>> From the Silicon Angle Media office, in Boston Massachusetts, it's the Cube. Now, here's your host, Dave Vellante. >> Hi everybody, welcome to this Cube Conversation here in our studios, outside of Boston. My name is Dave Vellante. I'm here with Matt Carroll, who's the CEO of Immuta. Matt, good to see ya. >> Good, nice to have me on. >> So we're going to talk about governance, how to automate governance, data privacy, but let me start with Immuta. What is Immuta, why did you guys start this company? >> Yeah, Immuta is an automated data governance platform. We started this company back in 2014 because we saw a gap in the market to be able to control data. What's happened in the market as changes is that every enterprise wants to leverage their data. Data's the new app. But, governments want to regulate it and consumers want to protect it. These were at odds with one another, so we saw a need of creating a platform that could meet the needs of everyone. To democratize access to data and in the enterprise, but at the same time, provide the necessary controls on the data to enforce any regulation, and ensure that there was transparency as to who is using it and why. >> So let's unpack that a little bit. Just try to dig into the problem here. So we all know about the data explosion, of course, and I often say data used to be a liability, now it's turned into an asset. People used to say get rid of the data, now everybody wants to mine it, and they want to take advantage of it, but that causes privacy concerns for individuals. We've seen this with Facebook and many others. Regulations now come into play, GDPR, different states applying different regulations, so you have all these competing forces. The business guys just want to go and get out to the market, but then the lawyers and the compliance officers and others. So are you attacking that problem? Maybe you could describe that problem a little further and talk about how you guys... >> Yeah, absolutely. As you described, there's over 150 privacy regulations being proposed over 25 states, just in 2019 alone. GDPR has created or opened the flood gates if you will, for people to start thinking about how do we want to insert our values into data? How should people use it? And so, the challenge now is, you're right, your most sensitive data in an enterprise is most likely going to give you the most insight into driving your business forward, creating new revenue channels, and be able to optimize your operational expenses. But the challenge is that consumers have awoken to, we're not exactly sure we're okay with that, right? We signed a YULU with you to just use our data for marketing, but now you're using it for other revenue channels? Why? And so, where Immuta is trying to play in there is how do we give the line of business the ability to access that instantaneously? But also give the CISO, the Chief Information Security Officer, and the governance seems the ability to take control back. So it's a delicate balance between speed and safety. And I think what's really happening in the market is we used to think about security from building firewalls, we invested in physical security controls around managing external adversaries from stealing our data. But now it's not necessarily someone trying to steal it, it's just potentially misusing it by accident in the enterprise. And the CISO is having to step in and provide that level of control. And it's also the collision of the cloud and these privacy regulations. Cause now, we have data everywhere, it's not just in our firewalls. And that's the big challenge. That's the opportunity at hand, democratization of data in the enterprise. The problem is data's not all in the enterprise. Data's in the cloud, data's in SaaS, data's in the infrastructure. >> It's distributed by it's very nature. All right, so there's a lot of things I want to follow up on. So first, there's GDPR. When GDPR came out of course, it was May of 2018 I think. It went into effect. It actually came out in 2017, but the penalties didn't take effect till '18. And I thought, okay, maybe this can be a framework for governments around the world and states. It sounds like yeah sort of, but not really. Maybe there's elements of GDPR that people are adopting, but then it sounds like they're putting in their own twists, which is going to be a nightmare for companies. So, are you not seeing a sort of, GDPR becoming this global standard? It sounds like, no. >> I don't think it's going to be necessarily global standard, but I do think the spirit of the GDPR, and at the core of it is, why are you using my data? What was the purpose? So traditionally, when we think about using data, we think about all right, who's the user, and what authorizations do they have, right? But now, there's a third question. Sure, you're authorized to see this data, depending on your role or organization right? But why are you using it? Are you using it for certain business use? Are you using it for personal use? Why are you using this? That's the spirit of GDPR that everyone is adopting across the board. And then of course, each state, or each federal organization is thinking about their unique lens on it, right? And so you're right. This is going to be incredibly complex. And the amount of policies being enforced at query time. I'm in my favorite, let's just say I'm in Tableau or Looker right? I'm just some simple analyst, I'm a young kid, I'm 22, my first job right? And I'm running these queries, I don't know where the data is, right? I don't know what I'm combining. And what we found is on average in these large enterprises, any query at any moment in time, might have over 500 thousand policies that need to be enforced in real time. >> Wow. >> And it's only getting worse. We have to automate it. No human can handle all those edge cases. We have to automate. >> So, I want to get into how you guys actually do that. Before I do, there seems to be... There's a lot of confusion in the marketplace. Take the word data management, data protection. All the backup guys are using that term, the database guys use that term, GOC folks use that term, so there's a lot of confusion there. You have all these adjacent markets coming together. You've got the whole governance risk and compliance space, you've got cyber security, there's privacy concerns, which is kind