our success because much of the platform is the ecosystem. And so we've already talked about investing a billion dollars in that ecosystem to get ISVs and other partners on our platform, again, to ultimately kind of create that kind of horizontal layer where I can run anything that I want to on it and I can run that anywhere I want to. And so the two sides of that so all the innovation happening on top and making sure it runs everywhere is what really unlocks the freedom of choice. That reduces friction to innovation, which allows everybody in the ecosystem from our clients to ISVs to hardware partners to innovate more quickly. And that's what we really see as the benefit of our platform. It's not a horizontal stove pipe, come innovate in this one place. It's recognizing innovation's happening in so many places. And the only way we're going to be able to allow people to ingest that is to have a horizontal platform that everyone's participating in. Which is why partners and ecosystem are so important, not only to the success of our platform, but to the, I'd say, as a success of this next generation of computing. These horizontal fabrics that require an ecosystem kind of built around them. >> I think that's an important nuance that maybe people don't understand that yes, you have a platform. Obviously, OpenShift is a linchpin but it's an enabler for people to build other platforms. It's not the be all, end all platform that's sort of ultimately becomes another Island. And so that is a key part of the growth strategy and presumably expand your total available market. >> Oh, absolutely and so this is the key is we can talk about great IBM technologies. We're doing amazing things in security and AI and natural language processing and all these other areas. But the platform is a recognition that we're not going to do everything for everybody anymore. There's just the democratization of technology means that there is so many sources of innovation. And so first and foremost, we have to land a platform so you can consume anything from anywhere. And then of course, we'll drive our own pace of innovation both in hardware and software around that platform. But we are just a player on that platform, which we're really instantiating for really anybody to be able to reach customers or customers to reach sources of innovation. >> I know sustainability is a passion of yours, that it's obviously a hot topic right now. Oftentimes I joke tongue in cheek, Milton Friedman's rolling over in his grave with all this ESG talk. And I know you just posted recently on LinkedIn. And of course I went right down to Kavanaugh because my premise is not only is sustainability the right thing to do, it's also good business. But I wonder if you could give us your perspectives on this. >> Yeah, well, so first off, I mean, as a large global citizen as IDM I think this is an important role that we play and look, this isn't new to IBM. We came out with our first statements around environment in 1970. We put out our first report that's become our environmental impact report in 1990. We've been talking about climate since the early two thousands. So we've been involved in this for a long, long time because I do think it's important broadly. But there's also a specific role I think IBM can play beyond just our own individual actions to reduce our own footprint. Because of some of the extraordinary technologies that IBM has worked on in the years especially around semiconductors, we have just an amazing amount of technology, expertise, intellectual property around material science. And so just a couple of examples of those that relate to the environment. We in doing some other work realized that we had a way to be able to recycle PET plastic, which is a real problem because so many clothes and other things are now made out of PET. And it's really hard to recycle but a by-product of other work we're doing realized we could do that. And so we've formed a JV and we're funding that to not profit from it but to make sure that much more of the world's PET is recycled. Or the work that we're doing on batteries, where using ocean water instead of rare earth minerals to make batteries that not only are cleaner but last longer. Those are kind of byproducts of our kind of core business. The areas that we can see the benefits of innovation and material science being able to impact the world. I am hopeful that we'll be able to play a role with all of that in clear air carbon capture. I mean, that's still far further away but I do think IBM has a unique role that we can play because of our deep expertise in, again, material science, quantum computing, and modeling that put us in a unique position to have a major impact on the world. >> I wonder if we could talk a little bit about sort of IBM and its technology bets. And I've made the point a number of times in my writing that IBM's R and D spend has been about pretty constant, about $6 billion a year. But as IBM is jettison certain businesses got out of the x86 server business and it got out of the Foundry business with micro electronics. Now it's spinning out NewCo. What happens, the effect is that R and D as a percent of revenue goes way, way up. And my premise has always been that allows IBM to be more focused. So whether it's hybrid cloud, AI, quantum, Edge where are you placing your technology bets and maybe give us a sense of how you ranked them, some of your favorites. >> Yeah, so, look, that's exactly right. I mean, we are one of the few places that still invest a massive amount in R and D, especially in fundamental research. And so I'll kind of break down kind of the core areas. So first off, what I'd say is part of the hybrid cloud platform is recognizing we don't need to do everything for everyone. There is great open source technology. There are great other vendors that are doing things that we can enable our customers to access via the platform. So we're not trying to do everything for everybody in the way maybe 40 years ago we did. Because we understand there's so much great other technology out there that we're going to make sure that we expose. So we're investing in areas where we think we can uniquely add value that need to happen that others aren't doing. So AI, let me take that as an example. There's tremendous work happening in machine learning that we see every day because of Facebook and people trying to identify cats. And so I don't mean to trivialize it, there's a phenomenal work happening there. There's a lot less work being done on in AI on things where you have a lot less data. Or areas where you need explainable unbiased AI and the problem with machine learning engines is they're not auditable by definition. That's kind of a black box. And so we do a lot of work in areas like that. We do a lot of work in natural language processing. So we've had more of a as a kind of publicity kind of push the technology something called Project Debater. Where Watson can debate kind of champion debaters. That was mainly to make sure we can understand language in context, which allows for being able to better handle call centers in areas like that. Allows us to understand source code, which also is thinking about how you migrate applications from on-premise to the cloud. So we have a bunch of AI things that we are doing and is a core focus of what we're doing. But specifically we're investing in areas like anti-biased auditability, natural language processing, areas where others aren't. Which is unique and we can bring those capabilities together with what others are doing. Security, obviously, a huge, huge area where we've invested in quantum safe encryption. We've invested in confidential computing. In other words, even in compute mode your data is encrypted. So you can keep your own keys, so not even we on our cloud can see your data. So a lot of investments happening around security and that's going to continue to be an area as we know that's going to get more and more and more scrutiny. So heavy, heavy focus there. Heavily focused on technologies that help you kind of modernize your infrastructure. So automation tools, integration tools and areas around that. So on the software side, those are kind of the main areas. When you look on the hardware side, obviously quantum is a significant area where we have a leadership position we continue to drive. But even semiconductor research in kind of process technology. So we announced something with Intel to work with them to bring some of our process technologies. As we kind of go from 7 nanometers to 5 to 2 to ultimately 1. That set of technologies is an area where we have a real leadership position and we'll continue to work with now Intel. We continue to work with others to drive that forward. So whole bunch of areas both on the hardware and the software side that we continue to make progress on. >> Yeah, the Silicon piece is interesting. And when we saw that Arvin as part of the Intel announcements that we thought originally, oh, maybe it's just about quantum but it's really much more than that. You mentioned the process. We dug into it and we realized, wow, we said Power10 actually has the highest performance. And because of the way in which you are not to geek out but you're you dis-aggregate memory. And Pat Gelsinger talked about system on a package. It turns out folks that IBM is actually the leader in that type of capability. And also the way that systems on chips use memory is very inefficient but IBM has actually invented some techniques to make that much more efficient. That's sort of the future of semiconductors. And the reason why we spend so much time thinking about it is because it's of national interest. There's a huge chip shortage, which doesn't look like it's going away anytime soon. So that's a critical part of national competitiveness and technology competitiveness going forward. >> Well, and the other interesting part about that, and you talked about Power10, going back to the hybrid cloud platform that we talked about. It's not just about running applications across wherever you want to run them. It also abstracts the chip architecture. So all of a sudden whether it's on the mainframe, it's on power, it's on ARM, it's on x86 and a whole bunch of other technologies that might get developed. We're making it much easier to kind of consume that specialization or variety at the hardware level. Recognize as Moore's law runs its course there's no longer this inevitability of everything's just going to go to x86. I think we are going to see more variety because we're going to have needs in the factory floor or in the automobile or with massive container as applications. Where you're going to need, whether it's kind of shared memory or different architectures all the way out to kind of low battery consumption. And that whole kind of breadth and our hybrid cloud platform enables that variability. And then IBM obviously has great technology to enable kind of building unique capability in hardware. So we kind of play on both sides of it, both kind of developing great technologies but then making it really easy for developers to consume and use those specialized features. >> I'm glad you brought that up, Jim. We mentioned Moore's law because we're all talking about how Moore's law is waning and it's quote, unquote dead. But the reality is, is the outcome of Moore's law which is the doubling of performance every two years is actually accelerating because of the common actuarial factors of CPU's and GPU's and NPUs and accelerators and DSPs. If you add all those up and actually, we're actually quadrupling every two years. So we have more processing power at much lower costs because of the volumes that you're seeing on things like ARM. So it's actually a very exciting time. We're entering an era that really, it's hard to get your mind around sometimes. So my question is how should we think about the future state of IBM? What does that look like? >> Well, so first off, the thing that I've found extraordinary about IBM kind of having been there now just a little over a year as an employee, a couple of years, I guess, when Red Hat was acquired. Is it is unique in fundamentally changing, again, who we are to kind of meet the needs going forward. And if you think about the needs in technology, recognize it was only like 20 years ago that Nicholas Carr wrote his famous article, IT Doesn't Matter, it's about back office. And in that world, IBM was really, really effective at building and running IT systems for our clients. We would come in, we would just kind of do everything for them. Today, technology is the forefront of developing or building competitive advantage for almost any business. And so nobody wants to kind of hand the keys, so we no longer are necessarily doing things for our clients. We're doing things with our clients. So there's a whole set of work, and we talked about how we engage with our clients, how we're much more collaborative and co-creative and our whole garage model to help build the capability to innovate with our clients is a key part of what we're doing. We'll continue to drive core technologies forward like quantum in key areas that require billions of dollars of research that frankly no one else is willing to do. And then we bring it all together with this hybrid cloud platform where we recognize it's no longer about us doing it all for you anymore. We're going to do the things where we can uniquely add value but then provide it all on a platform which allows you to consume from wherever, however you want to in a safe, secure, reliable way. So as we watch this next generation of computing unfold, cloud shouldn't end up being a bunch of vertical stove pipes. It truly needs to be kind of a horizontal platform that allows you to run any application anywhere in a safe, secure, reliable way and our architecture helps do that. So it's no longer able to do everything for you. It's we can do things uniquely on a platform and work with you to be able to help you kind of create your own pace of innovation, your own sources of advantage. And so that's the broad kind of direction that we're going, again, as enterprises move from consuming technology to be more efficient, to driving advantage with it. They need partners who understand that focused on their success and can innovate with them. And that's really where we're going with our technology, with our services capability and kind of our approach to how we work with our clients. >> Yeah, Jim, you just laid out the Holy grail of computing in the coming decade and with IBM's acquisition of Red Hat. And it really enables that vision and clearly the company is one of the top few that are in a position to do that. Jim Whitehurst, thanks so much for coming back on theCUBE. Really appreciate your time. >> Thanks for having me, it's great to chat. >> All right and thank you for watching. Keep it right there for more content of theCUBE's coverage of IBM Think 2021, the virtual edition, be right back. (gentle music)

(upbeat music) >> Welcome to this CUBE conversation. I am Lisa Martin, excited to welcome back one of our distinguished alumni, Derek Manky joins me next. Chief security Insights and Global Threat Alliances at Fortinet's FortiGuard Labs. Derek, welcome back to the program. >> Yes, it's great to be here and great to see you again, Lisa. Thanks for having me. >> Likewise, yeah, so a lot has happened. I know we've seen you during this virtual world, but so much has happened with ransomware in the last year. It's unbelievable, we had this dramatic shift to a distributed workforce, you had personal devices on in network perimeters and non-trusted devices or trusted devices on home networks and lots of change there. Talk to me about some of the things that you and FortiGuard Labs have seen with respect to the evolution of ransomware. >> Yeah, sure, so it's becoming worse, no doubt. We highlighted this in our Threat Landscape Report. If we just take a step back looking at ransomware itself, it actually started in the late 1980s. And it didn't, that was very, they relied on snail mail. It was obviously there was no market for it at the time. It was just a proof of concept, a failed experiment if you will. But it really started getting hot a decade ago, 10 years ago but the technology back then wasn't the cryptography they're using, the technique wasn't as strong as easily reversed. And so they didn't really get to a lot of revenue or business from the cyber criminal perspective. That is absolutely not the case today. Now they have very smart cryptography they're experts when say they, the cyber criminals at their game. They know there's a lot of the attack surfaces growing. There's a lot of vulnerable people out there. There's a lot of vulnerable devices. And this is what we saw in our threat landscape group. What we saw at seven times increase in ransomware activity in the second half of 2020. And that momentum is continuing in 2021. It's being fueled by what you just talked about. By the work from anywhere, work from home environment a lot of vulnerable devices unpatched. And these are the vehicles that the ransomware is the payload of course, that's the way that they're monetizing this. But the reality is that the attack surface has expanded, there's more vulnerable people and cyber criminals are absolutely capitalizing on that. >> Right, we've even seen cyber criminals capitalizing on the pandemic fears with things that were around the World Health Organization or COVID-19 or going after healthcare. Did you see an uptick in healthcare threats and activities as well in the last year? >> Yeah, definitely, so I would start to say that first of all, the... Nobody is immune when it comes to ransomware. This is such again, a hot target or a technique that the cybercriminals are using. So when we look at the verticals, absolutely healthcare is in the top five that we've seen, but the key difference is there's two houses here, right? You have what we call the broad blanketed ransomware attacks. So these aren't going after any particular vertical. They're really just trying to spray as much as they can through phishing campaigns, not through... there's a lot of web traffic out there. We see a lot of things that are used to open playing on that COVID-19 theme we got, right? Emails from HR or taxes and scams. It's all related to ransomware because these are how they're trying to get the masses to open that up, pay some data sorry, pay some cryptocurrency to get access to their data back. Oftentimes they're being held for extortions. They may have photos or video or audio captures. So it's a lot of fear they're trying to steal these people but probably the more concern is just what you talked about, healthcare, operational technology. These are large business revenue streams. These are take cases of targeted ransoms which is much different because instead of a big volumetric attack, these are premeditated. They're going after with specific targets in mind specific social engineering rules. And they know that they're hitting the corporate assets or in the case of healthcare critical systems where it hurts they know that there's high stakes and so they're demanding high returns in terms of ransoms as well. >> With respect to the broad ransomware attacks versus targeted a couple of questions to kind of dissect that. Are the targeted attacks, are they in like behind the network firewall longer and faster, longer and getting more information? Are they demanding higher ransom versus the broader attacks? What's what are some of the distinctions there besides what you mentioned? >> Yeah, absolutely so the targeted texts are more about execution, right? So if we look at the attack chain and they're doing more in terms of reconnaissance, they're spending more cycles and investment really on their end in terms of weaponization, how they can actually get into the system, how they can remain undetected, collecting and gathering information. What we're seeing with groups like Ragnar Locker as an example, they're going in and they're collecting in some cases, terabytes of information, a lot, they're going after definitely intellectual property, things like source code, also PII for customers as an example, and they're holding them. They have a whole business strategy and plan in mind on their place, right? They hold them for ransom. They're often, it's essentially a denial of service in some cases of taking a revenue stream or applications offline so a business can't function. And then what they're doing is that they're actually setting up crime services on their end. They, a lot of the the newest ransom notes that we're seeing in these targeted attacks are setting up channels to what they call a live chat support channel that the victim would log into and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. And they're trying to have in their point of view they're trying frame this as a good thing and say, we're going to show you that our technology works. We can decrypt some of the files on your system as an example just to prove that we are who we say we are but then they go on to say, instead of $10 million, we can negotiate down to 6 million, this is a good deal, you're getting 30% off or whatever it is but the fact is that they know by the time they've gotten to this they've done all their homework before that, right? They've done the targets, they've done all the things that they can to know that they have the organization in their grasp, right? >> One of the things that you mentioned just something I never thought about as ransomware as a business, the sophistication level is just growing and growing and growing and growing. And of course, even other bad actors, they have access to all the emerging technologies that the good guys do. But talk to me about this business of ransomware because that's what it seems like it really has become. >> Absolutely, it is massively sad. If you look at the cybercrime ecosystem like the way that they're actually pulling this off it's not just one individual or one cyber crime ring that, let's say five to 10 people that are trying to orchestrate this. These are big rings, we actually work closely as an example to, we're doing everything from the FortiGuard Labs with following the latest ransomware trends doing the protection and mitigation but also working to find out who these people are, what are their tactics and really attribute it and paint a picture of these organizations. And they're big, we worked on some cases where there's over 50 people just in one ransomware gang. One of the cases we worked on, they were making over $60 million US in three months, as an example. And in some cases, keep in mind one of these targeted attacks like in terms of ransom demands and the targeted cases they can be an excess of $10 million just for one ransom attack. And like I said, we're seeing a seven times increase in the amount of attack activity. And what they're doing in terms of the business is they've set up affiliate marketing. Essentially, they have affiliates in the middle that will actually distribute the ransomware. So they're basically outsourcing this to other individuals. If they hit people with their ransomware and the people pay then the affiliate in the middle will actually get a commission cut of that, very high, typically 40 to 50%. And that's really what's making this lucrative business model too. >> Wow, My jaw is dropping just the sophistication but also the different levels to which they've put a business together. And unfortunately, for every industry it sounds very lucrative, so how then Derek do organizations protect themselves against this, especially knowing that a lot of this work from home stuff is going to persist. Some people want to stay home, what not. The proliferation of devices is only going to continue. So what are organizations start and how can you guys help? >> Start with the people, so we'll talk about three things, people, technology and processes. The people, unfortunately, this is not just about ransomware but definitely applies to ransomware but any attack, humans are still often the weakest link in terms of education, right? A lot of these ransomware campaigns will be going after people using nowadays seems like tax themes purporting to be from the IRS as an example or human resources departments or governments and health authorities, vaccination scams all these things, right? But what they're trying to do is to get people to click on that link, still to open up a malicious attachment that will then infect them with the ransomware. This of course, if an employee is up to date and hones their skills so that they know basically a zero trust mentality is what I like to talk about. You wouldn't just invite a stranger into your house to open a package that you didn't order but people are doing this a lot of the times with email. So really starting with the people first is important. There's a lot of free training information and security. There is awareness training, we offer that at Fortinet. There's even advanced training we do through our NSC program as an example. But then on top of that there's things like phishing tests that you can do regularly, penetration testing as well, exercises like that are very important because that is really the first line of defense. Moving past that you want to get into the technology piece. And of course, there's a whole, this is a security fabric. There's a whole array of solutions. Like I said, everything needs to be integrated. So we have an EDR and XDR as an example sitting on the end point, cause oftentimes they still need to get that ransomware payload to run on the end point. So having a technology like EDR goes a long way to be able to detect the threat, quarantine and block it. There's also of course a multi-factor authentication when it comes to identifying who's connecting to these environments. Patch management, we talk about all the time. That's part of the technology piece. The reality is that we highlight in the threat landscape report the software vulnerabilities that these rats more gangs are going after are two to three years old. They're not breaking within the last month they're two to three years old. So it's still about the patch management cycle, having that holistic integrated security architecture and the fabric is really important. NAC network access control is zero trust, network access is really important as well. One of the biggest culprits we're seeing with these ransom attacks is using IOT devices as launchpads as an example into networks 'cause they're in these work from home environments and there's a lot of unsecured or uninspected devices sitting on those networks. Finally process, right? So it's always good to have it all in your defense plan training and education, technology for mitigation but then also thinking about the what if scenario, right? So incident response planning, what do we do if we get hit? Of course we never recommend to pay the ransom. So it's good to have a plan in place. It's good to identify what your corporate assets are and the likely targets that cyber-criminals are going to go after and make sure that you have rigid security controls and threat intelligence like FortiGuard Labs applied to that. >> Yeah, you talk about the weakest link they are people I know you and I talked about that on numerous segments. It's one of the biggest challenges but I've seen some people that are really experts in security read a phishing email and almost fall for it. Like it looked so legitimately from like their bank for example. So in that case, what are some of the things that businesses can do when it looks so legitimate that it probably is going to have a unfortunately a good conversion rate? >> Yeah, so this is what I was talking about earlier that these targeted attacks especially when it comes to spear, when it comes to the reconnaissance they got so clever, it can be can so realistic. That's the, it becomes a very effective weapon. That's why the sophistication and the risk is rising like I said but that's why you want to have this multilayered approach, right? So if that first line of defense does yield, if they do click on the link, if they do try to open the malicious attachment, first of all again through the next generation firewall Sandboxing solutions like that, this technology is capable of inspecting that, acting like is this, we even have a FortiAI as an example, artificial intelligence, machine learning that can actually scan this events and know is this actually an attack? So that element goes a long way to actually scrub it like content CDR as well, content disarm