>> Narrator: theCUBE's live coverage is made possible by funding from Dell Technologies. Creating technologies that drive human progress. (upbeat music) >> Welcome back to Barcelona, Spain, everyone. It's theCUBE live at MWC '23, day three of four days of CUBE coverage. It's like a cannon of CUBE content coming right at you. I'm Lisa Martin with Dave Nicholson. We've got Dell and VMware here. Going to be talking about the ecosystem partnerships and what they're doing to further organizations in the telco industry. Please welcome Jared Woodrey, Director of Partner Engineering Open Telecom Ecosystem Lab, OTEL. Odded Solomon is here as well, Director of Product Management, VMware Service Provider and Edge Business Unit at VMware. Guys, great to have you on the program. >> Thank you for having me. >> Welcome to theCUBE. So Jared, first question for you. Talk about OTEL. I know there's a big announcement this week, but give the audience context and understanding of what OTEL is and how it works. >> Sure. So the Open Telecom Ecosystem Lab is physically located at Round Rock, Texas, it's the heart and soul of it. But this week we also just announced opening up the Cork, Ireland extension of OTEL. The reason for our existence is to to try and make it as easy as possible for both partners and customers to come together and to re-aggregate this disaggregated ecosystem. So that comes with a number of automation tools and basically just giving a known good testing environment so that tests that happen in our lab are as close to real world as they possibly can be and make it as transparent and open as possible for both partners like VMware as well as customers. >> Odded, talk about what you're doing with Dell and OTEL and give us a customer example of maybe one that you're working with or even even mentioning it by a high level descriptor if you have to. >> Yeah. So we provide a telco cloud platform, which is essentially a vertical in VMware. The telco cloud platform is serving network function vendors, such as Ericsson, Nokia, Mavenir, and so on. What we do with Dell as part of this partnership is essentially complementing the platform with some additional functionality that is not coming out of the box. We used to have a data protection in the past, but this is no longer our main business focus. So we do provide APIs that we can expose and work together with Dell PPDM solution so customer can benefit from this and leverage the partnership and have overall solution that is not coming out of the box from VMware. >> I'm curious, from a VMware perspective. VMware is associated often with the V in VMware, virtualization, and we've seen a transition over time between sort of flavors of virtualization and what is the mix currently today in the telecom space between environments that are leveraging what we would think of as more traditional virtualization with full blown Linux, Windows operating systems in a VM versus the world of containerized microservices? What does that mix look like today? Where do you see it going? >> Yeah, so the VMware telco cloud platform exists for about eight years. And the V started around that time. You might heard about open stack in addition to VMware. So this has definitely helped the network equipment providers with virtualizing their network functions. Those are typically VNF, virtualized network functions, inside the VMs. Essentially we have 4G applications, so core applications, EPC, we have IMS. Those are typically, I would say maybe 80 or 90% of the ecosystem right now. 5G is associated with cloud native network functions. So 5G is getting started now, getting deployed. There is an exponential growth on the core side. Now, when we expand towards the edge of the network we see more potential growth. This is 5G ran, we see the vRAN, we see the open RAN, we see early POCs, we see field trials that are starting. We obviously has production customer now. You just spoke to one. So this is really starting, cloud native is really starting I would say about 10 to 20% of the network functions these days are cloud native. >> Jared, question for you. You mentioned data protection, a huge topic there obviously from a security perspective. Data protection used to be the responsibility of the CSPs. You guys are changing that. Can you talk a little bit about how you're doing that and what Dell's play there is? >> Yeah, so PowerProtect Data Management is a product, but it's produced by Dell. So what this does is it enables data protection over virtual cloud as well as the physical infrastructure of specifically in this case of a telecoms ecosystem. So what this does is enables an ability to rapidly redeploy and back up existing configurations all the way up to the TCP and TCA that pulls the basis of our work here with VMware. >> So you've offloaded that responsibility from the CSPs. You freed them from that. >> So the work that we did, honestly was to make sure that we have a very clear and concise and accurate procedures for how to conduct this as well. And to put this through a realistic and real world as if it was in a telecoms own production network, what did that would actually look like, and what it would take to bring it back up as well. So our responsibility is to make sure that when we when we provide these products to the customers that not only do they work exactly as their intended to, but there is also documentation to help support them and to enable them to have their exact specifications met by as well. >> Got it. So talk about a little bit about OTEL expansion into Cork. What you guys are doing together to enable CSPs here in EMEA? >> Yeah, so the reason why we opened up a facility in Cork Island was to give, for an EMEA audience, for an EMEA CSPs and ability to look and feel and touch some of the products that we're working on. It also just facilitates and ease especially for European-based partners to have a chance to very easily come to a lab environment. The difference though, honestly, is the between Round Rock, Texas and Cork Island is that it's virtually an extension of the same thing. Like the physical locations can make it easier to provide access and obviously to showcase the products that we've developed with partners. But the reality is that it's more than just the physical location. It's more about the ability and ease by which customers and partners can access the labs. >> So we should be expecting a lot of Tito's vodka to be consumed in Cork at some point. Might change the national beverage. >> We do need to have some international exchange. >> Yeah, no, that's good to know. Odded, on the VMware side of things. There's a large group of folks who have VMware skillsets. >> Odded: Correct. >> The telecom industry is moving into this world of the kind of agility that those folks are familiar with. How do people come out of the traditional VMware virtualization world and move into that world of cloud native applications and serve the telecom space? What would your recommendation be? If you were speaking at a VMUG, a VMware Users Group meeting with all of your telecom background, what would you share with them that's critical to understand about how telecom is different, or how telecom's spot in its evolution might be different than the traditional IT space? >> So we're talking about the people with the knowledge and the background of. >> Yeah, I'm a V expert, let's say. And I'm looking into the future and I hear that there are 80,000 people in Barcelona at this event, and I hear that Dell is building optimized infrastructure specifically for telecom, and that VMware is involved. And I'm an expert in VMware and I want to be involved. What do I need to do? I know it's a little bit outside of the box question, but especially against the backdrop of economic headwinds globally, there are a lot of people facing transitions. What are your thoughts there? >> So, first of all, we understand the telco requirements, we understand the telco needs, and we make sure that what we learn from the customers, what we learn from the partners is being built into the VMware products. And simplicity is number one thing that is important for us. We want the customer experience, we want the user experience to be the same as they know even though we are transitioning into cloud native networks that require more frequent upgrades and they have more complexity to be honest. And what we do in our vertical inside VMware we are focusing on automation, telco cloud automation, telco cloud service assurance. Think of it as a wrapper around the SDDC stack that we have from VMware that really simplifies the operations for the telcos because it's really a challenge about skillset. You need to be a DevOps, SRE in order to operate these networks. And things are becoming really complex. We simplify it for them with the same VMware experience. We have a very good ability to do that. We sell products in VMware. Unlike our competition that is mostly selling professional services and support, we try to focus more on the products and delivering the value. Of course, we have services offering because telcos requires some customizations, but we do focus on automation simplicity throughout our staff. >> So just follow up. So in other words the investment in education in this VMware ecosystem absolutely can be extended and applied into the telecom world. I think it's an important thing. >> I was going to add to that. Our engagement in OTEL was also something that we created a solutions brief whether we released from Mobile World Congress this week. But in conjunction with that, we also have a white paper coming out that has a much more expansive explanation and documentation of what it was that we accomplished in the work that we've done together. And that's not something that is going to be a one-off thing. This is something that will stay evergreen that we'll continue to expand both the testing scope as well as the documentation for what this solution looks like and how it can be used as well as documentation on for the V experts for how they can then leverage and realize the the potential for what we're creating together. >> Jared, does Dell look at OTEL as having the potential to facilitate the continued evolution of the actual telco industry? And if so, how? >> Well, I mean, it would be a horrible answer if I were to say no to that. >> Right. >> I think, I honestly believe that one of the most difficult things about this idea of having desired ecosystem is not just trying to put it back together, but then also how to give yourself choice. So each time that you build one of those solution sets like that exists as an island out of all the other possibilities that comes with it. And OTEL seeks to not just be able to facilitate building that first solution set. Like that's what solutions engineering can do. And that's generally done relatively protected and internally. The Open Telecom Ecosystem seeks to build that then to also provide the ability to very easily change specific components of that whether that's a hardware component, a NIC, whether a security pass just came out or a change in either TCP or TCA or we talked a little bit about for this specific engagement that it was done on TCP 2.5. >> Odded: Correct. >> Obviously there's already a 2.7 and 3.0 is coming out. It's not like we're going to sit around and write our coattails of what 2.7 has happened. So this isn't intended to be a one and done thing. So when we talk about trying to make that easier and simpler and de-risk all of the risk that comes from trying to put all these things together, it's not just the the one single solution that you built in the lab. It's what's the next one? And how do I optimize this? And I have specific requirements as a CSP, how can I take something you built that doesn't quite match it, but how do I make that adjustment? So that's what we see to do and make it as easy and as painless as possible. >> What's the engagement model with CSPs? Is it led by Dell only, VMware partner? How does that work? >> Yeah, I can take that. So that depends on the customer, but typically customers they want to choose the cloud vendor. So they come to VMware, we want VMware. Typically, they come from the IT side. They said, "Oh, we want to manage the network side of the house the same way as we manage the IT. We don't want to have special skill sets, special teams." So they move from the IT to the network side and they want VMware there. And then obviously they have an RSP process and they have hardware choices. They can go with Dell, they can go with others. We leverage vSphere, other compatibility. So we can be flexible with the customer choice. And then depending on which customer, how large they are, they select the network equipment provider that the runs on top. We position our platform as multi-vendor. So many of them choose multiple network functions providers. So we work with Dell. So assuming that the customer is choosing Dell. We work very closely with them, offering the best solution for the customer. We work with them sometimes to even design the boxes to make sure that it fits their use cases and to make sure that it works properly. So we have a partnership validation certification end-to-end from the applications all the way down to the hardware. >> It's a fascinating place in history to be right now with 5G. Something that a lot of consumers sort of assume. It's like, "Oh, hey, yeah, we're already there. What's the 6G thing going to look like?" Well, wait a minute, we're just at the beginning stages. And so you talk about disaggregation, re-aggregation, or reintegration, the importance of that. Folks like Dell have experience in that space. Folks at VMware have a lot of experience in the virtualization space, but I heard that VMware is being acquired by Broadcom, if it all goes through, of course. You don't need to comment on it. But you mentioned something, SDDC, software-defined data center. That stack is sometimes misunderstood by the public at large and maybe the folks in the EU, I will editorialize for a moment here. It is eliminating capture in a way by larger hyperscale cloud providers. It absolutely introduces more competition into the market space. So it's interesting to hear Broadcom acknowledging that this is part of the future of VMware, no matter what else happens. These capabilities that spill into the telecom space are something that they say they're going to embrace and extend. I think that's important for anyone who's evaluating this if they're concern. Well, wait a minute. Yeah, when I reintegrate, do I want VMware as part of this mix? Is that an unknown? It's pretty clear that that's something that is part of the future of VMware moving forward. That's my personal opinion based on analysis. But you brought up SDDC, so I wanted to mention that. Again, I'm not going to ask you to get into trouble on that at all. What should we be, from a broad perspective, are there any services, outcomes that are going to come out of all of this work? The agility that's being built by you folks and folks in the open world. Are there any specific things that you personally are excited about? Or when we think about consumer devices, getting data, what are the other kinds of things that this facilitates? Anything cool, either one of you. >> So specific use cases? >> Yeah, anything. It's got to be cool though. If it's not cool we're going to ask you to leave. >> All right. I'll take that challenge. (laughs) I think one of the things that is interesting for something like OTEL as an exist, as being an Open Telecom Ecosystem, there are going to be some CSPs that it's very difficult for them to have this optionality existing for themselves. Especially when you start talking about tailoring it for specific CSPs and their needs. One of the things that becomes much more available to some of the smaller CSPs is the ability to leverage OTEL and basically act as one of their pre-production labs. So this would be something that would be very specific to a customer and we would obviously make sure that it's completely isolated but the intention there would be that it would open up the ability for what would normally take a much longer time period for them to receive some of the benefits of some of the changes that are happening within the industry. But they would have immediate benefit by leveraging specifically looking OTEL to provide them some of their solutions. And I know that you were also looking for specific use cases out of it, but like that's a huge deal for a lot of CSPs around the world that don't have the ability to lay out all the different permutations that they are most interested in and start to put each one of those through a test cycle. A specific use cases for what this looks like is honestly the most exciting that I've seen for right now is on the private 5G networks. Specifically within mining industry, we have a, sorry for the audience, but we have a demo at our booth that starts to lay out exactly how it was deployed and kind of the AB of what this looked like before the world of private 5G for this mining company and what it looks like afterwards. And the ability for both safety, as well as operational costs, as well as their ability to obviously do their job better is night and day. It completely opened up a very analog system and opened up to a very digitalized system. And I would be remiss, I didn't also mention OpenBrew, which is also an example in our booth. >> We saw it last night in action. >> We saw it. >> I hope you did. So OpenBrew is small brewery in Northeast America and we basically took a very manual process of checking temperature and pressure on multiple different tanks along the entire brewing process and digitized everything for them. All of that was enabled by a private 5G deployment that's built on Dell hardware. >> You asked for cool. I think we got it. >> Yeah, it's cool. >> Jared: I think beer. >> Cool brew, yes. >> Root beer, I think is trump card there. >> At least for folks from North America, we like our brew cool. >> Exactly. Guys, thank you so much for joining Dave and me talking about what Dell, OTEL, and VMware are doing together, what you're enabling CSPs to do and achieve. We appreciate your time and your insights. >> Absolutely. >> Thank you. >> All right, our pleasure. For our guests and for Dave Nicholson, I'm Lisa Martin. You watching theCUBE live from MWC '23. Day three of our coverage continues right after a short break. (upbeat music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Hi, we're back. We're watching, you're watching the cube coverage of Falcon 2022 live from the aria in Las Vegas, Dave Valante with Dave Nicholson and we, yes, folks, there are females in the cyber security industry. Amanda Adams is here. So the vice president of America Alliance at CrowdStrike. Thanks for coming on. >>Thank you so much for having me. >>We it's, it's fantastic to, to actually, as I was starting to wonder, but we >>Do have females in leadership. >>Wait, I'm just kidding. There are plenty of females here, but this cybersecurity industry in general, maybe if we have time, we can talk about that, but I wanna talk about the, the Alliance program, but before I do, yeah. You know, you, you got a nice career here at CrowdStrike, right? You've kind of seen the ascendancy, the rocket ship you've been on it for five years. Yep. So what's that been like? And if you had to put on the binoculars and look five years forward, what can you tell us in that 10 year span? Oh >>My goodness. What a journey it's been over the last five, six years. I've been with CrowdStrike almost six years and really starting with our first core group of partners and building out the alliances, seen obviously the transformation with our sales organization. And as we scaled, I think of our, of our technology. We started with, I think, two products at that time, we were focused on reinventing how our customers thought about NextGen AB but also endpoint detection response. From there, the evolution is really driving towards that cloud security platform, right? How our partners fit into that. And, and how we've evolved is it's not just resell. It's not just focusing on the margin and transactions. We really have focused on building the strategic relationships with our partners, but also our customers and fitting them in that better together story with that CrowdStrike platform. It's been the biggest shift. Yeah. >>And you've got that. The platform chops for that. It's just, I think you're up to 22 modules now. So you're not a point product. You guys make that, that, that point lot now in terms of the, the partners and the ecosystem, you know, it's, it's, it's good here. I mean, it's, this it's buzzing. I've said it's like service. I've said, number of times, it's like service. Now back in 2013, I was there now. They didn't have the down market, the SMB that you have that's right. And I think you you're gonna have an order. You got 20,000 customers. That's right. I predict CrowdStrike's gonna have 200,000. I, I'm not gonna predict when I need to think about that. But, but in thinking about the, the, the co your colleagues and the partners and the skill sets that have evolved, what's critical today. And, and, and what do you see as critical in the future? >>So from a skill set standpoint, if I'm a partner and engaging with CrowdStrike and our customers, if you think about, again, evolving away from just resell, we have eight routes to market. So while that may sound complicated, the way that I like to think about it is that we truly flex to our partners, go to market their business models of what works best for their organization, but also their customers. The way that they've changed, I think from a skillset standpoint is looking beyond just the technology from a platform, building a better together story with our tech Alliance partners or store, if thinking about the XDR Alliance, which we are focusing on, there's so much great value in bringing that to our customers from a skillset standpoint, beyond those services services, we've talked about every day. I know that this is gonna be a top topic for the week yesterday through our partner summit, George, our CEO, as well as Jim Cidel, that's really the opportunity as we expand in new modules. If you think about humo or log scale identity, and then cloud our partners play a critical role when it comes into the cloud migration deployment integration services, really, we're not gonna get bigger from a services organization. And that's where we need our partners to step in. >>Yeah. And, you know, we we've talked a lot about XDR yeah. Already in day one here. Yeah. With, with the X extending into other areas. That's right. I think that services be, would become even more critical at that point, you know, as you spread out into the, really the internet of things that's right. Especially all of the old things that are out there that maybe should be on the internet, but aren't yet. Yeah. But once they are security is important. So what are you doing in that arena from a services perspective to, to bolster that capability? Is it, is it, is it internally, or is it through partners generally? >>It's definitely, I think we look to our partners to extend beyond the core of what we do. We do endpoint really well, right? Our services is one of the best in the business. When you look at instant response, our proactive services, supporting our customers. If you think to XDR of integration, building out those connect air packs with our customers, building the alliances, we really do work with our partners to drive that successful outcome with our customers. But also too, I think about it with our tech alliances of building out the integration that takes a lot of effort and work. We have a great team internally, which will help guide those services to be, to be built. Right. You have to have support when you're building the integrations, which is great, but really from like a tech Alliance and store standpoint, looking to add use cases, add value to more store apps for our customers, that's where we're headed. Right. >>What about developers? Do you see that as a component of the ecosystem in the future? Yeah, >>Without a doubt. I mean, I think that as our partner program evolves right now working with our, our developers, I mean, there's different personas that we work with with our customer standpoint, but from a partner working with them to build our new codes, the integration that's gonna be pretty important. >>So we were, we sort of tongue in cheek at the beginning of this interview yeah. With women in tech. And it's a, it's a topic that, on the cube that we've been very passionate about since day one yep. On the cube. So how'd you get in to this business? H how did your, your career progress, how did you get to where you are? >>You know, I have been incredibly fortunate to have connections, and I think it's who, you know, and your network, not necessarily what, you know, to a certain extent, you have to be smart to make it long term. Right. You have to have integrity. Do what you're saying. You're gonna do. I first started at Cisco and I had a connection of, it was actually a parent of somebody I grew up with. And they're like, you would fit in very nicely to Cisco. And I started with their channel marketing team, learned a ton about the business, how to structure, how to support. And that was the first step into technology. If you would've asked me 20 years ago, what did I wanna do? I actually wanted to be a GM of an organization. And I was coming outta I come on, which is great, which I'm, it really is right up. >>If you knew me, you're like, that actually makes a lot of sense. But coming outta college, I had an opportunity. I was interviewing with the golden state warriors in California, and I was interviewing with Cisco and that I had two ops and I was living in San Jose at the time. The golden state warriors of course paid less. It was a better opportunity in sales, but it was obviously where I wanted to go from athletics. And I grew up in athletics, playing volleyball. Cisco paid me more, and it was in San Jose. And really the, the golden state warriors seemed that I was having that conversation. They said, one year community is gonna be awful. It's awful from San Jose to Oakland, but also too, like you have more money on the table. Go take that. And so I could have very much ended up in athletics, most likely in the back office, somewhere. Like I would love that. And then from there, I went from Cisco. I actually worked for a reseller for quite some time, looking at, or selling into Manhattan when I moved from California to Manhattan, went to tenable. And that was when I shifted really into channel management. I love relationships, getting snow people, building partnerships, seeing that long term, that's really where I thrive. And then from there came to CrowdStrike, which in itself has been an incredible journey. I bet. Yeah. >>Yeah. I think there's an important thread there to pull on. And that is, we, we put a lot of emphasis on stem, which people, some sometimes translate into one thing, writing code that's right. There are, but would you agree? There are many, many, many opportunities in tech that aren't just coding. >>Absolutely. >>And I think I, as a father of three daughters, it's, it's a message that I have shared with them. Yeah. They are not interested in the coding part of things, but still, they need to know that there are so many opportunities and, and it's always, sometimes it's happenstance in terms of finding the opportunity in your case, it was, you know, cosmic connection that's right. But, but that's, you know, that's something that we can foster is that idea that it's not just about the hardcore engineering and coding aspect, it's business >>That's right. So if, if there was one thing that I can walk away from today is I say that all the time, right? If you look at CrowdStrike in our mission, we really don't have a mission statement. We stop breaches every single day. When I come to work and I support our partners, I'm not super technical. I obviously know our technology and I, I enable and train our partners, but I'm not coding. Right. And I make an impact to our business, our partners, more importantly, our customers, every single day, we have folks that you can come from a marketing operations. There is legal, there's finance. I deal with folks all across the business that aren't super technical, but are making a huge impact. And I, I don't think that we talk about the opportunities outside of engineering with the broader groups. We talk about stem a lot, but within college, and I look to see like getting those early in career folks, either through an intern program could be sales, but too, if they don't like, like sales, then they shift into marketing or operations. It's a great way to get into the industry. >>Yeah. But I still think you gotta like tech to be in the tech business. Oh, you >>Do? Yeah. You do. I'm >>Not saying it's like deep down is like, not all of us, but a lot of us are kind of just, you know, well, at least you, >>At least you can't hate it. >>Right. Okay. But so women, 50% of the population, I think the stat is 17% in the technology. Yeah. Industry, maybe it's changed a little bit, but you know, 20% or, or less, why do you think that is? >>I, you know, I always go back to within technology, people hire from their network and people that they know, and usually your network are people that are very like-minded or similar to you. I have referred females into CrowdStrike. It's a priority of mine. I also have a circle that is also men, but also too, if you look at the folks that are hired into CrowdStrike, but also other technology companies, that's the first thing that I go to also too. I think it's a little bit intimidating. Right. I have a very strong personality and I'm very direct, but also too, like I can keep up with our industry when it comes to that stereotypes essentially. And some people maybe are introverted and they're not quite sure where they fit in. Right. Whether it's marketing operations, et cetera. So they, they're not sure of the opportunities or even aware of where to get started. You know what I mean? >>Yeah. I mean, I think there is a, a, a stereotype today, but I'm not sure why it's, is it unique to the, to the technology industry? No. Is it not? Right? It happens >>Thinking, I mean, there's so many industries where healthcare, >>Maybe not so much. Right. Because you know, >>You have nurses versus doctors. I feel like that is flipped. >>Yeah. That's true. Nurses versus doctors. Right. Well, I, I know a lot of women doctors though, but >>Yeah. That's kind of flipped. It's better. >>Yeah. Says >>Flipped over. Yeah. I think it's more women in medical school now, but than than men. But, >>And, and I do think in our industry, you know, when you look at companies like IBM, HPE, Cisco, Dell, and, and, and many others. Yeah. They are making a concerted effort for on round diversity. They typically have somebody who's in charge of diversity. They report, you know, maybe not directly to the CEO, but they certainly have a seat at the table. That's right. And you know, maybe you call it, oh, it's quotas. Maybe the, the old white guys feel, you know, a little slighted, whatever. It's like, nobody's crying for us. I mean, it's not like we got screwed. >>See, I know problema we can do this in Spanish. Oh, oh, >>Oh, you're not a old white guy. Sorry. We can do >>This in Spanish if you want. >>Okay. Here we go. So, no, but, but, but I, so I do think that, that the industry in general, I talked to John Chambers about this recently and he was like, look, we gotta do way better. And I don't disagree with that. But I think that, I think the industry is doing better, but I wonder if like a rocket ship company, like CrowdStrike who has so many other things going on, you know, maybe they gotta get you a certain size. I mean, you've reached escape velocity. You're doing obviously a lot of corporate, you know, good. Yeah. You know, and, and, and, and we just had earlier on we, you know, motor motor guides was very cool. Yeah. So maybe it's a maturity thing. Maybe these larger companies with you crowd size $40 billion market cap, but maybe the, the hundred plus billion dollar market cap companies. I don't know. I don't know. You guys got a bigger market cap than Dell. So >>I, I don't think it's necessarily related to market cap. I think it's the size of the organization of how many roles are open that we currently write. So we're at just over 6,000 employees. If you look at Cisco, how many thousands of employees they have there's >>Right. Maybe a hundred thousand employees. >>That's right. There's >>More opportunities. How many, what's a headcount of crowd strike >>Just over 6,000, >>6,000. So, okay. But >>If you think about the, the areas of opportunity for advancement, and we were talking about this earlier, when you look at early and career or entry level, it's actually quite, even right across the Americas of, we do have a great female population. And then as progression happens, that's where it, it tees off from a, a female in leadership. And we're doing, we're focusing on that, right? Under JC Herrera's leadership, as well as with George. One of the things that I always think is important though, is that you're mindful as, as the female within the organization and that you're out seeking somebody, who's not only a mentor, but is a direct champion for you when you're not in the room. Right. This is true of CrowdStrike. It's true of every organization. You're not gonna be aware of the opportunities as the roles are being created. And really, as the roles are being created, they probably have somebody in mind. Right. And so if you have somebody that's in that room says, you know what, Amanda Adams would be perfect for that. Let's go talk to her about it. You have to have somebody who's your champion. Yeah. >>There there's, there's, there's a saying that 80% of the most important moments in your life happen in your absence. Yeah. And that's exactly right. You know, when they're, when someone needs to be there to champion, you, >>Did that happen for you? >>Yes. I have a very strong champion. >>So I mean, I, my observation is if, if you are a woman in tech and you're in a senior leadership position, like you are, or you're a, you're a general manager or a P and L manager or a CEO, you have to be so incredibly talented because all things being equal, maybe it's changing somewhat in some of those companies I talked about, but for the last 30 years, all takes be equal. A, a, a woman is gonna lose out to a man who is as qualified. And, and I think that's maybe slowly changing. Maybe you agree with that, maybe you don't. And maybe that's, some people think that's unfair, but you know, think about people of color. Right. They, they, they, they grew up with less op opportunities for education. And this is just the statistics that's right. Right. So should society overcompensate for that? I personally think, yes, the, the answer is just, they should, there should still be some type of meritocracy that's right. You know, but society has a responsibility to, you know, rise up all ships. >>I think there's a couple ways that you can address that through Falcon funds, scholarship programs, absolutely. Looking at supporting folks that are coming outta school, our internship program, providing those opportunities, but then just being mindful right. Of whether or not you publish the stats or not. We do have somebody who's responsible for D I, within CrowdStrike. They are looking at that and at least taking that step to understand what can we do to support the advancement across minorities. But also women is really, really important. >>Did you not have a good educational opportunity when you were growing up where you're like you had to me? Yeah, no, seriously, >>No. Seriously. I went to pretty scary schools. Right. >>Okay. So you could have gone down a really bad path. >>I, a lot of people that I grew up with went down really, really bad paths. I think the inflection point at, at least for me what the inflection point was becoming aware of this entire universe. Yeah. I was, I was headed down a path where I wasn't aware that any of this existed, when I got out of college, they were advertising in the newspaper for Cisco sales engineers, $150,000 a year. We will train. I'm a smart guy. I had no idea what that meant. Right. I could have easily gone and gotten one of those jobs. It was seven or eight years before I intersected with the tech world again. And so, you know, kind of parallel with your experience with you had someone randomly, it's like, you'd be great at Cisco. Yeah. But if, if you're not around that, and so you take people in different communities who are just, this might as well be a different planet. Yes. Yeah. The idea of eating in a restaurant where someone is serving you, food is uncomfortable, right? The idea of checking into a hotel, the idea of flying somewhere on an airplane, we talk about imposter syndrome. That's right. There are deep seated discomfort levels that people have because they just, this is completely foreign, but >>You're saying you could have foreign, you could have gone down a path where selling drugs or jacking cars was, was, was lucrative. >>I had, I had, yeah. I mean, we're getting, we're getting like deep into societal things. I was, I was very lucky. My parents were very, very young, but they're still together to this day. I had loving parents. We were very, very poor. We were surrounded by really, really, really bad stuff. So. >>Okay. So, so, okay. So this, >>I, I don't, I don't compare my situation to others. >>White woman. That's I guess this is my point. Yeah. The dynamic is different than, than a kid who grew up in the inner city. Yes. Right. And, and, and they're both important to address, but yeah. I think you gotta address them in different ways. >>Yes. But if they're, but if they're both completely ignorant of this, >>They don't know it. So it's lack of >>A, they'll never be here. >>You >>Never be here. And it's such a huge, this is such a huge difference from the rest of the world and from the rest, from the rest of our economy. >>So what would you tell a young girl? My daughters, aren't interested in tech. They want to go into fashion or healthcare, whatever Dave's daughters maybe would be a young girl, preteen, maybe teen interested in, not sure which path, why tech, what would advice would you give? >>I think just understanding what you enjoy about life, right? Like which skills are you great at? What characteristics about roles and not really focusing on a specific product. Definitely not cybersecurity versus like the broader network. I mean, literally what do you enjoy doing? And then the roles of, you know, from the skillset that's needed, whether that be marketing, and then you can start to dive into, do I wanna support marketing for a corporate environment for retail, for technology like that will come and follow your passion, which I know is so easy to say, right? But if you're passionate about certain things, I love relationships. I think that holding myself from integrity standpoint, leading with integrity, but building strong relationships on trust, that's something I take really pride in and what I get enjoyment with. It's >>Obviously your superpower. >>It, >>It is. >>But >>Then it will go back to OST too, just being authentic in the process of building those relationships, being direct to the transparency of understanding, like again, knowing what you're good at and then where you can fit into an organization, awareness of technology opportunities, I think will all lend that to. But I also wouldn't worry, like when I was 17 year old, I, I thought I would be playing volleyball in college and then going to work for a professional sports team. You know, life works out very differently. Yeah. >>Right. And then, and for those of you out there, so I love that. Thank you for that great interview. Really appreciate letting us go far field for those of you might say, well, I don't know, man. I don't know what my passion is. I'll give you a line from my daughter, Alicia, you don't learn a lot for your kids. She said, well, if you don't know what your passion is, follow your curiosity. That's great. There you go. Amanda Adams. Thanks so much. It was great to have you on. Okay. Thank you. Keep it right there. We're back with George Kurtz. We're to the short break. Dave ante, Dave Nicholson. You watching the cube from Falcon 22 in Las Vegas.