of two sides of the same coin. How do you see these adjacencies coming together? It seems like you sit in the middle of all that. >> Yeah, welcome to why my marketing budget is getting bigger and bigger. The challenge we're facing now is I think, who owns the problem right? The Chief Data Officer is taking on a much larger role in these organizations, the CISO is taking a much more larger role in reporting up to the board. You have the line of business who now is almost self-sustaining, they don't have to depend on IT as much any longer because of the cloud and because of the new compute layers to make it easier. So who owns it? At the end of the day, where we see it is we think there's a next generation of cyber tools that are coming out. We think that the CISO has to own this. And the reason is that the CISO's job is to protect the enterprise from cyber risk. And at the core of cyber risk is data. And they must own the data problem. The CDO must find the data, and explain what that data is, and make sure it's quality, but it is the CISO that must protect the enterprise from these threats. And so, I see us as part of this next wave of cyber tools that are coming out. There's other companies that are equally in our stratosphere, like BigID, we're seeing AWS with Macy doing sensitive data discovery, Google has their data loss prevention service. So the cloud players are starting to see, hey, we've got to identify sensitive data. There's other startups that are saying hey, we got to identify and catalog sensitive data. And for us, we're saying hey, we need to be able to consume all that cataloging, understand what's sensitive, and automatically apply policies to ensure that any regulation in that environment is met. >> I want to ask you about the cloud too. So much to talk to you about here, Matt. So, I also wanted to get your perspective on variances within industries. So you mentioned Chief Data Officers. The ascendancy of the Chief Data Officers started in financial services, healthcare, and government where we had highly regulation industries. And now it's sort of seeped into more commercial. But it terms of those regulated industries, take healthcare for example. There are specific nuances. Can you talk about what you're seeing in terms of industry variance. >> Yeah, it's a great point. Starting with like, healthcare. What does it mean to be HIPPA compliant anymore? There are different types of devices now where I can point it at your heartbeat from a distance away and I can have 99 percent accuracy of identifying you, right? It takes three data points in any data set to identify 87 percent of US citizens. If I have your age, sex, location, I can identify you. So, what does it mean anymore to be HIPPA compliant? So the challenge is how do we build guarantees of trust that we've de-identified these DESA's, cause we have to use it, right? No one's going to go into a hospital and say, "You know what, I don't want you to say my life. "Cause I want my data protected," right? No one's ever going to say that. So the challenges we face now across these regulated industries is the most sensitive data sets are critical for those businesses to operate. So there has to be a compromise. So, what we're trying to do in these organizations is help them leverage their data and build levels of proportionality, to access that right? So, the key isn't to stop people from using data. The key is to build the controls necessary to leverage a small bit of the data. Let's just say, we've made it indistinguishable. You can only ask Agriculture and Statistics the question. Well, you know what, we actually found some really interesting things there, we need to be a little bit more useful, it's this trade-off between privacy and utility. It's a pendulum that swings back and forth. As someone proves I need more of this, you can swing it, or just mask it. I need more of it? All right, we'll just redact some of the certain things. Nope, this is really important, it's going to save someone's life. Okay, completely unmasked, you have the raw data. But it's that control that's necessary in these environments, that's what's missing. You know, we came out of the US Intelligence community. We understood this better than anyone. Because highly regulated, very sensitive data, but we knew we needed the ability to rapidly control. Well is this just a hunch, or is this a 9-11 event? And you need the ability to switch like that. That's the difference and so, healthcare is going through a change of, we have all these new algorithms. Like Facebook the other day said, hey, we have machine learning algorithms that can look at MRI scans, and we're going to be better than anyone in the world at identifying these. Do you feel good about giving your data to Facebook? I don't know, but we can maybe provide guaranteed anonymization to them, to prove to the world they're going to do right. That's where we have to get to. >> Well, this is huge, especially for the consumer, cause you just gave several examples. Facebook's going to know a lot about me, a mobile device, a Fit Bit, and yet, if I want to get access to my own medical records, it's like Fort Knox to try to get, please, give this to my insurance company. You know, you got to go through all these forms. So, you've got those diverging objectives and so, as a consumer, I want to be able to trust that when I say yes you can use it, go, and I can get access to it, and other can get access to it. I want to understand exactly what it is that you guys do, what you sell. Is it software, is it SAS, and then let's get into how it works. So what is it? >> Yeah, so we're a software platform. We deploy into any infrastructure, but it is not multi-tenant so, we can deploy on any cloud, or on premises for any customer, and we do that with customers across the world. But if you think about at the core of what is Immuta, think of Immuta as a system of record for the CISO or the line of business where I can connect to any data, on any infrastructure, on any compute layer, and we connect into over 61 different storage platforms. We then have built a UI where lawyers... We actually have three lawyers as employees that act as product managers to help any lawyer of any stature take what's on paper, these regulations, these rules and policies, and they digitize it essentially, in active code. So