as an example this is a way to actually scrub that content. So it doesn't actually run it in the first place but if it does run again, this is where EDR comes in like I said, at the end of the day they're also trying to get information out of the network. So having things like a Platinum Protection through the next generation firewall like with FortiGuard security subscription services is really important too. So it's all about that layered approach. You don't want just one single point of failure. You really want it, this is what we call the attack chain and the kill chain. There's no magic bullet when it comes to attackers moving, they have to go through a lot of phases to reach their end game. So having that layer of defense approach and blocking it at any one of those phases. So even if that human does click on it you're still mitigating the attack and protecting the damage. Keep in mind a lot of damages in some cases kind of a million dollars plus. >> Right, is that the average ransom, 10 million US dollars. >> So the average cost of data breaches that we're seeing which are often related to ransom attacks is close to that in the US, I believe it's around just under $9 million about 8.7 million, just for one data breach. And often those data breaches now, again what's happening is that the data it's not just about encrypting the data, getting access because a lot of organizations part of the technology piece and the process that we recommend is backups as well of data. I would say, organizations are getting better at that now but it's one thing to back up your data. But if that data is breached again, cybercriminals are now moving to this model of extorting that saying, unless you pay us this money we're going to go out and make this public. We're going to put it on paste and we're going to sell it to nefarious people on the dark web as well. >> One more thing I want to ask you in terms of proliferation we talked about the distributed workforce but one of the things, and here we are using Zoom to talk to each other, instead of getting to sit together in person we saw this massive proliferation in collaboration tools to keep people connected, families businesses. I talked a bit a lot of businesses who initially will say, oh we're using Microsoft 365 and they're protecting the data while they're not or Salesforce or Slack. And that shared responsibility model is something that I've been hearing a lot more about lately that businesses needing to recognize for those cloud applications that we're using and in which there's a lot of data traversing it could include PII or IP. We're responsible for that as the customer to protect our data, the vendor's responsible for protecting the integrity of the infrastructure. Share it with us a little bit about that in terms of your thoughts on like data protection and backup for those SaaS applications. >> Yeah, great question, great question tough one. It is so, I mean ultimately everybody has to have, I believe it has to have their position in this. It's not, it is a collaborative environment. Everyone has to be a stakeholder in this even down to the end users, the employees being educated and up-to-date as an example, the IT departments and security operation centers of vendors being able to do all the threat intelligence and scrubbing. But then when you extend that to the public cloud what is the cloud security stack look at, right? How integrated is that? Are there scrubbing and protection controls sitting on the cloud environments? What data is being sent to that, should it be cited center as an example? what's the retention period? How long does the data live on there? It's the same thing as when you go out and you buy one of these IOT devices as an example from say, a big box store and you go and just plug it into your network. It's the same questions we should be asking, right? What's the security like on this device model? Who's making it, what data is it going to ask for me? The same thing when you're installing an application on your mobile phone, this is what I mean about that zero trust environment. It should be earned trust. So it's a big thing, right? To be able to ask those questions and then only do it on a sort of need to know and medium basis. The good news is that a lot of CloudStack now and environments are integrating security controls. We integrated quite well with Fortinet as an example but this is an issue of supply chain. It's really important to know what lives upstream and how they're handling the data and how they're protecting it absolutely. >> Such interesting information and it's a topic ransomware that we could continue talking about, Derek, thank you for joining me on the program today updating us on what's going on, how it's evolving and ultimately what organizations in any industry need to do with protecting people and technology and processes to really start reducing their risks. I thank you so much for joining me today. >> All right it's a pleasure, thank you. >> Likewise Derek Manky I'm Lisa Martin. You're watching this CUBE conversation. (upbeat music)

(upbeat music) >> Welcome to this CUBE conversation. I am Lisa Martin, excited to welcome back one of our distinguished alumni, Derek Manky joins me next. Chief security Insights and Global Threat Alliances at Fortinet's FortiGuard Labs. Derek, welcome back to the program. >> Yes, it's great to be here and great to see you again, Lisa. Thanks for having me. >> Likewise, yeah, so a lot has happened. I know we've seen you during this virtual world, but so much has happened with ransomware in the last year. It's unbelievable, we had about 14 months ago, this dramatic shift to a distributed workforce, you had personal devices on in network perimeters and non-trusted devices or trusted devices on home networks and lots of change there. Talk to me about some of the things that you and FortiGuard Labs have seen with respect to the evolution of ransomware. >> Yeah, sure, so it's becoming worse, no doubt. We highlighted this in our Threat Landscape Report. If we just take a step back looking at ransomware itself, it actually started in the late 1980s. And it didn't, that was very, they relied on snail mail. It was obviously there was no market for it at the time. It was just a proof of concept, a failed experiment if you will. But it really started getting hot a decade ago, 10 years ago but the technology back then wasn't the cryptography they're using, the technique wasn't as strong as easily reversed. And so they didn't really get to a lot of revenue or business from the cyber criminal perspective. That is absolutely not the case today. Now they have very smart cryptography they're experts when say they, the cyber criminals at their game. They know there's a lot of the attack surfaces growing. There's a lot of vulnerable people out there. There's a lot of vulnerable devices. And this is what we saw in our threat landscape group. What we saw at seven times increase in ransomware activity in the second half of 2020. And that momentum is continuing in 2021. It's being fueled by what you just talked about. By the work from anywhere, work from home environment a lot of vulnerable devices unpatched. And these are the vehicles that the ransomware is the payload of course, that's the way that they're monetizing this. But the reality is that the attack surface has expanded, there's more vulnerable people and cyber criminals are absolutely capitalizing on that. >> Right, we've even seen cyber criminals capitalizing on the pandemic fears with things that were around the World Health Organization or COVID-19 or going after healthcare. Did you see an uptick in healthcare threats and activities as well in the last year? >> Yeah, definitely, so I would start to say that first of all, the... Nobody is immune when it comes to ransomware. This is such again, a hot target or a technique that the cybercriminals are using. So when we look at the verticals, absolutely healthcare is in the top five that we've seen, but the key difference is there's two houses here, right? You have what we call the broad blanketed ransomware attacks. So these aren't going after any particular vertical. They're really just trying to spray as much as they can through phishing campaigns, not through... there's a lot of web traffic out there. We see a lot of things that are used to open playing on that COVID-19 theme we got, right? Emails from HR or taxes and scams. It's all related to ransomware because these are how they're trying to get the masses to open that up, pay some data sorry, pay some cryptocurrency to get access to their data back. Oftentimes they're being held for extortions. They may have photos or video or audio captures. So it's a lot of fear they're trying to steal these people but probably the more concern is just what you talked about, healthcare, operational technology. These are large business revenue streams. These are take cases of targeted ransoms which is much different because instead of a big volumetric attack, these are premeditated. They're going after with specific targets in mind specific social engineering rules. And they know that they're hitting the corporate assets or in the case of healthcare critical systems where it hurts they know that there's high stakes and so they're demanding high returns in terms of ransoms as well. >> With respect to the broad ransomware attacks versus targeted a couple of questions to kind of dissect that. Are the targeted attacks, are they in like behind the network firewall longer and faster, longer and getting more information? Are they demanding higher ransom versus the broader attacks? What's what are some of the distinctions there besides what you mentioned? >> Yeah, absolutely so the targeted texts are more about execution, right? So if we look at the attack chain and they're doing more in terms of reconnaissance, they're spending more cycles and investment really on their end in terms of weaponization, how they can actually get into the system, how they can remain undetected, collecting and gathering information. What we're seeing with groups like Ragnar Locker as an example, they're going in and they're collecting in some cases, terabytes of information, a lot, they're going after definitely intellectual property, things like source code, also PII for customers as an example, and they're holding them. They have a whole business strategy and plan in mind on their place, right? They hold them for ransom. They're often, it's essentially a denial of service in some cases of taking a revenue stream or applications offline so a business can't function. And then what they're doing is that they're actually setting up crime services on their end. They, a lot of the the newest ransom notes that we're seeing in these targeted attacks are setting up channels to what they call a live chat support channel that the victim would log into and actually talk directly live to the cybercriminal or one of their associates to be able to negotiate the ransom. And they're trying to have in their point of view they're trying frame this as a good thing and say, we're going to show you that our technology works. We can decrypt some of the files on your system as an example just to prove that we are who we say we are but then they go on to say, instead of $10 million, we can negotiate down to 6 million, this is a good deal, you're getting 30% off or whatever it is but the fact is that they know by the time they've gotten to this they've done all their homework before that, right? They've done the targets, they've done all the things that they can to know that they have the organization in their grasp, right? >> One of the things that you mentioned just something I never thought about as ransomware as a business, the sophistication level is just growing and growing and growing and growing. And of course, even other bad actors, they have access to all the emerging technologies that the good guys do. But talk to me about this business of ransomware because that's what it seems like it really has become. >> Absolutely, it is massively sad. If you look at the cybercrime ecosystem like the way that they're actually pulling this off it's not just one individual or one cyber crime ring that, let's say five to 10 people that are trying to orchestrate this. These are big rings, we actually work closely as an example to, we're doing everything from the FortiGuard Labs with following the latest around some of the trends doing the protection and mitigation but also working to find out who these people are, what are their tactics and really attribute it and paint a picture of these organizations. And they're big, we're working some cases where there's over 50 people just in one ransomware gang. One of the cases we worked on, they were making over $60 million US in three months, as an example. And in some cases, keep in mind one of these targeted attacks like in terms of ransom demands and the targeted cases they can be an excess of $10 million just for one ransom attack. And like I said, we're seeing a seven times increase in the amount of attack activity. And what they're doing in terms of the business is they've set up affiliate marketing. Essentially, they have affiliates in the middle that will actually distribute the ransomware. So they're basically outsourcing this to other individuals. If they hit people with their ransomware and the people pay then the affiliate in the middle will actually get a commission cut of that, very high, typically 40 to 50%. And that's really what's making this lucrative business model too. >> Wow, My jaw is dropping just the sophistication but also the different levels to which they've put a business together. And unfortunately, for every industry it sounds very lucrative, so how then Derek do organizations protect themselves against this, especially knowing that a lot of this work from home stuff is going to persist. Some people want to stay home, what not. The proliferation of devices is only going to continue. So what are organizations start and how can you guys help? >> Start with the people, so we'll talk about three things, people, technology and processes. The people, unfortunately, this is not just about ransomware but definitely applies to ransomware but any attack, humans are still often the weakest link in terms of education, right? A lot of these ransomware campaigns will be going after people using nowadays seems like tax themes purporting to be from the IRS as an example or human resources departments or governments and health authorities, vaccination scams all these things, right? But what they're trying to do is to get people to click on that link, still to open up a malicious attachment that will then infect them with the ransomware. This of course, if an employee is up to date and hones their skills so that they know basically a zero trust mentality is what I like to talk about. You wouldn't just invite a stranger into your house to open a package that you didn't order but people are doing this a lot of the times with email. So really starting with the people first is important. There's a lot of free training information and security. There is awareness training, we offer that at Fortinet. There's even advanced training we do through our NSC program as an example. But then on top of that there's things like phishing tests that you can do regularly, penetration testing as well, exercises like that are very important because that is really the first line of defense. Moving past that you want to get into the technology piece. And of course, there's a whole, this is a security fabric. There's a whole array of solutions. Like I said, everything needs to be integrated. So we have an EDR and XDR as an example sitting on the end point, cause oftentimes they still need to get that ransomware payload to run on the end point. So having a technology like EDR goes a long way to be able to detect the threat, quarantine and block it. There's also of course a multi-factor authentication when it comes to identifying who's connecting to these environments. Patch management, we talk about all the time. That's part of the technology piece. The reality is that we highlight in the threat landscape report the software vulnerabilities that these rats more gangs are going after are two to three years old. They're not breaking within the last month they're two to three years old. So it's still about the patch management cycle, having that holistic integrated security architecture and the fabric is really important. NAC network access control is zero trust, network access is really important as well. One of the biggest culprits we're seeing with these ransom attacks is using IOT devices as launchpads as an example into networks 'cause they're in these work from home environments and there's a lot of unsecured or uninspected devices sitting on those networks. Finally process, right? So it's always good to have it all in your defense plan training and education, technology for mitigation but then also thinking about the what if scenario, right? So incident response planning, what do we do if we get hit? Of course we never recommend to pay the ransom. So it's good to have a plan in place. It's good to identify what your corporate assets are and the likely targets that cyber-criminals are going to go after and make sure that you have rigid security controls and threat intelligence like FortiGuard Labs applied to that. >> Yeah, you talk about the weakest link they are people I know you and I talked about that on numerous segments. It's one of the biggest challenges but I've seen some people that are really experts in security read a phishing email and almost fall for it. Like it looked so legitimately from like their bank for example. So in that case, what are some of the things that businesses can do when it looks so legitimate that it probably is going to have a unfortunately a good conversion rate? >> Yeah, so this is what I was talking about earlier that these targeted attacks especially when it comes to spear, when it comes to the reconnaissance they got so clever, it can be can so realistic. That's the, it becomes a very effective weapon. That's why the sophistication and the risk is rising like I said but that's why you want to have this multilayered approach, right? So if that first line of defense does yield, if they do click on the link, if they do try to open the malicious attachment, first of all again through the next generation firewall Sandboxing solutions like that, this technology is capable of inspecting that, acting like is this, we even have a FortiAI as an example, artificial intelligence, machine learning that can actually scan this events and know is this actually an attack? So that element goes a long way to actually scrub it like content CDR as well, content disarm as an example this is a way to actually scrub that content. So it doesn't actually run it in the first place but if it does run again, this is where EDR comes in like I said, at the end of the day they're also trying to get information out of the network. So having things like a Platinum Protection through the next generation firewall like with FortiGuard security subscription services is really important too. So it's all about that layered approach. You don't want just one single point of failure. You really want it, this is what we call the attack chain and the kill chain. There's no magic bullet when it comes to attackers moving, they have to go through a lot of phases to reach their end game. So having that layer of defense approach and blocking it at any one of those phases. So even if that human does click on it you're still mitigating the attack and protecting the damage. Keep in mind a lot of damages in some cases kind of a million dollars plus. >> Right, is that the average ransom, 10 million US dollars. >> So the average cost of data breaches ever seen which are often related to ransom attacks is close to that in the US, I believe it's around just under $9 million about 8.7 million, just for one data breach. And often those data breaches now, again what's happening is that the data it's not just about encrypting the data, getting access because a lot of organizations part of the technology piece and the process that we recommend is backups as well of data. I would say, organizations are getting better at that now but it's one thing to back up your data. But if that data is breached again, cybercriminals are now moving to this model of extorting that saying, unless you pay us this money we're going to go out and make this public. We're going to put it on piece and we're going to sell it to nefarious people on the dark web as well. >> One more thing I want to ask you in terms of proliferation we talked about the distributed workforce but one of the things, and here we are using Zoom to talk to each other, instead of getting to sit together in person we saw this massive proliferation in collaboration tools to keep people connected, families businesses. I talked a bit a lot of businesses who initially will say, oh we're using Microsoft 365 and they're protecting the data while they're not or Salesforce or Slack. And that shared responsibility model is something that I've been hearing a lot more about lately that businesses needing to recognize for those cloud applications that we're using and in which there's a lot of data traversing it could include PII or IP. We're responsible for that as the customer to protect our data, the vendor's responsible for protecting the integrity of the infrastructure. Share it with us a little bit about that in terms of your thoughts on like data protection and backup for those SaaS applications. >> Yeah, great question, great question tough one. It is so, I mean ultimately everybody has to have, I believe it has to have their position in this. It's not, it is a collaborative environment. Everyone has to be a stakeholder in this even down to the end users, the employees being educated and up-to-date as an example, the IT departments and security operation centers of vendors being able to do all the threat intelligence and scrubbing. But then when you extend that to the public cloud what is the cloud security stack look at, right? How integrated is that? Are there scrubbing and protection controls sitting on the cloud environments? What data is being sent to that, should it be cited center as an example? what's the retention period? How long does the data live on there? It's the same thing as when you go out and you buy one of these IOT devices as an example from say, a big box store and you go and just plug it into your network. It's the same questions we should be asking, right? What's the security like on this device model? Who's making it, what data is it going to ask for me? The same thing when you're installing an application on your mobile phone, this is what I mean about that zero trust environment. It should be earned trust. So it's a big thing, right? To be able to ask those questions and then only do it on a sort of need to know and medium basis. The good news is that a lot of CloudStack now and environments are integrating security controls. We integrated quite well with Fortinet as an example but this is an issue of supply chain. It's really important to know what lives upstream and how they're handling the data and how they're protecting it absolutely. >> Such interesting information and it's a topic ransomware that we could continue talking about, Derek, thank you for joining me on the program today updating us on what's going on, how it's evolving and ultimately what organizations in any industry need to do with protecting people and technology and processes to really start reducing their risks. I thank you so much for joining me today. >> All right it's a pleasure, thank you. >> Likewise Derek Manky I'm Lisa Martin. You're watching this CUBE conversation. (upbeat music)

(bright music) >> From around the globe, it's theCUBE with digital coverage of IBM Think 2021 brought to you by IBM. >> Hello everybody, welcome back to IBM Think 2021, the virtual edition. My name is Dave Vellante and I'm pleased to welcome back a long time Cube alum, Jim Whitehurst, who's the president of IBM. And I'll call him chief cultural evangelist, welcome Jim. Great to see you again. >> Great to see you, Dave. Thanks so much for having me. >> Yeah, it's really our pleasure. And I want to start off, it's just over a year as president of IBM. And I wonder, you know, when you're a little kid or, you know, early in your career, computer science class, did you ever think you'd be president of a company that was founded in 1911? I mean, amazing. I wonder if you could share what's the most important thing you've learned in your first year? >> Well, look, I mean, as you said, I would've never thought it. Yeah, I was the first kid to have an IBM PC on the block and was always into technology but never saw myself as like, you know, running a big tech company. So it is humbling. I would say that there are tons of lessons in the first year. I guess the two that strike me most is one is just related to strategy and that's, you know, Red Hat and most technology companies, we're very customer focused. But it's around whatever technology we're bringing to market where IBM has fundamentally transitioned. And kind of transformed itself over time to make sure it can meet customer needs. So it's sold off businesses, it's bought other businesses, it's created new businesses. So it really shows the kind of the focus and value on serving our customers and doing whatever it takes to do it. And that's been a fundamental kind of different strategy than most companies have had. I think one of the reasons that we've been around for over a 100 years. The second is I'm deeply into culture and I've talked a lot about the difference of running Red Hat, it's all about innovation versus Delta Airlines where I was before, which is driving efficiency. IBM is both and so really trying to think through how you run an organization that needs to run the financial systems of the world, that extraordinary reliability and drive roadmaps on things like quantum computing. At the same time be able to innovate iteratively with our customers and in open source communities. And kind of getting that balance right as a leader. It's, you're kind of doing what we did at Red Hat and what we did at Delta but kind of doing it together. And I think that stretched me as a leader and kind of taught me a lot about how we're thinking about continuing to evolve the culture at IBM. >> Now, of course, you do this leadership series, you put out things out on LinkedIn and words matter. And that's what I take away from a lot of the little short hits that you do, which I really appreciate. My stuff that I put Jim on LinkedIn, it's just, you got to invest like 15, 20 minutes. So I really appreciate the short hits. But you do that regular series and I'm curious do you do that to reach more IBM people? Are you an open source culture? You're trying to help others. And I'm curious as to sort of why that platform as opposed to sending around an internal thing an IBM. And I'm wondering if your principles and how they've evolved kind of post pandemic. >> Well, so first off, maybe that comes from Red Hat but I think IBM shares that it's if you have something really, really valuable, you want to share it. And look, when I am out talking to our customers, CEOs and some of the biggest companies in the world, honestly we rarely talk about technology 'cause other people are more detailed or deep in that. We primarily do talk about culture. And how you think about again, how do you take an organization that's been built to drive efficiency and scale on a global basis and make it able to be more nimble and more innovative? And so, and obviously, hopefully that's all with IBM and Red Hat technologies. But ultimately most of my conversations at a senior leadership level are about culture and leadership style to drive that. And so if that's valuable for CEOs of some of the world's largest companies, it's valuable to leaders kind of across all spectrums, all sizes. And so I think LinkedIn is a good way to kind of take some of those messages and make sure we were able to share those much more broadly. So certainly I spend more time talking about it inside of IBM and I spend a lot of time with our clients talking about it. But I think many of the lessons are applicable more broadly. And so why not share them? And LinkedIn's a great platform to be able to do that. >> How about you, how have your principles, how have your principles sort of changed and how have they evolved