(upbeat music) >> Sustainability has become one of the hottest topics, not just in enterprise tech, but across all industries. The relentless pace of technology improvement over the decades and orders of magnitude increases in density have created heat, power and cooling problems that are increasingly challenging to remediate. Intense efforts have been implemented over the years around data center design techniques to dissipate heat, use ambient air, liquid cooling and many other approaches that have been brought to bear to get power usage effectiveness, PUE, as close to one as possible. Welcome to Better Together Sustainability, presented by the CUBE and brought to you by Hewlett Packard Enterprise and AMD. In this program we'll lay out today's challenges and how leading companies are engineering solutions to the problems just introduced, along with some recommendations, best practices and resources as to how you can initiate or enhance your sustainability journey. First up to help us better understand this important topic are John Fry, senior technologist IT efficiency and sustainability at Hewlett Packard Enterprise and Terry Richardson, North America channel chief for AMD. Gents, welcome. >> Great to be here. >> (indistinct). >> John, let's start at the high level here. Why is sustainability such an important topic today? Why now? Why is it such a challenge for customers and, and how are you guys approaching the solutions? >> The topic has been an important topic for a number of years, but what we're seeing across the world is more and more corporations are putting in place climate targets and sustainability goals. And at the same time, boards and CEOs are starting to be asked about the topic as well, making this topic much more important for technology leaders across the globe. At the same time, technology leaders are fighting with space, power and cooling constraints that caused them to rethink their approach to IT. To get a better sense of how wide this challenge is, we did a survey last year and we asked 500 technology leaders across the globe if they were implementing sustainable IT goals and metrics and programs within their infrastructure. Personally, I thought the answer would be about 40% of them had these programs. Actually it turned out to be 96% of them. And so when we asked them why they were implementing these programs and what was the primary driver, what we heard from them was three things. Those of them that were the early adopters and the ones that move were moving the fastest told us they were putting these programs in place to attract and retain institutional investors. If they're a publicly traded company, their investors were already asking their boards, their CEOs, wanting to know what their company was doing to drive efficiency within their technology operations. Those companies in the middle, the ones that were just moving along at the same pace as many other companies around the world, told us they were putting these programs in place to attract and retain their customers. Customers are increasingly asking the companies they do business with about their sustainability aspirations specifically how technology contributes to their carbon emissions and their sustainability goals. And so these customers want to make sure that they can keep their own customers. And finally, a third group, the digital followers, that group of companies that's a little slower adopting programs, more conservative in nature. They said they were implementing these programs to attract and retain employees. In fact, over the last year or so, every customer we've talked to when they describe their pain points and their challenges that we can try to help them meet, has had a difficulty in finding employees. And so what we know is these younger employees coming into the workforce, if you can show them how what they are going to be doing connects to the purpose of their company and connects to making the world a better place, you can attract them easier and you can retain them longer. So a variety of business reasons why companies are looking at these programs, but what we know is when they implement these programs they often reduce over-provisioning. They save money, they have a lower environmental footprint, and again they have an easier time attracting and retaining employees. So for all of these reasons, driving sustainability into your IT operations is a great thing to do. >> Yeah, I never would've expected 96%. And of course, investors, customers and employees. I mean, this is the big three. Terry what's AMD's perspective on this topic? In other words, what do you bring to the table and the partnership? I mean, I know processors, but what's unique about AMD's contribution? >> Yeah. Thanks Dave. And, and John, great to be with you. Appreciate the opportunity and the partnership. You know, we too are very focused on sustainability and enjoy our partnership with HPE very much in this area. You know, since 2017, when AMD introduced its epic processor family, there's been a couple of core design elements in that technology. One has to do with performance. And the second has to do with efficiency. Both are critically important to today's topic of sustainability because increasingly, customers are understanding and measuring performance per watt and fortunately, AMD really excels in this area. So whether we're talking about the larger super computers in the world, or even general purpose servers, customers can fundamentally do more with fewer AMD servers than competitive alternatives. And so, so we, we really bring a technology element on the processor side, CPU and GPU, to play a role in delivering real ability for customers to meet some of their core sustainability goals. And of course, in partnership with HPE, together we have really a compelling story. >> Great. Thank you, Terry. And, and John, wonder if you could talk to the differentiation that you bring from HPE's perspective, the total package. >> Yeah, of course. The first thing as partnership. As Terry mentioned, AMD and HPE have been working together since HPE was founded actually, to drive power efficiency up to meet the demands of our customers. At the same time, as our customers have asked more and more questions around technology sustainability, we've realized that we needed to not only develop a point of view on that from an HPE perspective, but actually write the white papers that give the customer guidance for sustainable IT strategies, for tech refresh cycles, give them some guidance on what are the right questions to ask technology vendors when they're buying technology equipment. So a series of white papers and you might not appreciate why, but this is a topic that you can't go get a college degree in and frankly can't even buy a book on. So for customers to get that knowledge, they want to get it from experienced professionals around the globe. And in fact, in the survey that I mentioned earlier, we asked customers, where's the number one place that you expect to get your sustainable IT information from? And they said, our technology vendors. So for us, it's really about driving that point of view, sharing it with customers, helping customers get better and even pointing out some of the unintended consequences. So a great example, Dave, you mentioned PUE earlier. Many customers have been driving PUE down for a number of years, but often the way that they did that was optimizing the data center building infrastructure. They got PUE pretty low. Now, one of the things that happens and customers need to be aware of this, particularly if they're focused on PUE as their primary metric, is when they optimize their IT stack and make that smaller, PUE actually goes up. And at first they think, well, wait a minute, that metric is going in the wrong direction. But when you remember it's a ratio, if you get that IT stack component smaller, then you're driving efficiency even if PUE goes the wrong direction. So part of the conversation then is you might want to look at PUE internally, but perhaps you've outgrown PUE and now have an opportunity to look at other metrics like carbon emissions per workload, or or power consumption per piece of equipment or rack. So all of this drives back to that upward trajectory that Terry was talking about where customers are really interested in power performance. So as we share those stories with customers, share the expertise how to move along this journey, that really provides great differentiation for HPE and AMD together. >> So that's interesting. So PUE is not necessarily the holy grail metric. There are other metrics that you, you should look at. Number one, and number two the way you interpret PUE is changing for the better. So thank you for that context. I wonder Terry, do, do you have any like proof points or examples that you can share? >> Yeah, so one that immediately comes to mind that was a manifestation of some terrific collaboration between AMD and HPE was their recently announced implementation of the Frontier supercomputer. That was a project that we collaborated on for a long time. And, and where we ended up was turning over to the government a supercomputer that is currently the highest performing in the world, broke the exaFLOP barrier. And probably even more importantly is number one on the Green500 list of the top super computers. And, and together we enjoy favorable rankings in other systems, but that's the one that, that really stands out in terms of at scale implementation to shine really a spotlight on what we can do together. Certainly for other customers doesn't have to be the world's largest super computer. It's not uncommon that we see customers just kind of in general purpose business applications in their data centers to be able to do more with less, you know, meaning, you know, you know a third of the servers oftentimes delivering not only a very strong TCO but the environmental benefit that gets associated with significantly reduced energy that can be expressed in reduction in, in overall CO2 emissions and other, other ways to express the benefit, whether it's, you know the equivalent of, of planting you know, acres of forest or whatever. So we're really proud of the proof points that we have and and look forward to the opportunity to together explain this more fully to customers and partners. >> Right? So John, Terry sort of alluded to this being more broad based. I know HPE has a very strong focus on HPC. Sorry for all the acronyms, but high performance computing. But the, so this is more broad based than just the super computing business, right John? >> Yeah, absolutely. We see these performance benefits for customers and industry standard servers as well. In fact, many customers, that's the primary type of equipment they use and they want better power performance. They either want to as Terry alluded to, use less equipment to do the same amount of work, or if they've run into a space or power or cooling constraint in their data centers, they want to be able to increase workloads in the same footprint. So it allows them to take better use of their data centers. And for some customers even the data center enclosure that they started with they can actually use a much smaller amount of space. In fact, we have some that even move over to co-location facilities as they improve that performance per watt, and can do more work in the smaller space. So it starts an industry standard server, but increasingly we're seeing customers considering liquid cooling solutions and that generally moves them into the high performance compute space as well right now. So those performance improvements exist across that entire spectrum. >> So since you brought up liquid cooling John, I mean can you share any best practices? I mean, like what do you do with all that heated liquid? >> Yeah, it's a great, great question. And we have seen a lot more interest from customers in liquid cooling and there's a variety of things that you can do, but if you're considering liquid cooling the opportunities to think broader than just the IT stack. So if you're going to use a cooling loop anyhow and you're going to generate warm liquid coming off the it equipment as waste, think about what you can do with that. We have a, a government customer here in the United States that designed their high performance computer while they were designing the building it went in. So they're able to use that hot air, hot water, excuse me coming off the IT equipment to heat the entire building. And that provides a great use of that warm water. In many parts of the world, that warm water can either be used on a hot water utility grid or it can even be used on a steam grid if you can get it warm enough. Other places we're aware of customers (indistinct) and greenhouses next to data centers and using both the warm air and the warm water from the data center to heat the greenhouse as well. So we're encouraging customers to take a step back, look at the entire system, look at anything coming out of that system that once was waste and start to think about how can we use that what was waste now as an input to another process. >> Right, that's system thinking and some, some pragmatic examples there. Can, can you each summarize, maybe start Terry, with you AMD's and HPE's respective climate goals that may, Terry then John chime in please. >> Yeah, I'll go first. We actually have four publicly stated goals. The first one is I think very aggressive but we've got a track record of doing something similar in our client business. And, and so kind of goal number one is a 30 X increase in energy efficiency for AMD processors and accelerators powering servers for AI and HPC by 2025. The second is broad based across the corporation is a 50% absolute reduction in greenhouse gas emissions from AMD operations by 2030. And then the third is 100% of AMD manufacturing suppliers will have published greenhouse gas emissions reduction goals by 2025. And we've declared that 80% or greater of our manufacturing suppliers will source renewable energy by 2025. Those are the, those are the four big publicly stated goals and objectives that we have in this area. >> You know what I like about those Terry? A lot of, a lot of these sustainability goals these moonshot goals is like by 2050, it's like, okay. But I, I like the focus on '25 and then of course there's one in there at the end of the decade. All right, John, maybe you could share with us HPE's approach. >> Yeah, absolutely. And we've had almost two decades of emissions reduction goals and our current goals, which we accelerated by 10 years last year, are to be carbon new or excuse me, net zero by 2040. And that's a science based target-approved goal. In fact, one of the first in the world. And we're doing that because we believe that 2050 is too long to wait. And so how we reach that net zero goal by 2040, is by 2030, an interim step is to reduce our scopes one and two, our direct and energy related emissions by 70% from 2020. And that includes sourcing 100% renewable energy across all of our operations. At the same time, the bigger part of our footprint is in our supply chain and when our customers use our products, so we're going to leverage our as a service strategy HPE GreenLake and our energy efficient portfolio of products to reduce our scope three carbon emissions 42% over that 2020 baseline by 2030, and as with AMD as well, we have a goal to have 80% of our suppliers by spend have their own science based targets so that we know that their commitments are scientifically validated. And then the longer step, how we reach net zero by 2040 is by reducing our entire footprint scopes one, two and three by 90% and then balance the rest. >> Yeah. So again, I mean, you know 2030 is only eight years away, a little more. And so if, if, if you have a, a target of 2030 you have to figure out, okay, how are you going to get there? The, if you say, you know, longer, you know in the century you got this balloon payment, you know that you're thinking about. So, so great job, both, both companies and and really making more specific goals that we can quantify you know, year by year. All right, last question, John. Are there any resources that you can share to help customers, you know, get started maybe if they want to get started on their own sustainability strategy or maybe they're part way through and they just want to see how they're doing. >> Yeah, absolutely much of what Terry and I have talked about are available in an executive workbook that we wrote called "Six Steps For Implementing a Sustainable IT Strategy" and that workbook's freely available online and we'll post the URL so that you can get a copy of it. And we really developed that workbook because what we found is, although we had white papers on a variety of these topics, executives said we really need a little bit more specific steps to work through this and implement that sustainable IT strategy. And the reason for that, by the way is that so many of our customers when they start this sustainable IT journey, they take a a variety of tactical steps, but they don't have an overarching strategy that they're really trying to drive. And often they don't do things like bring all the stakeholders they need together. Often they make improvements without measuring their baseline first. So in this workbook, we lead them step by step how to gather the right resources internally, how to make the progress, talk about the progress in a credible way, and then make decisions on where they go next to drive efficiencies. >> Yeah, really that system thinking is, is, is critical. Guys. Thanks so much for your time. Really appreciate it. >> Thank you. >> Okay guys, thanks for your time today. I really appreciate it. In a moment, We're going to toss it over to Lisa Martin out of our Palo Alto studio and bring in Dave Faffel, chief technology officer at WEI, along with John and Terry, to talk about what WEI is doing in this space to address sustainability challenges. You're watching Better Together Sustainability brought to you by HPE and AMD in collaboration with the CUBE, your leader in enterprise and emerging tech coverage. (lilting music)

(bright music) >> Welcome back everyone. theCube's live coverage here. Day two, of two sets, three days of theCube coverage here at VMware Explore. This is our 12th year covering VMware's annual conference, formerly called VM World. I'm John Furrier, with Dave Vellante. We'd love seeing the progress and we've got great security comes Tom Gill, senior vices, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. >> Thanks. for having me. >> Yeah, really happy we could have you on. >> I think this is my sixth edition on the theCube. Do I get frequent flyer points or anything? >> Yeah. >> You first get the VIP badge. We'll make that happen. You can start getting credits. >> Okay, there we go. >> We won't interrupt you. Seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not called out and blown up and talked specifically about on stage. It's kind of in all the narratives in the VM World for this year. But you guys have an amazing security story. So let's just step back and to set context. Tell us the security story for what's going on here at VMware and what that means to this supercloud, multi-cloud and ongoing innovation with VMware. >> Yeah, sure thing. So probably the first thing I'll point out is that security's not just built in at VMware. It's built differently. So, we're not just taking existing security controls and cut and pasting them into our software. But we can do things because of our platform, because of the virtualization layer that you really can't do with other security tools. And where we're very, very focused is what we call lateral security or East-West movement of an attacker. 'Cause frankly, that's the name of the game these days. Attackers, you've got to assume that they're already in your network. Already assume that they're there. Then how do we make it hard for them to get to the stuff that you really want? Which is the data that they're going after. And that's where we really should. >> All right. So we've been talking a lot, coming into VMware Explore, and here, the event. About two things. Security, as a state. >> Yeah. >> I'm secure right now. >> Yeah. >> Or I think I'm secure right now, even though someone might be in my network or in my environment. To the notion of being defensible. >> Yeah. >> Meaning I have to defend and be ready at a moment's notice to attack, fight, push back, red team, blue team. Whatever you're going to call it. But something's happening. I got to be able to defend. >> Yeah. So what you're talking about is the principle of Zero Trust. When I first started doing security, the model was we have a perimeter. And everything on one side of the perimeter is dirty, ugly, old internet. And everything on this side, known good, trusted. What could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So Zero Trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? 'Cause for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine. But they're not going to find 250 million credit cards. >> Right. >> Or the script of a new movie or the super secret aircraft plans. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done and that's where VMware shines. >> So if they don't have the right to get to that database, they're not in. >> And it's not even just the right. So they're so clever and so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So, it's like they have the key to unlock each one of these doors. And we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key, we're like wait a minute. That's not a real CIS Admin making a change. That's ransomware. And that's where you. >> You have to earn your way in. >> That's right. That's right. Yeah. >> And we're all kinds of configuration errors. But also some user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guys scour, the dark web for passwords that have been exposed. >> Correct. >> And go test them against different accounts. Oh one hit over here. >> Correct. >> And people don't change their passwords all the time. >> Correct. >> That's a known vector. >> Just the idea that users are going to be perfect and never make a mistake. How long have we been doing this? Humans are the weakest link. So people are going to make mistakes. Attackers are going to be in. Here's another way of thinking about it. Remember log4j? Remember that whole fiasco? Remember that was at Christmas time. That was nine months ago. And whoever came up with that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that said, "Oh yeah, I wasn't impacted by log4j." So here's some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one, right? We haven't heard anything. So the point is, the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. It's untenable, in the real world, right? >> Right. >> We don't know in there, hiding in the closet. >> They're still in. >> They're watching everything. >> Hiding in your closet, exactly. >> Moving around, nibbling on your cookies. >> Drinking your beer. >> Yeah. >> So let's talk about how this translates into the new reality of cloud-native. Because now you hear about automated pentesting is a new hot thing right now. You got antivirus on data is hot within APIs, for instance. >> Yeah. >> API security. So all kinds of new hot areas. Cloud-native is very iterative. You know, you can't do a pentest every week. >> Right. >> You got to do it every second. >> So this is where it's going. It's not so much simulation. It's actually real testing. >> Right. Right. >> How do you view that? How does that fit into this? 'cause that seems like a good direction to me. >> Yeah. If it's right in, and you were talking to my buddy, Ahjay, earlier about what VMware can do to help our customers build cloud native applications with Tanzu. My team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within. Looking at the individual piece parts and how they talk to each other and figuring out, wait a minute, that should never happen. By almost having an x-ray machine on the innards of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based. And we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with a hypervisor with NSX. We see all the inner workings. In a container world we have this thing called a service mesh that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. This API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit cards. That doesn't make any sense. The anomalies stick out like a sore thumb. If you can see them. At VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that East-West or lateral security. >> You don't belong in this room, get out or that that's some weird call from an in memory database, something over here. >> Exactly. Where other security solutions won't even see that. It's not like there algorithms aren't as good as ours or better or worse. It's the access to the data. We see the inner plumbing of the app and therefore we can protect the app from. >> And there's another dimension that I want to get in the table here. 'Cause to my knowledge only AWS, Google, I believe Microsoft and Alibaba and VMware have this. >> Correct >> It's Nitro. The equivalent of a Nitro. >> Yes. >> Project Monterey. >> Yeah. >> That's unique. It's the future of computing architectures. Everybody needs a Nitro. I've written about this. >> Yeah. >> Right. So explain your version. >> Yeah. >> It's now real. >> Yeah. >> It's now in the market, right? >> Yeah. >> Or soon will be. >> Here's our mission. >> Salient aspects. >> Yeah. Here's our mission of VMware. Is that we want to make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud. >> And secure. >> And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Not just on the edges of it. Okay. How do we go on that journey? As you pointed out, the public cloud providers realized five years ago that the right way to build computers was not just a CPU and a graphics process unit, GPU. But there's this third thing that the industry's calling a DPU, data processing unit. And so there's kind of three pieces of a computer. And the DPU is sometimes called a Smartnic. It's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what Nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So with vSphere 8, we have the ability to take the network processing, that East-West inspection I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that Ahjay and team are building. >> So no performance degradation at all? >> Correct. To CPU offload. >> So even the opposite, right? I mean you're running it basically Bare Metal speeds. >> Yes, yes and yes. >> And you're also isolating the storage from the security, the management, and. >> There's an isolation angle to this, which is that firewall, that we're putting everywhere. Not just that the perimeter, but we put it in each little piece of the server is running when it runs on one of these DPUs it's a different memory space. So even if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >> So who has access to that resource? >> Pretty much just the infrastructure layer, the cloud provider. So it's Amazon, Google, Microsoft, and the enterprise. >> Application can't get in. >> Can't get in there. Cause you would've to literally bridge from one memory space to another. Never say never, but it would be very. >> But it hasn't earned the trust to get. >> It's more than barbwire. It's multiple walls. >> Yes. And it's like an air gap. It puts an air gap in the server itself so that if the server is compromised, it's not going to get into the network. Really powerful. >> What's the big thing that you're seeing with this supercloud transition. We're seeing multi-cloud and this new, not just SaaS hosted on the cloud. >> Yeah. >> You're seeing a much different dynamic of, combination of large scale CapEx, cloud-native, and then now cloud-native drills on premises and edge. Kind of changing what a cloud looks like if the cloud's on a cloud. >> Yeah. >> So we're the customer, I'm building on a cloud and I have on premise stuff. So, I'm getting scale CapEx relief from the hyperscalers. >> I think there's an important nuance on what you're talking about. Which is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really going to work. Oh some people realize. >> It's not secure. >> Yeah. It's not secure. >> That one's like, no, no, no it's secure. It works. And it's good. So then there was this sort of over rush. Let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm going to move those onto the cloud. You got to take them all apart, put them on the cloud and put them all back together again. And little tiny details like changing an IP address. It's actually much harder than it looks. So my argument is, for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. We pretty much every. >> And the benefit of the customer is what. >> You can literally VMotion and just pick it up and move it from private to public, public to private, private to public, Back and forth. >> Remember when we called Vmotion BS, years ago? >> Yeah. Yeah. >> VMotion is powerful. >> We were very skeptical. We're like, that'll never happen. I mean we were. This supposed to be pat ourselves on the back. >> Well because alchemy. It seems like what you can't possibly do that. And now we do it across clouds. So it's not quite VMotion, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine. Things got super tense, super fast and they had to go from their private cloud data center in the Ukraine, to a public cloud data center out of harm's way. They did it over a weekend. 48 hours. If you've ever migrated a data center, that's usually six months. Right. And a lot of heartburn and a lot of angst. Boop. They just drag and dropped and moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructures defined in software. If you're relying on hardware, load balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, they're really, really expensive. And by the way, they eat a lot of power. So that was an architecture from the 90's. In the cloud operating model your data center. And this comes back to what you were talking about is just racks and racks of X86 with these magic DPUs, or smart nics, to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >> We just had Ahjay taking us to school, and everyone else to school on applications, middleware, abstraction layer. And Kit Culbert was also talking about this across cloud. We're talking supercloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It feels to me, and again, this is your wheelhouse. If supercloud happens with this kind of past layer where there's vMotioning going on. All kinds of spanning applications and data across environments. >> Yeah. Assume there's an operating system working on behind the scenes. >> Right. >> What's the security posture in all this? >> Yeah. So remember my narrative about the bad guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff, is you've got to understand it at what we call Layer 7. At the application layer. Trying to do security to the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible. It's buried in some cloud provider. So Layer 7 understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Nothing to do with the infrastructure. >> And where's the progress bar on that paradigm. One to ten. Ten being everyone's doing it. >> Right now. Well, okay. So we as a vendor can do this today. All the stuff I talked about, reading APIs, understanding the individual services looking at, Hey, wait a minute this credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle? Early days 10%. So there's a whole lot of headroom for people to understand, Hey, I can put these controls in place. They're software based. They don't require appliances. It's Layer 7, so it has contextual awareness and it's works on every single cloud. >> We talked about the pandemic being an accelerator. It really was a catalyst to really rethink. Remember we used to talk about Pat as a security do over. He's like, yes, if it's the last thing I do, I'm going to fix security. Well, he decided to go try to fix Intel instead. >> He's getting some help from the government. >> But it seems like CISOs have totally rethought their security strategy. And at least in part, as a function of the pandemic. >> When I started at VMware four years ago, Pat sat me down in his office and he said to me what he said to you, which is like, "Tom," he said, "I feel like we have fundamentally changed servers. We fundamentally change storage. We fundamentally change networking. The last piece of the puzzle of security. I want you to go fundamentally change it." And I'll argue that the work that we're doing with this horizontal security, understanding the lateral movement. East- West inspection. It fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with Endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so Pat, thanks for the mission. We delivered it and it's available now. >> Those WET web applications firewall for instance are around, I mean. But to your point, the perimeter's gone. >> Exactly. >> And so you got to get, there's no perimeter. so it's a surface area problem. >> Correct. And access. And entry. >> Correct. >> They're entering here easy from some manual error, or misconfiguration or bad password that shouldn't be there. They're in. >> Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall. Bad guys come in the window. >> And then the windows open. With a ladder. >> Oh my God. Cause it's hot, bad user behavior trumps good security every time. >> And then they move around room to room. We're the room to room people. We see each little piece of the thing. Wait, that shouldn't happen. Right. >> I want to get you a question that we've been seeing and maybe we're early on this or it might be just a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CISOs and CSOs, two roles. Chief information security officer, and then chief security officer. Amazon, actually Steven Schmidt is now CSO at Reinforce. They actually called that out. And the interesting point that he made, we had some other situations that verified this, is that physical security is now tied to online, to your point about the service area. If I get a password, I still got the keys to the physical goods too. >> Right. So physical security, whether it's warehouse for them or store or retail. Digital is coming in there. >> Yeah. So is there a CISO anymore? Is it just CSO? What's the role? Or are there two roles you see that evolving? Or is that just circumstance. >> I think it's just one. And I think that the stakes are incredibly high in security. Just look at the impact that these security attacks are having on. Companies get taken down. Equifax market cap was cut 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. It determines the fate of nations. I know that sounds grand, but it's true. And so companies care so much about it they're looking for one leader, one throat to choke. One person that's going to lead security in the virtual domain, in the physical domain, in the cyber domain, in the actual. >> I mean, you mention that, but I mean, you look at Ukraine. I mean that cyber is a component of that war. I mean, it's very clear. I mean, that's new. We've never seen. this. >> And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. >> Yeah. >> So the US, we have a policy of strategic deterrence. Where we develop some of the most sophisticated cyber weapons in the world. We don't use them. And we hope never to use them. Because our adversaries, who could do stuff like, I don't know, wipe out every bank account in North America. Or turn off the lights in New York City. They know that if they were to do something like that, we could do something back. >> This is the red line conversation I want to go there. So, I had this discussion with Robert Gates in 2016 and he said, "We have a lot more to lose." Which is really your point. >> So this brand. >> I agree that there's to have freedom and liberty, you got to strike back with divorce. And that's been our way to balance things out. But with cyber, the red line, people are already in banks. So they're are operating below the red line line. Red line meaning before we know you're in there. So do we move the red line down because, hey, Sony got hacked. The movie. Because they don't have their own militia. >> Yeah. >> If their were physical troops on the shores of LA breaking into the file cabinets. The government would've intervened. >> I agree with you that it creates tension for us in the US because our adversaries don't have the clear delineation between public and private sector. Here you're very, very clear if you're working for the government. Or you work for an private entity. There's no ambiguity on that. >> Collaboration, Tom, and the vendor community. I mean, we've seen efforts to try to. >> That's a good question. >> Monetize private data and private reports. >> So at VMware, I'm very proud of the security capabilities we've built. But we also partner with people that I think of as direct competitors. We've got firewall vendors and Endpoint vendors that we work with and integrate. And so coopetition is something that exists. It's hard. Because when you have these kind of competing. So, could we do more? Of course we probably could. But I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera. And as the threats get worse, you'll probably see us continue to do more. >> And the government is going to trying to force that too. >> And the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called processing quantum. >> Quantum. Quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. That's not good at all because our whole system is built around these private communications. So the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption. So, when the day quantum becomes available, we can change them and stay ahead of these quantum people. >> Well, didn't NIST just put out a quantum proof algo that's being tested right now by the community? >> There's a lot of work around that. Correct. And NIST is taking the lead on this, but Google's working on it. VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is a, it's an x-ray machine. It's like a dilithium crystal that can power a whole ship. It's a really, really, really powerful tool. >> Bad things will happen. >> Bad things could happen. >> Well, Tom, great to have you on the theCube. Thanks for coming on. Take the last minute to just give a plug for what's going on for you here at VMWorld this year, just VMware Explore this year. >> Yeah. We announced a bunch of exciting things. We announced enhancements to our NSX family, with our advanced load balancer. With our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and Zero Trust built into everything you do. And that's what we're working on. Pushing that further and further. >> Tom Gill, senior vices president, head of the networking at VMware. Thanks for coming on. We do appreciate it. >> Thanks for having us. >> Always getting the security data. That's killer data and security of the two ops that get the most conversations around DevOps and Cloud Native. This is The theCube bringing you all the action here in San Francisco for VMware Explore 2022. I'm John Furrier with Dave Vellante. Thanks for watching. (bright music)