they can build any policy they want on any data in the ecosystem, in the enterprise, and enforce it globally without having to write any code. And then because we're this plane where you can connect any tool to this data, and enforce any regulation because we're the man in the middle, we can audit who is using what data and why. In every action, in any change in policy. So, if you think about it, it's connect any tool to any data, control it, any regulation, and prove compliance in a court of law. >> So you can set the policy at the data set level? >> Correct. >> And so, how does one do that? Can you automate that on the creation of that data set? I mean you've got you know, dependencies. How does that all work? >> Yeah, what's a really interesting part of our secret sauce is that one, we could do that at the column level, we can do it at the row level, we can do it at the cell level. >> So very granular. >> Very, very granular. This is something again, we learned from the US Intelligence community, that we have to have very fine grained access to every little bit of the data. The reason is that, especially in the age of data, is people are going to combine many data sets together. The challenge isn't enforcing the policy on a static data set, the challenge is enforcing the policy across three data sets where you merge three pieces of data together, who have conflicting policies. What do you do then? That's the beauty of our system. We deal with that policy inheritance, we manage that lineage of the policy, and can tell you here's what the policy will be. >> In other words, you can manage to the highest common denominator as an example. >> Or we can automate it to the lowest common denominator, where you can work in projects together recognizing hey, we're going to bring someone into the project that's not going to have the level of access. Everyone else will automatically change it to the lowest common denominator. But then you share that work with another team and it'll automatically be brought to the highest common denominator. And we've built all these work flows in. That was what was missing and that's why I call it a system of record. It's really a symbiotic relationship between IT, the data owner, governance, the CISO, who are trying to protect the data, and the consumer, and all they want to do is access the data as fast as possible to make better, more informed decisions. >> So the other mega-trend you have is obviously, the super power of machine intelligence, or artificial intelligence, and then you've got edge devices and machine to machine communication, where it's just an explosion of IP addresses and data, and so, it sounds like you guys can attack that problem as well. >> Any of this data coming in on any system, the idea is that eventually it's going to land somewhere, right? And you got to protect it. We call that like rogue data, right? This is why I said earlier, when we talk about data, we have to start thinking about it as it's not in some building anymore. Data's everywhere. It's going to be on a cloud infrastructure, it's going to be on premises, and it's likely, in the future, going to be on many distributed data centers around the world cause business is global. And so, what's interesting to us is no matter where the data's sitting, we can protect it, we can connect to it, and we allow people to access it. And that's the key thing is not worrying about how to lock down your physical infrastructure, it's about logically separating it. And that's why what differentiates us from other people is one, we don't copy the data, right? That's the always the barrier for these types of platforms. We leave the data where it is. The second is we take all those regulations and we can actually, at query time, push it down to where that data is. So rather than bring it to us, we push the policy to the data. And what that does is that's what allows us, what differentiates us from everyone else is, it allows us to guarantee that protection, no matter where the data's living. >> So you're essentially virtualizing the data? >> Yeah, yeah. It's virtual views of data, but it's not all the data. What people have to realize is in the day of apps, we cared about storage. We put all the data into a database, we built some services on top of it and a UI, and it was controlled that way, right? You had all the nice business logic to control it. In the age of data, right? Data is the new app, right? We have all these automation tools, Data Robot, and H20, and Domino, and Tableau's building all these automation work flows. >> The robotic process automation. >> Yeah, RPA, UI Path, the Work Fusion, right? They're making it easier and easier for any user to connect to any data and then automate the process around it. They don't need an app to build a unique work flows, these new tools do that for them. The key is getting to the data. And the challenge with the supply chain of data is time to data is the most critical aspect of that. Cause, the time to insight is perishable. And so, what I always tell people, a little story, I came from the government, I worked in Baghdad, we had 42 minutes to know whether or not a bad guy in the environment, we could go after him. After that, that data was perishable, right? We didn't know where he was. It's the same thing in the real world. It's like imagine if Google told you, well, in 42 minutes it might be a good time to go 495. (laughter) It's not very useful, I need to know the information now. That's the key. What we see is policy enforcement and regulations are the key barrier of entry. So our ability to rapidly, with no latency, be able to connect anyone to that data and enforce those policies where the data lives, that's the critical nature. >> Okay, so you can apply the policies and you do it quickly, and so now you can help solve the problem. You mentioned a cloud before, or on prem. What is the strategy there with regard to various clouds and how do you approach multi-clouds? >> I think cloud is what used to be an infrastructure as a service game, is now becoming a compute game. I think large, regulated enterprises, government, healthcare, financial services, insurance, are all moving to cloud now in a different way. >> What do you mean by that? Cause people think infrastructure as service, they'll say oh that's compute storage and