post pandemic? >> Well, I think a couple things, so one is the pandemic kind of forces you to get more precise about it. And what I mean by that is so much of leadership is about building credibility and trust and influence. And when you're seeing someone in 3D live, visual cues can kind of mean a lot in the water cooler conversations. Or who you run into in the hall can all help kind of create that level of trust. But you can't do that in 2D. As great as Zoom and other platforms are, you just can't quite do it. And so you have to be much more thoughtful in how you're creating opportunities to kind of create trust. So I'd say I've gotten more surgical in thinking about kind of what those elements of leadership are that do that. I think the second thing I've really learned at IBM again is back to this. We have to be able to do both, drive a future state in a known world as well as, I call it seek a future state in an unknown world. So driving a roadmap for quantum computing takes a number of different technologies coming together in one year, in two years, in five years. And that really does have to be pre-planned, which is very very different, that I'll call the iterative innovation approach that we use at Red Hat and open source communities and working with our clients. And we have to do both. And so as a leader you really have to understand the problem you're trying to solve and apply slightly different kind of leadership tactics against that. So when you're executing a known versus you are trying to create something in an unknown, does require different approaches and we have to do both in IBM. And I think that's the struggle a lot of companies have, every company needs to do that. If you're Delta Airlines, you don't want anybody innovating on the safety procedures before your flight. Yet you want a lot of innovation happening on your website and your mobile app. So how do you bring those together? And as a leader you can have a common set of values, but recognize you have to bring different tools to the table, depending on the context in which you're leading. And so I learned a lot more and gotten a lot crisper with that since being at IBM. >> Interesting, I mean, the pandemic, we all know it's been terrible but one of the upshots has been we had a glimpse of the future sort of shoved into a forced march of digital in 2020. And so obviously the next 10 years ain't going to be like the last 10 years. And one of the things we've been talking about is ecosystems and partnerships and the power and leverage that you can get from those. And Arvin has said, laid it out, we are returning to growth company. And so I wonder if you could talk to how partnerships and ecosystems play into that return to growth for IBM. >> Well, first off a key part of our strategy we talk about hybrid cloud and AI. It's not just about, hey, a platform that runs across all the different deployment models is convenient. It's also because innovation is coming from so many sources today. It's coming from a by-product from the web 2.0 companies, it's coming from open source. It's coming from an explosion of startups because of the amount of capital in venture capital. It's coming from traditional software companies. It's coming from our clients who are participating in open source. And so you have so many sources of innovation. Much of what we're doing is landing a platform that allows you to consume innovation safely and reliably from wherever it's coming from. So a core part of a platform by definition is the ecosystem around it. Having a platform that runs everywhere is great but if you don't have any applications that run on it who cares. And so ecosystem and partners have always been important to IBM, but for this strategy of this horizontal platform oriented strategy, it is critical to our success because much of the platform is the ecosystem. And so we've already talked about investing a billion dollars in that ecosystem to get ISBS and other partners on our platform, again, to ultimately kind of create that kind of horizontal layer where I can run anything that I want to on it and I can run that anywhere I want to. And so the two sides of that so all the innovation happening on top and making sure it runs everywhere is what really unlocks the freedom of choice. That reduces friction to innovation, which allows everybody in the ecosystem from our clients to ISVs to hardware partners to innovate more quickly. And that's what we really see as the benefit of our platform. It's not a horizontal stove pipe, come innovate in this one place. It's recognizing innovation's happening in so many places. And the only way we're going to be able to allow people to ingest that is to have a horizontal platform that everyone's participating in. Which is why partners and ecosystem are so important, not only to the success of our platform, but to the, I'd say, as a success of this next generation of computing. These horizontal fabrics that require an ecosystem kind of built around them. >> I think that's an important nuance that maybe people don't understand that yes, you have a platform. Obviously, OpenShift is a linchpin but it's an enabler for people to build other platforms. It's not the be all, end all platform that's sort of ultimately becomes another Island. And so that is a key part of the growth strategy and presumably expand your total available market. >> Oh, absolutely and so this is the key is we can talk about great IBM technologies. We're doing amazing things in security and AI and natural language processing and all these other areas. But the platform is a recognition that we're not going to do everything for everybody anymore. There's just the democratization of technology means that there is so many sources of innovation. And so first and foremost, we have to land a platform so you can consume anything from anywhere. And then of course, we'll drive our own pace of innovation both in hardware and software around that platform. But we are just a player on that platform, which we're really instantiating for really anybody to be able to reach customers or customers to reach sources of innovation. >> I know sustainability is a passion of yours, that it's obviously a hot topic right now. Oftentimes I joke tongue in cheek, Milton Friedman's rolling over in his grave with all this ESG talk. And I know you just posted recently on LinkedIn. And of course I went right down to Kavanaugh because my premise is not only is sustainability the right thing to do, it's also good business. But I wonder if you could give us your perspectives on this. >> Yeah, well, so first off, I mean, as a large global citizen as IDM I think this is an important role that we play and look, this isn't new to IBM. We came out with our first statements around environment in 1970. We put out our first report that's become our environmental impact report in 1990. We've been talking about climate since the early two thousands. So we've been involved in this for a long, long time because I do think it's important broadly. But there's also a specific role I think IBM can play beyond just our own individual actions to reduce our own footprint. Because of some of the extraordinary technologies that IBM has worked on in the years especially around semiconductors, we have just an amazing amount of technology, expertise, intellectual property around material science. And so just a couple of examples of those that relate to the environment. We in doing some other work realized that we had a way to be able to recycle PET plastic, which is a real problem because so many clothes and other things are now made out of PET. And it's really hard to recycle but a by-product of other work we're doing realized we could do that. And so we've formed a JV and we're funding that to not profit from it but to make sure that much more of the world's PET is recycled. Or the work that we're doing on batteries, where using ocean water instead of rare earth minerals to make batteries that not only are cleaner but last longer. Those are kind of byproducts of our kind of core business. The areas that we can see the benefits of innovation and material science being able to impact the world. I am hopeful that we'll be able to play a role with all of that in clear air carbon capture. I mean, that's still far further away but I do think IBM has a unique role that we can play because of our deep expertise in, again, material science, quantum computing, and modeling that put us in a unique position to have a major impact on the world. >> I wonder if we could talk a little bit about sort of IBM and its technology bets. And I've made the point a number of times in my writing that IBM's R and D spend has been about pretty constant, about $6 billion a year. But as IBM is jettison certain businesses got out of the x86 server business and it got out of the Foundry business with micro electronics. Now it's spinning out NewCo. What happens, the effect is that R and D as a percent of revenue goes way, way up. And my premise has always been that allows IBM to be more focused. So whether it's hybrid cloud, AI, quantum, Edge where are you placing your technology bets and maybe give us a sense of how you ranked them, some of your favorites. >> Yeah, so, look, that's exactly right. I mean, we are one of the few places that still invest a massive amount in R and D, especially in fundamental research. And so I'll kind of break down kind of the core areas. So first off, what I'd say is part of the hybrid cloud platform is recognizing we don't need to do everything for everyone. There is great open source technology. There are great other vendors that are doing things that we can enable our customers to access via the platform. So we're not trying to do everything for everybody in the way maybe 40 years ago we did. Because we understand there's so much great other technology out there that we're going to make sure that we expose. So we're investing in areas where we think we can uniquely add value that need to happen that others aren't doing. So AI, let me take that as an example. There's tremendous work happening in machine learning that we see every day because of Facebook and people trying to identify cats. And so I don't mean to trivialize it, there's a phenomenal work happening there. There's a lot less work being done on in AI on things where you have a lot less data. Or areas where you need explainable unbiased AI and the problem with machine learning engines is they're not auditable by definition. That's kind of a black box. And so we do a lot of work in areas like that. We do a lot of work in natural language processing. So we've had more of a as a kind of publicity kind of push the technology something called Project Debater. Where Watson can debate kind of champion debaters. That was mainly to make sure we can understand language in context, which allows for being able to better handle call centers in areas like that. Allows us to understand source code, which also is thinking about how you migrate applications from on-premise to the cloud. So we have a bunch of AI things that we are doing and is a core focus of what we're doing. But in specifically we're investing in areas like anti-biased auditability, natural language processing, areas where others aren't. Which is unique and we can bring those capabilities together with what others are doing. Security, obviously, a huge, huge area where we've invested in quantum safe encryption. We've invested in confidential computing. In other words, even in compute mode your data is encrypted. So you can keep your own keys, so not even we on our cloud can see your data. So a lot of investments happening around security and that's going to continue to be an area as we know that's going to get more and more and more scrutiny. So heavy, heavy focus there. Heavily focused on technologies that help you kind of modernize your infrastructure. So automation tools, integration tools and areas around that. So on the software side, those are kind of the main areas. When you look on the hardware side, obviously quantum is a significant area where we have a leadership position we continue to drive. But even semiconductor research in kind of process technology. So we announced something with Intel to work with them to bring some of our process technologies. As we kind of go from 7 nanometers to 5 to 2 to ultimately 1. That set of technologies is an area where we have a real leadership position and we'll continue to work with now Intel. We continue to work with others to drive that forward. So whole bunch of areas both on the hardware and the software side that we continue to make progress on. >> Yeah, the Silicon piece is interesting. And when we saw that Arvin as part of the Intel announcements that we thought originally, oh, maybe it's just about quantum but it's really much more than that. You mentioned the process. We dug into it and we realized, wow, we said Power10 actually has the highest performance. And because of the way in which you are not to geek out but you're you dis-aggregate memory. And Pat Gelsinger talked about system on a package. It turns out folks that IBM is actually the leader in that type of capability. And also the way that systems on chips use memory is very inefficient but IBM has actually invented some techniques to make that much more efficient. That's sort of the future of semiconductors. And the reason why we spend so much time thinking about it is because it's of national interest. There's a huge chip shortage, which doesn't look like it's going away anytime soon. So that's a critical part of national competitiveness and technology competitiveness going forward. >> Well, and the other interesting part about that, and you talked about Power10, going back to the hybrid cloud platform that we talked about. It's not just about running applications across wherever you want to run them. It also abstracts the chip architecture. So all of a sudden whether it's on the mainframe, it's on power, it's on ARM, it's on x86 and a whole bunch of other technologies that might get developed. We're making it much easier to kind of consume that specialization or variety at the hardware level. Recognize as Moore's law runs its course there's no longer this inevitability of everything's just going to go to x86. I think we are going to see more variety because we're going to have needs in the factory floor or in the automobile or with massive container as applications. Where you're going to need, whether it's kind of shared memory or different architectures all the way out to kind of low battery consumption. And that whole kind of breadth and our hybrid cloud platform enables that variability. And then IBM obviously has great technology to enable kind of building unique capability in hardware. So we kind of play on both sides of it, both kind of developing great technologies but then making it really easy for developers to consume and use those specialized features. >> I'm glad you brought that up, Jim. We mentioned Moore's law because we're all talking about how Moore's law is waning and it's quote, unquote dead. But the reality is, is the outcome of Moore's law which is the doubling of performance every two years is actually accelerating because of the common actuarial factors of CPU's and GPU's and NPUs and accelerators and DSPs. If you add all those up and actually, we're actually quadrupling every two years. So we have more processing power at much lower costs because of the volumes that you're seeing on things like ARM. So it's actually a very exciting time. We're entering an era that really, it's hard to get your mind around sometimes. So my question is how should we think about the future state of IBM? What does that look like? >> Well, so first off, the thing that I've found extraordinary about IBM kind of having been there now just a little over a year as an employee, a couple of years, I guess, when Red Hat was acquired. Is it is unique in fundamentally changing, again, who we are to kind of meet the needs going forward. And if you think about the needs in technology, recognize it was only like 20 years ago that Nicholas Carr wrote his famous article, IT Doesn't Matter, it's about back office. And in that world, IBM was really, really effective at building and running IT systems for our clients. We would come in, we would just kind of do everything for them. Today, technology is the forefront of developing or building competitive advantage for almost any business. And so nobody wants to kind of hand the keys, so we no longer are necessarily doing things for our clients. We're doing things with our clients. So there's a whole set of work, and we talked about how we engage with our clients, how we're much more collaborative and co-creative and our whole garage model to help build the capability to innovate with our clients is a key part of what we're doing. We'll continue to drive core technologies forward like quantum in key areas that require billions of dollars of research that frankly no one else is willing to do. And then we bring it all together with this hybrid cloud platform where we recognize it's no longer about us doing it all for you anymore. We're going to do the things where we can uniquely add value but then provide it all on a platform which allows you to consume from wherever, however you want to in a safe, secure, reliable way. So as we watch this next generation of computing unfold, cloud shouldn't end up being a bunch of vertical stove pipes. It truly needs to be kind of a horizontal platform that allows you to run any application anywhere in a safe, secure, reliable way and our architecture helps do that. So it's no longer able to do everything for you. It's we can do things uniquely on a platform and work with you to be able to help you kind of create your own pace of innovation, your own sources of advantage. And so that's the broad kind of direction that we're going, again, as enterprises move from consuming technology to be more efficient, to driving advantage with it. They need partners who understand that focused on their success and can innovate with them. And that's really where we're going with our technology, with our services capability and kind of our approach to how we work with our clients. >> Yeah, Jim, you just laid out the Holy grail of computing in the coming decade and with IBM's acquisition of Red Hat. And it really enables that vision and clearly the company is one of the top few that are in a position to do that. Jim Whitehurst, thanks so much for coming back on theCUBE. Really appreciate your time. >> Thanks for having me, it's great to chat. >> All right and thank you for watching. Keep it right there for more content of theCUBE's coverage of IBM Think 2021, the virtual edition, be right back. (gentle music)

>> Narrator: From theCUBE studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is a CUBE Conversation. >> Hey, welcome back everybody Jeff Frick here with theCUBE. We're coming to you today from our Palo Alto studios with theCUBE conversation, talking about data, and we're excited to have our next guest. He's been on a number of times, many times, CUBE alum, really at the forefront of helping companies and customers be more data centric in their activities. So we'd like to welcome onto the show Satyen Sangani. He is the co founder and CEO of Alation. Satyen, great to see you. >> Great to see you, Jeff. It's good to see you again in this new world, a new format. >> It is a new world, a new format, and what's crazy is, in March and April we were talking about this light switch moment, and now we've just turned the calendar to October and it seems like we're going to be doing this thing for a little bit longer. So, it is kind of the new normal, and even I think when it's over, I don't think everything's going to go back to the way it was, so here we are, but you guys have some exciting news to announce, so let's just jump to the news and then we'll get into a little bit more of the nitty gritty. So what do you got coming out today, right? >> Yeah its so. >> What we are announcing today is basically Alation 2020, which is probably one of the biggest releases that I've been with, that we've had since I've been with the company. We with it are releasing three things. So in some sense, there's a lot of simplicity to the release. The first thing that we're releasing is a new experience around what we call the business user experience, which will bring in a whole new set of users into the catalog. The second thing that we're announcing is basically around Alation analytics and the third is around what we would describe as a cloud-native architecture. In total, it brings a fully transformative experience, basically lowering the total cost of getting to a data management experience, lower and data intelligent experience, much lower than previously had been the case. >> And you guys have a really simple mission, right? You're just trying to help your customers be more data, what's the right word? Data centric, use data more often and to help people actually make that decision. And you had an interesting quote in another interview, you talked about trying to be the Yelp for information which is such a nice kind of humanizing way to think about it because data isn't necessarily that way and I think, you mentioned before we turned on the cameras, that for a lot of people, maybe it's just easier to ignore the data. If I can just get the decision through, on a gut and intuition and get onto my next decision. >> Yeah, you know it's funny. I mean, we live in a time where people talk a lot about fake news and alternative facts and our vision is to empower a curious and rational world and I always smile when I say that a little bit, because it's such a crazy vision, right? Like how you get people to be curious and how do you get people to think rationally? But you know, to us, it's about one making the data really accessible, just allowing people to find the data they need when and as they want it. And the second is for people to be able to think scientifically, teaching people to take the facts at their disposal and interpret them correctly. And we think that if those two skills existed, just the ability to find information and interpret it correctly, people can make a lot better decisions. And so the Yelp analogy is a perfect one, because if you think about it, Yelp did that for local businesses, just like Amazon did it for really complicated products on the web and what we're trying to do at Alation is, in some sense very simple, which is to just take information and make it super usable for people who want to use it. >> Great, but I'm sure there's the critics out there, right? Who say, yeah, we've heard this before the promise of BI has been around forever and I think a lot of peoples think it just didn't work whether the data was too hard to get access to, whether it was too hard to manipulate, whether it was too hard to pull insights out, whether there's just too much scrubbing and manipulating. So, what is some of the secret sauce to take? What is a very complex world? And again and you got some very large customers with some giant data sets and to, I don't want to say humanize it, but kind of humanize it and make it easier, more accessible for that business analyst not just generally, but more specifically when I need it to make a decision. >> Yeah I mean, it's so funny because, making something, data is like a lot of software death by 1000 cuts. I mean you look at something from the outside and it looks really, really, really simple, but then you kind of dwell into any problem and that can be CRM something like Salesforce, or it can be something like service now with ITSM, but these are all really, really complicated spaces and getting into the depths and the detail of it is really hard. And data is really no different, like data is just the sort of exhaust from all of those different systems that exist inside of your company. So the detail around the data in your company is exhaustingly minute. And so, how do you make something like that simple? I think really the biggest challenge there is progressively revealing complexity, right? Giving people the right amount of information at the right amount of time. So, one of the really clever things that we do in this business user experience is we allow people to search for and receive the information that's most relevant to them. And we determined that relevance based upon the other people in the enterprise that happen to be using that data. And we know what other people are using in that company, because we look at the logs to understand which data sources are used most often, and which reports are used most often. So right after that, when you get something, you just see the name of the report and it could be around the revenues of a certain product line. But the first thing that you see is who else uses it. And that's something that people can identify with, you may not necessarily know what the algorithm was or what the formula might be, how the business glossary term relates to some data model or data artifact, but you know the person and if you know the person, then you can trust the information. And so, a lot of what we do is spend time on design to think about what is it that a person expects to see and how do they verify what's true. And that's what helps us really understand what to serve up to somebody so that they can navigate this really complicated, relevant data. >> That's awesome, cause there's really a signal to noise problem, right? And I think I've heard you speak before. >> Yeah >> And of course this is not new information, right? There's just so much data, right? The increasing proliferation of data. And it's not that there's that much more data, we're just capturing a lot more of it. So your signal to noise problem just gets worse and worse and worse. And so what you're talking about is really kind of helping filter that down to get through a lot of that, a lot of that noise, so that you can find the piece of information within the giant haystack. That is what you're looking for at this particular time in this particular moment. >> Yeah and it's a really tough problem. I mean, one of the things that, it's true that we've been talking about this problem for such a long time. And in some instance, if we're lucky, we're going to be talking about it for a lot longer because it used to be that the problem was, back when I was growing up, you were doing research on a topic and you'd go to the card catalog and you'd go to the Dewey decimal system. And in your elementary school or high school library, you might be lucky if you were to find, one, two or three books that map to the topic that you were looking for. Now, you go to Google and you find 10,000 books. Now you go inside of an enterprise and you find 4,000 relational database tables and 200 reports about an artifact that you happened to be looking for. And so really the problem is what do I trust? And what's correct and getting to that level of accuracy around information, if there's so much information out there is really the big problem of our time and I think, for me it's a real privilege to be able to work on it because I think if we can teach people to use information better and better then they can make better decisions and that can help the world in so many different. >> Right, right, my other favorite example that everybody knows is photographs, right? Back when you only got 24 and a roll and cost you six bucks to develop it. Those were pretty special and now you go buy a fancy camera. You can shoot 11, 11 frames a second. You go out and shoot the kids at the soccer game. You come home with 5,000 photos. How do you find the good photo? It's a real, >> Yeah. >> It's a real problem. If you've ever faced something like that, it's kind of a splash of water in the face. Like where do I even begin? But the other piece that you talk about a lot, which is slightly different but related is context, and in favorite concept, it's like 55, right? That's a number, but if you don't have any context for that number, is it a temperature? Is it cold inside the building? Is it a speed? Is it too slow on i5? Or is it fast because I'm on a bicycle going down a Hill and without context data is just, it's just a number. It doesn't mean anything. So you guys really by adding this metadata around the data are adding a lot more contextual information to help figure out kind of what that signal is from the noise. >> Yap, you'll get facts from anywhere, right? Like, you're going to have a Hitchcock, you've got a 55 or 42, and you can figure out like what