>>Welcome back everyone Cube's live coverage here. Day two, two sets, three days of cube coverage here at VMware Explorer. This is our 12th year covering VMware's annual conference, formally called world I'm Jean Dave ante. We'd love seeing the progress and we've got great security comes Tom Gill, senior rights, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. Thanks >>For having me. Yeah, really happy we could have you on, you know, I think, I think this is my sixth edition on the cube. Like, do I get freaking flyer points or anything? >>Yeah, you get first get the VIP badge. We'll make that happen. You can start getting credits. >>Okay. There we go. >>We won't interrupt you. No, seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not like called out and, and blown up and talked specifically about on stage. It's kind of in all the narratives in, in the VM world for this year. Yeah. But you guys have an amazing security story. So let's just step back into set context. Tell us the security story for what's going on here at VMware and what that means to this super cloud multi-cloud and ongoing innovation with VMware. Yeah, >>Sure thing. So, so probably the first thing I'll point out is that, that security's not just built in at VMware it's built differently, right? So we're not just taking existing security controls and cut and pasting them into, into our software. But we can do things because of our platform because of the virtualization layer that you really can't do with other security tools and where we're very, very focused is what we call lateral security or east west movement of an attacker. Cuz frankly, that's the name of the game these days. Right? Attackers, you gotta assume that they're already in your network. Okay. Already assume that they're there, then how do we make it hard for them to get to what the, the stuff that you really want, which is the data that they're, they're going after. Right. And that's where we, >>We really should. All right. So we've been talking a lot coming into world VMware Explorer and here the event about two things security as a state. Yeah. I'm secure right now. Yeah. Or I, I think I'm secure right now, even though someone might be in my network or in my environment to the notion of being defensible. Yeah. Meaning I have to defend and be ready at a moment's notice to attack, fight, push back red team, blue team, whatever you're gonna call it, but something's happening. I gotta be a to defend. Yeah. >>So you, what you're talking about is the principle of zero trust. So the, the, when we, when I first started doing security, the model was we have a perimeter and everything on one side of the perimeter is dirty, ugly, old internet and everything on this side known good, trusted what could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So zero trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? Cuz for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine, but they're not gonna find 250 million credit cards. Right. Or the, the script of a new movie or the super secret aircraft plans, right. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done. Yeah. And that's where VMware shines. If they don't >>Have the right to get to that database, they're >>Not >>In and it's not even just the right, like, so they're so clever. And so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So it's like they have the key to unlock each one of these doors and we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key where like, wait a minute, that's not a real CIS admin making a change. That's ransomware. Yeah. Right. And that's, that's where we, you have to earn your way in. That's right. That's >>Right. Yeah. And we're all, there's all kinds of configuration errors. But also some, some I'll just user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guy's scour, the dark web for passwords that have been exposed. Correct. And go test them against different accounts. Oh one hit over here. Correct. And people don't change their passwords all the time. Correct? Correct. That's a known, known vector. We, >>We just, the idea that users are gonna be perfect and never make mistake. Like how long have we been doing this? Like humans with the weakest link. Right. So, so, so people are gonna make mistakes. Attackers are gonna be in here's another way of thinking about it. Remember log for J. Remember that whole ago, remember that was a Christmas time. That was nine months ago. And whoever came up with that, that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that was said, oh yeah, I wasn't impacted by log for J. So seers, some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one. Right? We haven't heard anything. So the point is the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. Like it's untenable, the real world. Right, right. >>We don't even go in there. They're still in there >>Watching your closet. Exactly. Moving around, nibbling on your ni line, your cookies. You know what I mean? Drinking your beer. >>Yeah. So, so let's talk about how this translates into the new reality of cloud native, because now know you hear about, you know, automated pen testing is a, a new hot thing right now you got antivirus on data. Yeah. Is hot is hot within APIs, for instance. Yeah. API security. So all kinds of new hot areas, cloud native is very iterative. You know, you, you can't do a pen test every week. Right. You gotta do it every second. Right. So this is where it's going. It's not so much simulation. It's actually real testing. Right. Right. How do you view that? How does that fit into this? Cuz that seems like a good direction to me. >>Yeah. It, it, it fits right in. And you were talking to my buddy AJ earlier about what VMware can do to help our customers build cloud native applications with, with Zu, my team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within looking at the individual piece parts and how they talk to each other and figuring out, wait a minute. That, that, that, that, that should never happen by like almost having an x-ray machine on the ins of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based and we, and we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with the hypervisor, with NSX, we see all the inner workings in a container world. >>We have this thing called a service me that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. You know, this API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit card that doesn't make any sense. Right? The anomalies stick out like a sore thumb. If you can see them. And VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that east west or lateral >>Security. Yeah. You don't belong in this room, get out or that that's right. Some weird call from an in-memory database, something over >>Here. Exactly. Where other, other security solutions won't even see that. Right. It's not like there algorithms aren't as good as ours or, or better or worse. It's that, it's the access to the data. We see the, the, the, the inner plumbing of the app. And therefore we can protect >>The app from, and there's another dimension that I wanna get in the table here, cuz to my knowledge only AWS, Google, I, I believe Microsoft and Alibaba and VMware have this, it nitro the equivalent of a nitro. Yes. Project Monterey. Yeah. That's unique. It's the future of computing architectures. Everybody needs a nitro. I've I've written about this. Yeah. Right. So explain your version. Yeah. Project. It's now real. It's now in the market right. Or soon will be. Yeah. Here. Here's our mission salient aspects. Yeah. >>Here's our mission of VMware is that we wanna make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud >>And secure >>And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Right. Not just on the edges of it. So, so, so, okay. How do we go on that journey? As you pointed out, the public cloud providers realized, you know, five years ago that the right way to build computers was not just a CPU and a GPU graphics process, unit GPU, but there's this third thing that the industry's calling a DPU data processing unit. So there's kind of three pieces of a computer. And the DPU is sometimes called a smart Nick it's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So, so with vSphere eight, we have the ability to take the network processing that east west inspection. I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that AJ and team are building. >>So no performance degradation at all, correct. >>To CPU >>Offload. So even the opposite, right? I mean you're running it basically bare metal speeds. >>Yes, yes. And yes. >>And, and, and you're also isolating the, the storage right from the, from the, the, the security, the management. And >>There's an isolation angle to this, which is that firewall that we're putting everywhere. Not just that the perimeter, we put it in each little piece of the server is running when it runs on one of these DPU, it's a different memory space. So even if, if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >>So who has access to that? That, that resource >>Pretty much just the infrastructure layer, the cloud provider. So it's Google Microsoft, you know, and the enterprise, the >>Application can't get in, >>Can't get in there. Cause it, you would've to literally bridge from one memory space to another, never say never, but it would be very, very, >>It hasn't earned the trust >>To get it's more than Bob wire. It's, it's, it's multiple walls and, and >>It's like an air gap. It puts an air gap in the server itself so that if the server's compromised, it's not gonna get into the network really powerful. >>What's the big thing that you're seeing with this super cloud transition we're seeing, we're seeing, you know, multicloud and this new, not just SAS hosted on the cloud. Yeah. You're seeing a much different dynamic of combination of large scale CapEx, cloud native. And then now cloud native develops on premises and edge kind of changing what a cloud looks like if the cloud's on a cloud. So rubber customer, I'm building on a cloud and I have on-prem stuff. So I'm getting scale CapEx relief from the, from the cap, from the hyperscalers. >>I, I think there's an important nuance on what you're talking about, which is, is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really gonna work. And some people realize >>It's not secure. Yeah. >>It, it's not secure that one's like, no, no, no, it's secure. It works. And it, and it's good. So then there was this sort of over rush. Like let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm gonna move those onto the cloud. You gotta take 'em all apart, put 'em on the cloud and put 'em all back together again. And little tiny details, like changing an IP address. It's actually much harder than it looks. So my argument is for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. Right. We pretty much every, and >>The benefit of the customer is what you >>Can literally vMotion and just pick it up and move it from private to public public, to private, private, to public, public, back and forth. >>Remember when we called VMO BS years ago. Yeah, yeah, yeah. >>We were really, skeptic is >>Powerful. We were very skeptical. We're like, that'll never happen. I mean, we were, I mean, it's supposed to be pat ourselves on the back. We, well, >>Because it's alchemy, it seems like what you can't possibly do that. Right. And so, so, so, and now we do it across clouds, right? So we can, you know, it's not quite VMO, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine, things got super tense, super fast, and they had to go from their private cloud data center in the Ukraine to a public cloud data center outta harm's way. They did it over a weekend, 48 hours. If you've ever migrated data, that's usually six months, right? And a lot of heartburn and a lot of angst, boom. They just drag and drop, moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructure's defined in software. >>If you're relying on hardware, load, balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, really, really expensive. And by the way, they eat a lot of power, right? So that was an architecture from the nineties in the cloud operating model, your data center. And this goes back to what you were talking about is just racks and racks of X 86 with these magic DPU or smart necks to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >>We just said, AJ taking us to school and everyone else to school on applications, middleware abstraction layer. Yeah. And kit Culver was also talking about this across cloud. We're talking super cloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It has. It feels to me. And again, this is, this is your wheelhouse. If super cloud happens with this kind of past layer where there's B motioning going on, all kinds of yeah. Spanning applications and data. Yeah. Across environments. Yeah. Assume there's an operating system working on behind the scenes. Right. What's the security posture in all this. Yeah. >>So remember my narrative about like VA guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff is you've gotta understand it at what, you know, we call layer seven at the application layer the in, you know, trying to do security, the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible, right. It's buried in some cloud provider. So layer seven, understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Right. Nothing to do with >>The infras. And where's the progress bar on that, that paradigm early one at the 10, 10 being everyone's doing it >>Right now. Well, okay. So we, as a vendor can do this today. All the stuff I talked about about reading APIs, understanding the, the individual services looking at, Hey, wait a minute. This credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle, early days, 10%. So, so there's a whole lot of headroom. We, for people to understand, Hey, I can put these controls in place. There's software based. They don't require appliances. It's layer seven. So it has contextual awareness and it's works on every single cloud. >>You know, we talk about the pandemic. Being an accelerator really was a catalyst to really rethink. Remember we used to talk about pat his security a do over. He's like, yes, if it's the last thing I'm due, I'm gonna fix security. Well, he decided to go try to fix Intel instead, but, >>But, but he's getting some help from the government, >>But it seems like, you know, CISOs have totally rethought, you know, their security strategy. And, and at least in part is a function of the pandemic. >>When I started at VMware four years ago, pat sat me down in his office and he said to me what he said to you, which is like Tom, he said, I feel like we have fundamentally changed servers. We fundamentally changed storage. We fundamentally changed networking. The last piece of the puzzle of security. I want you to go fundamentally change it. And I'll argue that the work that we're doing with this, this horizontal security understanding the lateral movement east west inspection, it fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so pat, thanks for the mission. We delivered it and available >>Those, those wet like web applications firewall for instance are, are around. I mean, but to your point, the perimeter's gone. Exactly. And so you gotta get, there's no perimeter. So it's a surface area problem. Correct. And access and entry, correct. They're entering here easy from some manual error or misconfiguration or bad password that shouldn't be there. They're >>In. Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall bad guys, come in the window. Right. And >>Then the window's open and the window with a ladder room. Oh my >>God. Cause it's hot, bad user behavior. Trump's good security >>Every time. And then they move around room to room. We're the room to room people. Yeah. We see each little piece of the thing. Wait, that shouldn't happen. Right. >>I wanna get you a question that we've been seeing and maybe we're early on this, or it might be just a, a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CSOs and CSOs, two roles, chief information security officer, and then chief security officer Amazon, actually, Steven Schmidt is now CSO at reinforced. They actually called that out. Yeah. And the, and the interesting point that he made, we've had some other situations that verified. This is that physical security is now tied to online to your point about the service area. If I get a password, I still at the keys to the physical goods too. Right. Right. So physical security, whether it's warehouse for them is, or store or retail digital is coming in there. Yeah. So is there a CSO anymore? Is it just CSO? What's the role or are there two roles you see that evolving or is that just, >>Well, >>I circumstance, >>I, I think it's just one. And I think that, that, you know, the stakes are incredibly high in security. Just look at the impact that these security attacks are having on it. It, you know, companies get taken down, Equifax market cap was cut, you know, 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. Right. It determines the fate of nations. I know that sounds grand, but it's true. Yeah. And so, so, so companies care so much about it. They're looking for one liter, one throat to choke, you know, one person that's gonna lead security in the virtual domain, in the physical domain, in the cyber domain, in, in, you know, in the actual, well, it is, >>I mean, you mentioned that, but I mean, mean you look at Ukraine. I mean the, the, that, that, that cyber is a component of that war. I mean, that's very clear. I mean, that's, that's new, we've never seen >>This. And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. Yeah, yeah. Right. So the us, we have a policy of, of strategic deterrents where we develop some of the most sophisticated cyber weapons in the world. We don't use them and we hope never to use them because the, the, our adversaries who could do stuff like, oh, I don't know, wipe out every bank account in north America, or turn off the lights in New York city. They know that if they were to do something like that, we could do something back. >>I, this discuss, >>This is the red line conversation I wanna go there. So >>I had this discussion with Robert Gates in 2016 and he said, we have a lot more to lose, which is really >>Your point. So this brand, so I agree that there's the, to have freedom and Liberty, you gotta strike back with divorce and that's been our way to, to balance things out. Yeah. But with cyber, the red line, people are already in banks. So they're addresses are operating below the red line, red line, meaning before we know you're in there. So do we move the red line down because Hey, Sony got hacked the movie because they don't have their own militia. Yeah. If they were physical troops on the shores of LA breaking into the file cabinets. Yeah. The government would've intervened. >>I, I, I agree with you that it creates, it creates tension for us in the us because our, our adversaries don't have the clear delineation between public and private sector here. You're very, very clear if you're working for the government or you work for an private entity, there's no ambiguity on that. And so, so we have different missions in each department. Other countries will use the same cyber capabilities to steal intellectual, you know, a car design as they would to, you know, penetrate a military network. And that creates a huge hazard for us on the us. Cause we don't know how to respond. Yeah. Is that a civil issue? Is that a, a, a military issue? And so, so it creates policy ambiguity. I still love the clarity of separation of, you know, sort of the various branches of government separation of government from, >>But that, but, but bureau on multinational corporation, you then have to, your cyber is a defensible. You have to build the defenses >>A hundred percent. And I will also say that even though there's a clear D mark between government and private sector, there's an awful lot of cooperation. So, so our CSO, Alex toshe is actively involved in the whole intelligence community. He's on boards and standards and we're sharing because we have a common objective, right? We're all working together to fight these bad guys. And that's one of the things I love about cyber is that that even direct competitors, two big banks that are rivals on the street are working together to share security information and, and private, is >>There enough? Is collaboration Tom in the vendor community? I mean, we've seen efforts to try to, that's a good question, monetize private data, you know? Yeah. And private reports and, >>And, you know, like, so at VMware, we, we, I'm very proud of the security capabilities we've built, but we also partner with people that I think of as direct competitors, we've got firewall vendors and endpoint vendors that we work with and integrate. And so cooperation is something that exists. It's hard, you know, because when you have these kind of competing, you know, so could we do more? Of course we probably could, but I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera, you know, and, you know, as the threats get worse, you'll probably see us continue to do more. >>And the governments is gonna trying to force that too. >>And, and the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called quantum processing, calling out. Yeah. Yeah. Quantum, quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. Right. That's not good at all because our whole system is built around these private communications. So, so the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption? So when the day quantum becomes available, we can change them and stay ahead of these quantum people. Well, >>Didn't this just put out a quantum proof algo that's being tested right now by the, the community. >>There's a lot of work around that. Correct. And, and, and this is taking the lead on this, but you know, Google's working on it, VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is like a, it's a, it's a x-ray machine. You know, it's like, it's like a, a, a di lithium crystal that can power a whole ship. Right. It's a really, really, really powerful >>Tool. It's bad. Things will happen. >>Bad things could happen. >>Well, Tom, great to have you on the cube. Thanks for coming. Take the last minute to just give a plug for what's going on for you here at world this year, VMware explore this year. Yeah. >>We announced a bunch of exciting things. We announced enhancements to our, our NSX family, with our advanced load balancer, with our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and zero trust built into everything you do. And that's, that's what we're working on and pushing that further and further. >>Tom Gill, senior vices president head of the networking at VMware. Thanks for coming up for you. Appreciate >>It. Yes. Thanks for having guys >>Always getting the security data. That's killer data and security of the two ops that get the most conversations around dev ops and cloud native. This is the queue bringing you all the action here in San Francisco for VMware. Explore 2022. I'm John furrier with Dave, Alan. Thanks for watching.

>>Hey everyone. Welcome back to the cube. Lisa Martin, with Dave ante. We're here in Las Vegas with snowflake at the snowflake summit 22. This is the fourth annual there's close to 10,000 people here. Lots going on. Customers, partners, analysts, cross media, everyone talking about all of this news. We've got a couple of guests joining us. We're gonna unpack snow park. Torston grabs the director of product management at snowflake and Joe. No NTY AI and MDM architect at Allegis group. Guys. Welcome to the program. Thank >>You so much for having >>Us. Isn't it great to be back in person? It is. >>Oh, wonderful. Yes, it >>Is. Indeed. Joe, talk to us a little bit about Allegis group. What do you do? And then tell us a little bit about your role specifically. >>Well, Allegis group is a collection of OPCA operating companies that do staffing. We're one of the biggest staffing companies in north America. We have a presence in AMEA and in the APAC region. So we work to find people jobs, and we help get 'em staffed and we help companies find people and we help individuals find >>People incredibly important these days, excuse me, incredibly important. These days. It is >>Very, it very is right >>There. Tell me a little bit about your role. You are the AI and MDM architect. You wear a lot of hats. >>Okay. So I'm a architect and I support both of those verticals within the company. So I work, I have a set of engineers and data scientists that work with me on the AI side, and we build data science models and solutions that help support what the company wants to do, right? So we build it to make business business processes faster and more streamlined. And we really see snow park and Python helping us to accelerate that and accelerate that delivery. So we're very excited about it. >>Explain snow park for, for people. I mean, I look at it as this, this wonderful sandbox. You can bring your own developer tools in, but, but explain in your words what it >>Is. Yeah. So we got interested in, in snow park because increasingly the feedback was that everybody wants to interact with snowflake through SQL. There are other languages that they would prefer to use, including Java Scala and of course, Python. Right? So then this led down to the, our, our work into snow park where we're building an infrastructure that allows us to host other languages natively on the snowflake compute platform. And now here, what we're, what we just announced is snow park for Python in public preview. So now you have the ability to natively run Python code on snowflake and benefit from the thousands of packages and libraries that the open source community around Python has contributed over the years. And that's a huge benefit for data scientists. It is ML practitioners and data engineers, because those are the, the languages and packages that are popular with them. So yeah, we very much look forward to working with the likes of you and other data scientists and, and data engineers around the Python ecosystem. >>Yeah. And, and snow park helps reduce the architectural footprint and it makes the data pipelines a little easier and less complex. We have a, we had a pipeline and it works on DMV data. And we converted that entire pipeline from Python, running on a VM to directly running down on snowflake. Right. We were able to eliminate code because you don't have to worry about multi threading, right? Because we can just set the warehouse size through a task, no more multi threading, throw that code away. Don't need to do it anymore. Right. We get the same results, but the architecture to run that pipeline gets immensely easier because it's a store procedure that's already there. And implementing that calling to that store procedure is very easy. The architecture that we use today uses six different components just to be able to run that Python code on a VM within our ecosystem to make sure that it runs on time and is scheduled and all of that. Right. But with snowflake, with snowflake and snow park and snowflake Python, it's two components. It's the store procedure and our ETL tool calling it. >>Okay. So you've simplified that, that stack. Yes. And, and eliminated all the other stuff that you had to do that now Snowflake's doing, am I correct? That you're actually taking the application development stack and the analytics stack and bringing them together? Are they merging? >>I don't know. I think in a way I'm not real sure how I would answer that question to be quite honest. I think with stream lit, there's a little bit of application that's gonna be down there. So you could maybe start to say that I'd have to see how that carries out and what we do and what we produce to really give you an answer to that. But yeah, maybe in a >>Little bit. Well, the reason I asked you is because you talk, we always talk about injecting data into apps, injecting machine intelligence and ML and AI into apps, but there are two separate stacks today. Aren't they >>Certainly the two are getting closer >>To Python Python. It gets a little better. Explain that, >>Explain, explain how >>That I just like in the keynote, right? The other day was SRE. When she showed her sample application, you can start to see that cuz you can do some data pipelining and data building and then throw that into a training module within Python, right down inside a snowflake and have it sitting there. Then you can use something like stream lit to, to expose it to your users. Right? We were talking about that the other day, about how do you get an ML and AI, after you have it running in front of people, we have a model right now that is a Mo a predictive and prescriptive model of one of our top KPIs. Right. And right now we can show it to everybody in the company, but it's through a Jupyter notebook. How do I deliver it? How do I get it in the front of people? So they can use it well with what we saw was streamlet, right? It's a perfect match. And then we can compile it. It's right down there on snowflake. And it's completely easier time to delivery to production because since it's already part of snowflake, there's no architectural review, right. As long as the code passes code review, and it's not poorly written code and isn't using a library that's dangerous, right. It's a simple deployment to production. So because it's encapsulated inside of that snowflake environment, we have approval to just use it. However we see fit. >>It's very, so that code delivery, that code review has to occur irrespective of, you know, not always whatever you're running it on. Okay. So I get that. And, and, but you, it's a frictionless environment you're saying, right. What would you have had to do prior to snowflake that you don't have to do now? >>Well, one, it's a longer review process to allow me to push the solution into production, right. Because I have to explain to my InfoSec people, right? My other it's not >>Trusted. >>Well, well don't use that word. No. Right? It got, there are checks and balances in everything that we do, >>It has to be verified. And >>That's all, it's, it's part of the, the, what I like to call the good bureaucracy, right? Those processes are in place to help all of us stay protected. >>It's the checklist. Yeah. That you >>Gotta go to. >>That's all it is. It's like fly on a plane. You, >>But that checklist gets smaller. And sometimes it's just one box now with, with Python through snow park, running down on the snowflake platform. And that's, that's the real advantage because we can do things faster. Right? We can do things easier, right? We're doing some mathematical data science right now and we're doing it through SQL, but Python will open that up much easier and allow us to deliver faster and more accurate results and easier not to mention, we're gonna try to bolt on the hybrid tables to that afterwards. >>Oh, we had talk about that. So can you, and I don't, I don't need an exact metric, but when you say faster talking 10% faster, 20% faster, 50% path >>Faster, it really depends on the solution. >>Well, gimme a range of, of the worst case, best case. >>I, I really don't have that. I don't, I wish I did. I wish I had that for you, but I really don't have >>It. I mean, obviously it's meaningful. I mean, if >>It is meaningful, it >>Has a business impact. It'll >>Be FA I think what it will do is it will speed up our work inside of our iterations. So we can then, you know, look at the code sooner. Right. And evaluate it sooner, measure it sooner, measure it faster. >>So is it fair to say that as a result, you can do more. Yeah. That's to, >>We be able do more well, and it will enable more of our people because they're used to working in Python. >>Can you talk a little bit about, from an enablement perspective, let's go up the stack to the folks at Allegis who are on the front lines, helping people get jobs. What are some of the benefits that having snow park for Python under the hood, how does it facilitate them being able to get access to data, to deliver what they need to, to their clients? >>Well, I think what we would use snowflake for a Python for there is when we're building them tools to let them know whether or not a user or a piece of talent is already within our system. Right. Things like that. Right. That's how we would leverage that. But again, it's also new. We're still figuring out what solutions we would move to Python. We are, we have some targeted, like we're, I have developers that are waiting for this and they're, and they're in private preview. Now they're playing around with it. They're ready to start using it. They're ready to start doing some analytical work on it, to get some of our analytical work out of, out of GCP. Right. Because that's where it is right now. Right. But all the data's in snowflake and it just, but we need to move that down now and take the data outta the data wasn't in snowflake before. So there, so the dashboards are up in GCP, but now that we've moved all of that data down in, down in the snowflake, the team that did that, those analytical dashboards, they want to use Python because that's the way it's written right now. So it's an easier transformation, an easier migration off of GCP and get us into snow, doing everything in snowflake, which is what we want. >>So you're saying you're doing the visualization in GCP. Is that righting? >>It's just some dashboarding. That's all, >>Not even visualization. You won't even give for. You won't even give me that. Okay. Okay. But >>Cause it's not visualization. It's just some D boardings of numbers and percentages and things like that. It's no graphic >>And it doesn't make sense to run that in snowflake, in GCP, you could just move it into AWS or, or >>No, we, what we'll be able to do now is all that data before was in GCP and all that Python code was running in GCP. We've moved all that data outta GCP, and now it's in snowflake and now we're gonna work on taking those Python scripts that we thought we were gonna have to rewrite differently. Right. Because Python, wasn't available now that Python's available, we have an easier way of getting those dashboards back out to our people. >>Okay. But you're taking it outta GCP, putting it to snowflake where anywhere, >>Well, the, so we'll build the, we'll build those, those, those dashboards. And they'll actually be, they'll be displayed through Tableau, which is our enterprise >>Tool for that. Yeah. Sure. Okay. And then when you operationalize it it'll go. >>But the idea is it's an easier pathway for us to migrate our code, our existing code it's in Python, down into snowflake, have it run against snowflake. Right. And because all the data's there >>Because it's not a, not a going out and coming back in, it's all integrated. >>We want, we, we want our people working on the data in snowflake. We want, that's our data platform. That's where we want our analytics done. Right. We don't want, we don't want, 'em done in other places. We when get all that data down and we've, we've over our data cloud journey, we've worked really hard to move all of that data. We use out of existing systems on prem, and now we're attacking our, the data that's in GCP and making sure it's down. And it's not a lot of data. And we, we fixed it with one data. Pipeline exposes all that data down on, down in snowflake now. And we're just migrating our code down to work against the snowflake platform, which is what we want. >>Why are you excited about hybrid tables? What's what, what, what's the >>Potential hybrid tables I'm excited about? Because we, so some of the data science that we do inside of snowflake produces a set of results and there recommendations, well, we have to get those recommendations back to our people back into our, our talent management system. And there's just some delays. There's about an hour delay of delivering that data back to that team. Well, with hybrid tables, I can just write it to the hybrid table. And that hybrid table can be directly accessed from our talent management system, be for the recruiters and for the hiring managers, to be able to see those recommendations and near real time. And that that's the value. >>Yep. We learned that access to real time. Data it in recent years is no longer a nice to have. It's like a huge competitive differentiator for every industry, including yours guys. Thank you for joining David me on the program, talking about snow park for Python. What that announcement means, how Allegis is leveraging the technology. We look forward to hearing what comes when it's GA >>Yeah. We're looking forward to, to it. Nice >>Guys. Great. All right guys. Thank you for our guests and Dave ante. I'm Lisa Martin. You're watching the cubes coverage of snowflake summit 22 stick around. We'll be right back with our next guest.