some networking. What do you mean by that? >> I think there's a whole new age of software that's being laid on top of the availability of compute and the availability of storage. That's companies like Databricks, companies like Snowflake, and what they're doing is dramatically changing how people interact with data. The availability zones, the different types of features, the ability to rip and replace legacy warehouses and main frames. It's changing the ability to not just access, but also the types of users that could even come on to leverage this data. And so these enterprises are now thinking through, "How do I move my entire infrastructure of data to them? "And what are these new capabilities "that I could get out of that?" Which, that is just happening now. A lot of people have been thinking, "Oh, this has been happening over the past five years," no, the compute game is now the new war. I used to think of like, Big Data, right? Big Data created, everyone started to understand, "Ah, if we've got our data assets together, "we can get value." Now they're thinking, "All right, let's move beyond that." The new cloud at our currents works is Snowflake and Databricks. What they're thinking about is, "How do I take all your meta-data "and allow anyone to connect any BI tool, "any data science tool, and provide highly performance, "and highly dependable compute services "to process petabytes of data?" It's pretty fantastic. >> And very cost efficient and being able to scale, compute independent of storage, from an architectural perspective. A lot of people claim they can do that, but it doesn't scale the same way. >> Yeah, when you're talking about... Cause that's the thing is you got to remember, these financial systems especially, they depend on these transactions. They cannot go down and they're processing petabytes of data. That's what the new war is over, is that data in the compute layer. >> And the opportunity for you is that data that can come from anywhere, it's not sitting in a God box, where you can enforce policies on that corpus. You don't know where it's coming from. >> We want to be invisible to that right? You're using Snowflake, it's just automatically enforced. You're using Databricks, it's automatically enforced. All these policies are enforced in flight. No one should even truly care about us. We just want to allow you to use the data the way you're used to using it. >> And you do this, this secret sauce you talked about is math, it's artificial intelligence? >> It's math. I wish I could say it was like super fancy, unsupervised neural nets or what not, it's 15 years of working in the most regulated, sticky environments. We learned about very simple novel ways of pushing it down. Great engineering's always simple. But what we've done is... At query time, what's really neat is we figured a way to take user attributes from identity management system and combine that with a purpose, and then what we do is we've built all these libraries to connect into all these dispert storage and compute systems, to push it in there. The nice thing about that is prior to this what people were doing, was making copies. They'd go to the data engineering team and they'd say hey, "I need to ETL this "and get a copy and it'll be anatomized." Think about that for a second. One, the load on your production systems, of all these copies, all the time, right? The second is CISO, the surface area. Now you've got all this data that in a snapshot in time, is legal and ethical, might change tomorrow. And so, now you've got an increase surface area of risk. Like that no-copy aspect. So the pushing it down and then the no-copy aspect really changed the game for enterprises. >> And you've got providence issues, like you say. You've got governance and compliance. >> And imagine trying, if someone said to you, imagine Congress said hey, "Any data source that you've processed "over the past five years, I want to know if "there was these three people in any of these data sources "and if there were, who touched that data "and why did they touch it?" >> Yeah and storage is cheap, but there's unintended consequences. People are, management isn't. >> We just don't have a unified way to look at all of the logs cross listed. >> So we started to talk about cloud and then I took you down a different path. But you offer your software on any cloud, is that right? >> Yeah, so right now, we are in production on Immuta's Marketplace. And that is a managed service, so you can go deploy in there, it'll go into your VPC, and we can manage the updates for you, we have no insight into your infrastructure, but we can push those updates, it'll automatically update, so you're getting our quarterly releases, we release every season. But yeah, we started with AWBS, and then we will grow out. We see cloud is just too ubiquitous. Currently, we still support though, Bigquery, Data Praq, we support Azure, Data Light Storage version two, as well as Azure Databricks. But you can get us through Immuta's Marketplace. We're also investing in ReInvent, we'll be out there in Vegas in a couple weeks. It's a big event for us just because obviously, the government has a very big stake in AWBS, but also commercial customers. It's been a massive endeavor to move. We've seen lots of infrastructure. Most of our deals now are on cloud infrastructure. >> Great, so tell us about the company. You've raised, I think in a Series B, about 28 million to date. Maybe you could give us the head count, and whatever you can share about momentum, maybe customer examples. >> Yeah, so we've raised 32 million to date. >> 32 million. >> From some great investors. The company's about 70 people now. So not too big, but not small anymore. Just this year, at this point, I haven't closed my fiscal year, so I don't want to give too much, but we've doubled our ARR and we've tripled our LOGO count this year alone and we've still got one more quarter here. We just started our fourth quarter. And some customer cases, the way I think about our business is I love healthcare, I love government, I love finance. To give you some examples is like, COGNO is a really great example. COGNO and what they're trying to solve is can they predict where a child is on the autism spectrum? And they're trying to use machine learning to be able to narrow these children down so that