the meaning of the universe is and apparently the answer is 42 and what does that mean? It might mean a million different things and that, to me, that context is the difference between, suspecting and knowing. And there's the difference between having confidence and basically guessing. And I think to the extent that we can provide more of that over time, that's, what's going to make us, an ever more valuable partner to the customers that we satisfy today. >> Right, well, I do know why 42 is always the answer 'cause that's Ronnie Lot and that's always the answer. So, that one I know that's an easy one. (both chuckles) But it is really interesting and then you guys just came out. I heard Aaron Kalb on, one of your co-founders the other day and we talked about this new report that you guys have sponsored the Data Culture Report and really, putting some granularity on a Data Culture Index and I thought it was pretty interesting and I'm excited that you guys are going to be doing this, longitudinally because whether you do or do not necessarily agree with the method, it does give you a number, It does give you a score, It's a relatively simple formula. And at least you can compare yourself over time to see how you're tracking. I wonder if you could share, I mean, the thing that jumps out right off the top of that report is something we were talking about before we turned the cameras on that, people's perception of where they are on this path doesn't necessarily map out when you go bottoms up and add the score versus top down when I'm just making an assessment. >> Yeah, it's funny, it's kind of the equivalent of everybody thinks they're an above average driver or everybody thinks they're above average in terms of obviously intelligence. And obviously that mathematically is not possible or true, but I think in the world of data management, we all talk about data, we all talk about how important it is to use data. And if you're a data management professional, you want people in your company to use more data. But ironically, the discipline of data management doesn't actually use a lot of data itself. It tends to be a very slow methodical process driven gut oriented process to develop things like, what data models exist and how do I use my infrastructure and where do I put my data and which data quality is best? Like all of those things tend to be, somewhat heuristic driven or gut driven and they don't have to be and a big part of our release actually is around this product called Alation Analytics. And what we do with that product is really quite interesting. We start measuring elements of how your organization uses data by team, by data source, by use case. And then we give you transparency into what's going on with the data inside of your landscape and eco-system. So you can start to actually score yourself both internally, but also as we reveal in our customer success methodology against other customers, to understand what it is that you're doing well and what it is that you're doing badly. And so you don't need necessarily to have a ton of guts instinct anymore. You can look at the data of yourselves and others to figure out where you need to improve. And so that's a pretty exciting thing and I think this notion that says, look, you think you're good, but are you really good? I mean, that's fundamental to improvement in business process and improvement in data management, improvement in data culture fundamentally for every company that we work with. >> Right, right and if you don't know, there's a problem, and if you're not measuring it, then there's no way to improve on it, right? Cause you can't, you don't know, what you're measuring is. >> Right. >> But I'm curious of the three buckets that you guys measured. So you measured data search and discovery was bucket number one, data literacy, you know what you do once you find it and then data governance in terms of managing. It feels like that the search and discovery, which is, it sounds like what you're primarily focused on is the biggest gap because you can't get to those other two buckets unless you can find and understand what you're looking for. So is that JIve or is that really not problem, is it more than manipulation of the data once you get it? >> Yeah, I mean we focus really. We focus on all three and I think that, certainly it's the case that it's a virtuous cycle. So if you think about kind of search and discovery of data, if you have very little context, then it's really hard to guide people to the right bit of information. But if I know for example that a certain data is used by a certain team and then a new member of that team comes on board. Then I can go ahead and serve them with exactly that bit of data, because I know that the human relationships are quite tight in the context graph on the back end. And so that comes from basically building more context over time. Now that context can come from a stewardship process implemented by a data governance framework. It can come from, building better data literacy through having more analytics. But however, that context is built and revealed, there tends to be a virtuous cycle, which is you get more, people searching for data. Then once they've searched for the data, you know how to necessarily build up the right context. And that's generally done through data governance and data stewardship. And then once that happens, you're building literacy in the organization. So people then know what data to search for. So that tends to be a cycle. Now, often people don't recognize that cycle. And so they focus on one thing thinking that you can do one to the exclusion of the others, but of course that's not the case. You have to do all three. >> Great and I would presume you're using some good machine, Machine Learning and Artificial Intelligence in that process to continue to improve it over time as you get more data, the metadata around the data in terms of the usage and I think, again I saw in another interview there talking about, where should people invest? What is the good data? What's the crap data? what's the stuff we shouldn't use 'cause nobody ever uses it or what's the stuff, maybe we need to look and decide whether we want to keep it or not versus, the stuff that's guiding a lot of decisions with Bob, Mary and Joe, that seems to be a good investment. So, it's a great application of applied AI Machine Learning to a very specific process to again get you in this virtuous cycle. That sounds awesome. >> Yeah, I know it is and it's really helpful to, I mean, it's really helpful to think about this, I mean the problem, one of the biggest problems with data is that it's so abstract, but it's really helpful to think about it in just terms of use cases. Like if I'm using a customer dataset and I want to join that with a transaction dataset, just knowing which other transaction datasets people joined with that customer dataset can be super helpful. If I'm an analyst coming in to try to answer a question or ask a question, and so context can come in different ways, just in the same way that Amazon, their people who bought this product also bought this product. You can have all of the same analogies exist. People who use this product also use that product. And so being able to generate all that intelligence from the back end to serve up simple seeming experience on the front end is the fun part of the problem. >> Well I'm just curious, cause there's so many pieces of this thing going on. What's kind of the, aha moment when you're in with a new customer and you finish the install and you've done all the crawling and where all the datasets are, and you've got some baseline information about who's using what I mean, what is kind of the, Oh, my goodness. When they see this thing suddenly delivering results that they've never had at their fingertips before. >> Yeah, it's so funny 'cause you can show Alation as a demo and you can show it to people with data sets that are fake. And so we have this like medical provider data set that, we've got in there and we've got a whole bunch of other data sets that are in there and people look at it and interestingly enough, a lot of time, they're like, Oh yeah, I can kind of see it work and I can kind of like understand that. And then you turn it on against their own data. The data they have been using every single day and literally their faces change. They look at the data and they say, Oh my God, like, this is a dataset that Steven uses, I didn't even know that Steven thought that this data existed and, Oh my God, like people are using this data in this particular way. They shouldn't be using that data at all, Like I thought I deprecated that dataset two years ago. And so people have all of these interesting insights and it's interesting how much more real it gets when you turn it on against the company's systems themselves. And so that's been a really fun thing that I've just seen over and over again, over the course of multiple years where people just turn on the cup, they turn on the product and all of a sudden it just changes their view of how they've been doing it all along. And that's been really fun and exciting. >> That's great yeah, cause it means something to them, right? It's not numbers on a page, It's actually, it's people, it's customers, it's relationships, It's a lot of things. That's a great story and I'm curious too, in that process, is it more often that they just didn't know that there were these other buckets of reports and other buckets of data or was it more that they just didn't have access to it? Or if they did, they didn't really know how to manipulate it or to integrate it into their own workflow. >> Yeah, It's kind of funny and it's somewhat role dependent, but it's kind of all of the above. So, if you think about it, if you're a data management professional, often you kind of know what data sources might exist in the enterprise, but you don't necessarily know how people are using the data. And so you look at data and you're like, Oh my God, I can't believe this team is using this data for this particular purpose. They shouldn't be doing that. They should be using this other data set. I deprecated that data set like two years ago. And then sometimes if you're a data scientist, you're you find, Oh my gosh, there's this new database that I otherwise didn't realize existed. And so now I can use that data and I can process that for building some new machine learning algorithms. In one case we've had a customer where they had the same data set procured five different times. So it was a pure, it was a data set that cost multiple hundreds of thousands of dollars. They were spending $2 million overall on a data set where they could have been spending literally one fifth of that amount. And then you had a sort of another case finally, where you're basically just looking at it and saying, Hey, I remember that data set. I knew I had that dataset, but I just don't remember exactly where it was. Where did I put that report? And so it's exactly the same way that you would use Google. Sometimes you use it for knowledge discovery, but sometimes you also use it for just remembering the thing you forgot. >> Right but, but the thing, like I remember when people were trying to put Google search in that companies just to find records not necessarily to support data efforts and the knock was always, you didn't have enough traffic to drive the algorithm to really have effective search say across a large enterprise that has a lot of records, but not necessarily a lot of activity. So, that's a similar type of problem that you must have. So is it really extracting that extra context of other people's usage that helps you get around kind of that you just don't have a big numbers? >> Yeah, I mean that kind of is fundamentally the special sauce. I mean, I think a lot of data management has been this sort of manual brute force effort where I get a whole bunch of consultants or a whole bunch of people in the room and we do this big documentation session. And all of a sudden we hope that we've kind of, painted the golden gate bridge is at work. But, knowing that three to six months later, you're going to have to go back and repaint the golden gate bridge overall all over again, if not immediately, depending on the size and scale of your company. The one thing that Google did to sort of crawl the web was to really understand, Oh, if a certain webpage was linked to super often, then that web page is probably a really useful webpage. And when we crawled the logs, we basically do the exact same thing. And that's really informed getting a really, really specific day one view of your data without having to have a whole bunch of manual effort. And that's been really just dramatical. I mean, it's been, it's allowed people to really see their data very quickly and new different ways and I think a big part of this is just friction reduction, right? We'd all love to have an organized data world. We'd love to organize all the information in a company, but for anybody has an email inbox, organizing your own inbox, let alone organizing every database in your company just seems like a specificity in effort. And so being able to focus people on what's the most important thing has been the most important thing. And that's kind of why we've been so successful. >> I love it and I love just kind of the human factors kind of overlay, that you've done to add the metadata with the knowledge of who is accessing these things and how are they accessing it. And the other thing I think is so important Satyen is, we talk about innovation all the time. Everybody wants more innovation and they've got DevOps so they can get software out faster, et cetera, et cetera. But, I fundamentally believe in my heart of hearts that it's much more foundational than that, right? That if you just get more people, access to more information and then the ability to manipulate and clean knowledge out of that information and then actually take action and have the power and the authority to take action. And you have that across, everyone in the company or an increasing number of people in the company. Now suddenly you're leveraging all those brains, right? You're leveraging all that insight. You're leveraging all that kind of First Line experience to drive kind of a DevOps type of innovation with each individual person, as opposed to, kind of classic waterfall with the Chief Innovation Officer, Doing PowerPoints in his office, on his own time. And then coming down from the mountain and handing it out to everybody to go build. So it's a really a kind of paradox that by adding more human factors to the data, you're actually making it so much more usable and so much more accessible and ultimately more valuable. >> Yeah, it's funny we, there's this new term of art called data intelligence. And it's interesting because there's lots of people who are trying to define it and there's this idea and I think IDC, IDC has got a definition and you can go look it up, but if you think about the core word of intelligence, it basically DevOps down to the ability to acquire information or skills, right? And so if you then apply that to companies and data, data intelligence then stands to reason. It's sort of the ability for an organization to acquire, information or skills leveraging their data. And that's not just for the company, but it's for every individual inside of that company. And we talk a lot about how much change is going on in the world with COVID and with wildfires here in California. And then obviously with the elections and then with new regulations and with preferences, cause now that COVID happened everybody's at home. So what products and what services do you have to deliver to them? And all of this change is, basically what every company has to keep up with to survive, right? If capitalism is creative destruction, the world's getting destroyed, like, unfortunately more often than we'd like it to be,. >> Right. >> And so then you're say there going, Oh my God, how do I deal with all of this? And it used to be the case that you could just build a company off of being really good at one thing. Like you could just be the best like logistics delivery company, but that was great yesterday when you were delivering to restaurants. But since there are no restaurants in business, you would just have to change your entire business model and be really good at delivering to homes. And how do you go do that? Well, the only way to really go do that, is to be really, really intelligent throughout your entire company. And that's a function of data. That's a function of your ability to adapt to a world around you. And that's not just some CEO cause literally by the time it gets to the CEO, it's probably too late. Innovations got to be occurring on the ground floor. And people have got to repackage things really quickly. >> I love it, I love it. And I love the other human factor that we talked about earlier. It's just, people are curious, right? So if you can make it easy for them to fulfill their curiosity, they're going to naturally seek out the information and use it versus if you make it painful, like a no fun lesson, then people's eyes roll in and they don't pay attention. So I think that it's such an insightful way to address the problem and really the opportunity and the other piece I think that's so different when you're going down the card catalog analogy earlier, right? Is there was a day when all the information was in that library. And if you went to the UCLA psych library, every single reference that you could ever find is in that library, I know I've been there, It was awesome, but that's not the way anymore, right? You can't have all the information and it's pulling your own information along with public information and as much information as you can. where you start to build that competitive advantage. So I think it's a really great way to kind of frame this thing where information in and of itself is really not that valuable. It's about the context, the usability, the speed of these ability and that democratization is where you really start to get these force multipliers and using data as opposed to just talking about data. >> Yeah and I think that that's the big insight, right? Like if you're a CEO and you're kind of looking at your Chief Data Officer or Chief Data and Analytics Officer. The real question that you're trying to ask yourself is, how often do my people use data? How measurable is it? Like how much do people, what is the level at which people are making decisions leveraging data and that's something that, you can talk about in a board room and you can talk about in a management meeting, but that's not where the question gets answered. The question gets really answered in the actual behaviors of individuals. And the only way to answer that question, if you're a Chief Analytics Officer or somebody who's responsible for data usage within the company is by measuring it and managing it and training it and making sure it's a part of every process and every decision by building habit and building those habits are just super hard. And that's, I think the thing that we've chosen to be sort of the best in the world at, and it's really hard. I mean, we're still learning about how to do it, but, from our customers and then taking that knowledge and kind of learning about it over time. >> Right, well, that's fantastic. And if it wasn't hard, it wouldn't be valuable. So those are always the best problems to solve. So Satyen, really enjoyed the conversation. Congratulations to you and the team on the new release. I'm sure there's lots of sweat, blood and tears that went into that effort. So congrats on getting that out and really great to catch up. Look forward to our next catch up. >> You too Jeff, It's been great to talk. Thank you so much. >> All right, take care. All righty Satyen and I'm Jeff, you're watching theCUBE. We'll see you next time. Thanks for watching. (ethereal music)

>> Announcer: From theCUBE studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is theCUBE conversation. >> Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're in our Palo Alto studios today for theCUBE conversation. We're talking about data. We're always talking about data and it's really interesting. You know we like to go out and get you the first person insight from the people that start the companies, run the companies, the practitioners and, and, and get the insight directly from them. We also like to go out and get original research and hear from original research. And this is a great opportunity to hear from both. So we're excited to have, and welcome back into the studio. He's Aaron Kalb. He's the co founder of Alation, many time CUBE alumni. Aaron. Great to see you. >> Yeah, thanks for having me. It's good to be here. >> Yeah, it's very cool. But today it's a special, a special thing. We've never done this before with you. You guys are releasing a brand new report called, the Alation State of Data Culture Report. So really interesting report. A lot of great information that we're going to dig in here for the next few minutes. But before we do, tell us kind of the history of this report. This is a, the kind of the inaugural release. What was kind of behind it, why did you guys do this? And give us a little background before we get into the details. >> Absolutely. So, yes, that's exactly right. It's debuting today that we plan to kind of update this research quarterly we going to see the trends over time. And this emerged because, you know, I, part of my job, I talk to chief data officers and chief analytics officers across our customer base and prospects. And I keep hearing anecdotally over and over that establishing a data culture, is often the number one priority for these data leaders and for these organizations. And so we wanted to really say, can we quantify that? Can we agree upon a definition of data culture? And can we create sort of a simple yardstick to more objectively measure where organizations are on this sort of data maturity curve to get it into culture. >> Right. I love it. So you created this data, data index right? The data culture index. And, and I think it's important to look at methodology. I think people, a lot of times go right to the results on reports before talking about the methodologies. And let's talk about the methodologies cause we're supposed to be talking about data, right? So you talked to 300, some odd executives, correct. And I think it's really interesting and you broke it down into three kind of buckets of data literacy, if you will. Data search and discovery, number one, data, two kind of literacy in terms of their ability to work with the data. And then the third bucket is really data governance. And then in, in the form ABCD, you gave him a four point score and basically, are they doing it well? Are they doing it in the majority of the time? Are they doing it about half, they got one or they got a zero and you get this four point scale and you end up with a 12 point scale which we're all familiar with from, from school, from an A to an, A minus and B, et cetera. Just dig it a little bit on those three categories and how you chose those. So the first one again is kind of the data search and discovery, you know can they find it and then their competency, if you will and then a governance and compliance. Kind of dig into each of those three buckets a little bit. >> For sure. So, so the, the end goal in data culture, is to have an organization in which data is valued and decisions are made based on data and evidence, right? Versus a culture in which we go with the highest paid person's opinion or what we did last quarter or any of these other ways things get done. And so the idea is to make that possible, as you said you've to be able to find the data when you need it. That's the data search and discovery. You've to be able to interpret that data correctly and draw valid conclusions from it. And that's a data literacy, excuse me. And both of those are contingent upon having data governance in place. So that data is well-defined and has high data quality, as well as other aspects, so that it is possible to find it and understand it properly. >> Right. And what are the things too that I think is really important that we call that, and again, we're going to dive into the details, is your perceived execution versus the reported execution by the people that are actually providing data. And I think you've found and you've highlighted on specific slides that you know, there's not necessarily a match there. And sometimes that you know, what you perceive is happening, isn't necessarily what's happening when you go down and query the people in the field. So really important to come up with a number. And I think a, I think you said this is going to be an ongoing thing over a period of time. So you kind of start to see longitudinal changes in these organizations. >> Absolutely. And we're very excited to see those, those trends over time. But even at the outset is this you know, very striking effect emerges which is, as you said, if we ask one of these you know, 300 data leaders, you know, all around the world actually, you know, if we ask, how is the data culture at your company overall, and this is very broad general top down way and have them graded on the sort of SaaS scale. You know, we get results where there's a large gap between kind of that level of maturity and what emerges in a bottom up methodology excuse me, in which you ask about, you know governance and literacy and, and such kind of by department and in a more bottom up way. And so we do see that that, you know, it can be helpful, even for data people to have a, a more granular metric and framework for quantifying their progress. >> Right? Let's jump into some of the results. It's, it's a fascinating, they're kind of all over the map, but there's some definite trends. One of the trends you talked about is that there's a lot of questions on the quality of the data. But that's a real inhibitor to people. Whether that suspicion is because it's not good data. And I don't know, this question for you, is, is, do they think it's not relevant to the decision that's being made? Is it an incomplete data set or the wrong data set? It seems to be that keeps coming up over and over about, decision-makers not necessarily having confidence in the data. What, can you share a little bit more color around that? >> Yeah, it's quite interesting actually. So what we find is that 90%. So 90 people, 10 executives (indistinct) to question the data sometimes often or always. But the part that's maybe disappointing or concerning is the two thirds of executives are believed to ignore the data and make a decision kind of pushing the data aside which is really quite striking when you think about it, why have all this data, if more often than not you're sort of disregarding it to make your final answer. And so you're absolutely correct when we dug into why, what are the reasons behind pushing it aside. Data quality was number one. And I think it is a question of, Oh, is the data inaccurate? Is it out of date, these sort of concerns sort of we, we hear from customers and prospects. But as we dig in deeper in the survey results, excuse me, we, we see some other reasons behind that. One is a lack of collaboration between the data analytics folks and the business folks. And so there's a question of, I don't know exactly where this data came from or to your point kind of how it was produced. What was the methodology? How was it sourced? And maybe because of that disconnect is a lack of trust. So trust really is the ultimate I think, failure to having data culture really take root. >> Right? And it's trust in this trust, as you said, not only in the data per se, the source of the data, the quality of the data, the relevance of the data but also the people who are providing you with the data. And obviously you get, you get some data sets. Sometimes you didn't get other data sets. So, that's really I'm a little bit disconcerting. The other thing I thought was kind of interesting is, it seems to be consistent that the, the primary reason that people are using big data projects is around operations and operations efficiency, a little bit about compliance, but, you know, it's interesting we had you on at the MIT CDOIQ, Chief Data Information Officer quality symposium, and you talked about the goodness of people moving from kind of a defensive posture to an offensive posture, you know using data in terms of product development and innovation. And, and what comes across in this survey is that's kind of