(upbeat music) >> Hey everyone. Welcome to theCUBE's coverage of Women In Tech, International Women's Day 2022. I'm your host, Lisa Martin. I have two guests from AWS here with me. Carolina Pina joins us, the head of Enterprise Enablement for LATAM and Laura Alvarez Modernel is here as well, Public Sector Programs Manager at AWS. Ladies, it's great to have you on theCUBE. >> Nice to meet you. >> Thank you for having us. >> Carolina, let's start with you. Talk to me a little bit about your role, what it is that you're doing there. >> So my role in AWS is to actually create mechanisms of massive training to try to close the talent gap that we have in the region. And when I mentioned talent gap, I'm talking about obviously digital and cloud-computing skills. So that's, that's, in a nutshell what my role entails. >> Lisa: Got it. How long have you been in that role? Just curious. >> So I've been at AWS a little bit over, over two years. I was actually in the public sector team when I joined, leading the education vertical for Latin American Canada. And I recently joined the commercial sector now leading these massive training efforts for the region for LATAM. >> And Laura, you're in public sector. Talk to me a little bit about your role. >> Yes, I'm in public sector. I'm also based in Buenos Aires, Argentina. So yeah, I'm from Latin America, and I lead educational and community impact programs in the Southern cone of Latin America. I also lead diversity, equity and inclusion efforts and I'm part of the Women at Amazon global board. That's our affinity group to make sure we make efforts towards building a more equal world. And on a personal note I'm really passionate about the topic of gender equality because I truly think it affects us all as women and as Latins. So that's something that I'm always interested in collaborating with. >> Lisa: Excellent. Carolina back to you. If we think about from an enablement perspective how is AWS partnering with its customers and its partners to train and employ women particularly in technology? >> Oh, sure. Lisa, so it's not a surprise. We, like I mentioned, you know we have a big cloud skills, talent gap in the region. In fact, you know, 69% of companies have reported talent shortages and difficulty hiring. So, and this represents a 15 year high. So, many of these companies are actually, you know, our own commercial customers. So they approach us saying, you know, asking for for support training and developing their talent. So like I mentioned, in my role I create massive training efforts and initiatives. So we always take into consideration women, minorities, underrepresented community, and not just for the current talent, meaning like the people that are currently employed, but also to ensure that we are proactively implementing initiatives to develop a talent of younger you know, a younger generation and a talent. So we can, you know, to inspire them and, and ensure that they, that we're seeing them represented in companies like AWS, you know and our customers, and in our partners. And obviously we, when we sit down with customers to craft these massive trainings you know, leveraging their ecosystems and communities, we actually try to use all our AWS training and certification portfolio which includes, you know, in live in class with live in structures, in classroom trainings. We also have our AWS Skill Builder platform which is the platform that allows us to, you know to reach a broader audience because it has, you know over 500 free and on-demand classes. And we also have a lot of different other programs that touches in different audiences. You know, we have AWS re/Start for underrepresented, and underemployed minorities. We also have AWS Academy, which is the program that we have for higher education institutions. And we have AWS, you know, Educate which also touches, you know, cloud beginners. So in every single of these programs, we ensure that we are encompassing and really speaking to women and developing training and developing women. >> Lisa: That's a great focus there. Laura, talk to me about upskilling. I know AWS is very much about promoting from within. What are some of the things that it's doing to help women in Latin America develop those tech skills and upskill from where, maybe where they are now? >> Well, Lisa, I think that is super interesting because there's definitely a skills gap problem, right? We have all heard about. And what's funny is also that we have this huge opportunity in Latin America to train people and to help further develop the countries. And we have the companies that need the talent. So why is there still a gap, right? And I think that's because there's no magic solution to solving this problem. No, like epic Hollywood movie scene that it's going to show how we close the gap. And it takes stepping out of our comfort zone. And as Carolina mentioned, collaborating. So, we at AWS have a commitment to help 29 million people globally to grow their technical skills with free cloud-computing skills training by 2025. I know that sounds a lot through educational programs but we do have as Carolina mentioned, a Skill Builder you can go into the website for free, enter, choose your path, get trained. We have Academy that we implement with universities. Re/Start that is a program that's already available in Argentina, Brazil, Chile, Colombia, Mexico, Peru, and Costa Rica. So there are a lot of opportunities, but you also mentioned something else that I would like to dive a bit deeper that is Latin American women. And yesterday we had the opportunity to record a panel about intersectionality with three amazing Latin women. And what we have to learn from that is that these are two minorities that intersect, right. We're talking about females that are minority. Latinas are minority. And in tech, that is also something that is even bigger minority. So there are more difficulties there and we need to make sure that we are meeting that talent that is there that is in Latin America, that exists. We know for sure we have unicorns in Latin America that are even AWS customers like Mercado Libre, and we have to meet them with the opportunities. And that's why we created a program that came from identifying how this problem evolves in Latin America, that there is a lack of confidence in women also that they don't feel prepared or equipped. There is a cultural component why we don't choose tech careers. And we partner with universities, more than 12 universities in Latin America with the International American Development Bank as well to create tech skills that's a free five weeks program in order to get students and get female in Latin America, into the tech world. And we also have them with mentorship. So I think that is an opportunity to truly collaborate because we as AWS are not going to solve these by ourselves, right? We need everyone pitching in on that. >> Lisa: Right. It's absolutely a team effort. You mentioned something important in terms of helping women, and especially minorities get out of their comfort zone. Carolina, I'm curious when you're talking with women and getting them into the program and sharing with them all of the enablement programs that you have, how do you help them be confident to get out of that comfort zone? That's a hard thing to do. >> Yeah, no, for sure. For sure, Lisa, well, I, you know, a lot of times actually I use myself as an example because, you know, I studied engineering and industrial systems engineering many years ago. And you know, a lot of my career has been in in higher education and innovation and startups. And as I mentioned in the intro I've been at AWS for a little bit over two years. So I, my career has not been in cloud and I recently joined the cloud. So I actually had to go through our own trainings and get our own certifications. So I, that's, you know a lot of times I actually, I use my own example, so people understand that you don't have to come from tech, you don't have to come, you can actually be a non-tech person and, and also see the the benefits of the cloud. And you don't have to only, you know, learn cloud if you're in the IT department or in an IT team. So sometimes, I also emphasize that the cloud and the future is absolutely the cloud. In fact, the world economic foreign, you know teaches us that cloud-computing is that the technology that's going to be mostly adopted by 2025. So that's why we need to ensure that every single person, women and others are really knowledgeable in the cloud. So that's why, you know, technical and untechnical. But I, you know, I use myself as an example for them to say, you know, you can actually do it. And obviously also I collaborate with Laura and a lot of the women at Amazon Latin America Group to also you know, ensure that we're doing webinars and panels. So we show them ourselves as role model like, Laura is an incredible role model for our community. And so it's also to to show examples of what the possibilities are. And that's what we do. >> Lisa: I love that you're sharing >> And can I make a note there also? >> Please, yes. >> To add to that. I think it also requires the companies and the, and the private sector to get out of their comfort zone, right? Because we are not going to find solutions doing what we are already doing. We truly need to go and get near these persons with a new message. Their interest is there in these programs we have reached more than 3,000 women already in Latin America with tech skills. So it's not that women are not interested. It's like, how do we reach them with a message that resounds with them, right? Like how we can explain the power of technology to transform the world and to actually improve their communities. I think there's something there also that we need to think further of. >> It's so important. You know, we say often when we're talking about women in tech, that she needs to see what she can be or if she can't see it, she can't be it. So having those role models and those mentors and sponsors is absolutely critical for women to get, I call it getting comfortably uncomfortable out of that comfort zone and recognizing there's so many opportunities. Carolina, to your point, you know, these days every company is a tech company, a data company whether you're talking about a car dealer, a grocery market. So your point about, you know, and obviously the future being cloud there's so much opportunity that that opens up, for everybody really, but that's an important thing for people to recognize how they can be a part of that get out of their comfort zone and try something that they maybe hadn't considered before. >> Yes. And, actually, Lisa I would love to share an example. So we have a group, O Boticário, which is one of our customers one of the, the lead retails in Brazil. And they've been a customer of AWS since 2013 when they realized that, you know the urgency and the importance of embracing state of the art technology, to your point, like, you know this is a retail company that understands that needs to be, you know embrace digital transformation, especially because, you know they get very busy during mother's days and other holidays during the year. So they realized that they, instead of outsourcing their IT requirements to technology experts they decided to actually start developing and bringing the talent, you know within itself, within, you know, technology in-house. So they decided to start training within. And that's when we, obviously we partnered with them to also create a very comprehensive training and certification plan that started with, you know a lot of the infrastructure and security teams but then it was actually then implemented in the rest of the company. So going back to the point like everybody really needs to know. And what we also love about O Boticário is they they really care about the diversion and inclusion aspect of this equation. And we actually collaborated with them as well through this program called Desenvolve with the Brazilian government. And Desenvolve means developing Portuguese and they this program really ensures that we are also closing that gender and that race gap and ensuring that they're actually, you know, developing talent in cloud for Brazil. So we, you know, obviously have been very successful with them and we will continue to do even more things with them particular for this topic. >> Lisa: I've always known how customer focused AWS is every time we get to go to re:Invent or some of the events but it's so nice to hear these the educational programs that you're doing with customers to help them improve DEI to help them enable their own women in their organizations to learn skills. I didn't realize that. I think that's fantastic very much a symbiotic part of AWS. If we think about the theme for this year's International Women's Day, Breaking The Bias I want to get both of your opinions and Laura we'll start with you, what that means to you, and where do you think we are in Latin America with breaking the bias? >> Well, I think breaking the bias is the first step to truly being who we are every day and being able to bring that to our work as well. I think we are in a learning curve of that. The companies are changing culturally, as Carolina mentioned we have customers that are aware of the importance of having women. And as we say at AWS not only because there is a good business reason because there is, because there are studies that show that we can increase the country's CPD, but also because it's important and it's the right thing to do. So in terms of breaking the bias I think we are learning and we have a long way to go. I talked a bit earlier about intersectionality and that is something that is also important to highlight, right? Because we are talking about females but we are also talking about another minorities. We're talking about underrepresented communities, Indigenous People, Latins. So when these overlap, we face even bigger challenges to get where we want to get, right? And to get to decision making places because technology is transforming the ways we take decisions, we live, and we need someone like us taking those decisions. So I think it's important at first to be aware and to see that you can get there and eventually to start the conversation going and to build the conversation, not to just leave it but to make sure we hear people and their input and what they're going through. >> Lisa: Yes. We definitely need to hear them. Carolina, what's your take on breaking the bias and where do you from your experience, where do you think we are with it? >> Yeah, no, I'm as passionate as Laura on this topic. And that's why we, you know we're collaborating in the Women at Amazon Latin America Chapter, because we're both very, I think breaking the bias starts with us and ourselves. And we are very proactive within AWS and externally. And I feel it's also, I mean, Lisa, what we've been doing is not only, obviously gathering you know, the troops and really making sure that, that we have very aggressive goals internally, but also bringing you know, bringing our male counterparts, and other, you know, other members of the other communities, because the change, we're not going to make it alone. Like the change where it is not women only talking to women is going to make the change. We actually need to make sure the male and other groups are represented. And the dialogue that they're that we're very conscious about that. And I feel like we're seeing more and more that the topic is becoming more of a priority not only within AWS and Amazon but we also see it because now that I meet with when I meet with customers around the region they really want to see how we can collaborate in these diversion and inclusion initiatives. So I think we are breaking the bias because now this topic is more top of mind. And then we are being more proactively addressing it and and training people and educating people. And I feel we're really in a pivoted point where the change that we've really been wanting to we will see in the next you know, few years which is very exciting. >> Lisa: Excellent, and we'll see that with the help of women like you guys. Thank you so much for joining me today, talking about what you're doing, how you're helping organizations across AWS's ecosystem, customers, partners, and helping, of course, folks from within you, right. It's a holistic effort, but we are on our way to breaking that bias and again, I thank you both for your insights. >> Thank you. >> Thank you, Lisa, for the opportunity. >> My pleasure. For Carolina Pina and Laura Alvarez Modernel, I'm Lisa Martin. You're watching theCUBE's coverage of Women in Tech, International Women's Day 2022. (upbeat music)

(upbeat electronic music) >> Okay thanks, Adam, and the studio. We're here on the floor in Cloud City, right in the middle of all the action, the keynotes are going on in the background. It's a packed house. I'm John Furrier. Dave Vellante's on assignment, digging in, getting those stories. He'll have the analysis, he'll be back on theCUBE, but I want to welcome Chloe Richardson, who has been holding down the main stage here in Cloud City with amazing content that she's been hosting. Chloe, great to see you. Thanks for coming on theCUBE, and kicking it off day two with me. >> No, not at all. Thank you for having me! It's very exciting! I love what you guys have got over here, very fun! >> We're inside theCUBE. This is where all the action is, and also, Cloud City is really changing the game. If you look at what's going on here in Cloud City, it's pretty spectacular. >> No, I mean, the atmosphere is absolutely palpable. Isn't it? You can just feel it. People walk in and see what the future looks like for the telecoms industry. Very exciting. >> And you've been doing a great job on the main stage, we're really loving your content. Let's get into some of the content here. After the keynotes are going on, we're going to have DR maybe fly by the set later, we're going to check that out. But let's check out this videotape. This is TelcoDR. You got to check out this reel, and we'll be right back, and we'll talk about it. (smooth electronic music) >> TelcoDR burst onto the global telecom scene this year, making headlines for taking over the huge Erickson space at MWC 21, and for building Cloud City in just a hundred days. But why did the company go to such trouble? And what is their unique offering to the telecoms industry? And what drives their dynamic CEO, Danielle Royston, or DR, as everyone calls her? Cloud City Live caught up with DR, away from the hustle and bustle of the city to find out. (upbeat instrumental music) >> Hi, I'm Danielle Royston, coming to you from beautiful Barcelona! I'm here for MWC 21. About a hundred days ago, I decided to take over the iconic Erickson booth to turn it into Cloud City. Cloud City has over 30 vendors, and 70 demos, to introduce telco to what I think is the future for our industry. We're going to have three awesome experiences. We're going to talk about the new subscriber experience. We're going to talk about what's in store for the new network, and the future of work. And I'm really excited to create a community, and invite awesome telco executives to see this new feature. It's been a really tough 18 months, and we didn't know what MWC 21 was going to be like in terms of attendance. And so from the get-go, we planned this amazing experience that we call Cloud City Live. At Cloud City Live, we have two main components. We have the speaker series, where we have over 50 speakers from Amazon, Google, Microsoft, as well as CSPs, and awesome vendors, talking about the public cloud in telco. The second part of Cloud City Live is theCUBE. Think of this as like an ESPN desk of awesome tech interviews focused on telco and the public cloud, hosted by John furrier and Dave Vallente. Dave and John are going to talk to a variety of guests focused on telco in the public cloud. It's a great way for our virtual participants to feel like they're at the show, experiencing what's going on here. So excited to have them as part of the Cloud City booth. There's a ton of innovation going on in telco, and 20 years ago, Elon Musk set on his mission to Mars. I, like Elon Musk, am on a quest to take telco to the public cloud. Every year at MWC, there's always a flurry of announcements, and this year is no different. At this year's MWC, Totogi, a startup that I invested $1,000,000 in, will be launching. Totogi is introducing two products to the market this week at MWC. The first is at planetary scale charger. More than a charger, it's an engagement, coupling your network data with charging information to drive subscriber engagement, and doubling your ARPU. The second product that Totogi is introducing is a planetary scale BSS system, built on top of the TM Forum Open APIs. Both of these products will be available for viewing in the virtual booth, as well as on the show floor. The public cloud is an unstoppable mega trend that's coming to telco! I'm super excited to bring to you the vendors, the products, the demonstrations, and the speakers, both to people here in Barcelona, and virtually around the world! (upbeat instrumental music) Well, that was a fascinating insight into the origins of TelcoDR, why public cloud is going to truly disrupt the telecoms industry, and why DR herself is so passionate about it. If you'd like to find out more, come and see us at Cloud City. (groovy electronic music) >> Okay, thanks. Just rolling that reel. Chloe, I mean, look at that reel, I mean, DR, Danielle Royston, she's a star. And I've seen a lot of power players in the industry. She's got guts and determination, and she's got a vision, and she's not just, you know, making noise about telco and cloud, there's actually a lot of real good vision there! I mean, it's just so impressive. >> No, it really is. And for me, it's almost like the next moonshot. It's the moonshot of the telco world! She's innovative, she's exciting. And if we've learned anything over the last 18 months, it's that we need that in this industry, to grow for the future of the industry. So, so exciting. I think she's a real inspiration! >> And I love the fact that she's so takes the tiger by the tail. Because the telco industry is being disrupted, she's just driving the bus here. And I remember, I did a story on Teresa Carlson, who was with Amazon Web Services, she was running the public sector, and she was doing the same exact thing in that public sector world in DC, and around the world. She opened up regions in Bahrain, which as a woman, that was an amazing accomplishment. And she wasn't just a woman, she was just a power player! And she was an exceptional leader. I see DR doing the same thing, and people aren't going to like that, I'll tell you right now. People are going to be like, "Whoa, what's going on here?" >> Now of course, it's always that way we pioneers though, isn't it? At the time, people thinking what is going on here, we don't like change, why are being shaken up? But actually, afterwards, in retrospect, they think, "Oh, okay. I see why that happened, and we needed it." So, really exciting stuff. >> Making things happen, that's what we're doing here on theCUBE. Obviously, the main stage's doing a great job. Let's go check out this highlight reel. If you're watching and you missed some of the action, this is obviously the physical event back since 2019 in February, but there's also a hybrid event, a lot of virtual action going on. So, you got theCUBE Virtual, you got a lot of content on virtual sites. But in person here, we're going to go show you a highlight reel from what we did yesterday, and what was happening around the show. Enjoy this quick highlight reel from yesterday. (groovy electronic music) (cheerful instrumental music) (groovy electronic music) Okay. We're back here in theCUBE. We're on the main floor out here with Chloe, who is emceeing, hosting, and driving the content on the Cloud City main stage. Chloe, it's been great here. I mean so far, day one, I was watching your presentations and fireside chats you've been hosting. Awesome content. I mean, people are like jazzed up. >> Yeah, no, for sure. We had Scott Brighton on yesterday, who was our opening keynote on the live stage, and his session was all about the future of work, which is so relevant and so pertinent to now. And he talked about the way it's changing. And in 10 years, it's going to be a trillion dollar industry to be in the cloud at work. So, really interesting! I mean, yeah, the atmosphere here is great. Everyone's excited. It's new content everyday. And that's the thing, it's not stale content! It's stuff that people want to hear. People are here for the new hot trends, the new hot topics. It's very exciting. >> Yeah, the next big thing. And also it's a fiscal event, so since 2019, this Mobile World Congress has been a massive event, and hasn't happened since February, 2019. That's a lot of time that's elapsed in the industry because of COVID, and people are glad to be here. But a lot of stuff's changed! >> Yeah. It's a different world, right? I mean, two years in the telco industry is like a hundred years elsewhere. Everything has changed! Digital transformation migration, obviously cloud, which is what we're talking about over here at Cloud City Live. I'm wondering though, John, I'd like to pick your brains on something. >> John: Sure. >> It has changed in the last two years. We know that! But what about the future of Mobile World Congress? How do you see it changing in the next few years. >> Oh, man. That's a great question. I mean, my observation, I've been coming to the show for a very long time, over a decade and a half, and it's been a nerdy show about networks, and telecom, which is basically radios, and wireless, and then mobile. But it's very global, a lot of networks. But now it's evolving! And many people are saying, and we were talking on theCUBE yesterday, Dave Vellante was commenting, that this show is turning into a consumer like show. So CES is the big consumer electronics show in the US, in Las Vegas every year. This show has got a vibe, because of all the technology from the cloud players, and from the chips, getting smaller, faster, cheaper, more capability, lower power. So people look at the chips, the hardware. It's less about the speeds and feeds, it's more about the consumer experience. We got cars. I was talking to a guy yesterday, he said, "Vehicle e-commerce is coming." I went, "What the hell his vehicle e-commerce?" And you could be on your app driving down the freeway and go, "Hey, I want some food." Instead of having it delivered to you, you order it, you pick it up. So that's kind of what can be happening now in real time, you can do all kinds of other things. So, a lot of new things are happening. >> Yeah, I think so. Do you see that as another disruption for the industry? That is, the fact that it's moving to be more consumer focused? Is there anything we should be worried about in that space? >> Well, I think the incumbents are going to lose their positions. So I think in any new shift, new brands come in out of nowhere. And it's the people that you don't think about. It's the the company that you don't see. (audience in background applauding) And we got DR on the main stage right here, look at this! We saw her walk out with the confidence of a pro. >> Chloe: Yeah, for sure. >> She just walked out there, and she's not afraid. >> Well, as she said in her video, she is ready to wake them up! And you can see as soon as she walks out, that is what she intends to do today. >> I love her mojo. She's got a lot of energy. And back to the show, I mean, she's just an example of what I was saying. Like in every market shift, a new brand emerges. >> Chloe: Yep. >> I mean, even when Apple was tainted, they were about to shut down, they were going to run out of cash, when Steve Jobs brought back Apple, he consolidated and rebooted the company, the iPad was a seminal, iPod, a seminal moment. Then the iPhone, and just, the rest is history. That kind of disruption is coming. You're going to see that now. >> Oh, it's exciting though, isn't it? To be future ready, rather than future proof! But actually I wanted to ask you something as well, because we are seeing all these cloud players getting hot under the collar about telco. Why are they so excited? What's the buzz about wire, as you're on AWS and Google Cloud, why do they want to have a slice of the pie? >> Well, I think they're hot and heavy on the fact that telco is a ripe opportunity. And it used to be this boring, slow moving glacier. It's almost like global warming now, the icebergs are melting, and it's going to just change. And because of the edge, 5G is not a consumer wireless thing, it's not like a better phone. It's a commercial app opportunity, because it's high bandwidth. We've all been to concerts, or football games, or sporting events where a stadium is packed. Everyone gets bars on their wifi, but can't get out. Can't upload their picture to Instagram. Why? Because it's choking them on the network. That's where 5G solves a problem. It brings a lot of bandwidth, and that's going to bring the edge to life, and that's money. So when you got money, and greed, and power, changing hands, if it's on the table, and the wheel's spinning, it could be double zero, or it could be lucky seven. You don't know! >> Oh, for sure. And that's certainly enough to get all the big players hot and bothered about getting involved! And I suppose it circles back to the fact that DR is really leading the charge, and they're probably thinking, "Okay, what's going on here? This is different. We want something new." You did notice it, OpenRAN is something that we've been talking about over the last day or so. We've had quite a few of us speakers over here at Cloud City Live mention OpenRAN. What is it all about, Don? Because why all the buzz if 5G is such a hot topic? Why are we get excited about it? >> That's a great thing. The 5G certainly will drive the main trend, for sure. OpenRAN is essentially an answer to the fact that 5G is popular, and they need more infrastructure. So open source, the Linux Foundation, has been the driver for most of the open source software. So, they're trying to make open software, and open architectures, to create more entrepreneurial activity around hardware, and around infrastructure, because we need more infrastructure, we need more antennas, we need more transceivers, we need more devices. That could be open. So in order to do that, you got to open up the technology, and you want to minimize the licensing, and minimize a lot of these, you know, proprietary aspects. >> What did we look at? So on Wednesday, we've got a great keynote from Phillip Langlois, who is CEO and founder of P1 Security. And he's coming to talk to us about cybersecurity within the cloud, and within telco. So you just mentioned that OpenRAN is all about having open source, about having that space where we can share more efficiently and easily more easily. What does that mean for security though? Is it at risk? >> I think it's going to increase the value of security, and minimize the threats. Because open source, even though it's open, the more people that are working on it, the more secure it could be. So yes, it could be more open in a sense that could be explored by hackers, but open can also protect. And I think we've seen open source, and cloud in particular, be more secure. Because everyone said, cloud is not secure, open source is insecure. And as it turns out, when the collective hive minds of developers work on things, it gets secure. >> And it is interesting, isn't it? Because we have seen that there has been an uptick in cyber security threats, but actually I was speaking to some leaders across various industries, and particularly in tech, and they were saying, actually, there's not been an uptick in attempted threats, there's been an uptick because with this open-source environment, we are able to track them, and measure them, and defend more efficiently. So actually, they're being batted away. But the number is probably the same as it always was, we just didn't know about them before we had this open source environment. >> There's more money in threats, and there's more surface area. So as the tide rises, so to the threats. So on a net basis, it's more, because there's more volume, but it's pretty much the same. And look it, there's money involved, they are organized. There's a business model on attacking and getting the cash out of your bank, or ransomware is at an all time high. >> Yes! >> So this is like a big problem, and it's beyond the government. It's around individual freedom. So, security is huge. And I think open source and cloud are going to be, I think, the answer to that. >> Yeah, for sure. And it's, again, about collaboration, isn't it? Which we talk about all the time, but without collaboration, the industries are going to have to work together to promote this environment. So yeah, it should be good to talk with Phillip on Wednesday. >> I'd just say on security, don't download that PDF, if you don't know who it came from. The phishing is always good. Well, we got some great stuff coming up. We're going to have a great day. We got a video here of Mobile World Live. We're going to show this next segment, and we're going to toss it to a video. And this is really about to give the experience, Chloe, for people who aren't here. To get a feel for what's going on in Barcelona, and all the action. And if you look at the video, enjoy it. >> Hi, I'm Daniel Royston, CEO and founder of TelcoDR. But you can call me DR! Ready for some more straight talk about telco? It's go time! Let's do it. Holy shit! It sure is a great time to be a tech company! I mean, if you're Amazon, Microsoft, Google, Grab, Twilio, Door Dash, or Uber, life's pretty great! Just look at these stock prices over the past five years, with their shareholder value going up and to the right. Totally amazing! But where's telco? Dare I add our stocks to this awesome chart? Let's compare these fabulous tech stocks to AT&T, Vodafone, Telefonica, TIM, America Movil, and Zain Group. Huh. Not so great, right? Yep. I'm talking directly to you, senior telco execs. I'm here to wake you up! Why is it that Wall Street doesn't see you as tech? Why aren't CSPs seen as driving all the tech change? Why is it always Apple, Amazon and Google who get the big buzz? But more importantly, why isn't it you? Before I came to this industry, I always thought of carriers as tech companies. I gave more of my money to AT&T than to Apple, because I really cared about the quality of the network. But I also wondered why on earth the carriers allowed all the other tech companies to take center stage. After spending the last few years in telco, I now understand why. It's because you are network people, you are not customer people! I get it. You have the security blanket. You're a network oligopoly. It's crazy expensive to build a network, and it's expensive to buy spectrum. It takes operational chops to run a killer network, and it takes great skill to convince Wall Street to finance all of it. You telco execs are amazing at all those things. But because you focus on the network, it means you don't focus on the customer. And so far, you haven't had to. Every Telco's KPI is to be less shitty than their next competitor. You don't have to be the best. Just don't be last. Everyone else's NPS is in the thirties too. Their mobile app ratings are just as terrible as yours. Everyone's sucks at customer sat. And it's widely acknowledged and accepted. Let's talk about the cost of that. The cost is not measured on market share against other MNOs. The cost is measured in lost ARPU that the tech guys are getting. Everyone knows about the loss of texting to WeChat, WhatsApp, and the other OTT apps. But it is not just texting. The total adjustable market, or TAM, of the mobile app disruptors is huge! Instead of remaining network focused, you should be leveraging your network into a premier position. And because you're network people, I bet you think I'm talking about coercive network leverage. That is not what I'm talking about! I'm talking about love, customer love. There is one thing the highly valued tech companies all have in common. They all crush it on customer love! They look at every interaction with the customer and say, how do we make the customer love this? Like Netflix has easy monthly cancellation, Amazon does no questions asked returns, Uber gives users a real time view into driver rating and availability. Compare those ideas to the standard telco customer interaction. The highly valued tech companies don't have the network oligopoly to fall back on like you do. To survive, they must make customers love them. So, they focus on it in a big way! And it pays off. Their NPS is close to 70, and they have app ratings of 4.5 or higher. A far cry from your thirties NPS, and app ratings of 3.5. If you want to have those huge tech multiples for yourself, you have to start thinking about these guys as your new competition, not the other telcos in your market. The crazy thing is, if you give up using your network as a crutch, and put all of your focus on the customer, the network becomes an asset worth more than all the super apps. Let's step back and talk about the value of super apps, and becoming customer centered! Retooling around the customer is a huge change, so let's make sure it's worth it. We aren't talking about 25% improvement. I'm going to show you that if you become customer centric, you can double your ARPU, double your valuation multiples, and drive big shareholder value, just like the tech companies on that chart! Now let's talk about the customer focused super apps. There are hundreds of companies in a variety of categories vying for your subscribers' disposable income. Movies, food delivery, financial services. Who are they? And why does Wall Street give them such high valuations and like them so much? Well first, look at what they are telling Wall Street about their TAM. They broadcast ridiculously huge TAMs that are greater than the telco TAMs. You know, who should have a ridiculously huge TAM? You! Hello? What I'm saying is that if you got what's yours, you double in size. And if you take the TAMs they throw around, you'd be five times as big. When I think about the opportunity to double ARPU, without having to double the cap ex to build out the network, I say to myself, hell yeah! We should totally go do it, and do whatever it takes to go get it. For example, let's talk about Grab. Grab is a Southeast Asian super app company with an expected $40 billion valuation. Grab's customer focus started in Rideshare, but then leveraged its customer love into wallet deliveries, hospitality, and investing. Their ARPU is now larger than a Telco's ARPU in countries where they compete, and they have a higher valuation than those telcos too. Imagine if you could combine a great user experience with the valuable services that helped grow your ARPU. That would be huge! So, how do you build a super app? I bet right about now, you're wishing you had a super app. Everyone wants a super app! A lot of money has been unsuccessfully spent by telcos trying to build their own. I bet you're saying to yourself, "DR, your pie in the sky sounds great, but it has no chance of success." Well, I'm betting things are about to change. There is a public cloud startup called to Totogi that is going to help carriers build world-class super apps. To have a successful super app, there is one key metric you need to know. It is the KPI that determines if your super app will be a success or a flop. It's not about the daily active users. It's not the average order value. It's not even gross merchandise value. It's all about the frequency of use per day by the user. That's the metric that matters. How many have you used that metric in your telco apps? Do you have a team driving up user app interactions every day? Most telco apps are used for top-up, or to check a bill. This is a huge missed opportunity. Super app companies excel at building great experiences and driving a huge amount of interactions. They have to, their business depends on it. They have to be customer focused. They have to keep bringing the user back to the app, every day, multiple times a day. And you know what? They do a great job. Customers love their super apps. They have great user experiences. Like Apple credit cards, no information required application process. They have high net promoter scores because of customer friendly policies. Like how Door Dash retroactively credits fees when you move to a better plan. And they have great app store ratings, because they do simple things, like remember your last order, or allow you to use the app, rather than forced you to call customer service. Customers of successful super apps love it when new services are added. And because of the customer love, every time something is added to the app, customers adopt it immediately. New services drive frequent daily user interactions. So our problem in telco is we have an app that is only open once per month, not multiple times per day. And without frequent opens, there is no super app. Hm, what do we have in telco that we could use to help with this problem? I wonder. While you don't currently have a mobile app that subscribers use multiple times a day, you have something that's 10 times better! You have a network. Subscribers already interact with your network. 