they can see patterns as to how a provider, a therapist is helping these families give these kids the skills to operate in the real world. And so it's like this symbiotic relationship utilizing software, surveys and video and what not, to help connect these kids that are in similar areas of the spectrum, to help say hey, this is a successful treatment, right? The problem with that is we need lots of training data. And this is children, one, two, this is healthcare, and so, how do you guarantee HIPPA compliance? How do you get through FDA trials, through third party, blind testing? And still continue to validate and retrain your models, while protecting the identity of these children? So we provide a platform where we can anonymize all the data for them, we can guarantee that there's blind studies, where the company doesn't have access to certain subsets of the data. We can also then connect providers to gain access to the HIPPA data as needed. We can automate the whole thing for them. And they're a startup too, there are 100 people. But imagine if you were a startup in this health-tech industry and you had to invest in the backend infrastructure to handle all of that. It's too expensive. What we're unlocking for them, I mean yes, it's great that they're HIPPA compliant and all that, that's what we want right? But the more important thing is like, we're providing a value add to innovate in areas utilizing machine learning, that regulations would've stymied, right? We're allowing startups in that ecosystem to really push us forward and help those families. >> Cause HIPPA compliance is table stay compulsory. But now you're talking about enabling new business models. >> Yeah, yeah exactly. >> How did you get into all this? You're CEO, you're business savvy, but it sounds like you're pretty technical as well. What's your background? >> Yeah I mean, so I worked in the intelligence community before this. And most of my focus was on how do we take data and be able to leverage it, either for counter-terrorism missions, to different non-kinetic operations. And so, where I kind of grew up in is in this age of, think about billions of dollars in Baghdad. Where I learned is that through the computing infrastructure there, everything changed. 2006 Baghdad created this boom of technology. We had drones, right? We had all these devices on our trucks that were collecting information in real time and telling us things. And then we started building computing infrastructure and it burst Hadoop. So, I kind of grew up in this era of Big Data. We were collecting it all, we had no idea what to do with it. We had nowhere to process it. And so, I kind of saw like, there's a problem here. If we can find the unique little, you know, nuggets of information out of that, we can make some really smart decisions and save lives. So once I left that community, I kind of dedicated myself to that. The birth of this company again, was spun out of the US Intelligence community and it was really a simple problem. It was, they had a bunch of data scientists that couldn't access data fast enough. So they couldn't solve problems at the speed they needed to. It took four to six months to get to data, the mission said they needed it in less than 72 hours. So it was orthogonal to one another, and so it was very clear we had to solve that problem fast. So that weird world of very secure, really sensitive, but also the success that we saw of using data. It was so obvious that we need to democratize access to data, but we need to do it securely and we need to be able to prove it. We work with more lawyers in the intelligence community than you could ever imagine, so the goal was always, how do we make a lawyer happy? If you figure that problem out, you have some success and I think we've done it. >> Well that's awesome in applying that example to the commercial business world. Scott McNeely's famous for saying there is no privacy in the internet, get over it. Well guess what, people aren't going to get over it. It's the individuals that are much more concerned with it after the whole Facebook and fake news debacle. And as well, organizations putting data in the cloud. They need to govern their data, they need that privacy. So Matt, thanks very much for sharing with us your perspectives on the market, and the best of luck with Immuta. >> Thanks so much, I appreciate it. Thanks for having me out. >> All right, you're welcome. All right and thank you everybody for watching this Cube Conversation. This is Dave Vellante, we'll see ya next time. (digital music)

>> Narrator: Live from Copenhagen, Denmark. It's theCUBE covering KubeCon and CloudNativeCon Europe 2018. Brought to you by the Cloud Native Computing Foundation, and its ecosystem partners. >> Welcome back everyone. This is the theCUBE's exclusive coverage here in Copenhagen, Denmark for KubeCon 2018, part of the Cloud Native Compute Foundation, also known as CNCF. I'm John Furrier with Lauren Cooney, the founder of Spark Labs. We have two of the main players here at the Linux Foundation, CNCF, Dan Kohn, Cube alumni, Executive Director, and Dee Kumar, Vice President of product marketing. Great to see you guys. Welcome back. >> Oh, thrilled to be here. >> So you guys, not to build your head up a little bit, but you're doing really well. Successful, we're excited to be a part of the seeing, witnessing the growth. I know you work hard, we've talked in the past and off camera. Just, it's working. CNCF's formula is working. The Linux Foundation has brought a lot to the table, you've taken the ball with this cloud-native community, with Kubernetes' growth, good actors in the community, a lot of things clicking on all cylinders. >> Thanks, we're thrilled to be here. And, yeah, 43 hundred people is the biggest ever for KubeCon CloudNativeCon. It's actually the biggest conference the Linux Foundation has ever thrown, which is incredibly exciting, and also here in Europe to show it's not just a North American focus. >> And you've got the big North American event in Seattle. What's the over-under on that? Six thousand, eight thousand? >> (laughing) I think we could probably go a little higher. 