down the list behind you know, kind of operational efficiency. We're seeing a little bit of governance and regulation but the, the quest for data as a tool for innovation, didn't really shine through in this report. >> Well, you know, it's very interesting. It depends whether you look at the aggregate level or you break things down a little bit more. So one thing we did after we got that zero to 12 scale on the data culture index or DCI, is it actually, we were able to break it down into thirds. And among the sort of bottom third, it has the least well-established data culture by this yardstick. We've found that governance and regulatory compliance, was the number one application of data. But among the top third of respondents, we actually found the opposite where things like providing a great customer experience, doing product innovation, those sort of things actually came to the fore and governance fell behind. So I think there is this curve where, It's table stakes to get the sort of defense side of data figured out. And then you can move on to offense in using data to make your organization meet its meet its other goals. >> Right. Right. And then I wanted to get your take on kind of the democratization of data, right? This is a, this is a trend that's been going on, and really, I think you said before you know, your guys' whole mission is to empower curious and rational world to give people the ability to ask the right questions have the right data and get the right answer. So, you know, we've seen democratization in terms of the access to the data, the access to the tools, the ability to do something with the data and the tool, and then the actual authority to execute business decision based on that. The results on that seem a little bit split here because a lot of the problems seem to be focused on leadership, not necessarily taking a data based decision move, but on the good hand a lot of people trying to break down data silos and make data more accessible for a larger group of people. So that more people in the organization are making data based decisions. This seems kind of like this little bit of a bifurcation between the C suite and everybody else trying to get their job done. >> Absolutely. There's always this question of you know, sort of the, that organizational wide initiative and then what's happening on the ground. One thing we saw that was very heartening and aligns with our customers index success, is a real emphasis being placed on having data governance and data context and data literacy factors sort of be embedded at the point of use. To not expecting people, to just like take a course and look things up and kind of end up with their workflow to be able to use data quickly and accurately and, and interpret it in varied ways. So that was really exciting to see as, as, as a initiative. It sort of bridges that gap along with initiatives to have more collaboration and integration between the data people and the business people. because really you know, they exist to serve one another. But in terms of the disconnect between the C suite and other parts of the org, there was a really interesting inverse correlation. Well, or maybe it's not interesting how you look at it, but basically, you know, when we talk to C level executives and ask, you know, does the C suite ignore data? Do they question data et cetera, those numbers came in lower than when we talked to, you know, senior director about the C suite right? It's sort of the farther you get, and there's a difference there, you know, from my perspective, I almost wonder whether that distance is actually is more objective viewpoint. And when you're in that role, it's hard to even see your cognitive biases and your tendency to ignore a data when it doesn't suit you. >> Right. Right. So there's, there's some other interesting things here. So one of them is, you know, kind of predictors, right? One of the whole reasons to do studies and collect data so that we can have some predictive ability. And, and it comes out here that the reporting structure is a strong predictor of a company's data tier structure. So, you know, there's the whole rise of the chief data officers and the chief analytics officer and the chief data and analytics officer and lots of conversations about those roles and what exactly are those roles and who do they report to. Your study finds a pretty compelling leading indicator that if that role is reporting to either the CEO or the executive board, which is often a one in the same person, that that's actually a terrific indicator of success in moving to a more data centric culture. >> That's absolutely correct. So we found that that top third of organizations on the data culture index were much more likely to have a chief data executive, a CDO, CAO or CDAO. In fact, they're more likely to have folks with the analytics in their title because in some organizations, data is thought to mean sort of raw data, infrastructural defense and analytics is sort of where it gets you know, infused into business processes and value. But certainly that top third is much more likely to have the chief data executive reporting into the executive board or CEO when the highest ranking data executive is under the CIO or some other part of the organization, those orgs tend to score a far lower on the DCI. >> Right. Right. So it's interesting, you know you're a really interesting guy even doing this for a while. You were at Siri before you were at Alation. So you have a really good feel for kind of what data can do and can't do and natural human or natural language processing and, and, and human voice interaction with these devices, a really interesting case study, and they can do a really good job within a small defined data set and instruction set, but they don't do necessarily so well once you kind of get outside how, how they're trained. And you've talked a lot about how metaphor shaped the way that we think and I know you and Dave talked about data oil and data lakes I don't want to necessarily go down that whole path but I do think it's important. And what came out of the study and the way people think about data. You know, there's a lot of conversation. How do you value data? Is data, you know it used to just be an expense that we had to buy servers to store the stuff we weren't sure what we ever did with it. So I wonder if there's any, you know, kind of top level metaphors level, kind of a thought or process or framing in the companies that you study that came out. maybe not necessarily in the top line data, but maybe in some of the notes that help define why some people, you know are being successful at making this transition and putting, you know kind of data out front of their decision processing versus data, either behind as a supporting thing or maybe data, I just don't have time with it or I don't trust it, or God knows where you got that, and this is not the data that I wanted. You know, was there any, you know, kind of tangental or anecdotal stuff that came out of this study that's more reflective of, of the softer parts of a data culture versus the harder parts in terms of titles and roles and, and, and job responsibilities. >> Yeah. It's a really interesting place to explore. I do think there's a, I don't want to make this overly simplistic group binary, but at the end of the day you know, like anything else within an organization, you can view data as a liability to say, okay, we have for example, you know, customer's names and phone numbers and passwords, and we just need to prevent an adverse event in which there's a leak or some sort of InfoSec problem that could cause, you know, bad press and fines and other negative consequences. And I think the issue there is if data's a liability, the most you know, the best case is that it's worth zero as opposed to some huge negative on your company's balance sheet. And, and I think, you know, intuitively, if you really want to prevent data misuse and data problems, one fail safe, but I think ultimately in its own way risky way to do that was just not collect any data, right. And not store it. So I think that the transition is to say, look data must be protected and taken care of that's step zero. But you know, it's really just the beginning and data is this asset that can be used to inform the huge company level strategic decisions that are made in annual planning at the board level, down to the millions of little decisions every day in the work of people in customer support and in sales and in product management and in, you know, various roles that just across industries. And I think once you have that, that shift, you know the upside is potentially, you know, unbounded. >> Right. And, and it just changes the way, the way you think. And suddenly instead of saying, Oh, data needs to be kind of hidden away, it's more like, Oh, people need to be trained on data use and empowered with data. And it's all about not if it's used or if it's misused but really how it's used and why it's used, what it's being used for to make a real impact. >> Right. Right. And it's funny when I just remember it being back in business school one of the great things that help teach is to think in terms of data, right. And you always have the infamous center consulting interview question, How many manhole covers are in Manhattan. Right. So, you know, to, to, to start to think about that problem from a data centric, point of view really gives you a leg up and, and even, you know where to start and how to attack those types of problems. And I thought it was interesting you know, talking about challenges for people to have a more data centric, point of view. It's interesting. The reports says, basically everybody said there's all kinds of challenges around data quality and compliance, and they had democratization. But the bottom companies, the bottom companies said that the biggest challenge was lack of buy in from company leadership. So I guess the good news bad news is that there's a real opportunity to make a significant change and get your company from the bottom third to a middle third or a top third, simply by taking a change in attitude about putting data in a much more central role in your decision making process. 'Cause all the other stuff's kind of operational, execution challenges that we all have, not enough people, blah, blah, blah. But in terms of attitude of leadership and prioritization, that's something that's very easy to change if you so choose. And really seems to be the key to unlock this real journey as opposed to the minutiae of a lot of the little details that that are a challenge for everybody. >> Absolutely. In your changing attitudes might be the easiest thing or the hardest thing depending on (indistinct). But I think you're absolutely right. The first step, which, which which could, maybe it should be easy, is admitting that you have a problem or maybe to put it more positively, realizing you have an opportunity. >> I love that. And then just again, looking at the top tier companies, the other thing that I thought was pretty interesting in this study is, I'm looking at it here, is getting champions in each of the operational segments. So rather than, I mean, a chief data officer is important and you know, somebody kind of at the high level to shepherd it in the executive suite, as we just discussed, but within each of the individual tasks and functions and roles, whether that's operations or customer service or product development or operational efficiency, you need some type of champion, some type of person, you know, banging the gavel, collecting the data, smoothing out the complexities, helping people get their thing together. And again, another way to really elevate your position on the score. >> Absolutely. And I think this idea of again, bridging between, you know, if data is centralized you have a chance to try to really get excellent practices within the data org. But even it becomes even more essential to have those ambassadors, people who are in the business and understand all the business context who can sort of make the data relevant, identify the key areas where data can really help, maybe demystify data and pick the right metaphors and the right examples to make it real for the people in their function. >> Right. Right. So Aaron has a lot of great stuff. People can go to the website at alation.com. I'm sure you'll have a link to this, a very prominently displayed, but, and they should and they should check it out and really think about it and think about how it applies to their own situation, their own department, company et cetera. I just wanted to give you the last word before we before we sign off, you know, kind of what was the most you know, kind of positive affirmation or not the most but one or two of the most outcome affirming outcomes of this exercise. And what were one or two of the things that were a little concerning or, you know, kind of surprises on the downside that, that came out of this research? >> Yeah. So I think one thing that was maybe surprising or concerning the biggest one is sort of where we started with that disconnect between, you know, what people would, say as an off the cuff overall assessment and the disconnect between that and what emerges when we go department by department and (indistinct) to be pillars of data culture from such a discovery to data literacy, to data governance. I think that disconnect, you know, should give one pause. I think certainly it should make one think, Hmm. Maybe I shouldn't look from 10,000 feet, but actually be a little more systematic. And considering the framework I use to assess data culture that is the most important thing to my organization. I think though, there's this quote that you move what you measure, just having this hopefully simple but not simplistic yardstick to measure data culture and the data culture index should help people be a little bit more realistic in their quantification and they track their progress, you know, quarter over quarter. So I think that's very promising. I think another thing is that, you know sometimes we ask, how long have you had this initiative? How much progress have you made? And it can sometimes seem like pushing a boulder uphill. Obviously the COVID pandemic and the economic impacts of that has been really tragic and really hard. You know, a tiny silver lining in that is the survey results showed that organizations have really observed a shift in how much they're using data because sometimes things are changing but it's like a frog in boiling water. You don't realize it. And so you just assume that the future is going to look like the recent past and you don't look at the data or you ignore the data or you miss parts of the data. And a lot of organizations said, you know COVID was this really troubling wake up call, but they could even after this crisis is over, producing enduring change which people were consulting data more and making decisions in a more data driven way. >> Yeah, certainly an accelerant that, that is for sure whether you wanted it, didn't want it, thought you had it at the time, didn't have time. You know COVID is definitely digital transformation accelerant and data is certainly the thing that powers that. Well again, it's the Alation State of Data Culture Report available, go check it at alation.com. Aaron always great to catch up and again, thank you for, for doing the work and supporting this research. And I think it's really important stuff. And it's going to be interesting to see how it changes over time. 'Cause that's really when these types of reports really start to add value. >> Thanks for having me, Jeff and I really look forward to discussing some of those trends as the research is completed. >> All right. Thanks a lot, Aaron, take care. Alright. He's Aaron and I'm Jeff. You're watching theCUBE, Palo Alto. Thanks for watching. We'll see you next time. (upbeat music)

>> Announcer: From theCUBE studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is theCUBE conversation. >> Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're in our Palo Alto studios today for theCUBE conversation. We're talking about data. We're always talking about data and it's really interesting. You know we like to go out and get you the first person insight from the people that start the companies, run the companies, the practitioners and, and, and get the insight directly from them. We also like to go out and get original research and hear from original research. And this is a great opportunity to hear from both. So we're excited to have, and welcome back into the studio. He's Aaron Kalb. He's the co founder of Alation, many time CUBE alumni. Aaron. Great to see you. >> Yeah, thanks for having me. It's good to be here. >> Yeah, it's very cool. But today it's a special, a special thing. We've never done this before with you. You guys are releasing a brand new report called, the Alation State of Data Culture Report. So really interesting report. A lot of great information that we're going to dig in here for the next few minutes. But before we do, tell us kind of the history of this report. This is a, the kind of the inaugural release. What was kind of behind it, why did you guys do this? And give us a little background before we get into the details. >> Absolutely. So, yes, that's exactly right. It's debuting today that we plan to kind of update this research quarterly we going to see the trends over time. And this emerged because, you know, I, part of my job, I talk to chief data officers and chief analytics officers across our customer base and prospects. And I keep hearing anecdotally over and over that establishing a data culture, is often the number one priority for these data leaders and for these organizations. And so we wanted to really say, can we quantify that? Can we agree upon a definition of data culture? And can we create sort of a simple yardstick to more objectively measure where organizations are on this sort of data maturity curve to get it into culture. >> Right. I love it. So you created this data, data index right? The data culture index. And, and I think it's important to look at methodology. I think people, a lot of times go right to the results on reports before talking about the methodologies. And let's talk about the methodologies cause we're supposed to be talking about data, right? So you talked to 300, some odd executives, correct. And I think it's really interesting and you broke it down into three kind of buckets of data literacy, if you will. Data search and discovery, number one, data, two kind of literacy in terms of their ability to work with the data. And then the third bucket is really data governance. And then in, in the form ABCD, you gave him a four point score and basically, are they doing it well? Are they doing it in the majority of the time? Are they doing it about half, they got one or they got a zero and you get this four point scale and you end up with a 12 point scale which we're all familiar with from, from school, from an A to an, A minus and B, et cetera. Just dig it a little bit on those three categories and how you chose those. So the first one again is kind of the data search and discovery, you know can they find it and then their competency, if you will and then a governance and compliance. Kind of dig into each of those three buckets a little bit. >> For sure. So, so the, the end goal in data culture, is to have an organization in which data is valued and decisions are made based on data and evidence, right? Versus a culture in which we go with the highest paid person's opinion or what we did last quarter or any of these other ways things get done. And so the idea is to make that possible, as you said you've to be able to find the data when you need it. That's the data search and discovery. You've to be able to interpret that data correctly and draw valid conclusions from it. And that's a data literacy, excuse me. And both of those are contingent upon having data governance in place. So that data is well-defined and has high data quality, as well as other aspects, so that it is possible to find it and understand it properly. >> Right. And what are the things too that I think is really important that we call that, and again, we're going to dive into the details, is your perceived execution versus the reported execution by the people that are actually providing data. And I think you've found and you've highlighted on specific slides that you know, there's not necessarily a match there. And sometimes that you know, what you perceive is happening, isn't necessarily what's happening when you go down and query the people in the field. So really important to come up with a number. And I think a, I think you said this is going to be an ongoing thing over a period of time. So you kind of start to see longitudinal changes in these organizations. >> Absolutely. And we're very excited to see those, those trends over time. But even at the outset is this you know, very striking effect emerges which is, as you said, if we ask one of these you know, 300 data leaders, you know, all around the world actually, you know, if we ask, how is the data culture at your company overall, and this is very broad general top down way and have them graded on the sort of SaaS scale. You know, we get results where there's a large gap between kind of that level of maturity and what emerges in a bottom up methodology excuse me, in which you ask about, you know governance and literacy and, and such kind of by department and in a more bottom up way. And so we do see that that, you know, it can be helpful, even for data people to have a, a more granular metric and framework for quantifying their progress. >> Right? Let's jump into some of the results. It's, it's a fascinating, they're kind of all over the map, but there's some definite trends. One of the trends you talked about is that there's a lot of questions on the quality of the data. But that's a real inhibitor to people. Whether that suspicion is because it's not good data. And I don't know, this question for you, is, is, do they think it's not relevant to the decision that's being made? Is it an incomplete data set or the wrong data set? It seems to be that keeps coming up over and over about, decision-makers not necessarily having confidence in the data. What, can you share a little bit more color around that? >> Yeah, it's quite interesting actually. So what we find is that 90%. So 90 people, 10 executives (indistinct) to question the data sometimes often or always. But the part that's maybe disappointing or concerning is the two thirds of executives are believed to ignore the data and make a decision kind of pushing the data aside which is really quite striking when you think about it, why have all this data, if more often than not you're sort of disregarding it to make your final answer. And so you're absolutely correct when we dug into why, what are the reasons behind pushing it aside. Data quality was number one. And I think it is a question of, Oh, is the data inaccurate? Is it out of date, these sort of concerns sort of we, we hear from customers and prospects. But as we dig in deeper in the survey results, excuse me, we, we see some other reasons behind that. One is a lack of collaboration between the data analytics folks and the business folks. And so there's a question of, I don't know exactly where this data came from or to your point kind of how it was produced. What was the methodology? How was it sourced? And maybe because of that disconnect is a lack of trust. So trust really is the ultimate I think, failure to having data culture really take root. >> Right? And it's trust in this trust, as you said, not only in the data per se, the source of the data, the quality of the data, the relevance of the data but also the people who are providing you with the data. And obviously you get, you get some data sets. Sometimes you didn't get other data sets. So, that's really I'm a little bit disconcerting. The other thing I thought was kind of interesting is, it seems to be consistent that the, the primary reason that people are using big data projects is around operations and operations efficiency, a little bit about compliance, but, you know, it's interesting we had you on at the MIT CDOIQ, Chief Data Information Officer quality symposium, and you talked about the goodness of people moving from kind of a defensive posture to an offensive posture, you know using data in terms of product development and innovation. And, and what comes across in this survey is that's kind of down the list behind you know, kind of operational efficiency. We're seeing a little bit of governance and regulation but the, the quest for data as a tool for innovation, didn't really shine through in this report. >> Well, you know, it's very interesting. It depends whether you look at the aggregate level or you break things down a little bit more. So one thing we did after we got that zero to 12 scale on the data culture index or DCI, is it actually, we were able to break it down into thirds. And among the sort of bottom third, it has the least well-established data culture by this yardstick. We've found that governance and regulatory compliance, was the number one application of data. But among the top third of respondents, we actually found the opposite where things like providing a great customer experience, doing product innovation, those sort of things actually came to the fore and governance fell behind. So I think there is this curve where, It's table stakes to get the sort of defense side of data figured out. And then you can move on to offense in using data to make your organization meet its meet its other goals. >> Right. Right. And then I wanted to get your take on kind of the democratization of data, right? This is a, this is a trend that's been going on, and really, I think you said before you know, your guys' whole mission is to empower curious and rational world to give people the ability to ask the right questions have the right data and get the right answer. So, you know, we've seen democratization in terms of the access to the data, the access to the tools, the ability to do something with the data and the tool, and then the actual authority to execute business decision based on that. The results on that seem a little bit split here because a lot of the problems seem to be focused on leadership, not necessarily taking a data based decision move, but on the good hand a lot of people trying to break down data silos and make data more accessible for a larger group of people. So that more people in the organization are making data based decisions. This seems kind of like this little bit of a bifurcation between the C suite and everybody else trying to get their job done. >> Absolutely. There's always this question of you know, sort of the, that organizational wide initiative and then what's happening on the ground. One thing we saw that was very heartening and aligns with our customers index success, is a real emphasis being placed on having data governance and data context and data literacy factors sort of be embedded at the point of use. To not expecting people, to just like take a course and look things up and kind of end up with their workflow to be able to use data quickly and accurately and, and interpret it in varied ways. So that was really exciting to see as, as, as a initiative. It sort of bridges that gap along with initiatives to have more collaboration and integration between the data people and the business people. because really you know, they exist to serve one another. But in terms of the disconnect between the C suite and other parts of the org, there was a really interesting inverse correlation. Well, or maybe it's not interesting how you look at it, but basically, you know, when we talk to C level executives and ask, you know, does the C suite ignore data? Do they question data et cetera, those numbers came in lower than when we talked to, you know, senior director about the C suite right? It's sort of the farther you get, and there's a difference there, you know, from my perspective, I almost wonder whether that distance is actually is more objective viewpoint. And when you're in that role, it's hard to even see your cognitive biases and your tendency to ignore a data when it doesn't suit you. >> Right. Right. So there's, there's some other interesting things here. So one of them is, you know, kind of predictors, right? One of the whole reasons to do studies and collect data so that we can have some predictive ability. And, and it comes out here that the reporting structure is a strong predictor