10 times more frequently than any user with any of the super apps. But telcos don't leverage those interactions into the insanely valuable engagements they could be. Worse, even if you wanted to, your crappy, over customized, on-premise solutions, make it impossible. Thankfully, there's this new tech that's come around, you may have heard of it, the public cloud. When you bring the enabling technology of the public cloud, you can turn your network interactions into valuable super app interactions. And there's a special new startup that's going to help you do it, Totogi! Totogi will leverage all those network interactions, and turn them into valuable customer interactions. Let me repeat that. Totogi will leverage all those network interactions, and turn them into valuable customer interactions. Totogi allows the carrier to leverage its network, and all the network interactions, into customer engagement. This is something that super apps don't have, but will wish they did. But this magic technology is not enough. Telcos also need to move from being network focused to being customer focused. Totogi enables telcos to chase exciting revenue growth without that annoying, massive cap ex investment. Totogi is going to help you transform your sucky mobile apps, with the crappy customer ratings, into something your subscribers want to open multiple times a day, and become a platform for growth. I'm so excited about Totogi, I'm investing $100,000,000 into it. You heard me right. $100,000,000. Is this what it feels like to be SoftBank? I'm investing into Totogi because it's going to enable telcos to leverage their network interactions into super app usage! Which will lead to an improved subscriber experience, and will give you a massive jump in your ARPU. And once you do that, all those telco valuations will go from down here, (buzzes lips) to up here. And so I've been talking to some folks, you know, checking in, feeling them out, getting their thoughts. And I've been asking them, what do you think about telcos building super apps? And the response has been, "Click. Eh." Everyone says, no way. Telcos can't do it. Zero chance. Total goose egg. (egg cracking) One suggested I build a bonfire with a hundred million dollars, because then at least I wouldn't waste years of my life. Well, I think those people are dead wrong! I do believe that telcos can build super apps and make them super successful. The public cloud is changing all parts of telco, and Totogi and super apps are fundamentally changing the customer relationships. In one month at MWC, people will see what Totogi has to offer, and they will understand why I'm making this bold call. Because Totogi takes the value of the network, and the power of the public cloud, to help telcos move from being network centric, to being customer centric. Boom! If you want to make this transformation and reap all the financial benefits, you will have to compete for customers with a whole new set of players. You will no longer compete with the network focused guys, like the other telcos. Instead, you will be competing against the customer focused companies. These players don't have a network to fall back on like your old competitors, they know they have to make customers love them. Their customer loyalty is so off the charts, their customers are called fans. So if you want that big money, you will have to compete on their turf, and make the customers want to choose you. You need Apple level loyalty. That bar is uber high. We'll have to give up the security blanket of the network, and change. Instead of NPS at the thirties, it needs to be in the seventies. Instead of mobile app ratings in the threes, they need to get five stars. I'm betting big that Totogi will make that possible! I'm going to help you every step of the way, starting with my keynote next month at MWC. Join me, and I'll share the secrets to converting your super valuable network interactions to make your super app a massive success. We're going to have an amazing time, and I can't wait to see you there! >> Okay. We're back here in theCUBE here at Mobile World Congress in Cloud City. I'm John Furrier. Chloe Richardson's filling in for Dave Vellante who's out on assignment. He's out getting all the data out there and getting stories. Chloe, what a great keynote by Danielle Royston. We just heard her involving major action, major pump you up, punch in the face, "Wake the heck up cloud people, cloud is here!" She didn't pull any punches. >> No, I mean the thing is, John, there's trillions of dollars on the table, and everyone seems to be fighting for it. >> And you heard her up there, if you're not on the public cloud, you're not going to get access to that money. It's a free for all. And I think the cloud people are like, they might think they're going to walk right in, and the telco industry is going to just give it up. >> No, of course. >> And it's not going to be, it's going to be a fight! Who will win? >> Who will win, but also who will build the next big thing? (John laughing) >> Someone needs to die in the media conversations. It's always a fight. Something's dead. Something's dead but keeps the living. All that kidding aside, this is really about partnering. Think what's happened is Telco's already acknowledged that they need to change. And the 5G edge conversation, the chip acceleration. Look at Apple. They've got their own processors, Nvidia, Amazon makes their own chips, Intel's pumping stuff out, you've got Qualcomm. You've got all these new things. So, the chips are getting faster, and the software's more open source. And I'm telling you, the cloud is just going to drive that bus right down Cloud Street, and it's going to be in Cloud City everywhere. >> And it's going to be peepin' on the board as it drives down. (John laughing) John, I'm not a stalker, but I have read some of the things that you've written, and one of the things you mentioned that was really interesting was the difference between building and operating. Break it down for me, what does that mean? >> That means basically in mature markets, and growing markets, things behave differently, and certainly economics, and the people, and the makeup, and the mindset. So the telco has been kind of this mature market, it's been changing and growing, but not like radically. Cost optimization, make profit. You know, to install a lot of cable, you got to get the rents out of that infrastructure. And that's kind of gone on for too long. Cloud is a growth market. And it's about building, not just operating. And you've got operators, carriers are operating networks. So you're going to see the convergence of operators and builders coming together. Builders being software developers, new technology, and executives that think about building. And you want people on your team that are going to be, I won't say war time, you know, lieutenants or generals, but people who can handle the pace of change. Because the change and the nature is different. And some people want slow and steady, keep the boat from rocking. But in a growth market, it's turbulent, and the ride might not be quiet, first-class ticket to paradise. It's bumpy, but it's thrilling. >> No, of course. Is it similar to the old sales adage of hunter versus farmer? Are there parallels there? >> Yeah. I mean, there's a mindset. If you have a team of people that aren't knocking down new opportunities and building the next big thing, fixing your house, get your house in order, you know, refactor, reset, reboot, replatform with the cloud, and then refactor your business! If you don't have the people thinking like that, you're probably either going to be taken over, or go out of business. And that's what the telcos with all these assets, they're going to get bought, rolled into a SPAC, Special Purpose Acquisition Company, which is super hot in the United States. A lot of roll-ups going on with private equity. So a lot of these telcos, if they don't refactor, or replatform then refactor, they're going to be toast, and they're going to get rolled up, and eaten up by somebody else. >> Yeah, sure. It's interesting though, isn't it? Because when we think of telco in tech, we often think of, obviously we've got the triad, people, process, technology, and we think, process and technology really to the forefront here. But like you said there, people are also so important because if you don't have this right balance, you're not going to be able to drive that change. We had, obviously, Scott Brighton on the stage yesterday, and after his session, somebody came up to me and just said, "I'm interested to hear what that means for education." So how can we establish this new generation of tech and telco leaders from the grassroots with educational associations, establishments. How can we encourage that? I wonder, is this something that you talk about? >> Yeah. I mean, education's huge, and this highlights the change that telco's now part of. Telco used to be a boring industry that ran the networks, or moving packets around, and mobile was there. But once the iPhone came out in 2007, the life has changed, society has changed, education's changed, how people interact has changed. So, you start to see people now aware of the value. And if you look at during COVID, the internet didn't crash, the telcos actually saved our asses, and everyone survived because the network didn't break. Yeah, we had some bad Zoom meetings here and there, and some teleconferences that didn't go well, but for the most part we survived, and they really saved everybody. So, they should get kudos for that. But now they're dependent upon healthcare, education. People care about that stuff, so now you're going to start to see an elevated focus on what telecom is doing. That's why the edge has got trillions of dollars up for grabs. But education, there's negative unemployment in cybersecurity and in cloud. So for the people who say, "Oh, there's no jobs." Or, "I can't work." That's a bunch of BS, because you can just get online, get on YouTube, and just get a degree. You can get a degree. You can get an Amazon job. It pays a hundred thousand dollars a year! American. You can make a hundred thousand pounds, and be unemployed six months, and then be employed. So negative unemployment means, there's more jobs than people to fill them all, in fact. >> Yeah, it's interesting you mentioned that, because I was talking to a cyber security leader who was saying in something, I think there were now 3 million vacancies in cybersecurity. And there's such a skill shortage. There is nobody around to fill it! So it's an interesting problem to have, isn't it? Because it's reversed to what we've been used to for the last few decades! And obviously, telco is in the same space. But what can we do about it do you think, to actually -- >> I think it's going to take leadership, and I'm a big proponent of kids not going to university if they don't have to. Why spend the dough, money, if you don't have to? You can get online. I mean, the data's there. But to me, it's the relationships, the mentorship. You're starting to see a women in tech, and underrepresented minorities in the tech field, where mentorship is more important than curriculum. Community is more important than just going through a linear courseware. Nobody wants to sit online and go through linear courseware. Now, if they have to get a certificate, or degree, and accreditation, no problem. But the communities are out there, so that's a big change over, I'm a big fan of that. And I think people should, you know, get some specialized skills. You can get that online, so why even go to school? So, people are figuring that out. >> For sure. And also, even transferring. I mean, so many skills are transferable nowadays, aren't they, so we could easily be talking to people from other industries, and bringing them into telco, and saying, "Look, bring what you know from your retail background, or your healthcare background, and help us at telco to, again, drive forwards." Just like DR was saying, it's all about the next big thing. >> Well, Danielle is always also driving a lot of change. And if you think about the jobs, and the pedigree of going to a university, oh, Harvard, all the big Ivy Leagues, Oxford in your area. So it's like, if you go to the school like that, and you get a pedigree, you instantly get a job. Now the jobs that are available weren't around five years ago, so there's no like pedigree or track record. There's no like, everyone's equal. >> Yeah. >> So you could, the democratization of the internet now, from a job standpoint, is people are leveling up faster. So it's not about the Ivy League, or the big degree, or silver spoon in your mouth, you've got the entitlement. So you start to see people emerging and making things happen. Entrepreneurship in America, immigrant entrepreneurship. People are billionaires that have no high school diplomas! >> It's interesting you mention that, John, because we can't have more than five years experience in this space, we know that. But in telco, there is a problem. And maybe it's, again, it's a flipped problem where telco recruiters, or talent acquisition leaders, are now asking for kind of 10, 20 years experience when they're sending out job descriptions. So does that mean that we are at fault for not being able to fill all these vacancies? >> I think that's just, I mean I think there's a transition of the new skill set happening, one. But two, I think, you know, to be like a chip engineer, (laughs) you can't learn that online. But if you want to run a cloud infrastructure, you can. But I think embedded systems is an area that I was talking to an engineer, there's a huge shortage of engineers who code on the microprocessors, on the chips. So, embedded systems is a big career. So there's definitely paths you can specialize. Space is another area you've seen a lot of activity on. You see Jeff Bezos and Elon Musk is going to be here on a virtual keynote, trying to go to Mars. And you know, Danielle Royston always says, "What's going to happen first, Mars colony, or telco adopting public cloud?" And some people think Mars will happen first, but. >> What do you think, John? >> I think Telco's going to get cloud. I mean first of all, public cloud is now hybrid cloud, and the edge, this whole internet edge, 5G, is so symbolic and so important, because it's an architectural beachhead. And that's where the trillion dollar baby is. So, the inside baseball, and the inside money, and all the investors are focusing on the edge, because whoever can command the edge, wins all the dollars. So everyone kind of knows, it's a public secret, and it's fun to watch everyone jockey for the positions. >> Yeah no, it really is. But it's also quite funny, isn't it? Because the edge is almost where we were decades ago, but we're putting the control back in the hands of consumers. So, it's an interesting flip. And I wonder if, with the edge, we can really enhance this acceleration of product development, this efficiency, this frictionless system in which we live in. And also, I've heard you say hybrid a few times, John. >> John: Yeah. >> Is hybrid going to be the future of the world no matter what industry you're in? >> Hybrid is everything now. So, we're the hybrid CUBE, we've got hybrid cloud. >> Exactly. >> You got hybrid telco, because now you've got the confluence of online and offline coming together. That is critical dynamic! And you're seeing it. Like virtual reality, for instance, now you're seeing things, I know you guys are doing some great work at your company around creating experiences that are virtual. You got, companies like Roblox went public recently. Metaverse. It's a good time to be in that business, because experiential human relations are coming. So, I think that's going to be powered by 5G. You know, gamers. So, all good stuff. Chloe, great to be with you here on theCUBE, and we're looking forward to seeing your main stage. >> Great. >> And then we're going to send it back to the studio, Adam, and the team. We're waiting for DR to arrive here in Cloud City. And this is theCUBE, from Cloud City, back to you, Adam, and the studio.

from the cube studios in palo alto in boston bringing you data driven insights from the cube and etr this is breaking analysis with dave vellante recent survey data from etr shows that enterprise tech spending is tracking with projected u.s gdp growth at six to seven percent this year many markers continue to point the way to a strong recovery including hiring trends and the loosening of frozen it project budgets however skills shortages are blocking progress at some companies which bodes well for an increased reliance on external i.t services moreover while there's much to talk about well there's much talk about the rotation out of work from home plays and stocks such as video conferencing vdi and other remote worker tech we see organizations still trying to figure out the ideal balance between funding headquarter investments that have been neglected and getting hybrid work right in particular the talent gap combined with a digital mandate means companies face some tough decisions as to how to fund the future while serving existing customers and transforming culturally hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we welcome back eric porter bradley of etr who will share fresh data perspectives and insights from the latest survey data eric great to see you welcome thank you very much dave always good to see you and happy to be on the show again okay we're going to share some macro data and then we're going to dig into some highlights from etr's most recent march covid survey and also the latest april data so eric the first chart that we want to show it shows cio and it buyer responses to expected i.t spend for each quarter of 2021 versus 2020. and you can see here a steady quarterly improvement eric what are the key takeaways from your perspective sure well first of all for everyone out there this particular survey had a record-setting number of uh participation we had uh 1 500 i.t decision makers participate and we had over half of the fortune 500 and over a fifth of the global 1000. so it was a really good survey this is the seventh iteration of the covet impact survey specifically and this is going to transition to an over large macro survey going forward so we could continue it and you're 100 right what we've been tracking here since uh march of last year was how is spending being impacted because of covid where is it shifting and what we're seeing now finally is that there is a real re-acceleration in spend i know we've been a little bit more cautious than some of the other peers out there that just early on slapped an eight or a nine percent number but what we're seeing is right now it's at a midpoint of over six uh about six point seven percent and that is accelerating so uh we are still hopeful that that will continue uh really that spending is going to be in the second half of the year as you can see on the left part of this chart that we're looking at uh it was about 1.7 versus 3 for q1 spending year over year so that is starting to accelerate through the back half you know i think it's prudent to be be cautious relative because normally you'd say okay tech is going to grow a couple of points higher than gdp but it's it's really so hard to predict this year okay the next chart is here that we want to show you is we ask respondents to indicate what strategies they're employing in the short term as a result of coronavirus and you can see a few things that i'll call out and then i'll ask eric to chime in first there's been no meaningful change of course no surprise in tactics like remote work and halting travel however we're seeing very positive trends in other areas trending downward like hiring freezes and freezing i.t deployments downward trend in layoffs and we also see an increase in the acceleration of new i.t deployments and in hiring eric what are your key takeaways well first of all i think it's important to point out here that uh we're also capturing that people believe remote work productivity is still increasing now the trajectory might be coming down a little bit but that is really key i think to the backdrop of what's happening here so people have a perception that productivity of remote work is better than hybrid work and that's from the i.t decision makers themselves um but what we're seeing here is that uh most importantly these organizations are citing plans to increase hiring and that's something that i think is really important to point out it's showing a real thawing and to your point in right in the beginning of the intro uh we are seeing deployments stabilize versus prior survey levels which means early on they had no plans to launch new tech deployments then they said nope we're going to start and now that's stalling and i think it's exactly right what you said is there's an i.t skills shortage so people want to continue to do i.t deployments because they have to support work from home and a hybrid back return to the office but they just don't have the skills to do so and i think that's really probably the most important takeaway from this chart um is that stalling and to really ask why it's stalling yeah so we're going to get into that for sure and and i think that's a really key point is that that that accelerating it deployments is some it looks like it's hit a wall in the survey and so but before before we get deep into the skills let's let's take a look at this next chart and we're asking people here how a return to the new normal if you will and back to offices is going to change spending with on-prem architectures and applications and so the first two bars they're cloud-friendly if you add them up at 63 percent of the respondents say that either they'll stay in the cloud for the most part or they're going to lower the on-prem spend when they go back to the office the next three bars are on-prem friendly if you add those up as 29 percent of the respondents say their on-prem spend is going to bounce back to pre-covert levels or actually increase and of course 12 percent of that number by the way say they they've never altered their on-prem spend so eric no surprise but this bodes well for cloud but but it it isn't it also a positive for on-prem this we've had this dual funding premise meaning cloud continues to grow but neglected data center spend also gets a boost what's your thoughts you know really it's interesting it's people are spending on all fronts you and i were talking in a prep it's like you know we're we're in battle and i've got naval i've got you know air i've got land uh i've got to spend on cloud and digital transformation but i also have to spend for on-prem uh the hybrid work is here and it needs to be supported so this spending is going to increase you know when you look at this chart you're going to see though that roughly 36 percent of all respondents say that their spending is going to remain mostly on cloud so this you know that is still the clear direction uh digital transformation is still happening covid accelerated it greatly um you know you and i as journalists and researchers already know this is where the puck is going uh but spend has always lagged a little bit behind because it just takes some time to get there you know inversely 27 said that their on-prem spending will decrease so when you look at those two i still think that the trend is the friend for cloud spending uh even though yes they do have to continue spending on hybrid some of it's been neglected there are refresh cycles coming up so overall it just points to more and more spending right now it really does seem to be a very strong backdrop for it growth so i want to talk a little bit about the etr taxonomy before we bring up the next chart we get a lot of questions about this and of course when you do a massive survey like you're doing you have to have consistency for time series so you have to really think through what that what the buckets look like if you will so this next chart takes a look at the etr taxonomy and it breaks it down into simple to understand terms so the green is the portion of spending on a vendor's tech within a category that is accelerating and the red is the portion that is decelerating so eric what are the key messages in this data well first of all dave thank you so much for pointing that out we used to do uh just what we call a next a net score it's a proprietary formula that we use to determine the overall velocity of spending some people found it confusing um our data scientists decided to break this sector breakdown into what you said which is really more of a mode analysis in that sector how many of the vendors are increasing versus decreasing so again i just appreciate you bringing that up and allowing us to explain the the the reasoning behind our analysis there but what we're seeing here uh goes back to something you and i did last year when we did our predictions and that was that it services and consulting was going to have a true rebound in 2021 and that's what this is showing right here so in this chart you're going to see that consulting and services are really continuing their recovery uh 2020 had a lot of declines and they have the biggest sector over year-over-year acceleration sector-wise the other thing to point out in this which we'll get to again later is that the inverse analysis is true for video conferencing uh we will get to that so i'm going to leave a little bit of ammunition behind for that one but what we're seeing here is it consulting services being the real favorable and video conferencing uh having a little bit more trouble great okay and then let's let's take a look at that services piece and this next chart really is a drill down into that space and emphasizes eric what you were just talking about and we saw this in ibm's earnings where still more than 60 percent of ibm's business comes from services and the company beat earnings you know in part due to services outperforming expectations i think it had a somewhat easier compare and some of this pen-up demand that we've been talking about bodes well for ibm and in other services companies it's not just ibm right eric no it's not but again i'm going to point out that you and i did point out ibm in our in our predictions one we did in late december so it is nice to see one of the reasons we don't have a more favorable rating on ibm at the moment is because they are in the the process of spinning out uh this large unit and so there's a little bit of you know corporate action there that keeps us off on the sideline but i would also want to point out here uh tata infosys and cognizant because they're seeing year-over-year acceleration in both it consulting and outsourced i t services so we break those down separately and those are the three names that are seeing acceleration in both of those so again a tata emphasis and cognizant are all looking pretty well positioned as well so we've been talking a little bit about this skill shortage and this is what's i think so hard for for forecasters um is that you know on the one hand there's a lot of pent up demand you know it's like scott gottlieb said it's like woodstock coming out of the covid uh but on the other hand if you have a talent gap you've got to rely on external services so there's a learning curve there's a ramp up it's an external company and so it takes time to put those together so so this data that we're going to show you next uh is is really important in my view and ties what we're saying we're saying at the top it asks respondents to comment on their staffing plans the light blue is we're increasing staff the gray is no change in the magenta or whatever whatever color that is that sort of purplish color anyway that color is is decreasing and the picture is very positive across the board full-time staff offshoring contract employees outsourced professional services all up trending upwards and this eric is more evidence of the services bounce back yeah it certainly is david and what happened is when we caught this trend we decided to go one level deeper and say all right we're seeing this but we need to know why and that's what we always try to do here data will tell you what's happening it doesn't always tell you why and that's one of the things that etr really tries to dig in with through the insights interviews panels and also going direct with these more custom survey questions uh so in this instance i think the real takeaway is that 30 of the respondents said that their outsourced and managed services are going to increase over the next three months that's really powerful that's a large portion of organizations in a very short time period so we're capturing that this acceleration is happening right now and it will be happening in real time and i don't see it slowing down you and i are speaking about we have to you know increase cloud spend we have to increase hybrid spend there are refresh cycles coming up and there's just a real skill shortage so this is a long-term setup that bodes very well for it services and consulting you know eric when i came out of college i somebody told me read read read read as much as you can and and so i would and they said read the wall street journal every day and i so i did it and i would read the tech magazines and back then it was all paper and what happens is you begin to connect the dots and so the reason i bring that up is because i've now been had taken a bath in the etr data for the better part of two years and i'm beginning to be able to connect the dots you know the data is not always predictive but many many times it is and so this next data gets into the fun stuff where we name names a lot of times people don't like it because the marketing people and organizations say well the data's wrong of course that's the first thing they do is attack the data but you and i know we've made some really great calls work from home for sure you're talking about the services bounce back uh we certainly saw the rise of crowdstrike octa zscaler well before people were talking about that same thing with video conferencing and so so anyway this is the fun stuff and it looks at positive versus negative sentiment on on companies so first how does etr derive this data and how should we interpret it and what are some of your takeaways [Music] sure first of all how we derive the data or systematic um survey responses that we do on a quarterly basis and we standardize those responses to allow for time series analysis so we can do trend analysis as well we do find that our data because it's talking about forward-looking spending intentions is really more predictive because we're talking about things that might be happening six months three months in the future not things that a lot of other competitors and research peers are looking at things that already happened uh they're looking in the past etr really likes to look into the future and our surveys are set up to do so so thank you for that question it's an enjoyable lead-in but to get to the fun stuff like you said uh what we do here is we put ratings on the data sets i do want to put the caveat out there that our spending intentions really only captures top-line revenue it is not indicative of profit margin or any other line items so this is only going to be viewed as what we are rating the data set itself not the company um you know that's not what we're in the game of doing so i think that's very important for the marketing and the vendors out there themselves when they when they take a look at this we're just talking about what we can control which is our data we're going to talk about a few of the names here on this highlighted vendors list one we're going to go back to that you and i spoke about i guess about six months ago or maybe even earlier which was the observability space um you and i were noticing that it was getting very crowded a lot of new entrants um there was a lot of acquisition from more of the legacy or standard entrance players in the space and that is continuing so i think in a minute we're going to move into that observability space but what we're seeing there is that it's becoming incredibly crowded and we're possibly seeing signs of them cannibalizing each other uh we're also going to move on a little bit into video conferencing where we're capturing some spend deceleration and then ultimately we're going to get into a little bit of a storage refresh cycle and talk about that but yeah these are the highlighted vendors for april um we usually do this once a quarter and they do change based on the data but they're not usually whipsawed around the data doesn't move that quickly yeah so you can see the some of the big names on the left-hand side some of the sas companies that have momentum obviously servicenow has been doing very very well we've talked a lot about snowflake octa crowdstrike z scalar in all very positive as well as you know several others i i guess i'd add some some things i mean i think if thinking about the next decade it's it's cloud which is not going to be like the same cloud as last decade a lot of machine learning and deep learning and ai and the cloud is extending to the edge in the data center data obviously very important data is decentralized and distributed so data architectures are changing a lot of opportunities to connect across clouds and actually create abstraction layers and then something that we've been covering a lot is processor performance is actually accelerating relative to moore's law it's probably instead of doubling every two years it's quadrupling every two years and so that is a huge factor especially as it relates to powering ai and ai inferencing at the