75 hundred we're going to max out, so we'll see if we hit that or not. But we had 42 hundred six months ago when you were with us in Austin, and so we think a ton of people, you know people joke about Seattle being the cloudy city, because it's not just Amazon there, but Microsoft, Google, Oracle, and IBM all have huge Cloud offices. >> Yeah, and University of Washington has an amazing program in computer science, a lot of tech there. Seattle's certainly an awesome city. I got to ask you, you know, you do a lot of work with the members in the organization. Obviously the success is well-documented. We're seeing that Kubernetes is now going to main stream tech. And still learning, a lot of people learning about Kubernetes, but there's a lot going on. You talk to a lot of people. What's the vibe? What's the conversation like? What is actually happening in the membership organization that's notable, that you'd like to share and get the word out on? >> Actually Dee's been working directly with all the members since we've been putting together our marketing plan. >> So one thing I can do share, in terms of the vibe, and some of the feedback that we have received from the members, is they really, I think it's about what we've heard from all the keynotes and the sessions, it's about really us coming together as a community and defining, what is Cloud-native? And what's that journey? And so as a step towards that, what we have done as in CNCF is we have launched the interactive landscape which kind of showcases a lot of the member work that we are jointly working on. And secondly, the trail map is our attempt to define what is the cloud-native journey. So we've kind of highlighted about 10 steps and the processes to get to a cloud-native journey. And I think the next steps, in terms of the vision and the goal, is to really engage the member community and to start building on that. What is containerization? What is orchestration? Microservices? CICD? And Dan, I think in his keynote, touched upon continuous integration. We really need to figure out integration, testing, development, deployment, and what does that, all that narrative mean, and how as a community we have a common understanding and a framework. And then the next step would again be in terms of building use cases, and also really showcasing some heroes in the community which is our developers. So our developers and contributors end of the day are the heart and soul of the cloud-native ecosystem. So we really want to bring their stories, match that up with our end users. We're seeing incredible growth with just leveraging the cloud-native different types of architectures. >> One of the things I'm looking at, the cloud-native Interactive Landscape map, which is, by the way, pretty impressive. The market cap numbers in the trillions, of course includes Amazon, (Dee laughing) so let's take that out, but good healthy distribution. I want to talk about the startups, because they are going to be the lifeblood of the future. The total funding to date is 4.7 billion of cloud-native compute foundation members, startups. Significant investment. They got to build, they're building products. What do they care about? What is the most important thing for them? You guys, can you share what they're asking for, is there a profile that you're seeing emerge? Because there's a new era coming, right? It's the new guard. The new guard of startups. >> There's incredible diversity of startups there, and what I love about the startup ecosystem, kind of like the open source ecosystem, is they're all looking for their niche. And so there's kind of an evolutionary strategy for it. But it's really amazing to see different approaches towards attacking different markets, consulting specific products and such. One of the neat things about CNCF is that we like to think of ourselves as a commercially friendly startup. All 20 of our projects, commercially friendly open source foundation. All 20 of our projects use the Apache 2.0 license which allows you to create a commercial product on top of it. We are very cognizant of the fact that most large enterprises are going to want support from a business startup or an established industry player and in many cases, both, in order to roll this out. And so we love the fact that that's available if they need it, but they also could download the projects directly and work with it themselves if they want. >> Well I think that's an important point. I always want to highlight, because what you said I think is really, I think, is a big part of the success. You guys do a great job of balancing community, and the role of the people within the community, and the traditional Linux Foundation mission of having great open source. But at the same time, you're like, hey, it's okay to have a business model with Open. And I think this new era is being highly accelerated on commercialization. And I think this is, I think, a unique part of the digital fabric, the digital businesses of the future. And Cloud hits that right on. So that's, to me, a great step. The question I have for you is, how do you keep it going? What's next? Because the bar is high. Now you got to do more. What's the strategy? What's the plan? >> So one thing we can do is, like a highlighter to get back to the cloud-native journey, as a story. Today we kind of have a lot of emphasis on Kubernetes. And it's just not limited to containers and orchestration, and we really want to expand the narrative and the story to address all the 20, 19 different projects that is all housed under the cloud-native computing foundation umbrella. And we really want to bring out use cases, value props, and I think there's a lot to be told here. Like how do we address security? There's a lot of sessions and keynotes today that bring about security applications, testing, CICD, how does it develop a community, can enable all these different amazing technologies. So we've had a lot of talk about it, but I think it's something that startups that I've been talking to have asked me to help or the CNCF in terms of just simplifying these conversations. Like how do we make it simple? And to your earlier point, like they want to start with simplicity and that eventually leads to monetization, and they want to take the fabric from CNCF so they can then start building a narrative in terms of a solution, and what does that mean in terms of value creation? >> Exactly and I actually work with a couple startups inside of the CNCF, and work with them on their business model, and what they're