of a company's data tier structure. So, you know, there's the whole rise of the chief data officers and the chief analytics officer and the chief data and analytics officer and lots of conversations about those roles and what exactly are those roles and who do they report to. Your study finds a pretty compelling leading indicator that if that role is reporting to either the CEO or the executive board, which is often a one in the same person, that that's actually a terrific indicator of success in moving to a more data centric culture. >> That's absolutely correct. So we found that that top third of organizations on the data culture index were much more likely to have a chief data executive, a CDO, CAO or CDAO. In fact, they're more likely to have folks with the analytics in their title because in some organizations, data is thought to mean sort of raw data, infrastructural defense and analytics is sort of where it gets you know, infused into business processes and value. But certainly that top third is much more likely to have the chief data executive reporting into the executive board or CEO when the highest ranking data executive is under the CIO or some other part of the organization, those orgs tend to score a far lower on the DCI. >> Right. Right. So it's interesting, you know you're a really interesting guy even doing this for a while. You were at Siri before you were at Alation. So you have a really good feel for kind of what data can do and can't do and natural human or natural language processing and, and, and human voice interaction with these devices, a really interesting case study, and they can do a really good job within a small defined data set and instruction set, but they don't do necessarily so well once you kind of get outside how, how they're trained. And you've talked a lot about how metaphor shaped the way that we think and I know you and Dave talked about data oil and data lakes I don't want to necessarily go down that whole path but I do think it's important. And what came out of the study and the way people think about data. You know, there's a lot of conversation. How do you value data? Is data, you know it used to just be an expense that we had to buy servers to store the stuff we weren't sure what we ever did with it. So I wonder if there's any, you know, kind of top level metaphors level, kind of a thought or process or framing in the companies that you study that came out. maybe not necessarily in the top line data, but maybe in some of the notes that help define why some people, you know are being successful at making this transition and putting, you know kind of data out front of their decision processing versus data, either behind as a supporting thing or maybe data, I just don't have time with it or I don't trust it, or God knows where you got that, and this is not the data that I wanted. You know, was there any, you know, kind of tangental or anecdotal stuff that came out of this study that's more reflective of, of the softer parts of a data culture versus the harder parts in terms of titles and roles and, and, and job responsibilities. >> Yeah. It's a really interesting place to explore. I do think there's a, I don't want to make this overly simplistic group binary, but at the end of the day you know, like anything else within an organization, you can view data as a liability to say, okay, we have for example, you know, customer's names and phone numbers and passwords, and we just need to prevent an adverse event in which there's a leak or some sort of InfoSec problem that could cause, you know, bad press and fines and other negative consequences. And I think the issue there is if data's a liability, the most you know, the best case is that it's worth zero as opposed to some huge negative on your company's balance sheet. And, and I think, you know, intuitively, if you really want to prevent data misuse and data problems, one fail safe, but I think ultimately in its own way risky way to do that was just not collect any data, right. And not store it. So I think that the transition is to say, look data must be protected and taken care of that's step zero. But you know, it's really just the beginning and data is this asset that can be used to inform the huge company level strategic decisions that are made in annual planning at the board level, down to the millions of little decisions every day in the work of people in customer support and in sales and in product management and in, you know, various roles that just across industries. And I think once you have that, that shift, you know the upside is potentially, you know, unbounded. >> Right. And, and it just changes the way, the way you think. And suddenly instead of saying, Oh, data needs to be kind of hidden away, it's more like, Oh, people need to be trained on data use and empowered with data. And it's all about not if it's used or if it's misused but really how it's used and why it's used, what it's being used for to make a real impact. >> Right. Right. And it's funny when I just remember it being back in business school one of the great things that help teach is to think in terms of data, right. And you always have the infamous center consulting interview question, How many manhole covers are in Manhattan. Right. So, you know, to, to, to start to think about that problem from a data centric, point of view really gives you a leg up and, and even, you know where to start and how to attack those types of problems. And I thought it was interesting you know, talking about challenges for people to have a more data centric, point of view. It's interesting. The reports says, basically everybody said there's all kinds of challenges around data quality and compliance, and they had democratization. But the bottom companies, the bottom companies said that the biggest challenge was lack of buy in from company leadership. So I guess the good news bad news is that there's a real opportunity to make a significant change and get your company from the bottom third to a middle third or a top third, simply by taking a change in attitude about putting data in a much more central role in your decision making process. 'Cause all the other stuff's kind of operational, execution challenges that we all have, not enough people, blah, blah, blah. But in terms of attitude of leadership and prioritization, that's something that's very easy to change if you so choose. And really seems to be the key to unlock this real journey as opposed to the minutiae of a lot of the little details that that are a challenge for everybody. >> Absolutely. In your changing attitudes might be the easiest thing or the hardest thing depending on (indistinct). But I think you're absolutely right. The first step, which, which which could, maybe it should be easy, is admitting that you have a problem or maybe to put it more positively, realizing you have an opportunity. >> I love that. And then just again, looking at the top tier companies, the other thing that I thought was pretty interesting in this study is, I'm looking at it here, is getting champions in each of the operational segments. So rather than, I mean, a chief data officer is important and you know, somebody kind of at the high level to shepherd it in the executive suite, as we just discussed, but within each of the individual tasks and functions and roles, whether that's operations or customer service or product development or operational efficiency, you need some type of champion, some type of person, you know, banging the gavel, collecting the data, smoothing out the complexities, helping people get their thing together. And again, another way to really elevate your position on the score. >> Absolutely. And I think this idea of again, bridging between, you know, if data is centralized you have a chance to try to really get excellent practices within the data org. But even it becomes even more essential to have those ambassadors, people who are in the business and understand all the business context who can sort of make the data relevant, identify the key areas where data can really help, maybe demystify data and pick the right metaphors and the right examples to make it real for the people in their function. >> Right. Right. So Aaron has a lot of great stuff. People can go to the website at alation.com. I'm sure you'll have a link to this, a very prominently displayed, but, and they should and they should check it out and really think about it and think about how it applies to their own situation, their own department, company et cetera. I just wanted to give you the last word before we before we sign off, you know, kind of what was the most you know, kind of positive affirmation or not the most but one or two of the most outcome affirming outcomes of this exercise. And what were one or two of the things that were a little concerning or, you know, kind of surprises on the downside that, that came out of this research? >> Yeah. So I think one thing that was maybe surprising or concerning the biggest one is sort of where we started with that disconnect between, you know, what people would, say as an off the cuff overall assessment and the disconnect between that and what emerges when we go department by department and (indistinct) to be pillars of data culture from such a discovery to data literacy, to data governance. I think that disconnect, you know, should give one pause. I think certainly it should make one think, Hmm. Maybe I shouldn't look from 10,000 feet, but actually be a little more systematic. And considering the framework I use to assess data culture that is the most important thing to my organization. I think though, there's this quote that you move what you measure, just having this hopefully simple but not simplistic yardstick to measure data culture and the data culture index should help people be a little bit more realistic in their quantification and they track their progress, you know, quarter over quarter. So I think that's very promising. I think another thing is that, you know sometimes we ask, how long have you had this initiative? How much progress have you made? And it can sometimes seem like pushing a boulder uphill. Obviously the COVID pandemic and the economic impacts of that has been really tragic and really hard. You know, a tiny silver lining in that is the survey results showed that organizations have really observed a shift in how much they're using data because sometimes things are changing but it's like a frog in boiling water. You don't realize it. And so you just assume that the future is going to look like the recent past and you don't look at the data or you ignore the data or you miss parts of the data. And a lot of organizations said, you know COVID was this really troubling wake up call, but they could even after this crisis is over, producing enduring change which people were consulting data more and making decisions in a more data driven way. >> Yeah, certainly an accelerant that, that is for sure whether you wanted it, didn't want it, thought you had it at the time, didn't have time. You know COVID is definitely digital transformation accelerant and data is certainly the thing that powers that. Well again, it's the Alation State of Data Culture Report available, go check it at alation.com. Aaron always great to catch up and again, thank you for, for doing the work and supporting this research. And I think it's really important stuff. And it's going to be interesting to see how it changes over time. 'Cause that's really when these types of reports really start to add value. >> Thanks for having me, Jeff and I really look forward to discussing some of those trends as the research is completed. >> All right. Thanks a lot, Aaron, take care. Alright. He's Aaron and I'm Jeff. You're watching theCUBE, Palo Alto. Thanks for watching. We'll see you next time. (upbeat music)

>>from around the globe. It's the Cube covering Google Cloud. Next on Air 20. Hi, I'm Stew Minimum And and this is the Cube's coverage of Google Cloud next 20 on air, Of course. Last year we were all in person in San Francisco. This year it's an online experience. It's actually spanning many weeks and this week when we're releasing the Cube interviews, talking about application modernization, happy to welcome back program two of our Cube alumni. Chris Well, I've got Aparna Sinha, Uh, who is the director of product management, and joining her is Pali Bhat, who's the vice president of product and design, both with Google Cloud Poly. Welcome back. Thanks so much for joining us. >>Thank you. Good to be here. >>Well, so it goes without saying it. That 2020 has had quite a lot of changes. Really affect it. Start with you. You know, obviously there's been a lot of discussion is what is the impact of the global pandemic? The ripple in the economy on cloud. So I would love to hear a little bit. You know what you're hearing from your customers. What? That impact has been on on you and your business. >>Yes to thank thank you for asking as I look at our customers, what's been most inspiring for me to see is how organizations and the people in those organizations are coming together to help each other during this unprecedented event. And one of the things I wanted to highlight is, as we all adjust to this sort of new normal, there are two things that I keep seeing across every one of our customers. Better operation efficiency, with the focus on cost saving is something that's a business imperative and has drawn urgency. And the second bit is an increased focus on agility and business innovation. In the current atmosphere, where digital has truly become gone from being one of the channels being D channel, we're seeing our customers respond by being more innovative and reaching their customers in the way that they want to be rich. And that's been, for me personally, very inspiring to see. And we turned on Google Cloud to be a part of helping our customers in this journey in terms of our business itself. We're seeing tremendous momentum around our organization business because it plays directly into these two business imperatives around operational efficiency, cost saving and, of course, business innovation and agility. In Q two of 2020 we saw more than 100,000 companies use our application modernization platform across G ke and those cloud functions Cloud Run and our developers tools. So we've been, uh, just tagged with the response of how customers are using our tools in order to help them run their businesses, operate more efficiently and be more innovative on behalf of their customers. So we're seeing customers use everything from building mission critical applications who then securing, migrating and then operating our services. And we've also seen that customers get tremendous benefits. We've seen up to a 35% increase simply by using our own migration tools. And we've also seen it up to 75% improvement to all of the automation and re platform ing that they can do with our monetization platform. That's been incredible. What I do want to do. Those have a partner chime in on some of the complexity that these customers are seeing and how we're going about trying to address that >>Yes, eso to help our customers with the application modernization journey. Google Cloud really offers three highly differentiated capabilities. Us to the first one is really providing a consistent development and operations experience, and this is really important because you want the same experience, regardless of whether you're running natively in Google Cloud or you're running across clouds or you're running hybrid or you're running at the edge. And I think this is a truly unique differentiator off what we offer. Secondly, we really give customers and their developers industry leading guidance. And this is particularly important because there's a set of best practices on how you do development, how you run these applications, how you operate them in production for high reliability, a exceptional security staff, the stature and for the maximum developer efficiency on. And we provide the platform and the tooling to do that so that it can be customized to it's specific customers needs and their specific place on that modernization journey. And then the third thing on and I think this is incredibly important as well is that we would ride a data driven approach, a data driven optimization and benchmarking approach so that we can tell you where you are with regard to best practice and then help you move towards best practice, no matter where you're starting. >>Yeah, well, thank you, Aparna and Polly definitely resonates with what we're hearing. You know, customers need to be data driven. And then there's the imperative Now that digital movement Pali last year at the show, of course, Antos was, you know, really the talk of the conference years gone by. We know things move really fast, so if you could, you know, probably don't have time to get all of the news, but share with us the updates what differentiated this year along from a new standpoint, >>Yeah, So we've got tremendous set off improvements to the platform. And one of the things that I wanted to just share was that our customers as they actually migrate on to onto the cloud and begin the modernization journeys in their digital transformation programs. What we're seeing over and over is those customers that start with the platform as opposed to an individual application, are set up for success in the future. The platform, of course, is an tos where your application modernization journey begins. In terms of updates, we're gonna share a series off updates in block post, etcetera. I just want to highlight a few. We're sharing their availability off Antos for their middle swathe things that our customers have been asking about. And now our customers get to run on those on Prem and at the edge without the need for a hyper visor. What this does is helps organizations minimize unnecessary overhead and ultimately unlock all of the new cloud and edge use case. The second bit is we're not in the GF our speech to text on prem capability, but this is our first hybrid AI capability. So customers like Iron Mountain get to use hybrid AI, so they have full control of the infrastructure and have control off their data so they can implement data residency and compliance while still leveraging all of Google Cloud AI capabilities. Third services identity again. This extends existing identity solutions so that you can seamlessly work on and those workloads again. This is going to be generally available for on premise customers and better for Antos on AWS, and you're going to see more and more customers be able to leverage their existing identity investments while still getting the consistency that Anton's provides across environments. In the last one that I like to highlight is on those attached clusters, which lets customers bring any kubernetes conforming cluster on Toronto's and still take advantage of the advanced capabilities that until provides like declarative configurations and service automation. So one of the customers I just want to call out is Cold just built it. Entire hybrid cloud strategy on Anton's Day began with the platform first, and now we're seeing a record number of customers on Cold Start camaraderie. Take advantage of Mantel's tempting. With Macquarie Bank played, there's a number of use cases. I am particularly excited about major league baseball. I'm a big fan of baseball, and Major League Baseball is now using and those for 2020 season and all of the stadium across, trusting a large amount of data and gives them the capability to get those capabilities in stadiums very, really acceptable. All of those >>Okay, quick, quick. Follow up on that and those attached clusters because it was one of the questions I had last year. Google Cloud has partnerships with VM Ware for what they're doing. You know, Red Hat and Pivotal also is part of the VM Ware families, and they have their own kubernetes offering. So should I be thinking of this as a management capability that's similar to like what? What Andrew does Or maybe as your arca, Or is it just a kind of interoperability piece? How do we understand how these multiple kubernetes fit together? >>Yeah. So what we've done with Antos has really taken the approach that we need to help our customers are made and manage the infrastructure to specifically what Antos attach clusters gives our customers is they can have any kubernetes cluster as long as it's kubernetes conformance, they can benefit from all of the things that we provide in terms of automation. One of the challenges, of course, is you know, those two is configuring these very, very large instances in walls. A lot of handcrafting today we can provide declarative configuration. So you automate all of that. So think of this as configures code I think of this is infrastructure scored management scored. We're providing that service automation layer on top of any kubernetes conforming cluster with an tools. >>Great. Alright, uh, it's at modernization weeks, so Ah, partner, maybe bring us in aside. You were talking about your customers and what their what they're doing to modernize what's new that they should be aware of this year. >>Yeah, so So, First of all, you know, our mission is really to accelerate innovation in every organization through making their developers more productive as well as automating their operations. And this is something that is resonating even more in these times. Specifically, I think the biggest news that we have is really around, how we're going to help companies get started with the application modernization so that they can maximize the impact of their modernization efforts. And to do this, we're introducing what we're calling. The Google Cloud Application Modernization program or a Google camp for short on Google Camp has three pieces. It has an assessment, which is really data driven and fact based. It's a baseline assessment that helps organizations understand where they are in terms of their maturity with application modernization. Secondly, we give them a blueprint. This is something that is, is it encapsulates a specific set of best practices, proven best practices from development to security to operations, and it's something that they can put into practice and implement immediately. These practices, they cover the entire application lifecycle from writing the code to the See I CD to running it and operating it for maximum reliability and security. And then the third aspect, of course, is the application platform. And this is a modern platform, but also extremely extensible. And, as you know, it spans across clouds on this enables organizations to build, run and secure and, of course, manage both legacy as well as new applications. And the good news, of course, here is you know, this is a time tested platform. It's something that we use internally as well. For our Cloud ML services are being query omni service capability as well as for apogee, hot hybrid and many more at over time. So with the Google campus really covered all aspects of the application lifecycle. And we think it's extremely important for enterprises to have this capability. >>Yeah, so a party when you talk about the extent ability, I would expect that Google Cloud Run is one of the options there to help give us a bridge to get to server list. If that's where customers looking to my right on >>that, that's rights to the camp program provides is holistic, and it brings together many of our capabilities. So Cloud Code Cloud See I CD Cloud Run, which is our server less offering and also includes G ki e and and those best practices. Because customers for their applications, they're usually using multiple platforms. Now, in the case of Cloud Run, in particular, I want to highlight that there's been a lot of interest in the serverless capability during this last few months. In particular, I think, disproportionate amount of interest and server lists on container Native. In fact, according to the CNC F 2020 State of Cloud Native Development Report, you might have seen that, you know, they noted that 2.7 million cloud native developers are using kubernetes and four million are using serverless architectures or cloud functions, and that about 60% of back and developers are now using containers. So this just points to the the usage that was happening already and is now really disproportionately accelerated. In our case, you know, we've we've worked with several customers at the New York State Department and Media Market. Saturn are two that are really excellent stories with the New York State Department. They had a unemployment claims crisis. There was a lot. Ah, volume. That was difficult for their application to handle. And so we worked with them to re architect their application as a set of micro services on Google Cloud on our public sector team of teamed up with them to roll out a new unemployment website in record time. That website was able to handle the 1600% increase in Web traffic compared to a typical week. And this is very much do, too, the dev ops tooling that we provided and we worked with them on and then with Media market Saturn. This is really an excellent example in EMEA based example of a retailer that was able to achieve an eight X increase in speed as well as a 40% cost reduction. And these are really important metrics in these times in particular because for a retailer in the Cove in 19 crisis, to be able to bring new applications and new features to the hands of their customers is ultimately something that impacts their business is extremely valuable. >>Yeah, you think you bring up a really great point of partner when I traditionally think of application modernization. Maybe I've been in the space to long. But it is. Simplicity is not. The first thing that comes to mind is probably pointed out right now. There's an imperative people need to move fast, so I want to throw it out to both of you. How is Google's trying to make sure that, you know, in these uncertain times that customers can move fast and that with all these technology options that it could be just a little bit simpler? >>Yeah, I think I just, uh you know, start off by saying the first thing we've done is build all of our services from the ground up with automation, simplicity and agility in mind. So we've designed for development teams and operations teams be able to take these solutions and get productive with them right away. In addition, we understand that some of our largest customers actually need dedicated program where they can actually assess where they are and then map out a plan for incremental improvement so they can get on their journey to application modernization. But do it with the highest our way. And that was Google camp that apartment talked about ultimately at Google Cloud. Our mission, of course, is to accelerate innovation. Every organization toe hold developer velocity improvements, but also giving them the operation automation that we talked about with that application modernization platform. So we're very excited to be able to do this with every organization. >>Great. Well, Aparna, I'll let you have the final word Is the application modernization week here at Google Cloud. Next online, you can have the final take away for customers. >>Well, thank you, cio. You know, we are extremely passionate about developers on. We want to make sure that it is easy for anyone, anywhere to be able to get started with development as well as to have a path to, uh, accelerated path to production for their applications. So some of what we've done in terms of simplicity, which, as you said is extremely important in this environment, is to really make it easy to get started on. Some of the announcements are around build packs and the integration of cloud code are plug ins to the development environment directly into our serverless environment. And that's the type of thing that gets me excited. And I think I'm very passionate about that because it's something that applies to everyone. Uh, you know, regardless of where they are or what type of person they are, they can get started with development. And that can be a path to economic renewal and growth not just for companies, but for individuals. And that's a mission that we're extremely passionate about. Google Cloud >>Apartment Poly Thank you so much for sharing all the updates. Congratulations to the team. And definitely great to hear about how you're helping customers in these challenging times. >>Thank you for having us on. >>Thank you. So great to see you again. >>Alright. Stay tuned for more coverage from stew minimum and, as always, Thank you for watching the Cube. Yeah, yeah.