edge this is a whole new territory custom silicon is is really becoming in vogue uh and so we're something that we're watching very very closely yeah i completely completely agree on that and i do think that the the next version of cloud will be very different another thing to point out on that too is you can't do anything that you're talking about without collecting the data and and organizations are extremely serious about that now it seems it doesn't matter what industry they're in every company is a data company and that also bodes well for the storage call we do believe that there is going to just be a huge increase in the need for storage um and yes hopefully that'll become portable across multi-cloud and hybrid as well now as eric said the the etr data's it's it's really focused on that top line spend so if you look at the uh on on the right side of that chart you saw you know netapp was kind of negative was very negative right but there's a company that's in in transformation now they've lowered expectations and they've recently beat expectations that's why the stock has been doing better but but at the macro from a spending standpoint it's still challenged so you have big footprint companies like netapp and oracle is another one oracle's stock is at an all-time high but the spending relative to sort of previous cycles or relative to you know like for instance snowflake much much smaller not as high growth but they're managing expectations they're managing their transition they're managing profitability zoom is another one zoom looking looking negative but you know zoom's got to use its market cap now to to transform and increase its tam uh and then splunk is another one we're going to talk about splunk is in transition it acquired signal fx it just brought on this week teresa carlson who was the head of aws public sector she's the president and head of sales so they've got a go to market challenge and they brought in teresa carlson to really solve that but but splunk has been trending downward we called that you know several quarters ago eric and so i want to bring up the data on splunk and this is splunk eric in analytics and it's not trending in the right direction the green is accelerating span the red is and the bars is decelerating spend the top blue line is spending velocity or net score and the yellow line is market share or pervasiveness in the data set your thoughts yeah first i want to go back is a great point dave about our data versus a disconnect from an equity analysis perspective i used to be an equity analyst that is not what we do here and you you may the main word you said is expectations right stocks will trade on how they do compared to the expectations that are set uh whether that's buy side expectations sell side expectations or management's guidance themselves we have no business in tracking any of that what we are talking about is top line acceleration or deceleration so uh that was a great point to make and i do think it's an important one for all of our listeners out there now uh to move to splunk yes i've been capturing a lot of negative commentary on splunk even before the data turned so this has been about a year-long uh you know our analysis and review on this name and i'm dating myself here but i know you and i are both rock and roll fans so i'm gonna point out a led zeppelin song and movie and say that the song remains the same for splunk we are just seeing uh you know recent spending intentions are taking yet another step down both from prior survey levels from year ago levels uh this we're looking at in the analytics sector and spending intentions are decelerating across every single customer group if we went to one of our other slide analysis um on the etr plus platform and you do by customer sub sample in analytics it's dropping in every single vertical it doesn't matter which one uh it's really not looking good unfortunately and you had mentioned this as an analytics and i do believe the next slide is an information security yeah let's bring that up and it's unfortunately it's not doing much better so this is specifically fortune 500 accounts and information security uh you know there's deep pockets in the fortune 500 but from what we're hearing in all the insights and interviews and panels that i personally moderate for etr people are upset they didn't like the the strong tactics that splunk has used on them in the past they didn't like the ingestion model pricing the inflexibility and when alternatives came along people are willing to look at the alternatives and that's what we're seeing in both analytics and big data and also for their sim in security yeah so i think again i i point to teresa carlson she's got a big job but she's very capable she's gonna she's gonna meet with a lot of customers she's a go to market pro she's gonna have to listen hard and i think you're gonna you're gonna see some changes there um okay so there's more sorry there's more bad news on splunk so bring this up is is is net score for splunk in elastic accounts uh this is for analytics so there's 106 elastic accounts that uh in the data set that also have splunk and it's trending downward for splunk that's why it's green for elastic and eric the important call out from etr here is how splunk's performance in elastic accounts compares with its performance overall the elk stack which obviously elastic is a big part of that is causing pain for splunk as is data dog and you mentioned the pricing issue uh is it is it just well is it pricing in your assessment or is it more fundamental you know it's multi-level based on the commentary we get from our itdms that take the survey so yes you did a great job with this analysis what we're looking at is uh the spending within shared accounts so if i have splunk already how am i spending i'm sorry if i have elastic already how is my spending on splunk and what you're seeing here is it's down to about a 12 net score whereas splunk overall has a 32 net score among all of its customers so what you're seeing there is there is definitely a drain that's happening where elastic is draining spend from splunk and usage from them uh the reason we used elastic here is because all observabilities the whole sector seems to be decelerating splunk is decelerating the most but elastic is the only one that's actually showing resiliency so that's why we decided to choose these two but you pointed out yes it's also datadog datadog is cloud native uh they're more devops oriented they tend to be viewed as having technological lead as compared to splunk so that's a really good point a dynatrace also is expanding their abilities and splunk has been making a lot of acquisitions to push their cloud services they are also changing their pricing model right they're they're trying to make things a little bit more flexible moving off ingestion um and moving towards uh you know consumption so they are trying and the new hires you know i'm not gonna bet against them because the one thing that splunk has going for them is their market share in our survey they're still very well entrenched so they do have a lot of accounts they have their foothold so if they can find a way to make these changes then they you know will be able to change themselves but the one thing i got to say across the whole sector is competition is increasing and it does appear based on commentary and data that they're starting to cannibalize themselves it really seems pretty hard to get away from that and you know there are startups in the observability space too that are going to be you know even more disruptive i think i think i want to key on the pricing for a moment and i've been pretty vocal about this i think the the old sas pricing model where essentially you essentially lock in for a year or two years or three years pay up front or maybe pay quarterly if you're lucky that's a one-way street and i think it's it's a flawed model i like what snowflake's doing i like what datadog's doing look at what stripe is doing look what twilio is doing these are cons you mentioned it because it's consumption based pricing and if you've got a great product put it out there and you know damn the torpedoes and i think that is a game changer i i look at for instance hpe with green lake i look at dell with apex they're trying to mimic that model you know they're there and apply it to to infrastructure it's much harder with infrastructure because you got to deploy physical infrastructure but but that is a model that i think is going to change and i think all of the traditional sas pricing is going to is going to come under disruption over the next you know better part of the decades but anyway uh let's move on we've we've been covering the the apm space uh pretty extensively application performance management and this chart lines up some of the big players here comparing net score or spending momentum from the april 20th survey the gray is is um is sorry the the the gray is the april 20th survey the blue is jan 21 and the yellow is april 21. and not only are elastic and data dog doing well relative to splunk eric but everything is down from last year so this space as you point out is undergoing a transformation yeah the pressures are real and it's you know it's sort of that perfect storm where it's not only the data that's telling us that but also the direct feedback we get from the community uh pretty much all the interviews i do i've done a few panels specifically on this topic for anyone who wants to you know dive a little bit deeper we've had some experts talk about this space and there really is no denying that there is a deceleration in spend and it's happening because that spend is getting spread out among different vendors people are using you know a data dog for certain aspects they're using elastic where they can because it's cheaper they're using splunk because they have to but because it's so expensive they're cutting some of the things that they're putting into splunk which is dangerous particularly on the security side if i have to decide what to put in and whatnot that's not really the right way to have security hygiene um so you know this space is just getting crowded there's disruptive vendors coming from the emerging space as well and what you're seeing here is the only bit of positivity is elastic on a survey over survey basis with a slight slight uptick everywhere else year over year and survey over survey it's showing declines it's just hard to ignore and then you've got dynatrace who based on the the interviews you do in the venn you're you know one on one or one on five you know the private interviews that i've been invited to dynatrace gets very high scores uh for their road map you've got new relic which has been struggling you know financially but they've got a purpose built they've got a really good product and a purpose-built database just for this apm space and then of course you've got cisco with appd which is a strong business for them and then as you mentioned you've got startups coming in you've got chaos search which ed walsh is now running you know leave the data in place in aws and really interesting model honeycomb it's going to be really disruptive jeremy burton's company observed so this space is it's becoming jump ball yeah there's a great line that came out of one of them and that was that the lines are blurring it used to be that you knew exactly that app dynamics what they were doing it was apm only or it was logging and monitoring only and a lot of what i'm hearing from the itdm experts is that the lines are blurring amongst all of these names they all have functionality that kind of crosses over each other and the other interesting thing is it used to be application versus infrastructure monitoring but as you know infrastructure is becoming code more and more and more and as infrastructure becomes code there's really no difference between application and infrastructure monitoring so we're seeing a convergence and a blurring of the lines in this space which really doesn't bode well and a great point about new relic their tech gets good remarks uh i just don't know if their enterprise level service and sales is up to snuff right now um as one of my experts said a cto of a very large public online hospitality company essentially said that he would be shocked that within 18 months if all of these players are still uh standalone that there needs to be some m a or convergence in this space okay now we're going to call out some of the data that that really has jumped out to etr in the latest survey and some of the names that are getting the most queries from etr clients which are many of which are investor clients so let's start by having a look at one of the most important and prominent work from home names zoom uh let's let's look at this eric is the ride over for zoom oh i've been saying it for a little bit of a time now actually i do believe it is um i will get into it but again pointing out great dave uh the reason we're presenting today splunk elastic and zoom are they are the most viewed on the etr plus platform uh trailing behind that only slightly is f5 i decided not to bring f5 to the table today because we don't have a rating on the data set um so then i went one deep one below that and it's pure so the reason we're presenting these to you today is that these are the ones that our clients and our community are most interested in which is hopefully going to gain interest to your viewers as well so to get to zoom um yeah i call zoom the pandec pandemic bull market baby uh this was really just one that had a meteoric ride you look back january in 2020 the stock was at 60 and 10 months later it was like like 580. that's in 10 months um that's cooled down a little bit uh into the mid 300s and i believe that cooling down should continue and the reason why is because we are seeing a huge deceleration in our spending intentions uh they're hitting all-time lows it's really just a very ugly data set um more importantly than the spending intentions for the first time we're seeing customer growth in our survey flattened in the past we could we knew that the the deceleration and spend was happening but meanwhile their new customer growth was accelerating so it was kind of hard to really make any call based on that this is the first time we're seeing flattening customer growth trajectory and that uh in tandem with just dominance from microsoft in every sector they're involved in i don't care if it's ip telephony productivity apps or the core video conferencing microsoft is just dominating so there's really just no way to ignore this anymore the data and the commentary state that zoom is facing some headwinds well plus you've pointed out to me that a lot of your private conversations with buyers says that hey we're we're using the freebie version of zoom you know we're not paying them and so in that combined with teams i mean it's it's uh it's i think you know look zoom has to figure it out they they've got to they've got to figure out how to use their elevated market cap to transform and expand their tan um but let's let's move on here's the data on pure storage and we've highlighted a number of times this company is showing elevated spending intentions um pure announces earnings in in may ibm uh just announced storage what uh it was way down actually so sort of still pure more positive but i'll comment on a moment but what does this data tell you eric yeah you know right now we started seeing this data last survey in january and that was the first time we really went positive on the data set itself and it's just really uh continuing so we're seeing the strongest year-over-year acceleration in the entire survey um which is a really good spot to be pure is also a leading position in among its sector peers and the other thing that was pretty interesting from the data set is among all storage players pure has the highest positive public cloud correlation so what we can do is we can see which respondents are accelerating their public cloud spend and then cross-reference that with their storage spend and pure is best positioned so as you and i both know uh you know digital transformation cloud spending is increasing you need to be aligned with that and among all storage uh sector peers uh pure is best positioned in all of those in spending intentions and uh adoptions and also public cloud correlation so yet again just another really strong data set and i have an anecdote about why this might be happening because when i saw the date i started asking in my interviews what's going on here and there was one particular person he was a director of cloud operations for a very large public tech company now they have hybrid um but their data center is in colo so they don't own and build their own physical building he pointed out that doran kovid his company wanted to increase storage but he couldn't get into his colo center due to covert restrictions they weren't allowed you had so 250 000 square feet right but you're only allowed to have six people in there so it's pretty hard to get to your rack and get work done he said he would buy storage but then the cola would say hey you got to get it out of here it's not even allowed to sit here we don't want it in our facility so he has all this pent up demand in tandem with pent up demand we have a refresh cycle the ssd you know depreciation uh you know cycle is ending uh you know ssds are moving on and we're starting to see uh new technology in that space nvme sorry for technology increasing in that space so we have pent up demand and we have new technology and that's really leading to a refresh cycle and this particular itdm that i spoke to and many of his peers think this has a long tailwind that uh storage could be a good sector for some time to come that's really interesting thank you for that that extra metadata and i want to do a little deeper dive on on storage so here's a look at storage in the the industry in context and some of the competitive i mean it's been a tough market for the reasons that we've highlighted cloud has been eating away that flash headroom it used to be you'd buy storage to get you know more spindles and more performance and you were sort of forced to buy more flash gave more headroom but it's interesting what you're saying about the depreciation cycle so that's good news so etr combines just for people's benefit here combines primary and secondary storage into a single category so you have companies like pure and netapp which are really pure play you know primary storage companies largely in the sector along with veeam cohesity and rubric which are kind of secondary data or data protection so my my quick thoughts here are that pure is elevated and remains what i call the one-eyed man in the land of the blind but that's positive tailwinds there so that's good news rubric is very elevated but down it's a big it's big competitor cohesity is way off its highs and i have to say to me veeam is like the steady eddy consistent player here they just really continue to do well in the data protection business and and the highs are steady the lows are steady dell is also notable they've been struggling in storage their isg business which comprises service and storage it's been soft during covid and and during even you know this new product rollout so it's notable with this new mid-range they have in particular the uptick in dell this survey because dell so large a small uptick can be very good for dell hpe has a big announcement next month in storage so that might improve based on a product cycle of course the nimble brand continues to do well ibm as i said just announced a very soft quarter you know down double digits again uh and there in a product cycle shift and netapp is that looks bad in the etr data from a spending momentum standpoint but their management team is transforming the company into a cloud play which eric is why it was interesting that pure has the greatest momentum in in cloud accounts so that is sort of striking to me i would have thought it would be netapp so that's something that we want to pay attention to but i do like a lot of what netapp is doing uh and other than pure they're the only big kind of pure play in primary storage so long winded uh uh intro there eric but anything you'd add no actually i appreciate it was long winded i i'm going to be honest with you storage is not my uh my best sector as far as a researcher and analyst goes uh but i actually think a lot of what you said is spot on um you know we do capture a lot of large organizations spend uh we don't capture much mid and small so i think when you're talking about these large large players like netapp and um you know not looking so good all i would state is that we are capturing really big organizations spending attention so these are names that should be doing better to be quite honest uh in those accounts and you know at least according to our data we're not seeing it and it's long-term depression as you can see uh you know netapp now has a negative spending velocity in this analysis so you know i can go dig around a little bit more but right now the names that i'm hearing are pure cohesity uh um i'm hearing a little bit about hitachi trying to reinvent themselves in the space but you know i'll take a wait-and-see approach on that one but uh pure and cohesity are the ones i'm hearing a lot from our community so storage is transforming to cloud as a service you're seeing things like apex and in green lake from dell and hpe and container storage little so not really a lot of people paying attention to it but pure about a company called portworx which really specializes in container storage and there's many startups there they're trying to really change the way david flynn has a startup in that space he's the guy who started fusion i o so a lot a lot of transformations happening here okay i know it's been a long segment we have to summarize and then let me go through a summary and then i'll give you the last word eric so tech spending appears to be tracking us gdp at six to seven percent this talent shortage could be a blocker to accelerating i.t deployments and that's kind of good news actually for for services companies digital transformation you know it's it remains a priority and that bodes well not only for services but automation uipath went public this week we we profiled that you know extensively that went public last wednesday um organizations they've i said at the top face some tough decisions on how to allocate resources you know running the business growing the business transforming the business and we're seeing a bifurcation of spending and some residual effects on vendors and that remains a theme that we're watching eric your final thoughts yeah i'm going to go back quickly to just the overall macro spending because there's one thing i think is interesting to point out and we're seeing a real acceleration among mid and small so it seems like early on in the covid recovery or kovitz spending it was the deep pockets that moved first right fortune 500 knew they had to support remote work they started spending first round that in the fortune 500 we're only seeing about five percent spent but when you get into mid and small organizations that's creeping up to eight nine so i just think it's important to point out that they're playing catch-up right now uh also would point out that this is heavily skewed to north america spending we're seeing laggards in emea they just don't seem to be spending as much they're in a very different place in their recovery and uh you know i do think that it's important to point that out um lastly i also want to mention i know you do such a great job on following a lot of the disruptive vendors that you just pointed out pure doing container storage we also have another bi-annual survey that we do called emerging technology and that's for the private names that's going to be launching in may for everyone out there who's interested in not only the disruptive vendors but also private equity players uh keep an eye out for that we do that twice a year and that's growing in its respondents as well and then lastly one comment because you mentioned the uipath ipo it was really hard for us to sit on the sidelines and not put some sort of rating on their data set but ultimately um the data was muted unfortunately and when you're seeing this kind of hype into an ipo like we saw with snowflake the data was resoundingly strong we had no choice but to listen to what the data said for snowflake despite the hype um we didn't see that for uipath and we wanted to and i'm not making a large call there but i do think it's interesting to juxtapose the two that when snowflake was heading to its ipo the data was resoundingly positive and for uipath we just didn't see that thank you for that and eric thanks for coming on today it's really a pleasure to have you and uh so really appreciate the the uh collaboration and look forward to doing more of these we enjoy the partnership greatly dave we're very very happy to have you in the etr family and looking forward to doing a lot lot more with you in the future ditto okay that's it for today remember these episodes are all available as podcasts wherever you listen all you got to do is search breaking analysis podcast and please subscribe to the series check out etr's website it's etr dot plus we also publish a full report every week on wikibon.com at siliconangle.com you can email me david.velante at siliconangle.com you can dm me on twitter at dvalante or comment on our linkedin post i could see you in clubhouse this is dave vellante for eric porter bradley for the cube insights powered by etr have a great week stay safe be well and we'll see you next time

>> From theCUBE studios in Palo Alto and Boston, Bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> Recent survey data from ETR shows that enterprise tech spending is tracking with projected US GDP growth at six to 7% this year. Many markers continue to point the way to a strong recovery, including hiring trends and the loosening of frozen IT Project budgets. However skills shortages are blocking progress at some companies which bodes well for an increased reliance on external IT services. Moreover, while there's much talk about the rotation out of work from home plays and stocks such as video conferencing, VDI, and other remote worker tech, we see organizations still trying to figure out the ideal balance between funding headquarter investments that have been neglected and getting hybrid work right. In particular, the talent gap combined with a digital mandate, means companies face some tough decisions as to how to fund the future while serving existing customers and transforming culturally. Hello everyone, and welcome to this week's Wikibon CUBE's Insights powered by ETR. In this "Breaking Analysis", we welcome back Erik Porter Bradley of ETR who will share fresh data, perspectives and insights from the latest survey data. Erik, great to see you. Welcome. >> Thank you very much, Dave. Always good to see you and happy to be on the show again. >> Okay, we're going to share some macro data and then we're going to dig into some highlights from ETR's most recent March COVID survey and also the latest April data. So Erik, the first chart that we want to show, it shows CIO and IT buyer responses to expected IT spend for each quarter of 2021 versus 2020, and you can see here a steady quarterly improvement. Erik, what are the key takeaways, from your perspective? >> Sure, well, first of all, for everyone out there, this particular survey had a record-setting number of participation. We had a 1,500 IT decision makers participate and we had over half of the Fortune 500 and over a fifth of the Global 1000. So it was a really good survey. This is seventh iteration of the COVID Impact Survey specifically, and this is going to transition to an overlarge macro survey going forward so we can continue it. And you're 100% right, what we've been tracking here since March of last year was, how is spending being impacted because of COVID? Where is it shifting? And what we're seeing now finally is that there is a real re-acceleration in spend. I know we've been a little bit more cautious than some of the other peers out there that just early on slapped an eight or a 9% number, but what we're seeing is right now, it's at a midpoint of over six, about 6.7% and that is accelerating. So, we are still hopeful that that will continue, and really, that spending is going to be in the second half of the year. As you can see on the left part of this chart that we're looking at, it was about 1.7% versus 3% for Q1 spending year-over-year. So that is starting to accelerate through the back half. >> I think it's prudent to be cautious (indistinct) 'cause normally you'd say, okay, tech is going to grow a couple of points higher than GDP, but it's really so hard to predict this year. Okay, the next chart here that we want to show you is we asked respondents to indicate what strategies they're employing in the short term as a result of coronavirus and you can see a few things that I'll call out and then I'll ask Erik to chime in. First, there's been no meaningful change of course, no surprise in tactics like remote work and holding travel, however, we're seeing very positive trends in other areas trending downward, like hiring freezes and freezing IT deployments, a downward trend in layoffs, and we also see an increase in the acceleration of new IT deployments and in hiring. Erik, what are your key takeaways? >> Well, first of all, I think it's important to point out here that we're also capturing that people believe remote work productivity is still increasing. Now, the trajectory might be coming down a little bit, but that is really key, I think, to the backdrop of what's happening here. So people have a perception that productivity of remote work is better than hybrid work and that's from the IT decision makers themselves, but what we're seeing here is that, most importantly, these organizations are citing plans to increase hiring, and that's something that I think is really important to point out. It's showing a real following, and to your point right in the beginning of the intro, we are seeing deployments stabilize versus prior survey levels, which means early on, they had no plans to launch new tech deployments, then they said, "Nope, we're going to start." and now that stalling, and I think it's exactly right, what you said, is there's an IT skills shortage. So people want to continue to do IT deployments 'cause they have to support work from home and a hybrid back return to the office, but they just don't have the skills to do so, and I think that's really probably the most important takeaway from this chart, is that stalling and to really ask why it's stalling. >> Yeah, so we're going to get into that for sure, and I think that's a really key point, is that accelerating IT deployments, it looks like it's hit a wall in the survey, but before we get deep into the skills, let's take a look at this next chart, and we're asking people here how our return to the new normal, if you will, and back to offices is going to change spending with on-prem architectures and applications. And so the first two bars, they're Cloud-friendly, if you add them up, it's 63% of the respondents, say that either they'll stay in the Cloud for the most part, or they're going to lower their on-prem spend when they go back to the office. The next three bars are on-prem friendly. If you add those up it's 29% of the respondents say their on-prem spend is going to bounce back to pre-COVID levels or actually increase, and of course, 12% of that number, by the way, say they've never altered their on-prem spend. So Erik, no surprise, but this bodes well for Cloud, but isn't it also a positive for on-prem? We've had this dual funding premise, meaning Cloud continues to grow, but neglected data center spend also gets a boost. What's your thoughts? >> Really, it's interesting. It's people are spending on all fronts. You and I were talking in the prep, it's like we're in battle and I've got naval, I've got air, I've got land, I've got to spend on Cloud and digital transformation, but I also have to spend for on-prem. The hybrid work is here and it needs to be supported. So this is spending is going to increase. When you look at this chart, you're going to see though, that roughly 36% of all respondents say that their spending is going to remain mostly on Cloud. So that is still the clear direction, digital transformation is still happening, COVID accelerated it greatly, you and I, as journalists and researchers already know this is where the puck is going, but spend has always lagged a little bit behind 'cause it just takes some time to get there. Inversely, 27% said that their on-prem spending will decrease. So when you look at those two, I still think that the trend is the friend for Cloud spending, even though, yes, they do have to continue spending on hybrid, some of it's been neglected, there are refresh cycles coming up, so, overall it just points to more and more spending right now. It really does seem to be a very strong backdrop for IT growth. >> So I want to talk a little bit about the ETR taxonomy before we bring up the next chart. We get a lot of questions about this, and of course, when you do a massive survey like you're doing, you have to have consistency for time series, so you have to really think through what the buckets look like, if you will. So this next chart takes a look at the ETR taxonomy and it breaks it down into simple-to-understand terms. So the green is the portion of spending on a vendor's tech within a category that is accelerating, and the red is the portion that is decelerating. So Erik, what are the key messages in this data? >> Well, first of all, Dave, thank you so much for pointing that out. We used to do, just what we call a Net score. It's a proprietary formula that we use to determine the overall velocity of spending. Some people found it confusing. Our data scientists decided to break this sector, break down into what you said, which is really more of a mode analysis. In that sector, how many of the vendors are increasing versus decreasing? So again, I just appreciate you bringing that up and allowing us to explain the reasoning behind our analysis there. But what we're seeing here goes back to something you and I did last year when we did our predictions, and that was that IT services and consulting was going to have a true rebound in 2021, and that's what this is showing right here. So in this chart, you're going to see that consulting and services are really continuing their recovery, 2020 had a lot of the clients and they have the biggest sector year-over-year acceleration sector wise. The other thing to point out on this, which we'll get to again later, is that the inverse analysis is true for video conferencing. We will get to that, so I'm going to leave a little bit of ammunition behind for that one, but what we're seeing here is IT consulting services being the real favorable and video conferencing having a little bit more trouble. >> Great, okay, and then let's take a look at that services piece, and this next chart really is a drill down into that space and emphasizes, Erik, what you were just talking about. And we saw this in IBM's earnings, where still more than 60% of IBM's business comes from services and the company beat earnings, in part, due to services outperforming expectations, I think it had a somewhat easier compare and some of this pent-up demand that we've been talking about bodes well for IBM and other services companies, it's not just IBM, right, Erik? >> No, it's not, but again, I'm going to point out that you and I did point out IBM in our predictions when we did in late December, so, it is nice to see. One of the reasons we don't have a more favorable rating on IBM at the moment is because they are in the process of spinning out this large unit, and so there's a little bit of a corporate action there that keeps us off on the sideline. But I would also want to point out here, Tata, Infosys and Cognizant 'cause they're seeing year-over-year acceleration in both IT consulting and outsourced IT services. So we break those down separately and those are the three names that are seeing acceleration in both of those. So again, at the Tata, Infosys and Cognizant are all looking pretty well positioned as well. >> So we've been talking a little bit about this skills shortage, and this is what's, I think, so hard for forecasters, is that in the one hand, There's a lot of pent up demand, Scott Gottlieb said it's like Woodstock coming out of the COVID, but on the other hand, if you have a talent gap, you've got to rely on external services. So there's a learning curve, there's a ramp up, it's an external company, and so it takes time to put those together. So this data that we're going to show you next, is really important in my view and ties what we were saying at the top. It asks respondents to comment on their staffing plans. The light blue is "We're increasing staff", the gray is "No change" and the magenta or whatever, whatever color that is that sort of purplish color, anyway, that color is decreasing, and the picture is very positive across the board. Full-time staff, offshoring, contract employees, outsourced professional services, all up trending upwards, and this Erik is more evidence of the services bounce back. >> Yeah, it's certainly, yes, David, and what happened is when we caught this trend, we decided to go one level deeper