doing, and what is that narrative that they're going to start telling? You know, I think it's interesting because you have all these communities actually coming together in that ecosystem. And when you take a look at that, you probably, you talk about use cases. And I think those are really what the developers are going to be driven towards is their, you know, onboarding to this platform, basically. And what are the top use cases that you guys see kind of across the board? >> So I think there are three main use cases and I think our partner did a great job of summarizing that today. So I think it's primarily security, because that's the enterprise audience, and most Fortune 100 companies are dealing with that. Second, I would say it's about agility. It's about who gets to market first, and back to the startup point. It's about addressing that. Thirdly I would just say it's scalability. I think it's about going beyond, you know, a science project where you just have Kubernetes, or a couple containers deployed in your own QA or staging environments. And people are really thinking about, how do you adopt Kubernetes on a large scale? How do you take it to a production type of environment? And what does that mean? And I think, today, "Financial Times" Sarah Wells, she did an amazing job of just taking us through what it took them in terms of getting from where they were and how they had to deal with, you know, all the challenges and I think she made a great point about technologies can be boring. So I think that was some of the key takeaways in terms of the three use cases that we could build on collectively would be agility, scalability, and security. >> Well, you're also changing the conversation, really. You know, we had the great customer of, you know, Kubernetes on here earlier. And they were talking about, really, how their whole infrastructure, they don't have to worry about it, it's, you know, based on AWBS now and they were phenomenal and, really, what the point was is that, you know, they are not just an energy company, they're actually a technology company and a software company. And that's really what, you know, folks want to be working with today. And are you seeing more of that as, you know, with the startups, is that they have the opportunity to start shifting their companies more in the direction of technology for the end users? >> Absolutely. Yeah. But it is amazing the just range of different approaches that they're taking. But we think there's every level of the stack. We have this, you referred to the Interactive Landscape before, and I will give the quick pitch, it's a l.cncf.io, but it is amazing to see all of the different layers of which these startups are operating. >> And you guys do a good job of breaking down which ones are open source, which ones are not, funding, public, private, category. So, good job. So what's the numbers look like? Dan, I'd like you to just take a minute, just, I know you do this a lot, but just do it on the record, what's the numbers? Members, growth? How many cities are you going to be doing KubeCon in? You mentioned Shanghai before we came on. Just run us through the numbers, inside the numbers. >> So, the first number that I think's the most exciting is we've over 20 thousand developers actively engaged across our 20 projects. And so those aren't users, I mean the users is hundreds of thousands. But those are people who've actually found issues with it, made a documentation fix, or, you know, added some significant new feature in order to scratch the itch that they were having. We have 43 hundred people here in KubeCon CloudNativeCon. These events are always a great check-in. We were together in Seattle just a year and a half ago and had a thousand people, 15 hundred here a year ago, 42 hundred in Austin in six months. What we're very excited to do is head to Shanghai in November for our first ever KubeCon CloudNativeCon China, where we now have three platinum members there, three gold members, just a huge level of engagement and interest. >> John: And a big developer community there in China. >> Definitely. >> Lauren: Huge developer community there. >> And obviously the language issue is a barrier, and we're going to be investing real resources to have simultaneous interpretation for all of our talks and all of our tracks. >> John: In real time or post-- >> Definitely in real time. >> Primarily in English and then-- >> No, we can do it both ways, and so we're telling every speaker that they can present in Chinese or English, and then the question can be in Chinese or English. >> I love that. And it's a cost, but we think that that can really help bridge those two different parts. And then we'll be in Seattle in December 11th through 13th for our biggest ever event, KubeCon CloudNativeCon. Along that journey, we've been increasing members and so we had, I believe, 68 in Berlin a year ago, and we're at 216 today, and of those we have 52 members are end user community, who we're particularly proud of. >> Well, congratulations. I want to get those numbers out in the end, because last time we talked about they had more projects coming, coming so good job. Dee, I want to get your thoughts on the branding. Obviously, CNCF, Linux Foundation, separate group, part of the Linux Foundation. I noticed you got CloudNativeCon built into it, still. Branding, guys, thoughts in here, because there's more than Kubernetes here, right, these Cloud-natives, so what's the, are you going to keep one, both, dual branding, what's the thoughts? >> So, I would say the branding will be defined by the community and the fact that we have 20 different projects. I wouldn't put a very strong emphasis on just having one type of a branding associated with cloud-natives. One of the things that I'm thinking about is I've been talking to the community, and I think it's the developers and contributors, again, who's going to define the branding of cloud-native in general. And I think it's still something that we, as a community, have to figure it out. But, essentially, it's going to be beyond containers, orchestration. There's a lot of talks around Prometheus, we talked about Code OS, Redhead. So I think it's just, you know, a combination of how all these projects work together, in a way, it's going to define the branding strategy. So I think it's a little bit too