>> Announcer: From theCUBE Studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is theCUBE Conversation. >> Hi I'm John Furrier with theCUBE, we're here for a special CUBE Conversation. Obviously we're remote, we're in the studio most of the time but on the weekends I get an opportunity to talk to friends and experts. And here I wanted to really dig in with an awesome case study around AWS Cloud in a use case that I think is game changing for local communities, especially in this time of COVID. You have local communities where local journalism is suffering, but also connectedness. And connected experience is what's going to make the difference as we come out of this pandemic as a societal impact. But there's a real tech story here I want to dig into. We're here with Dan Drew who is the vice president of engineering for Clinical Didja, they make an app called Local BTV which basically takes over the air television and streams it to an app in your local area, enabling access to linear TV and on demand as well for local communities. It's a phenomenal project and it's unique. Somewhat misunderstood right now, but I think it's going to be something that's going to be very important. Dan, thank you for coming on and chatting with me. >> Thanks for having me, appreciate it. >> Okay so I'm a big fan, I've been using the app in San Francisco. I know New York's on the docket, it might even be deployed. You guys have a unique infrastructure capability that's powering this new app location, and this is the focus of this conversation in this CUBE Talk. Amazon is a big part of this. Talk about your local BTV that you are protecting, this platform for broadcast television, it has a unique hybrid cloud architecture. Can you tell us about that? >> Yeah certainly, I mean, one of our challenges, as you know, is that we are local television. So unlike a lot of products on the market, you know like your Hulus or other VMPV products, which primarily service sort of national feeds and things like that. We have to be able to receive over-the-air signals in each market. Many channels that serve local content are still over the air. And that is why you don't see a lot of them on those types of services. They tend to get ignored and unavailable to many users. So that's part of our value proposition is to not only allow more people to get access to these stations, but allow the stations themselves to reach more people. So that means that we have to have a local presence in each market in order to receive those signals. So that sort of forces us to have this hybrid model where we have local data centers, but then we also want to be able to effectively manage those in a central way, and we do that in our cloud platform which is hosted on Amazon and using Amazon services. >> All right let me take a breath here. You have a hybrid architecture on Amazon so since you're using a lot of the plumbing, take us through what the architecture of this ram is on using a variety of their services. Can you unpack that? >> Yeah, so obviously it starts with some of the core services like EC2, S3, RDS, which everybody on the planet uses. We're also very focused on using ECS; we're completely containerized which allows us to more effectively deploy our services and scale them. And one of the benefits on that front that Amazon provides is that because their container service is wired into all the other services like cloudwatch metrics, auto-scaling policies, IM policies, things like that. It means it allows us to manage those things in a much more effective way, and use those services to much more effectively make those things reliable and scalable. We also use a lot of their technologies, for example, for collecting metrics. So we use Kinesis and Redshift to collect realtime metrics from all of our markets across the U.S. That allows us to do that reliably and at scale without having to manage complex ETL systems like Kafka and other things. As well as store it in a large data lake like Redshift and Corid for analytics and things like that. We also use technologies like Media Tailor, so for example, one of the big features that most stations do not have access to is realtime targeted advertising. In the broadcast space, many ads are sold and placed weeks in advance, and not personalized obviously for that reason. Whereas one of the big features we can bring to the table using our system and technologies like Media Tailor is we can provide realtime targeted advertising which is a huge win for these stations. >> What are some of the unique capabilities that you guys can offer broadcast station partners 'cause you're basically going in and partnering with broadcast stations as well. But also you're enabling new broadcasters to jump in as well. What are some of the unique capabilities that you're delivering, what is Amazon bringing to the table there and what are you doing that's unique? >> Well again, it allows us, because we can do things centrally as well as the local reception, it allows us to do some interesting things like if we have channels that are allowed to broadcast even outside their market, then we can easily put them in other markets and get them even more viewers that way. We have the ability to even do hyper local or community channels that are not necessarily broadcasting all of the standard antennas, but can get us a feed from whatever zip code in whatever market, and we can give them a way to reach viewers in the entire market, in other markets, or even just in their local area. So consider the case where maybe a high school or a college wants to show games or local content, we provide a platform where they can now do that, and reach more people using our app and our platform very very easily. So that's another area that we want to help expand is not just your typical view of local of what's available in Phoenix, but what's available in a particular city in that area or a local community where they want to reach their community more effectively or even have content that might be interesting to other communities in Phoenix or one of the other markets. >> Now I think, just going on a side tangent here, I talked with your partner, Jim Long, who's the CEO, you guys have an amazing business opportunity. Again, I think it's kind of misunderstood, but it's very clear to me that someone who follows and has huge passion about local journalism, you know you see awesome efforts out there like Charlie Sennott from the Ground Truth Project Report for America, they take a journalism kind of print view, but if you add that Didja business model onto this local journalism, you can enable more video locally. I mean, that's really the killer app, video. And now COVID more than ever, I really want to know things like there's a mural in downtown Palo Alto, Black lives matter, I want to know what's going on with the local summer restaurants, putting people out on the sidewalks. Right now I'm limited to like next door or very laggy media, whether it's the website, so again, I think this is an opportunity for that, plus education. I mean, Amazon educate for instance, you can get a degree on computing by sitting on the couch. So again, this is a paradigm shift from an application standpoint that you're providing essentially linear TV to that. >> Exactly. >> In the local economy. So I just want to give you a shout-out for that because I think it's super important. I think people should get behind this, so congratulations. Okay I'm off on my little rant there. Let's get back down to some of that cloud stuff 'cause I think what's super interesting to me is you guys can stand up infrastructure very quickly, and what you've done here, you've leveraged the benefits of Amazon and the goodness of cloud, you essentially can stand up a metro region pretty quickly and pretty impressive. So I got to ask you, what Amazon services are most important for your business? >> Well like I said, I think for us, it's managing the central services so we sort of talked about managing the software, the APIs, and those are kind of the glue, so for us standing up a new metro is obviously getting the data center contracts and all the other messy stuff you have to deal with, just to have a footprint. But essentially once we have that in place, we can spin up the software in the data center and have it hooked into our central service within hours. And we can be starting channels literally within half a day. So that's the real win for us is having all that central glue and that central management system and the scalability where we can just add another 10, 20, 50, 100 markets and the system is set up to scale centrally where we can start collecting metrics through Cloud watch from those data centers, we're collecting logs and diagnostic information so we can detect health and everything else centrally and monitor and operate all of these things centrally in a way that is sane and not crazy. We don't need a 24/7 knock of a thousand people to do this, you know, and do that in a way that we, as a relatively small company, can still scale and do that in a sensible way, and a cost-effective way, which is obviously very important for us at our size, but at any size, you want to make sure if you're going to go into 200 plus markets that you have a really good cost model and that's one of the things where Amazon has really really helped us is allow us to do some really complex things, and in an efficient, scalable, reliable, and cost-effective way. The cost for us to go into a new metro now is so small relatively speaking that that's really what allows us to do as a business and now we just opened up New York and we're going to keep expanding on that model so that's been a huge win for us is evaluating what Amazon can bring to the table versus other third parties or building our own obviously-- >> So Amazon gives you the knock basically leverage and scale. The data center you're referring to, that's pretty much just to get an origination point in the territory. >> Dan: Exactly, that's right. >> So it's not like it's a super complex data center. You can just go in, making sure that they got all the normal path to recovery and the normal stuff, it's not like a heavy duty buildup. Can you explain that? >> Yeah, so one thing we do do in our data centers is because we are local, we have sort of primary data centers where we do do transcoding and origination of the video so we receive the video locally and then we want to transcode and deliver it locally and that way we're not sending video across the country and back type of thing. So that is sort of the hybrid part of our model. So we stand that up, but then that is all managed by the central service. So we essentially have another container cluster using Kubernetes in this case. But that Kubernetes cluster is essentially told what to do by everything that's running in Amazon. So we essentially stand up the Kubernetes cluster, we wire it up to the central service, and then from then on, we just go into the central service and say stand up these channels and it all pops up. >> Well my final question on the Amazon piece is really about the future capability besides having a CUBE channel which we'd love to have on there, I told my guys we'll get there. But we're just too busy working around the clock as you guys are with COVID-19. (overlapping chatter) I could almost see a slew of new services coming out, just on the Amazon side. If I'm on the Amazon side I'm thinking, okay I'll post this as an opportunity for me. I can see sage making and machine learning coming in and adding value for the user experience. And also enabling their own stuff. They've got a ton of stuff with Prime and moving people around and delivering things. I mean the headroom for Amazon in this thing is off the charts. But that being said, that's Amazon, I could see them winning with this. I know certainly I know you're using Elemental as well, but for you guys on the consumer side, what features and what new things do you see on the roadmap or what you might envision the future looking like? >> Well, I think part of it I think there's two parts. One of it is what are we going to deliver ourselves so we talked about adding community content and continuing to evolve the local BTV product. But we also see ourselves primarily as a local TV platform. For example, you mentioned Prime and a lot of people are now realizing, especially with COVID and what's going on, the importance of local television and so we're in discussions on a lot of fronts with people to see how we can be the provider of that local TV content. And that's really a lot of stations are super excited about that too 'cause you know, again, looking to expand their own footprint and their own reach, we're basically the way that we can join those two things together between the stations, the other video platforms, and distribution mechanisms, and the viewers obviously at the end of the day, we want to make sure local viewers can get more local content and stuff that's interesting to them. Like you said with the news, it is not uncommon that you may have your Bay area stations but the news is still maybe very focused on LA or San Francisco or whatever. And so being able to enable the smaller regional outlets to reach people in that area in a more local fashion is definitely a big way that we can facilitate that from the platform and viewer perspective. So we're hoping to do that in any way we can. Our main focus is make local great and get the broadcast world out there and that's not going anywhere especially with things like HSE3 on the front, and we just want to make sure those people are successful and enrich people and make revenue. >> Yeah, you got a lot of (mumbles) but I think one of the things that's interesting about your project that I find is a classic case of people who focus in on just current market value investing, versus kind of the game-changing shifts is that you guys are horizontally enabling in the sense that there's so many different use cases I was pointing out from my perspective, journalism, and I look at that and I'm like, okay that's a huge opportunity just there, changing the game on societal impact on journalism, huge education opportunity for court cutters. You're talking about a whole nother thing around TV so I got to ask ya, pretend I'm an idiot for a minute. Pretend, let's make it, I am an idiot. I don't understand, isn't this just TV? What are you doing different because it's only local. I can't watch San Francisco if I'm in Chicago and I can't watch Chicago if I'm in San Francisco, I get that. But why is this important? Isn't this just TV? Can't I just get it on YouTube, TikTok, what is this? >> Yes and no. There's TV and then there's TV as you know. If you look at the TV landscape, it's pretty fractured but typically when you're talking about YouTube or Hulu, you're talking about sort of cable TV channels. You know, you're going to get your A&E, you're going to get some of your local through ABC and whatnot, but you're not really getting local content. So for example, in our Los Angeles market, there are about 100 and something over-the-air channels. If you look at the cross section of which of those channels you can get on your other big name products like your Hulus or your YouTube TV, you're talking about maybe half a dozen or a dozen. So we're talking about 90 plus channels that are local to LA that you can only get through an antenna. And those are hitting the type of demographics that, quite frankly, some of these other players just don't see as important. >> Under different minorities or immigrants, the each entrepreneurs of our country. >> Yes exactly, so we might see a lot of Korean channels or Spanish channels or other minority channels that you just won't get over your cable channels or your typical online video providers. So that's, again, why we feel like we've got something that is really unique and that is really under-served as far as on a television standpoint. The other side that we bring to the table is that a lot of these broadcast channels are under served themselves in terms of technology. If you look at ad insertion and a lot of the technical discussions about how to do live TV and how to get live TV out there, it's very focused on the OTT market, so again, going back to the Hulus and the YouTubes. >> OTT, over-the-top you mean. >> Over the top, yeah. And so this broadcast market basically had no real evolution on that front in a while and I sort of mentioned the way ad buying works. It's still sort of the traditional ad buying that happens a couple weeks in front, not a lot of targeted or anything ability. And even when we get to HSE3, you're now relying on having an HES3 TV and you're still tied to an antenna, etc, etc, which is, again, a good move forward, but still not covering the spectrum of what these guys really want to reach and do. So that's where we kind of fill in the gaps using technology and filling in the gap of receiving a signal and bringing these technologies to not only the ad insertion and the stuff we can do for the livestream, but providing analytics and other tools to the stations that they really don't have right now unless you're willing to shell out a lot of money for Nielsen, which a lot of local small stations don't do. So we can provide a lot of analytics on viewership and targeting and things like that that they're really looking forward to and really excited about. >> All right, I got to ask you, put you on the spot here, 'cause I always see Andy Jassy at (mumbles) hopefully I'll see him this year if they do an in-person event. He's really dynamic and you should send him an email; he tends to read his emails a lot, and if you're a customer and I know you are, but I've got to ask you, if you bumped into Andy Jassy on the elevator and he's like, hey why should I pay attention to Didja? Why is it important for Amazon and why is it important for the world? How does it raise the bar on society? >> Well I think part of what Amazon's goal, especially if you get into their work in public sector and education, that's really where we see we're focusing with the community and local television and enabling new types of local television. So I think there's a lot of advantage and I hate the word synergy, but I'm going to use the word synergy. As far as our goals in those areas around really helping, one of the terms flying around now is the double bottom line where it's not just about revenue, it's about how do we help people in communities be better as well? So there's a bottom line in terms of people, benefit, and revenue in that way, not just financial revenue. And that's very important to us as a business as well is that's why we're focused on local TV and we're not just doing another Fubo where it's really easy to get an IP national fee. It's really important to us to enable the local community and the local broadcasters and the local channels and the local viewers to get the content that they're missing out on right now. So I think there's a, I hate it but I'm going to use it, synergy on that front as far as-- >> Synergy and the new normal. >> Synergy and the new normal? I think COVID and some of the other things that have been happening in the news with the Black Lives Matter and a lot of the things going around where local and community has been in the spotlight and getting the word out and having really local things versus I'm just seeing this thing from three counties away which I don't really care about and it's not telling me what's happening down the street like you said. And that's really what we want to help improve and support. >> Yeah it's a great mission, and it's one we care a lot about theCUBE. We've seen the data: content drives community engagement, and community's where the truth is. So in an era when we need more transparency and more truth, you get more cameras on the street, you're going to start to see things. That's what we're seeing a lot of things. And as more data's exposed, as you turn the lights on, so to speak, that kind of data will only help communities grow, heal, and thrive. So to me, big believer in what you guys are doing. Local BTV has a great mission. I wish you guys well and thanks for explaining the infrastructure on Amazon. I think you guys have a really killer use case technically. I mean to me, I think the technical superiority of what you've done give ability to stand up to these kinds of network with massive number of potential reach out of the gate, that's pretty impressive, congratulations. >> Great, thank you very much and thanks for taking the time. (upbeat music)

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> Everyone, welcome to this CUBE conversation here in theCUBE studios in Palo Alto. We're here for remote interview. We're continuing with the COVID coverage, the quarantine crew. I'm John Furrier, host of theCUBE. Got a great guest, Christal Bemont. The CEO of Talend, just joined the club in the middle of the pandemic. Christal, thanks for joining us and nice seeing you. >> It's a pleasure to be here. Thank you for having me. Well, I think it's a really great conversation to have a couple of threads that are interesting to me. One is, Talend's... We've been covering for a long time, obviously. Their position in the marketplace, we've been following their trajectory. You're new to the company, but you joined right in the middle of, as COVID was going down. And we're still in this mode and it looks like it's going to be for some time. I'd love to get your thoughts as we're in this mode. First, what attracted you to Talend, your new? And, what's it been like there since you've been there, you can't meet people face to face. So you must be doing a lot of remote interviews, then remote conversations. >> Well, you're right about that, I had a very short window that I could get out on the road. And I'm so grateful that I did because visiting our offices, our customers and our partners is critical to, really surrounding ourselves with amazing people that we have Talend. But you know, I'll just go back to why I joined Talend and it really goes to the customers, our customer stories just captured my attention right away. The way that Talend shows up to drive outcomes for customers that are tangible, that are quantifiable, and that are game changing was something that interested me. And it really is that at the heart of every conversation is data. So it was a simple decision for me to say, those are the types of things I want to be involved in. And so Talend was definitely something that became very attractive. >> It's interesting, we've watched the progression of the big data market and now 10 years in, and the explosion of cloud, obviously, everyone's talking about data as a key ingredient for application development. And you're still seeing kind of the challenges of how do you manage the data. And then how do you put that into action for insights, because now you have these connected experiences. And even more highlighted with the COVID pandemic, you still got to run the business, you still need the data. The workforce is remote. The future of work, work force, workplace, workloads and workflows all have data. This is a real. >> That's right >> Challenge with now the connected experience being the number one problem and making that good, and making that valuable. What's your take on? >> That's right. I couldn't agree more. You know, we talked a lot about digital transformation for years, quite frankly. And I would say, you know, we've been in a digital transformation evolution. And I think what has happened now is COVID is an accelerant and it's a, now it's a digital revolution and at the heart or maybe the cornerstone, if you will, of the any digital transformation is data transformation. You think about digital transformation is about mindset. It's about changing your entire way that you operate as a company. It's not just about systems and technology, that's a really critical part. But everything that fuels the ability to get outcomes out of a digital transformation is data. And so the ability to leverage. Like you said, there's connected data, there's more data than we've ever had. And that's a massive opportunity. But having a lot of data is not always the answer. Sometimes that becomes a big responsibility with regulations, and also something that if not carefully governed, not really something you can leverage properly to run your business. So data is at the heart of all the things going on at this moment. >> It's interesting to, you know, a lot of the main trends outside of kind of the inside the industry discussions around data and the role of data. The consumer side of it, is seeing it with fake news. You're seeing it with the data around COVID. Anyone can make data tell a story. There's always you know, >> Right. causation versus correlation, that discussion. But when you start thinking people being exposed to the data problems, there's an opportunity in there and one of the big things is trust. What data can I trust? What's authentic? And then, how do I make sure that it's not just supporting a story? There's all kinds of things going on around it. It makes it seem like a broader challenge. Trust seems to be at the heart of it. What do you trust? Who's the source? It's just all life now as data infiltrated all of our lives. It's certainly now exposed. >> You couldn't be more right on that one. And you can see it play out, in the media, you can see it play out again. This accelerating set of circumstances that are playing out every single day, as people are staying so closely, watchful of data informing decisions that everyone's making around the world in a lot of different ways. And you've seen a lot of times where there's a question about the quality of the data, the accuracy of the data, who's providing the data. And, that's the environment that Talend, really supports and lives in, even prior to COVID. But it just underscores the importance of not just having a complete set of data. And I would say, even taking it further than just having what we would traditionally call quality of data. And really taking it down to something, you used really important word is, trust. How can you make sure that the data that you're making decisions on is something you can trust, and when it comes to health and well being that's certainly something that you can't afford not to have? And it's an area that is underserved right now that we've spent a lot of time thinking about and how we're starting to show up to provide those solutions to our customers. >> I want to get into the customer conversation. I think there's a lot of use cases I want to unpack with you. But I want to first get your vision on how you guys see the future. What is the vision of Talend? And how do you see it? What's the plan? What's the big story there? >> You know, there's a couple of things. I look at this and say, right now in the industry and in our customers, which we cover all different segments, all different sizes of customers all around the globe. They have a variety of use cases, if you will. A variety of needs, everything from the most simple ingestion to some of the more complex transformation and governance projects that they're running. And first and foremost, we show up uniquely as a platform, a platform that allows people to activate and utilize different parts of our services that we can provide to an entire organization. And that's something that is really important to us. And we also look at how do we make the process in which they're using Talend and the skills that are required, you know, really push the envelope on making those as simple as possible. The ability to get to time to value as quickly as possible is our ultimate goal. And then looking, you know, finally, the third lane is to make sure that we can provide not just, as I said, the completeness of data, but that it's really data that they can boil down to something that has intrinsic and quantifiable trust. Because all the time we spend, all the money that's spent on collecting the data is really only as good as the, ability to say I can