and say, all right, we're seeing this, but we need to know why, and that's what we always try to do here. Data will tell you what's happening, it doesn't always tell you why, and that's one of the things that ETR really tries to dig in with through the insights, interviews panels, and also going direct with these more custom survey questions. So in this instance, I think the real takeaway is that 30% of the respondents said that their outsourced and managed services are going to increase over the next three months. That's really powerful, that's a large portion of organizations in a very short time period. So we're capturing that this acceleration is happening right now and it will be happening in real time, and I don't see it slowing down. You and I are speaking about we have to increase Cloud spend, we have to increase hybrid spend, there are refresh cycles coming up, and there's just a real skills shortage. So this is a long-term setup that bodes very well for IT services and consulting. >> You know, Erik, when I came out of college, somebody told me, "Read, read, read, read as much as you can." And then they said, "Read the Wall Street Journal every day." and so I did it, and I would read the tech magazines and back then it was all paper, and what happens is you begin to connect the dots. And so the reason I bring that up is because I've now taken a bath in the ETR data for the better part of two years and I'm beginning to be able to connect the dots. The data is not always predictive, but many, many times it is. And so this next data gets into the fun stuff where we name names. A lot of times people don't like it because they're either marketing people at organizations, say, "Well, data's wrong." because that's the first thing they do, is attack the data. But you and I know, we've made some really great calls, work from home, for sure, you're talking about the services bounce back. We certainly saw the rise of CrowdStrike, Okta, Zscaler, well before people were talking about that, same thing with video conferencing. And so, anyway, this is the fun stuff and it looks at positive versus negative sentiment on companies. So first, how does ETR derive this data and how should we interpret it, and what are some of your takeaways? >> Sure, first of all, how we derive the data, are systematic survey responses that we do on a quarterly basis, and we standardize those responses to allow for time series analysis so we can do trend analysis as well. We do find that our data, because it's talking about forward-looking spending intentions, is really more predictive because we're talking about things that might be happening six months, three months in the future, not things that a lot of other competitors and research peers are looking at things that already happened, they're looking in the past, ETR really likes to look into the future and our surveys are set up to do so. So thank you for that question, It's a enjoyable lead in, but to get to the fun stuff, like you said, what we do here is we put ratings on the datasets. I do want to put the caveat out there that our spending intentions really only captures top-line revenue. It is not indicative of profit margin or any other line items, so this is only to be viewed as what we are rating the data set itself, not the company, that's not what we're in the game of doing. So I think that's very important for the marketing and the vendors out there themselves when they take a look at this. We're just talking about what we can control, which is our data. We're going to talk about a few of the names here on this highlighted vendors list. One, we're going to go back to that you and I spoke about, I guess, about six months ago, or maybe even earlier, which was the observability space. You and I were noticing that it was getting very crowded, a lot of new entrants, there was a lot of acquisition from more of the legacy or standard players in the space, and that is continuing. So I think in a minute, we're going to move into that observability space, but what we're seeing there is that it's becoming incredibly crowded and we're possibly seeing signs of them cannibalizing each other. We're also going to move on a little bit into video conferencing, where we're capturing some spend deceleration, and then ultimately, we're going to get into a little bit of a storage refresh cycle and talk about that. But yeah, these are the highlighted vendors for April, we usually do this once a quarter and they do change based on the data, but they're not usually whipsawed around, the data doesn't move that quickly. >> Yeah, so you can see some of the big names in the left-hand side, some of the SAS companies that have momentum. Obviously, ServiceNow has been doing very, very well. We've talked a lot about Snowflake, Okta, CrowdStrike, Zscaler, all very positive, as well as several others. I guess I'd add some things. I mean, I think if thinking about the next decade, it's Cloud, which is not going to be like the same Cloud as the last decade, a lot of machine learning and deep learning and AI and the Cloud is extending to the edge and the data center. Data, obviously, very important, data is decentralized and distributed, so data architectures are changing. A lot of opportunities to connect across Clouds and actually create abstraction layers, and then something that we've been covering a lot is processor performance is actually accelerating relative to Moore's law. It's probably instead of doubling every two years, it's quadrupling every two years, and so that is a huge factor, especially as it relates to powering AI and AI inferencing at the edge. This is a whole new territory, custom Silicon is really becoming in vogue and so something that we're watching very, very closely. >> Yeah, I completely, agree on that and I do think that the next version of Cloud will be very different. Another thing to point out on that too, is you can't do anything that you're talking about without collecting the data and organizations are extremely serious about that now. It seems it doesn't matter what industry they're in, every company is a data company, and that also bodes well for the storage goal. We do believe that there is going to just be a huge increase in the need for storage, and yes, hopefully that'll become portable across multi-Cloud and hybrid as well. >> Now, as Erik said, the ETR data, it's really focused on that top-line spend. So if you look on the right side of that chart, you saw NetApp was kind of negative, was very negative, right? But it is a company that's in transformation now, they've lowered expectations and they've recently beat expectations, that's why the stock has been doing better, but at the macro, from a spending standpoint, it's still stout challenged. So you have big footprint companies like NetApp and Oracle is another one. Oracle's stock is at an all time high, but the spending relative to sort of previous cycles are relative to, like for instance, Snowflake, much, much smaller, not as high growth, but they're managing expectations, they're managing their transition, they're managing profitability. Zoom is another one, Zoom looking negative, but Zoom's got to use its market cap now to transform and increase its TAM. And then Splunk is another one we're going to talk about. Splunk is in transition, it acquired SignalFX, It just brought on this week, Teresa Carlson, who was the head of AWS Public Sector. She's the president and head of sales, so they've got a go-to-market challenge and they brought in Teresa Carlson to really solve that, but Splunk has been trending downward, we called that several quarters ago, Erik, and so I want to bring up the data on Splunk, and this is Splunk, Erik, in analytics, and it's not trending in the right direction. The green is accelerating spend, the red is in the bars is decelerating spend, the top blue line is spending velocity or Net score, and the yellow line is market share or pervasiveness in the dataset. Your thoughts. >> Yeah, first I want to go back. There's a great point, Dave, about our data versus a disconnect from an equity analysis perspective. I used to be an equity analyst, that is not what we do here. And the main word you said is expectations, right? Stocks will trade on how they do compare to the expectations that are set, whether that's buy-side expectations, sell-side expectations or management's guidance themselves. We have no business in tracking any of that, what we are talking about is the top-line acceleration or deceleration. So, that was a great point to make, and I do think it's an important one for all of our listeners out there. Now, to move to Splunk, yes, I've been capturing a lot of negative commentary on Splunk even before the data turns. So this has been a about a year-long, our analysis and review on this name and I'm dating myself here, but I know you and I are both rock and roll fans, so I'm going to point out a Led Zeppelin song and movie, and say that the song remains the same for Splunk. We are just seeing recent spending attentions are taking yet another step down, both from prior survey levels, from year ago levels. This, we're looking at in the analytics sector and spending intentions are decelerating across every single group, and we went to one of our other slide analysis on the ETR+ platform, and you do by customer sub-sample, in analytics, it's dropping in every single vertical. It doesn't matter which one. it's really not looking good, unfortunately, and you had mentioned this is an analytics and I do believe the next slide is an information security. >> Yeah, let's bring that up. >> And unfortunately it's not doing much better. So this is specifically Fortune 500 accounts and information security. There's deep pockets in the Fortune 500, but from what we're hearing in all the insights and interviews and panels that I personally moderate for ETR, people are upset, that they didn't like the strong tactics that Splunk has used on them in the past, they didn't like the ingestion model pricing, the inflexibility, and when alternatives came along, people are willing to look at the alternatives, and that's what we're seeing in both analytics and big data and also for their SIM and security. >> Yeah, so I think again, I pointed Teresa Carlson. She's got a big job, but she's very capable. She's going to meet with a lot of customers, she's a go-to-market pro, she's going to to have to listen hard, and I think you're going to see some changes there. Okay, so sorry, there's more bad news on Splunk. So (indistinct) bring this up is Net score for Splunk and Elastic accounts. This is for analytics, so there's 106 Elastic accounts in the dataset that also have Splunk and it's trending downward for Splunk, that's why it's green for Elastic. And Erik, the important call out from ETR here is how Splunk's performance in Elastic accounts compares with its performance overall. The ELK stack, which obviously Elastic is a big part of that, is causing pain for Splunk, as is Datadog, and you mentioned the pricing issue, well, is it pricing in your assessment or is it more fundamental? >> It's multi-level based on the commentary we get from our ITDMs teams that take the survey. So yes, you did a great job with this analysis. What we're looking at is the spending within shared accounts. So if I have Splunk already, how am I spending? I'm sorry if I have Elastic already, how am I spending on Splunk? And what you're seeing here is it's down to about a 12% Net score, whereas Splunk overall, has a 32% Net score among all of its customers. So what you're seeing there is there is definitely a drain that's happening where Elastic is draining spend from Splunk and usage from them. The reason we used Elastic here is because all observabilities, the whole sector seems to be decelerating. Splunk is decelerating the most, but Elastic is the only one that's actually showing resiliency, so that's why we decided to choose these two, but you pointed out, yes, it's also Datadog. Datadog is Cloud native. They're more dev ops-oriented. They tend to be viewed as having technological lead as compared to Splunk. So a really good point. Dynatrace also is expanding their abilities and Splunk has been making a lot of acquisitions to push their Cloud services, they are also changing their pricing model, right? They're trying to make things a little bit more flexible, moving off ingestion and moving towards consumption. So they are trying, and the new hires, I'm not going to bet against them because the one thing that Splunk has going for them is their market share in our survey, they're still very well entrenched. So they do have a lot of accounts, they have their foothold. So if they can find a way to make these changes, then they will be able to change themselves, but the one thing I got to say across the whole sector is competition is increasing, and it does appear based on commentary and data that they're starting to cannibalize themselves. It really seems pretty hard to get away from that, and you know there are startups in the observability space too that are going to be even more disruptive. >> I think I want to key on the pricing for a moment, and I've been pretty vocal about this. I think the old SAS pricing model where you essentially lock in for a year or two years or three years, pay up front, or maybe pay quarterly if you're lucky, that's a one-way street and I think it's a flawed model. I like what Snowflake's doing, I like what Datadog's doing, look at what Stripe is doing, look at what Twilio is doing, you mentioned it, it's consumption-based pricing, and if you've got a great product, put it out there and damn, the torpedoes, and I think that is a game changer. I look at, for instance, HPE with GreenLake, I look at Dell with Apex, they're trying to mimic that model and apply it to infrastructure, it's much harder with infrastructure 'cause you've got to deploy physical infrastructure, but that is a model that I think is going to change, and I think all of the traditional SAS pricing is going to come under disruption over the next better part of the decades, but anyway, let's move on. We've been covering the APM space pretty extensively, application performance management, and this chart lines up some of the big players here. Comparing Net score or spending momentum from the April 20th survey, the gray is, sorry, the gray is the April 20th survey, the blue is Jan 21 and the yellow is April 21, and not only are Elastic and Datadog doing well relative to Splunk, Erik, but everything is down from last year. So this space, as you point out, is undergoing a transformation. >> Yeah, the pressures are real and it's sort of that perfect storm where it's not only the data that's telling us that, but also the direct feedback we get from the community. Pretty much all the interviews I do, I've done a few panels specifically on this topic, for anyone who wants to dive a little bit deeper. We've had some experts talk about this space and there really is no denying that there is a deceleration in spend and it's happening because that spend is getting spread out among different vendors. People are using a Datadog for certain aspects, they are using Elastic where they can 'cause it's cheaper. They're using Splunk because they have to, but because it's so expensive, they're cutting some of the things that they're putting into Splunk, which is dangerous, particularly on the security side. If I have to decide what to put in and whatnot, that's not really the right way to have security hygiene. So this space is just getting crowded, there's disruptive vendors coming from the emerging space as well, and what you're seeing here is the only bit of positivity is Elastic on a survey-over-survey basis with a slight, slight uptick. Everywhere else, year-over-year and survey-over-survey, it's showing declines, it's just hard to ignore. >> And then you've got Dynatrace who, based on the interviews you do in the (indistinct), one-on-one, or one-on-five, the private interviews that I've been invited to, Dynatrace gets very high scores for their roadmap. You've got New Relic, which has been struggling financially, but they've got a really good product and a purpose-built database just for this APM space, and then of course, you've got Cisco with AppD, which is a strong business for them, and then as you mentioned, you've got startups coming in, you got ChaosSearch, which Ed Walsh is now running, leave the data in place in AWS and really interesting model, Honeycomb is getting really disruptive, Jeremy Burton's company, Observed. So this space is it's becoming jumped ball. >> Yeah, there's a great line that came out of one of them, and that was that the lines are blurring. It used to be that you knew exactly that AppDynamics, what they were doing, it was APM only, or it was logging and monitoring only, and a lot of what I'm hearing from the ITDM experts is that the lines are blurring amongst all of these names. They all have functionality that kind of crosses over each other. And the other interesting thing is it used to be application versus infrastructure monitoring, but as you know, infrastructure is becoming code more and more and more, and as infrastructure becomes code, there's really no difference between application and infrastructure monitoring. So we're seeing a convergence and a blurring of the lines in this space, which really doesn't bode well, and a great point about New Relic, their tech gets good remarks. I just don't know if their enterprise level service and sales is up to snuff right now. As one of my experts said, a CTO of a very large public online hospitality company essentially said that he would be shocked that within 18 months if all of these players are still standalone, that there needs to be some M and A or convergence in this space. >> Okay, now we're going to call out some of the data that really has jumped out to ETR in the latest survey, and some of the names that are getting the most queries from ETR clients, many of which are investor clients. So let's start by having a look at one of the most important and prominent work from home names, Zoom. Let's look at this. Erik is the ride over for Zoom? >> Ah, I've been saying it for a little bit of a time now actually. I do believe it is, and we'll get into it, but again, pointing out, great, Dave, the reason we're presenting today Splunk, Elastic and Zoom, they are the most viewed on the ETR+ platform. Trailing behind that only slightly is F5, I decided not to bring F5 to the table today 'cause we don't have a rating on the data set. So then I went one deep, one below that and it's pure. So the reason we're presenting these to you today is that these are the ones that our clients and our community are most interested in, which is hopefully going to gain interest to your viewers as well. So to get to Zoom, yeah, I call Zoom the pandemic bull market baby. This was really just one that had a meteoric ride. You look back, January in 2020, the stock was at $60 and 10 months later, it was like 580, that's in 10 months. That's cooled down a little bit into the mid-300s, and I believe that cooling down should continue, and the reason why is because we are seeing huge deceleration in our spending intentions. They're hitting all-time lows, it's really just a very ugly dataset. More importantly than the spending intentions, for the first time, we're seeing customer growth in our survey flatten. In the past, we knew that the deceleration of spend was happening, but meanwhile, their new customer growth was accelerating, so it was kind of hard to really make any call based on that. This is the first time we're seeing flattening customer growth trajectory, and that in tandem with just dominance from Microsoft in every sector they're involved in, I don't care if it's IP telephony, productivity apps or the core video conferencing, Microsoft is just dominating. So there's really just no way to ignore this anymore. The data and the commentary state that Zoom is facing some headwinds. >> Well, plus you've pointed out to me that a lot of your private conversations with buyers says that, "Hey, we're, we're using the freebie version of Zoom, and we're not paying them." And that combined with Teams, I mean, it's... I think, look, Zoom, they've got to figure out how to use their elevated market cap to transform and expand their TAM, but let's move on. Here's the data on Pure Storage and we've highlighted a number of times this company is showing elevated spending intentions. Pure announced it's earnings in May, IBM just announced storage, it was way down actually. So still, Pure, more positive, but I'll on that comment in a moment, but what does this data tell you, Erik? >> Yeah, right now we started seeing this data last survey in January, and that was the first time we really went positive on the data set itself, and it's just really continuing. So we're seeing the strongest year-over-year acceleration in the entire survey, which is a really good spot to be. Pure is also a leading position among its sector peers, and the other thing that was pretty interesting from the data set is among all storage players, Pure has the highest positive public Cloud correlation. So what we can do is we can see which respondents are accelerating their public Cloud spend and then cross-reference that with their storage spend and Pure is best positioned. So as you and I both know, digital transformation Cloud spending is increasing, you need to be aligned with that. And among all storage sector peers, Pure is best positioned in all of those, in spending intentions and adoptions and also public Cloud correlation. So yet again, to start another really strong dataset, and I have an anecdote about why this might be happening, because when I saw the data, I started asking in my interviews, what's going on here? And there was one particular person, he was a director of Cloud operations for a very large public tech company. Now, they have hybrid, but their data center is in colo, So they don't own and build their own physical building. He pointed out that during COVID, his company wanted to increase storage, but he couldn't get into his colo center due to COVID restrictions. They weren't allowed. You had 250,000 square feet, right, but you're only allowed to have six people in there. So it's pretty hard to get to your rack and get work done. He said he would buy storage, but then the colo would say, "Hey, you got to get it out of here. It's not even allowed to sit here. We don't want it in our facility." So he has all this pent up demand. In tandem with pent up demand, we have a refresh cycle. The SSD depreciation cycle is ending. SSDs are moving on and we're starting to see a new technology in that space, NVMe sorry, technology increasing in that space. So we have pent up demand and we have new technology and that's really leading to a refresh cycle, and this particular ITDM that I spoke to and many of his peers think this has a long tailwind that storage could be a good sector for some time to come. >> That's really interesting, thank you for that extra metadata. And I want to do a little deeper dive on storage. So here's a look at storage in the industry in context and some of the competitive. I mean, it's been a tough market for the reasons that we've highlighted, Cloud has been eating away that flash headroom. It used to be you'd buy storage to get more spindles and more performance and we're sort of forced to buy more, flash, gave more headroom, but it's interesting what you're saying about the depreciation cycle. So that's good news. So ETR combines, just for people's benefit here, combines primary and secondary storage into a single category. So you have companies like Pure and NetApp, which are really pure play primary storage companies, largely in the sector, along with Veeam, Cohesity and Rubrik, which are kind of secondary data or data protection. So my quick thoughts here that Pure is elevated and remains what I call the one-eyed man in the land of the blind, but that's positive tailwinds there, so that's good news. Rubrik is very elevated but down, it's big competitor, Cohesity is way off its highs, and I have to say to me, Veeam is like the Steady Eddy consistent player here. They just really continue to do well in the data protection business, and the highs are steady, the lows are steady. Dell is also notable, they've been struggling in storage. Their ISG business, which comprises servers and storage, it's been softer in COVID, and during even this new product rollout, so it's notable with this new mid range they have in particular, the uptick in Dell, this survey, because Dell is so large, a small uptick can be very good for Dell. HPE has a big announcement next month in storage, so that might improve based on a product cycle. Of course, the Nimble brand continues to do well, IBM, as I said, just announced a very soft quarter, down double digits again, and they're in a product cycle shift. And NetApp, it looks bad in the ETR data from a spending momentum standpoint, but their management team is transforming the company into a Cloud play, which Erik is why it was interesting that Pure has the greatest momentum in Cloud accounts, so that is sort of striking to me. I would have thought it would be NetApp, so that's something that we want to pay attention to, but I do like a lot of what NetApp is doing, and other than Pure, they're the only big kind of pure play in primary storage. So long-winded, intro there, Erik, but anything you'd add? >> No, actually I appreciate it as long-winded. I'm going to be honest with you, storage is not my best sector as far as a researcher and analyst goes, but I actually think that a lot of what you said is spot on. We do capture a lot of large organizations spend, we don't capture much mid and small, so I think when you're talking about these large, large players like NetApp not looking so good, all I would state is that we are capturing really big organization spending attention, so these are names that should be doing better to be quite honest, in those accounts, and at least according to our data, we're not seeing it in. It's longterm depression, as you can see, NetApp now has a negative spending velocity in this analysis. So, I can go dig around a little bit more, but right now the names that I'm hearing are Pure, Cohesity. I'm hearing a little bit about Hitachi trying to reinvent themselves in the space, but I'll take a wait-and-see approach on that one, but pure Cohesity are the ones I'm hearing a lot from our community. >> So storage is transforming to Cloud as a service. You've seen things like Apex in GreenLake from Dell and HPE and container storage. A little, so not really a lot of people paying attention to it, but Pure bought a company called Portworx which really specializes in container storage, and there's many startups there, they're trying to really change the way. David Flynn, has a startup in that space, he's the guy who started Fusion-io. So a lot of transformations happening here. Okay, I know it's been a long segment, we have to summarize, and let me go through a summary and then I'll give you the last word, Erik. So tech spending appears to be tracking US GDP at 6 to 7%. This talent shortage could be a blocker to accelerating IT deployments, so that's kind of good news actually for services companies. Digital transformation, it remains a priority, and that bodes, well, not only for services, but automation. UiPath went public this week, we profiled that extensively, that went public last Wednesday. Organizations that sit at the top face some tough decisions on how to allocate resources. They're running the business, growing the business, transforming the business, and we're seeing a bifurcation of spending and some residual effects on vendors, and that remains a theme that we're watching. Erik, your final thoughts. >> Yeah, I'm going to go back quickly to just the overall macro spending, 'cause there's one thing I think is interesting to point out and we're seeing a real acceleration among mid and small. So it seems like early on in the COVID recovery or COVID spending, it was the deep pockets that moved first, right? Fortune 500 knew they had to support remote work, they started spending first. Around that in the Fortune 500, we're only seeing about 5% spend, but when you get into mid and small organizations, that's creeping up to eight, nine. So I just think it's important to point out that they're playing catch up right now. I also would point out that this is heavily skewed to North America spending. We're seeing laggards in EMEA, they just don't seem to be spending as much. They're in a very different place in their recovery, and I do think that it's important to point that out. Lastly, I also want to mention, I know you do such a great job on following a lot of the disruptive vendors that you just pointed out, with Pure doing container storage, we also have another bi-annual survey that we do called Emerging Technology, and that's for the private names. That's going to be launching in May, for everyone out there who's interested in not only the disruptive vendors, but also private equity players. Keep an eye out for that. We do that twice a year and that's growing in its respondents as well. And then lastly, one comment, because you mentioned the UiPath IPO, it was really hard for us to sit on the sidelines and not put some sort of rating on their dataset, but ultimately, the data was muted, unfortunately, and when you're seeing this kind of hype into an IPO like we saw with Snowflake, the data was resoundingly strong. We had no choice, but to listen to what the data said for Snowflake, despite the hype. We didn't see that for UiPath and we wanted to, and I'm not making a large call there, but I do think it's interesting to juxtapose the two, that when snowflake was heading to its IPO, the data was resoundingly positive, and for UiPath, we just didn't see that. >> Thank you for that, and Erik, thanks for coming on today. It's really a pleasure to have you, and so really appreciate the collaboration and look forward to doing more of these. >> Yeah, we enjoy the partnership greatly, Dave. We're very happy to have you on the ETR family and looking forward to doing a lot, lot more with you in the future. >> Ditto. Okay, that's it for today. Remember, these episodes are all available as podcasts wherever you listen. All you have to do is search "Breaking Analysis" podcast, and please subscribe to the series. Check out ETR website it's etr.plus. We also publish a full report every week on wikibon.com and siliconangle.com. You can email me, david.vellante@siliconangle.com, you can DM me on Twitter @dvellante or comment on our LinkedIn posts. I could see you in Clubhouse. This is Dave Vellante for Erik Porter Bradley for the CUBE Insights powered by ETR. Have a great week, stay safe, be well and we'll see you next time. (bright music)

>>Hello, everyone. This is not appropriate to lapse of America. I'm going to talk about the motivation. For zero knowledge goes back to the heart off, winding down identity, ownership, community and control. Much of photography exists today to support control communications among individuals in the one world. We also consider devices as extensions of individuals and corporations as communities. Here's hoping you're not fit in this picture. What defines the boundary off an individual is the ability to hold a secret with maybe, it says, attached to the ownership. Off some ethic, we want the ability to use the secret to prove ownership of this asset. However, giving up the secret itself essentially announced ownership since then, anybody else can do the same. Dear Knowledge gives us tools to prove ownership without revealing the secret. The notion of proving ownership off a digital object without revealing it sounds very paradoxical outside the model off. So it gives us a surprise when this motion was formalized and constructed by Goldwasser Miccoli and back off in the late eighties, we'll focus on the non interactive >>version of Siri, a knowledge our music in the >>stock, which was first developed by blow Tillman and Peggy, where the general it can span multiple rounds of communications music only allows a single message to be trusted. No, let's get into some technical details for musics. The objective of for music is to show that an object X, which you can think off as the public footprint, often asset, belonging clan and the language without revealing its witness. W, which you can think off as the Future Analytics team consists off three algorithms, video proof and very. The key generation process is executed by a trusted third party and the very opposite, resulting in a common >>random string, or steers, which is made public. The >>true vendor produces a proof by based on the CIA's X and the very fine with the checks. The proof against X and accepts or rejects music off course has to satisfy some properties. We needed to be correct, which basically says that when everyone follows the protocol correctly on, so we can expect, we need to be thought, which says that a false statement cannot be proven. The channel is a trickier properly to form this. How do we capture the intuition behind saying that the proof there is no knowledge of the witness. One way to capture that is to imagine their tools is the real world where the proof is calculated. Using the witness on there's a simulation worth where the proof is calculated without a witness. To make this possible, the simulator may have some extra information about the CIA's, which is independent off the objectives. The property then requires that it is not possible to effectively distinguish these words Now. It is especially challenging to construct music's compared to encryption signature schemes, in particular in signature schemes. The analog off the Hoover can use a secret, and in any case, the analog off the very fire can use a secret. But in is it's none of the crew layer and the verifier can hold a secret. Yeah, in this talk, I'm going to focus on linear subspace languages. This class is the basis of hardness. >>Assumptions like GH and deliver >>on has proved extremely useful in crypto constructions. This is how we express DD it and dealing as linear software. We will use additive notation on express the spirit logs as the near group actions on coop elements. You think the syntax we can write down Deitch on dealing Jupiter's very naturally a zoo witness sector times a constant electric so we can view the language as being penetrated by a constant language. Metrics really was hard by many groups in our instructions. What does it mean? S while uh, Standard group allows traditions and explain it off by in your group also allows one modification In such groups, we can state various in yourself facing elections. The DDN is the simplest one. It assumes that sampling a one dimensional space is indistinguishable from something full professional. The decisional linear assumption assumes the theme from tours is three dimensional spaces generalizing the sequence of Presumptions. The scaling the resumption asks to distinguish between gay damaged examples and full it and >>examples from a K plus one national space. >>Right, So I came up with a breakthrough. Is the construction in Europe 2008 in particular? There? Music for many years Off Spaces was the first efficient >>construction based on idiots and gear. Structurally, >>it consisted of two parts Our commitment to the witness Andre question proof part and going how the witness actually corresponds to the object. The number of elements in the proof is linear in the number >>of witnesses on the number of elements in the object. >>The question remains to build even shorter visits. The Sierras itself seemed to provide some scoop Rosa Russo fix. See how that works for an entire class of languages? Maybe there's a way to increase proof efficiency on the cost of having had Taylor Sierra's for each year. This is what motivates quality and after six, where we let the solace depend on the language itself. In particular, we didn't require the discrete logs of the language constants to generate this, Yes, but we did require this constant student generated from witness sample distributions. This still turns out to be sufficient for many applications. The construction achieved a perfect knowledge, which was universally in the sense that the simulator was independent. However, soundness is competition. So here's how the construction differed from roots high at a very high level, the language constants are embedded into the CIA s in such a way that the object functions as it's only so we end up not needing any separate commitment in the perfect sense. Our particular construction also needed fewer elements in the question proof, as there On the flip side, the CIA's blows up quadratic instead of constant. Let's get into the detail construction, which is actually present with this script. Let the language apparently trace by Giovanni tricks with the witness changing over time, we sat down and matrices >>D and B with appropriate damages. >>Then we construct the public series into what C. S. D is meant to be used. By the way. On it is constructed by >>multiplying the language matrix with D and being worse, Sierra's V is the part that is meant to be used by the very fair, and it is constructed using details be on be embedded in teaching. >>Now let's say you're asked to computer proof for a candidate X with fitness number we computed simply as a product of the witness with CSP. The verification of the truth is simply taking with the pairing off the candidate and the proof with the Sierras. Seeming threats is equal to zero. If you look carefully. Sierra's V essentially embedded in G to the kernel of the Matrix, owned by the language metrics here and so to speak. This is what is responsible for the correctness. The zero knowledge property is also straightforward, >>given the trapdoor matrices, D and B. Now, >>when corrected journalism relatively simple to prove proving illnesses strictly The central observation is that, given CSP, there is still enough entropy. >>India and me to >>random I seriously in particular Sierra's we Can we expand it to have an additional component with a random sample from the kernel allows it. This transformation is purely statistical. No, we essentially invented idiots are killing their talent in the era of kernel part in this transform sitting within show that an alleged proof on a bad candidate and we used to distinguish whether a subspace sample was used for a full space >>sample was used at the challenge. The need >>to have the kernel of the language in this city. That's the technical >>reason why we need the language to come from a witness. Sample. >>Uh, let's give a simple illustration >>of the system on a standard Diffie Hellman, which g one with the hardness assumption being idiot. >>So the language is defined by G one elements small D, E and F, with pupils off the phone due to the W. After that ugly, the CIA is is generated as follows example D and >>B from random on Compute Sierra speak as due to the day after the being verse and Sierra's V as G to do to do the big on day two of the video. The >>proof of the pupil >>detail that I do after the bill is computed using W. As Sierra Speed race to the party. I know that this is just a single element in the group. The verification is done by bearing the Cooper and the proof with the Sierras VMS and then checking in quality. The >>similar can easily compute the proof using trapdoors demand without knowing that what we are expecting. People leave a Peter's die and reduce the roof size, the constant under a given independent of the number of witnesses and object dimensions. Finally, at Cryptocurrency 14 we optimize the proof toe, one group >>element under the idiots. In both the works, the theorists was reduced to linear sites. The >>number of bearings needed for ratification was also industry in years. This is the crypto Ford in construction in action, the construction skeleton remains more or less the famous VR turkey. But the core observation was that many of the Sierras elements could were anomaly. Comite. While still >>maintaining some of this, these extra random items are depicted in red in this side. >>This round of combination of the Sierras elements resulted in a reduction of boat, Bruce says, as also the number of clearings required for education in Europe in 2015 kills, and we came up with a beautiful >>interpretation of skill sets based on the concept of small predictive hash functions. >>This slide is oversimplified but illustrated, wanting, uh, this system has four collecting >>puzzle pieces. The goodness of the language metrics okay again and a key Haider when >>the hidden version of the key is given publicly in the Sears. Now, when we have a good object, the pieces fit together nicely into detectable. However, when we have a bad object, the pieces no longer fit and it becomes >>infeasible to come up with convincing. Zero knowledge is demonstrable by giving the key to the simulator on observing that the key is independent of the language metrics. >>Through the years, we have extended >>enhanced not mind to be six system, especially with our collaborators, Masayuki Abby Koko Jr. Born on U. >>N. Based on your visits, we were able to construct very efficient, identity based encryption structure, resulting signatures >>public verifiable CCS, secure encryption, nine signatures, group signatures, authorities, key extremes and so on. >>It has also been gratifying to see the community make leaps and bounces ideas and also use queuing visits in practical limits. Before finishing off, I wanted to talk to you a little bit about >>some exciting activities going on Hyper ledger, which is relevant for photographers. Hyper >>Leisure is an open source community for enterprise. Great. It's hosted by the minute formation on enjoys participation from numerous industry groups. Uh, so difficult funded to efforts in Africa, we have versa, which is poised to be the crypto home for all. Blocking it and practice a platform for prospecting transactions are part of the legs on the slide here, >>we would love participation from entity inference. So >>that was a brief history of your analytics. Thanks for giving me the opportunity. And thanks for listening