early for me to make some comments on that. >> The best move is not to move at this point. (Dan laughs) I'm a big fan of cloud-native, but KubeCon... Little bit of a conflict with theCUBE, because people-- >> Oh yeah (laughs). >> But we're not going to put a trademark and bring it on you guys, yet. >> We appreciate that. >> We love the confusion. You're in good company, vice versa. Okay, serious question, Dan. I want to ask you, and Dee you can weigh in, too, on this. You're a student of the industry. You've also been around a while, you've seen many waves. For folks that-- >> I'm not that old. (Dan laughs) >> This is a new wave. You're younger than me. For the folks that are looking at this going, "Okay, the numbers are there. I'm seeing growth, "you've got my attention." And they're still trying to grok what this wave is about, this new modern era, cloud-native, KubeCon, Kubernetes. Certainly insiders kind of see it, and there's a lot of people who are kind of high-fiving each other, but, yet, it's not yet fully here. >> Dan: No. >> How important, how do you describe it to someone at a cocktail party or in the elevator. How do I explain to them the historic nature of what's happening. In your own words, what's happening? >> And it is tricky because, you know, at my kids' little leagues games, if we're just chatting about what we do, I sometimes describe it as the plumbing software for the internet. And it's not a bad metaphor; Linux has also been described that way, because plumbing is really important. Now, most of us never think about it, we don't have to worry about it, but if it breaks, we all get extremely upset. And, so, I do think of our sort of overarching method is to say that the whole way this software is being developed, being deployed, especially being pushed into production, is changing. And it's almost all for the positive, where, in the last decade, you had virtualization, but that was often through a proprietary solution that you were paying a tax for every new application you deployed. And the idea today, that you can pick this software platform and then deploy to any public, private, or hybrid cloud and avoid that lock-in, but get all these advantages in terms of higher velocity, lower cost, better efficiency, the slack of lock-in. Those are really amazing stories that lots of enterprises are just now hearing. There's this cliche of crossing the chasm. And I do think we can make the argument that 2018 is really the year that Kubernetes crosses the chasm outside of just innovators and into the early majority. >> You know, I think that's definitely the case. I've been walking around and talking to people and one of the things that I'm hearing is that folks are here to learn, and there are actually kind of beginners on Kubernetes and they actually want to learn more and their companies have sent them here in order to actually figure out if the technology is going to work back at their home company, which is, you know, ranges from tech companies to banks to different types of, you know, manufacturing and things along those lines. It's really a tremendous, you know, growth. What do you see in terms of end users? What types of end users are you seeing mostly? Or what kind of categories do those fall into? >> So we've 52 companies in our end user community now, and a number of them are up on the stage, including folks like Spotify I thought gave a really inspiring talk today about not just being a user of software, but how to engage with the community and contribute back and such. But the thing that I love is that there really is not sort of one industry that we're focused on or avoiding. So, finance who have tons of issues around regulation and such, they're much more likely to be deploying Kubernetes in their own infrastructure on bare-metal. But we have just fantastic stories. Bloomberg won our first ever end user award. We're very big on publishing, so to have not just "The New York Times", but Reddit and Wikipedia. And then a number of just very interesting consumer-oriented companies like a Pinterest or a Twitter, Spotify, and then the list sort of keeps going and going. >> Yeah, it's impressive, and I got to say, you know, you're agnostic as everyone needs plumbing, right, so plumbing is vertical agnostics. So, it's-- >> Well, in the cliche from Marc Andreessen, that software's eating the world is, again, somewhat true. That there really is not a company today that can avoid writing its own software. I mean, as I was saying in my keynote yesterday, that software tends to just be the tip of the pyramid that they're building on tons of open source. But, every company today needs to-- >> And your point of commercialization-friendly or membership organization, which you've built, is important. And I got to say, for the first time, we heard on theCUBE multiple times, not from the visionary to believe and drink the Kool-Aid, so to speak, like us and you guys and users and other commercial entities have used the word "de facto standard" to describe Kubernetes. Now, there's only a few times in history when you've heard that word. There's been inflection points. >> Dan: Linux, certainly one of them. (laughs) >> Yes so, again, when you have a de facto standard that's determined by the community, just really good things happen. So we're hopeful and we'll keep monitoring it. >> Yeah, and I do want to say that we take that responsibility very seriously. And so we have thing like our certified Kubernetes program about making sure the Kubernetes remains compatible between the carefulness that we do apply to new projects coming in, so we hope to live up to that. >> Great and, Dee, we talked yesterday, going to get that share that information with our team, happy to amplify it. There's a lot of people who want to learn, they want to discover and find out who to connect with, so a robust community. >> We really appreciate you going with us on this journey. >> It's been fun, we're going to hang along for the ride. We're going to be a sidecar, pun intended. (laughing) Well, theCUBE, Dan, thanks so much. Congratulations, executive director. >> Oh, thank you very much. >> Dee, good work. CNCF, here inside the cube at their event, here at KubeCon 2018, I'm John Furrier and Lauren Cooney. We'll be back with more live coverage. Stay with us after this short break. (techno music)