emphatically trust it, and I can tell you why. And I can show you the footprint of that data. And that's something really important right now more than ever. >> I was talking to my family, I've four kids, and they're all kind of growing up now. And, we're having these conversations on COVID and the question of AI comes up all the time and AI is very, cool for kids, but they don't really know how to talk about machine learning. So I got to ask you around how you see the machine learning piece come in because data feeds AI, I mean you got, it's a real... And that's how I described my kids, data is the fuel for AI and you got to feed that in there. But it's not that easy. What's your reaction to that? Because I think a lot of companies are saying, I have to automate things, the DevOps world and agility come into the mainstream operations of businesses. And there's a agility piece, there's a value of the data is being recognized. But now I got to put it to practice. What's the playbook? What's your reaction to all that? >> Yeah, I think you're right. I mean, first of all, AI and machine learning have a really important role in the simplification, the ability to move at speed and to, perform functions that quite frankly are going to move us into an entirely new realm of possibility. I still will contend, whether you're feeding that with, anything that you feed data into with data has to be really good quality data. AI machine learning is only as good as the information that you're feeding it with. And so, it is really, really critical that we leverage these technologies to their fullest extent, but that we make sure that we feed it in the right way. So I think it's a really big part of our future. I think it's something that's going to be important. But we have to have the certainty that we're using them in a way that's coming to, a place of the right outcome. And that starts with what you feed it to use to go use to improve the processes. >> Christal, one of the patterns we're seeing is that decision makers and CXOs are looking at the COVID pandemic and saying, okay, I did my thing with triage. Now, I got to reset and get the foundation set again and look at the projects that are going to be important. And I got to figure out the holistic architecture 'cause I need a growth strategy, and I got a reset maybe some of the team members projects and whatnot. What's your view on this? Because now new decisions have to be made, roles that might change as well. So this is going to change, how come he's going to make decisions? What's your reaction to that with the customers? They are trying to figure this out, what's your advice? >> Yeah, that's absolutely right. And this is about re-instrumenting a business, reinventing it in many cases, a great example is Domino's, who is maybe surprisingly, for some a pioneer in, digital transformation that's been a number of years in the making, that really has shown that with being in a state of being able to adapt quickly to circumstances and to be forward looking, how critical it is. And so I think this has been a wake up call for organizations across the globe to say we have have to be on the ready, we have to be able to be instrumented in a way that we can make quick decisions and Domino's case it became, originally the ability to you know, they were the first pizza delivery to try out drones for pizza delivery and, you know, to... And have gaming devices where you can order pizza because that's where their customers read and when COVID hit contact list became a criteria and so you can really see how they are able to separate themselves. You see people being leaders that have been further along in their transformation. So I think what this has done is expose some vulnerabilities, quite frankly. And this is a wake up call for companies around the globe that can no longer afford to be in a state where they can't pivot quickly. And looking backwards is no longer the thing that informs people in a state of something like COVID, because there really aren't examples or patterns to look at. So re-instrumenting the business is really critical, data has to be transformed to perform better for companies. >> It's interesting you bring that, a point about the pivot and the companies resetting and reinventing for that growth strategy is that, you're seeing brand impacts and also financial results are directly related to it. So if you're not ready, this has, it could have a real detrimental impact on the brand value, and ultimately financial results. And this is kind of forcing people to say, it's not just an IT problem. It's a business model change and data is shown now to be the key ingredient, because that's where the agility is going to come from, that's where the value is there. And this is all been talked about in the industry before. But now it's kind of our mainstream. This is now the new reality that my brand opportunity and the financial results, my company are at stake. Can you comment on your thinking around that? Because this is a top line, high order bit, if you will conversation among the top boardrooms. >> Yeah, it is. And I agree with you, many of these conversations have been going on for a while now, right. And I think this just exposes the criticality of what happens when you're not in a state of being able to really reinvent yourself or like I said, re-instrument, and if you're already in that state, how much better off you are. Brands are taking a hit in terms of their ability to show up and it goes beyond just their ability to perform, as a business, but to really show up differently for their customers, support people in a different way. And really make sure that they can respond also from a social perspective, how are they going to help and contribute to what the world is facing. And so, it really is asking companies to really fire on all cylinders, quite frankly. >> I want to give you a thoughts on two thought tracks and they're kind of connected, so bear with me. One is, we've heard a lot from the marketplace that with the pandemic, the reality of the IT teams that collect the data and the business teams that have to make the decisions are changing, obviously with the work at home and all the different dynamics around the re-architecting. And then you have the competitive advantage now which people are pointing to as speed and scale. So you've got your internal kind of organizations that are managing wrangling data, ingesting data, the business teams with the customers, and that's kind of was the slow rolling way it was before. Now you got that changing. And now you got pressure to be faster and more scalable. So scale is a competitive advantage, speeds that competitive advantage. These are important kind of flywheel elements of the new models that people are being successful, what is your reaction to that? >> I couldn't agree more. It is a competitive weapon, quite frankly. It is an operational accelerant. And it is an innovation catalyst. And, you know, time is no one's friend, quite frankly, it's one of those odd things right now where for all of us that are working from home and time has this odd sense of reality to it. But it's... You know, really quite frankly you cannot act fast enough. But what's interesting about enabling companies to act fast, that has to come down to the ability for them to be able to, spend the time in the right places. So for example, when I think about the number one thing that we can do is it takes a lot for organization sometimes to put the information in the hands of the right people at the right time. So that the time that's being spent by an overall company, not just an individual within a company but the entire company. You have to be able to decrease that, so that the time that they're spending is actually on helping drive outcomes. And so some of this and you just struck a chord on in everything I think about is, how quickly we can get the right data in the hands of the right people because, in AstraZeneca's case for example, the difference of being able to do that, their highest cost in their business is clinical trials. Being able to get information you can use and reduce a month of, how fast they can bring those clinical trials to bear is saving them hundreds of millions of dollars. But that right now AstraZeneca is an important player in helping us solve for this. So you think about how important it is to get information to the right people, and time is of critical essence right now. >> Yeah, it's interesting (indistinct) that business model advantage, but also you got a lot of... That's an opportunity not for many, but there's also a lot of, I won't say heavy lifting, but maybe a drag, some might call it compliance. You know, GDPR, whatnot. Balancing that kind of, I won't say drag. I mean, I think it's a drag personally, but I think we have to have those things in place. You want to maintain the compliance, rigidity that's out there, but also have room to innovate. That balance is very difficult. And it's really mostly highlighted in the data bases because that's where the action is around data privacy and those compliance things. But if you got an innovation formula there that you're talking about, and you got compliance, if you get one wrong and right, you got to balance it. What's your take on that? Because that's a huge challenge. It's one of those things that's kind of not talked about much, but pretty much there. >> You're right, indeed it is a complete balance but you can't have one without the other. In highly regulated industries, especially with companies like AstraZeneca. But really, if you think about any company the ironic thing right now is that when you're looking at, even a single report, but certainly across an entire company or line of business, right now you can see that there's quality measures and governance that, we put into play. But the ability to actually, quantifiably say on a single piece of data that you can track, where that data has been, who's touched it? How complete is it? And really kind of put a measurable trust score against it, there's work to be done there. But, with GDPR, with HIPAA, and interestingly enough, we're looking to, kind of challenge some of the norms with COVID that says, we now want to collect data that is formally considered privacy, and maybe something that would be regulated. And now we want to share it for the greater good of, making sure that we can track and trace where people are at that maybe are infected and so forth. And so you're starting to see this interesting conversion of challenging the fact that we've got at least be able to support people in their governance of data, but take that a step further, really. >> Awesome, final question. You had Talend Connect, which is your big kind of confab. What best practices are emerging out of Talend these days for customers? If you had to kind of highlight the top use cases or best practices that customers and your potential customers could leverage right now with data, what are you guys putting out there? What are the key best practices? 'Cause everyone has a new reality sets of knowledge, we talk deeply about it, but what's the best practices? What are you guys offering? >> Well, I think, one of the things that I alluded to before is really making sure that we show up as a strategic business partner. And this is really important to us, you know, there all this these things that we've been talking about, they're heavy lifting for organizations to really look at how they bring the digital revolution to the forefront. There's a lot to consider. And so our part in that is to say, we believe that when you power your business on Talend, and you're able to solve for a number for different problems across platform, then that's really important that we show up in the way that we can meet our customers where they're at, so that's one. Making it simple, you know, really pushing the boundaries on the level of expertise, the specialization, the time to value of making sure that they can leverage. Again, spending their time on the things that are important, which are making sure that they're spending it in quality data and data they trust. And then really making sure that final lane is covered up saying, we want to make sure that data is accessible when you need it, where you need it. Things like IoT and edge devices, this proliferation of data is just becoming immense. And so, taking the data, giving it to people, but in a way that they can have confidence. It's the same thing you just said before, there's a lot to consider. And there's in a way a burden of people not knowing maybe all the data they have and how it's being used. We feel responsibility to make sure that we're part of helping that become easy and identifiable and really taking it to the next step beyond quality, so it's really across all of it just simply putting people in a position to be able to make good decisions and not have to do so much of the heavy lifting. And making sure that they know for a fact that it's something that they've made a good decision around because of the data has been trusted, and they can have the confidence in that. >> Awesome, we think data is added advantage. It's just getting more important then ever as the days go on. So great, great insight. Christal, thank you for that insight. Before we end, take a minute to put the plug in for Talend. What do you up to? You guys are hiring, you looking for folks? What's the business plan? Why you guys winning? What's the hot product? Take a minute to give up a quick update on Talend. >> Sure, we're in a great situation where, this is a point in time at Talend where (indistinct) a great trajectory in front of us, we see speed and scale of our organization that has an opportunity in front of it to really help solve problems for every part of the market, whether it's the, smaller businesses who are certainly in it at a point where they're, having a big impact to the largest organizations. And we feel that there's a set of solutions that we can really work to drive as a partner, to each of those customers to solve for the problems that put them in a position to really be able to re-instrument and to reinvent their business. And when we partner like we have with the companies that I mentioned, Domino's and AstraZeneca, and many others, it comes back to why I join Talend, we have the ability to change the outcome of really separating organizations from the pack and data is the competitive advantage. It is the thing that will put people on a different trajectory. And I'm excited about what we bring to the table and I'm really excited about what's to come and how we'll continue to push the envelope for how we help our customers. >> That's awesome, congratulations. Congrats on the new role of Talend to CEO, Christal Bemont. >> Thank you. >> Big up Talend, data is at the heart of the value proposition. We've been saying that for 10 years now more than ever, it's exposed that the value is there, speed and scales the new table stakes for competitiveness and business models for the applications. Again, great CUBE captures, great insight. Christal thank you for joining me today. I'm John Furrier, host of theCUBE. It's been a CUBE conversation. Thanks for watching. (upbeat music)

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation [Music] hello everybody and welcome to this week wiki bond cube insights powered by ETR in this breaking analysis we want to update you on the latest spending data from EGR as you know we've been tracking this weekly saga kodachi is here he's the director of research at ET our saga thanks for coming on thanks for having me again Dave really appreciate it yes so so let me remind everybody so we entered the Year this year 2020 with a consensus IT spend for cast of plus 4% once coronavirus hit ET are launched its latest survey in March and we saw those numbers you'll come down last week we reported well the first report we made was it looked like it was flat last week we reported a slight negative and today we want to update you guys on those numbers so saga before we get into the data just give us the high level on where you guys are at in terms of your survey yeah no problem so currently we are forecasting a decline in global IT budgets about negative 4% I think what's happened you know over the last you know 10 or 15 days is you've just seen more and more information released that's given organizations more of an understanding of just how severe this you know epidemic is and so what we've been able to do on our end is kind of do an event study analysis or simulation analysis kind of what you're seeing here a really pinpoint the time period where organizations understood the severity of the epidemic and then really trying to measure the declines in IT budgets from there great so guys bring that slide back up I want to share with our audience what's happening here so what ETR has done is an event-based analysis and what you can see is where the survey launched on 3/11 you could see how sentiment has declined literally daily as the data rolled in then you see the US declared a national emergency you saw that the federal plan leaked for that you know penned pandemic protect projection and obviously New York became a hot spot and then you can see this the stimulus package in it and sagger it looks like there's a slight uptick here but generally speaking it's down now it could be worse but you guys were the first to report the offset from work it worked from home infrastructure we'll talk about that a little bit talk about this event analysis and what you're seeing here and how you compressed the analysis hosting these events no problem so let's start with a blue line here and just so the audience knows the x-axis is going to be date and the y-axis is going to be annual growth or decline in nit budgets what you're seeing here and if we start with the blue line is we started pulling on 3/11 and on that date we started to ask you know fortune 100 is fortune 500 how their budget was going to change based on the impacts of coded nineteen versus their original expectations coming into coming into the year and again consensus estimates coming to the year were positive four percent so if you track that line all the way through you get to a decline of about one percent now what's the issue of starting polling on 3/11 or using that blue line well one of the big issues is a few days later the US declared a national emergency so more information was released right I think organizations that took the survey in the first two days didn't have a complete picture as to what's going on and then effectively a week later you saw federal documents get leaked stating how bad this epidemic was right in terms of the last 18 18 plus months and so what we did was we did it effectively an event based analysis or defuse different simulation where if you take a look at the yellow and red lines to start what we're doing is we're effectively saying okay let's ignore everyone that took the survey prior to that let's take their budgets in terms of how they indicated change versus their original expectations for 2020 and then let's go ahead and map that and if you look at the yellow line as an example that goes to a decline of 2% and then once I think you know the next shoe dropped in terms of organizations understanding this is not going to be a few weeks or this is not the common cold or flu once organizations knew this was going to be an 18 plus epidemic you can see if we started pulling respondents from there how much more negative it gets and of course once NYC became the epicenter you saw a little another shoe drop so now those those scenarios or simulations are taking us between a decline of three and four percent and then of course if we look at that last purple line there when the stimulus got announced what we are seeing is it looks like it may have bottomed down we have to continue tracking it because you know again it's just a few days since the stimulus is was passed and so let's see if the data starts improve a little bit or at least stabilize but I think from the last three events in terms of the the federal plan being leaked NYC becoming the epicenter and the stimulus it looks like the market now is fully aware of what's going on and now we're kind of seeing some stabilization in the data in terms of the declines for 2020 so between the feds action and the the fiscal stimulus we've we've seen some optimism although people are really cautious of course remember folks this would be worse were it not for the shift in spend to work from home infrastructure not just collaboration and visualization tools but other infrastructure around that network bandwidth security desktop virtualization etc so guys if you bring up the next chart I want to set this up we've been reporting this framework for a while now what this shows is what the sentiment is in terms of the budget change and you can see the gray bar now is 35% it started at 40% so that's dropped so the percentage of CIO saying no change the green is held pretty steady at around 20 to 22% that's it's roughly in there and the red you know has been has been shifting and you can see most of the green ie spending more in 2020 is focused on that you know one to two ten percent but but Sagar bring us up to date now we're going to settle in it right now about three and a half to four percent on the negative side give us some color on this chart please yeah no problem so the best way to connect this chart with what we saw earlier is this is a snapshot so this is a single day so this is the data that is feeding the time series chart kind of help the audience understand what's going on so if we were to look at this exact chart Oh since March 11 you would see that midpoint Average effectively coming down every day and that's effectively what's making up that time series in terms of this chart you know Dave you kind of hit it right on the nail you're kind of seeing the positivity remain or be stable and again that's that work from home infrastructure as you as you mentioned right the collaboration pools no the virtualization support services networking bandwidth all that stuff right being more and more security but on the negative side I think what you're seeing is that again as organizations now understand the severity of the epidemic I think as we understand further and we've talked about this you know a few weeks ago that organizations were anticipating less demand they were anticipating an uptick in broken supply chains now you're starting to see some of that play out and as a result you're seeing organizations get more and more negative and that's why that midpoint average it keeps declining that's why those red bars keep going up is the the impacts in you know based on the data are are now starting to be to be seen and so you know let's see if the stimulus stabilizes this data and we'll continue tracking that you know over the next few weeks the next few months okay so basically we're coming in - three and a half to four percent that's where we are today we're not going to get detailed into some of the vendors today we talked a little bit about that last week and go back to last week's breaking analysis you can see some of that vendor commentary I want to talk about what happens next ETR now we'll go into a two-week quite self-imposed quiet period and really start crunching the data at the end of that quiet period they will release to their private clients the their latest thinking in a webcast after that time we at the cube are allowed to share public information and we're gonna drill down into some of the segments that our community is most interested in but-but-but etrs going quiet now so saga maybe you can explain that sequence and fill in any holes that I missed there yeah no problem the next two weeks so we've we've collected a tremendous amount of data you know we're over you know we're at a hundred fortune 100 organizations you know almost three four hundred global two thousand organizations and so we're at a point now where it's time to start aggregating the data start really analyzing it going through this Koga drill down that we conducted but also we conducted a tremendous study on technology spending intentions of crossing over 350 vendors dozens of Technology sectors and so now it's really a time to kind of drill in and you know what what we're looking for or even some of the biggest takeaways from from this Cove it you know drill down is you know if if you started polling before 3:23 chances are your forecast is gonna come in light and I think that's one of the things that we've learned as we're kind of going into this to hear it is we really want to measure the impact starting right around that 3:23 timeframe it looks right around then based on that time series chart that we showed earlier that's when the market fully understood the impact of this epidemic and so as we start over the next two weeks even though we started pulling a little bit early we really want to focus on that second set a second half of responses because that's probably gonna be more indicative of what's going on I think the second thing is gonna be look if condition of conditions continue to deteriorate things can get worse and so we may come out of the next two weeks with this data that we collected and again have to continue indicating that you know the environment has continued coming down and you know maybe we may have to make adjustments as we see fit so I think that's kind of you know this whole situation is so dynamic still and so we're gonna do our best in the next week and a half to kind of get this data to market to at least give everyone an idea here's how everything stands right now and so that people have a good benchmark and then move forward yeah so this is as close to real time really as you can get in some of this IT spending world saga mentioned some of the numbers and in the global 2000 fortune fortune 100 1000 this this end now just the reminder is up over 1200 I believe right Sahra the total and that you've collected this this month that's correct exactly every time we've been doing one of these it's been going up another a couple hundred respondents so yeah we're at a very comfortable level now our sample right now represents five hundred and fifty five billion dollars in annual IP spend you know and global IT spend every year is a little over you know three trillion so this is a significant significant portion of a global IT spend and we feel comfortable at this point kind of going into that quiet period as you mentioned and really start to dig through the results that you know now that we've kind of you know covered the the 10,000 foot or the macro layer so to speak in terms of where budgets are going now it's really time to start drilling down and do the sectors and vendors because this is this is not going to be a every vendors going down or whatever maybe there's so many different dynamics here some vendors are going to do very well because the work for MoMA infrastructure and I think some vendors are gonna do very poorly because one they're not only on the legacy side but they're not really aligned from this whole work from home infrastructure movement so you're gonna see a lot of bifurcation you know as we get into 53 that's right and we're gonna dig into all those segments we're gonna look at the work from home we're gonna look at the traditional stuff we're gonna look at cloud we're gonna drill into specific segments that are that are of interest to our community it's a pleasure to really have you on here Sagar thank you for for sharing giving us access to this data and and stay safe and we will be watching go to ETR dot plus and you know check out what's happening there Silicon Engel Tom will obviously cover this and I published weekly on wiki bond comm again that saga thanks so much for coming on the cube yeah no problem thank you so much and looking forward to catching up in a few weeks all right then thank you for watching everybody this is Dave a latte for the cube or wiki bounce cube insights powered by ETR we'll see you next time [Music]