>> Announcer: From theCUBE Studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a Cube Conversation. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're in our Palo Alto Studios today, having a Cube Conversation, you know, with the COVID situation going on we've had to change our business and go pretty much 100% digital. And as part of that process, we wanted to reach out to our community, and talk to some of the leaders out there, because I think leadership in troubling times is even more amplified in it's importance. So we're excited to be joined today by two leaders in our community. First one being John Chambers, a very familiar face from many, many years at Cisco, who's now the founder and CEO of JC2 Ventures. John, great to see you. >> Jeff, it's a pleasure to be with you again. >> Absolutely. And joining him is Umesh Sachdev, he's the co-founder and CEO of Uniphore. First time on theCUBE, Umesh, great to meet you. >> Jeff, thank you for having me, it's great to be with you. >> You as well, and I had one of your great people on the other day, talking about CX, and I think CX is the whole solution. Why did Uber beat cabs, do you want to stand on a corner and raise your hand in the rain? Or do you want to know when the guy's going to come pick you up, in just a couple minutes? So anyway, welcome. So let's jump into it. John, one of your things, that you talked about last time we talked, I think it was in October, wow how the world has changed. >> Yes. >> Is about having a playbook, and really, you know, kind of thinking about what you want to do before it's time to actually do it, and having some type of a script, and some type of direction, and some type of structure, as to how you respond to situations. Well there's nothing like a disaster to really fire off, you know, the need to shift gears, and go to kind of into a playbook mode. So I wonder if you could share with the viewers, kind of what is your playbook, you've been through a couple of these bumps. Not necessarily like COVID-19, but you've seen a couple bumps over your career. >> So it's my pleasure Jeff. What I'll do is kind of outline how I believe you use an innovation playbook on everything from acquisitions, to digitizing a company, to dealing with crisis. Let's focus on the playbook for crisis. You are right, and I'm not talking about my age, (John laughing) but this is my sixth financial crisis, and been through the late 1990s with the Asian financial crisis, came out of it even stronger at Cisco. Like everybody else we got knocked down in the 2001 tech bubble, came back from it even stronger. Then in 2008, 2009, Great Recession. We came through that one very, very strong, and we saw that one coming. It's my fourth major health crisis. Some of them turned out to be pretty small. I was in Mexico when the bird pandemic hit, with the President of Mexico, when we thought it was going to be terrible. We literally had to cancel the meetings that evening. That's why Cisco built the PLAR Presence. I was in Brazil for the issue with the Zika virus, that never really developed much, and the Olympics went on there, and I only saw one mosquito during the event. It bit me. But what I'm sharing with you is I've seen this movie again and again. And then, with supply chain, which not many people were talking about yet, supply chain crisis, like we saw in Japan with the Tsunami. What's happening this time is you're seeing all three at one time, and they're occurring even faster. So the playbook is pretty simple in crisis management, and then it would be fun to put Umesh on the spot and say how closely did you follow it? Did you agree with issues, or did you disagree, et cetera, on it. Now I won't mention, Umesh, that you've got a review coming up shortly from your board, so that should not affect your answer at all. But the first playbook is being realistic, how much was self-inflicted, how much was market. This one's largely market, but if you had problems before, you got to address them at the same time. The second thing is what are the five to seven things that are material, what you're going to do to lead through this crisis. That's everything from expense management, to cash preservation. It's about how do you interface to your employees, and how do you build on culture. It's about how do you interface to your customers as they change from their top priority being growth and innovation, to a top priority being cost savings, and the ability to really keep their current revenue streams from churning and moving. And it's about literally, how do make your big bets for what you want to look like as you move out of this market. Then it's how do you communicate that to your employees, to your shareholders, to your customers, to your partners. Painting the picture of what you look like as you come out. As basic as that sounds, that's what crisis management is all about. Don't hide, be visible, CEOs should take the role on implementing that playbook. Umesh to you, do you agree? And have fun with it a little bit, I like the give and take. >> I want to see the playbook, do you have it there, just below the camera? (Jeff laughing) >> I have it right here by my side. I will tell you, Jeff, in crisis times and difficult times like these, you count all the things that go right for you, you count your blessings. And one of the blessings that I have, as a CEO, is to have John Chambers as my mentor, by my side, sharing not just the learning that he had through the crisis, but talking through this, with me on a regular basis. I've read John's book more than a few times, I bet more than anybody in the world, I've read it over and over. And that, to me, is preparation going into this mode. One of the things that John has always taught me is when times get difficult, you get calmer than usual. It's one thing that when you're cruising on the freeway and you're asked to put the brakes, but it's quite another when you're in rocket ship, and accelerating, which is what my company situation was in the month of January. We were coming out of a year of 300% growth, we were driving towards another 300% growth, hiring tremendously, at a high pace. Winning customers at a high pace, and then this hit us. And so what I had to do, from a playbook perspective, is, you know, take a deep breath, and just for a couple of days, just slow down, and calmly look at the situation. My first few steps were, I reached out to 15 of our top customers, the CEOs, and give them calls, and said let's just talk about what you're seeing, and what we are observing in our business. We get a sense of where they are in their businesses. We had the benefit, my co-founder works out of Singapore, and runs our Asia business. We had the benefit of picking up the sign probably a month before everyone else did it in the U.S. I was with John in Australia, and I was telling John that "John, something unusual is happening, "a couple of our customers in these countries in Asia "are starting to tell us they would do the deal "a quarter later." And it's one thing when one of them says it, it's another when six of them say it together. And John obviously has seen this movie, he could connect the dots early. He told me to prepare, he told the rest of the portfolio companies that are in his investment group to start preparing. We then went to the playbook that John spoke of, being visible. For me, culture and communication take front seat. We have employees in ten different countries, we have offices, and very quickly, even before the governments mandated, we had all of them work, you know, go work from home, and be remote, because employee safety and health was the number one priority. We did our first virtual all-hands meeting on Zoom. We had about 240 people join in from around the world. And my job as CEO, usually our all-hands meeting were different functional leaders, different people in the group talk to the team about their initiatives. This all-hands was almost entirely run by me, addressing the whole company about what's going to be the situation from my lens, what have we learned. Be very factual. At the same time, communicating to the team that because of the fact that we raised our funding the last year, it was a good amount of money, we still have a lot of that in the bank, so we going to be very secure. At the same time, our customers are probably going to need us more than ever. Call centers are in more demand than ever, people can't walk up to a bank branch, they can't go up to a hospital without taking an appointment. So the first thing everyone is doing is trying to reach call centers. There aren't enough people, and anyways the work force that call centers have around the world, are 50% working from home, so the capacity has dropped. So our responsibility almost, is to step up, and have our AI and automation products available to as many call centers as we can. So as we are planning our own business continuity, and making sure every single employee is safe, the message to my team was we also have to be aggressive and making sure we are more out there, and more available, to our customers, that would also mean business growth for us. But first, and foremost is for us to be responsible citizens, and just make it available where it's needed. As we did that, I quickly went back to my leadership team, and again, the learning from John is usually it's more of a consensus driven approach, we go around the table, talk about a topic for a couple of hours, get the consensus, and move out of the room. My leadership meetings, they have become more frequent, we get together once a week, on video call with my executive leaders, and it's largely these days run by me. I broke down the team into five different war rooms, with different objectives. One of them we called it the preservation, we said one leader, supported by others will take the responsibility of making sure every single employee, their families, and our current customers, are addressed, taken care of. So we made somebody lead that group. Another group was made responsible for growth. Business needs to, you know, in a company that's growing at 300%, and we still have the opportunity, because call centers need us more than ever, we wanted to make sure we are responding to growth, and not just hunkering down, and, you know, ignoring the opportunity. So we had a second war room take care of the growth. And a third war room, lead by the head of finance, to look at all the financial scenarios, do the stress tests, and see if we are going to be ready for any eventuality that's going to come. Because, you know, we have a huge amount of people, who work at Uniphore around the world, and we wanted to make sure their well being is taken care of. So from being over communicative, to the team and customers, and being out there personally, to making sure we break down the teams. We have tremendous talent, and we let different people, set of people, run different set of priorities, and report back to me more frequently. And now, as we have settled into this rhythm, Jeff, you know, as we've been in, at least in the Bay area here, we've been shelter in place for about a month now. As we are in the rhythm, we are beginning to do virtual happy hours, every Thursday evening. Right after this call, I get together with my team with a glass of wine, and we get together, we talk every but work, and every employee, it's not divided by functions, or leadership, and we are getting the rhythm back into the organization. So we've gone and adjusted in the crisis, I would say very well. And the business is just humming along, as we had anticipated, going into this crisis. But I would say, if I didn't have John by my side, if I hadn't read his book, the number of times that I have, every plane ride we've done together, every place we've gone together, John has spoken about war stories. About the 2001, about 2008, and until you face the first one of your own, just like I did right now, you don't appreciate when John says leadership is lonely. But having him by our side makes it easier. >> Well I'm sure he's told you the Jack Welch story, right? That you've quoted before, John, where Jack told you that you're not really a good leader, yet, until you've been tested, right. So you go through some tough stuff, it's not that hard to lead on an upward to the right curve, it's when things get a little challenging that the real leadership shines through. >> Completely agree, and Jack said it the best, we were on our way to becoming the most valuable company in the world, he looked me in the eye and said "John, you have a very good company." And I knew he was about to give me a teaching moment, and I said "What does it take to have a great one?" He said a near death experience. And I thought I did that in '97, and some of the other management, and he said, "No, it's when you went through something "like we went through in 2001, "which many of our peers did die in." And we were knocked down really hard. When we came back from it, you get better. But what you see in Umesh is a very humble, young CEO. I have to remember he's only 34 years old, because his maturity is like he's 50, and he's seen it before. As you tell, he's like a sponge on learning, and he doesn't mind challenging. And what what he didn't say, in his humbleness, is they had the best month in March ever. And again, well over 300% versus the same quarter a year ago. So it shows you, if you're in the right spot, i.e. artificial intelligence, i.e. cost savings, i.e. customer relationship with their customers, how you can grow even during the tough times, and perhaps set a bold vision, based upon facts and a execution plan that very few companies will be able to deliver on today. So off to a great start, and you can see why I'm so honored and proud to be his strategic partner, and his coach. >> Well it's interesting, right, the human toll of this crisis is horrible, and there's a lot of people getting sick, and a lot of people are dying, and all the estimations are a lot more are going to die this month, as hopefully we get over the hump of some of these curves. So that aside, you know, we're here talking kind of more about the, kind of, the business of this thing. And it's really interesting kind of what a catalyst COVID has become, in terms of digital transformation. You know, we've been talking about new ways to work for years, and years, and years, and digital transformation, and all these kind of things. You mentioned the Cisco telepresence was out years, and decades ago. I mean I worked in Mitsubishi, we had a phone camera in 1986, I looked it up today, it was ridiculous, didn't work. But now, it's here, right. Now working from home is here. Umesh mentioned, you know, these huge call centers, now everybody's got to go home. Do they have infrastructure to go home? Do they have a place to work at home? Do they have support to go home? Teachers are now being forced, from K-12, and I know it's a hot topic for you, John, to teach from home. Teach on Zoom, with no time to prep, no time to really think it through. It's just like the kids aren't coming back, we got to learn it. You know I think this is such a transformational moment, and to your point, if this goes on for weeks, and weeks, and months, and months, which I think we all are in agreement that it will. I think you said, John, you know, many, many quarters. As people get new habits, and get into this new flow, I don't think they're going to go back back to the old ways. So I think it's a real, you know, kind of forcing function for digital transformation. And it's, you can't, you can't sit on the sidelines, cause your people can't come to the office anymore. >> So you've raised a number of questions, and I'll let Umesh handle the tough part of it. I will answer the easy part, which is I think this is the new normal. And I think it's here now, and the question is are you ready for it. And as you think about what we're really saying is the video sessions will become such an integral part of our daily lives, that we will not go back to having to do 90% of our work physically. Today alone I've done seven major group meetings, on Zoom, and Google Hangouts, and Cisco Webex. I've done six meetings with individuals, or the key CEOs of my portfolio. So that part is here to stay. Now what's going to be fascinating is does that also lead into digitization of our company, or do the companies make the mistake of saying I'm going to use this piece, because it's so obvious, and I get it, in terms of effectiveness, but I'm not going to change the other things in my normal work, in my normal business. This is why, unfortunately, I think you will see, we originally said, Jeff, you remember, 40% maybe as high as 45% of the Fortune 500 wouldn't exist in a decade. And perhaps 70% of the start-ups wouldn't exist in a decade, that are venture capital backed. I now think, unfortunately, you're going to see 20-35% of the start-ups not exist in 2 years, and I think it's going to shock you with the number of Fortune 500 companies that do not make this transition. So where you're leading this, that I completely agree with, is the ability to take this terrible event, with all of the issues, and again thank our healthcare workers for what they've been able to do to help so many people, and deal with the world the way it is. As my parents who are doctors taught me to do, not the way we wish it was. And then get your facts, prepare for the changes, and get ready for the future. The key would be how many companies do this. On the area Umesh has responsibility for, customer experience, I think you're going to see almost all companies focus on that. So it can be an example of perhaps how large companies learn to use the new technology, not just video capability, but AI, assistance for the agents, and then once they get the feel for it, just like we got the feel for these meetings, change their rhythm entirely. It was a dinner in New York, virtually, when we stopped, six weeks ago, traveling, that was supposed to be a bunch of board meetings, customer meetings, that was easy. But we were supposed to have a dinner with Shake Shack's CEO, and we were supposed to have him come out and show how he does cool innovation. We had a bunch of enterprise companies, and a bunch of media, and subject matter expertise, we ended up canceling it, and then we said why not do it virtually? And to your point, we did it in 24 different locations. Half the people, remember six weeks ago, had never even used Zoom. We had milk shakes, and hamburgers, and french fries delivered to their home. And it was one of the best two hour meetings I've seen. The future is this now. It's going to change dramatically, and Umesh, I think, is going to be at the front edge of how enterprise companies understand how their relationship with their customers is going to completely transform, using AI, conversational AI capability, speech recognition, et cetera. >> Yeah, I mean, Umesh, we haven't even really got into Uniphore, or what you guys are all about. But, you know, you're supporting call centers, you're using natural language technology, both on the inbound and all that, give us the overview, but you're playing on so many kind of innovation spaces, you know, the main interaction now with customers, and a brand, is either through the mobile phone, or through a call center, right. And that's becoming more, and increasingly, digitized. The ability to have a voice interaction, with a machine. Fascinating, and really, I think, revolutionary, and kind of taking, you know, getting us away from these stupid qwerty keyboards, which are supposed to slow us down on purpose. It's still the funniest thing ever, that we're still using these qwerty keyboards. So I wonder if you can share with us a little bit about, you know, kind of your vision of natural language, and how that changes the interaction with people, and machines. I think your TED Talk was really powerful, and I couldn't help but think of, you know, kind of mobile versus land lines, in terms of transformation. Transforming telecommunications in rural, and hard to serve areas, and then actually then adding the AI piece, to not only make it better for the front end person, but actually make it for the person servicing the account. >> Absolutely Jeff, so Uniphore, the company that I founded in 2008. We were talking about it's such a coincidence that I founded the company in 2008, the year of the Great Recession, and here we are again, talking in midst of the impact that we all have because of COVID. Uniphore does artificial intelligence and automation products, for the customer service industry. Call centers, as we know it, have fundamentally, for the last 20, 30 years, not have had a major technology disruption. We've seen a couple of ways of business model disruption, where call centers, you know, started to become offshore, in locations in Asia, India, and Mexico. Where our calls started to get routed around the world internationally, but fundamentally, the core technology in call centers, up until very recently, hadn't seen a major shift. With artificial intelligence, with natural language processings, speech recognition, available in over 100 languages. And, you know, in the last year or so, automation, and RPA, sort of adding to that mix, there's a whole new opportunity to re-think what customer service will mean to us, more in the future. As I think about the next five to seven years, with 5G happening, with 15 billion connected devices, you know, my five year old daughter, she the first thing she does when she enters the house from a playground, she goes to talk to her friend called Alexa. She speaks to Alexa. So, you know, these next generation of users, and technology users will grow up with AI, and voice, and NLP, all around us. And so their expectation of customer service and customer experience is going to be quantum times higher than some of us have, from our brands. I mean, today when a microwave or a TV doesn't work in our homes, our instinct could be to either go to the website of the brand, and try to do a chat with the agent, or do an 800 number phone call, and get them to visit the house to fix the TV. With, like I said with 5G, with TV, and microwave, and refrigerator becoming intelligent devices, you know, I could totally see my daughter telling the microwave "Why aren't you working?" And, you know, that question might still get routed to a remote contact center. Now the whole concept of contact center, the word has center in it, which means, in the past, we used to have these physical, massive locations, where people used to come in and put on their headsets to receive calls. Like John said, more than ever, we will see these centers become dispersed, and virtual. The channels with which these queries will come in would no more be just a phone, it would be the microwave, the car, the fridge. And the receivers of these calls would be anywhere in the world, sitting in their home, or sitting on a holiday in the Himalayas, and answering these situations to us. You know, I was reading, just for everyone to realize how drastic this shift has been, for the customer service industry. There are over 14 million workers, who work in contact centers around the world. Like I said, the word center means something here. All of them, right now, are working remote. This industry was never designed to work remote. Enterprises who fundamentally didn't plan for this. To your point Jeff, who thought digitization or automation, was a project they could have picked next year, or they were sitting on the fence, will now know more have a choice to make this adjustment. There's a report by a top analyst firm that said by 2023, up to 30% of customer service representatives would be remote. Well guess what, we just way blew past that number right away. And most of the CEOs that I talked to recently tell me that now that this shift has happened, about 40% of their workers will probably never return back to the office. They will always remain a permanent virtual workforce. Now when the workforce is remote, you need all the tools and technology, and AI, that A, if on any given day, 7-10% of your workforce calls in sick, you need bots, like the Amazon's Alexa, taking over a full conversation. Uniphore has a product called Akira, which does that in call centers. Most often, when these call center workers are talking, we have the experience of being put on hold, because call center workers have to type in something on their keyboard, and take notes. Well guess what, today AI and automation can assist them in doing that, making the call shorter, allowing the call center workers to take a lot more calls in the same time frame. And I don't know your experience, but, you know, a couple of weekends ago, the modem in my house wasn't working. I had a seven hour wait time to my service provider. Seven hour. I started calling at 8:30, it was somewhere around 3-4:00, finally, after call backs, wait, call back, wait, that it finally got resolved. It was just a small thing, I just couldn't get to the representative. So the enterprises are truly struggling, technology can help. They weren't designed to go remote, think about it, some of the unique challenges that I've heard now, from my customers, is that how do I know that my call center representative, who I've trained over years to be so nice, and empathetic, when they take a pee break, or a bio break, they don't get their 10 year old son to attend a call. How do I know that? Because now I can no more physically check in on them. How do I know that if I'm a bank, there's compliance? There's nothing being said that isn't being, is, you know, supposed to be said, because in a center, in an office, a supervisor can listen in. When everyone's remote, you can't do that. So AI, automation, monitoring, supporting, aiding human beings to take calls much better, and drive automation, as well as AI take over parts of a complete call, by the way of being a bot like Alexa, are sort of the things that Uniphore does, and I just feel that this is a permanent shift that we are seeing. While it's happening because of a terrible reason, the virus, that's affecting human beings, but the shift in business and behavior, is going to be permanent in this industry. >> Yeah, I think so, you know it's funny, I had Marten Mickos on, or excuse me, yeah, Marten Mickos, as part of this series. And I asked him, he's been doing distributed companies since he was doing MySQL, before Sun bought them. And he's, he was funny, it's like actually easier to fake it in an office, than when you're at home, because at home all you have to show is your deliverables. You can't look busy, you can't be going to meetings, you can't be doing things at your computer. All you have to show is your output. He said it's actually much more efficient, and it drives people, you know, to manage to the output, manage to what you want. But I want to shift gears a little bit, before we let you go, and really talk a little bit about the role of government. And John, I know you've been very involved with the Indian government, and the French government, trying to help them, in their kind of entrepreneurial pursuits, and Uniphore, I think, was founded in India, right, before you moved over here. You know we've got this huge stimulus package coming from the U.S. government, to try to help, as people, you know, can't pay their mortgage, a lot of people aren't so fortunate to be in digital businesses. It's two trillion dollars, so as kind of a thought experiment, I'm like well how much is two trillion dollars? And I did the cash balance of the FAANG companies. Facebook, Apple, Amazon, Netflix, and Alphabet, just looking at Yahoo Finance, the latest one that was there. It's 333 billion, compared to two trillion. Even when you add Microsoft's 133 billion on top, it's still shy, it's still shy of 500 billion. You know, and really, the federal government is really the only people in a position to make kind of sweeping, these types of investments. But should we be scared? Should we be worried about, you know, kind of this big shift in control? And should, do you think these companies with these big balance sheets, as you said John, priorities change a little bit. Should it be, keep that money to pay the people, so that they can stay employed and pay their mortgage, and go buy groceries, and maybe get take out from their favorite restaurant, versus, you know, kind of what we've seen in the past, where there's a lot more, you know, stock buy backs, and kind of other uses of these cash. As you said, if it's a crisis, and you got to cut to survive, you got to do that. But clearly some of these other companies are not in that position. >> So you, let me break it into two pieces, Jeff, if I may. The first is for the first time in my lifetime I have seen the federal government and federal agencies move very rapidly. And if you would have told me government could move with the speed we've seen over the last three months, I would have said probably not. The fed was ahead of both the initial interest rate cuts, and the fed was ahead in terms of the slowing down, i.e. your 2 trillion discussion, by central banks here, and around the world. But right behind it was the Treasury, which put on 4 trillion on top of that. And only governments can move in this way, but the coordination with government and businesses, and the citizens, has been remarkable. And the citizens being willing to shelter in place. To your question about India, Prime Minister Modi spent the last five years digitizing his country. And he put in place the most bandwidth of any country in the world, and literally did transformation of the currency to a virtual currency, so that people could get paid online, et cetera, within it. He then looked at start-ups and job creation, and he positioned this when an opportunity or problem came along, to be able to perhaps navigate through it in a way that other countries might struggle. I would argue President Macron in France is doing a remarkable job with his innovation economy, but also saying how do you preserve jobs. So you suddenly see government doing something that no business can do, with the scale, and the speed, and a equal approach. But at the same time, may of these companies, and being very candid, that some people might have associated with tech for good, or with tech for challenges, have been unbelievably generous in giving both from the CEOs pockets perspective, and number two and three founders perspective, as well as a company giving to the CDC, and giving to people to help create jobs. So I actually like this opportunity for tech to regain its image of being good for everybody in the world, and leadership within the world. And I think it's a unique opportunity. For my start-ups, I've been so proud, Jeff. I didn't have to tell them to go do the right thing with their employees, I didn't have to tell them that you got to treat people, human lives first, the economy second, but we can do both in parallel. And you saw companies like Sprinklr suddenly say how can I help the World Health Organization anticipate through social media, where the next spread of the virus is going to be? A company, like Bloom Energy, with what KR did there, rebuilding all of the ventilators that were broken here in California, of which about 40% were, out of the stock that they got, because it had been in storage for so long, and doing it for all of California in their manufacturing plant, at cost. A company like Aspire Foods, a cricket company down in Texas, who does 3D capabilities, taking part of their production in 3D, and saying how many thousand masks can I generate, per week, using 3D printers. You watch what Umesh has done, and how he literally is changing peoples lives, and making that experience, instead of being a negative from working at home, perhaps to a positive, and increasing the customer loyalty in the process, as opposed to when you got a seven hour wait time on a line. Not only are you probably not going to order anything else from that company, you're probably going to change it. So what is fascinating to me is I believe companies owe an obligation to be successful, to their employees, and to their shareholders, but also to give back to society. And it's one of the things I'm most proud about the portfolio companies that I'm a part of, and why I'm so proud of what Umesh is doing, in both a economically successful environment, but really giving back and making a difference. >> Yeah, I mean, there's again, there's all the doctor stuff, and the medical stuff, which I'm not qualified to really talk about. Thankfully we have good professionals that have the data, and the knowledge, and know what to do, and got out ahead of the social distancing, et cetera, but on the backside, it really looks like a big data problem in so many ways, right. And now we have massive amounts of compute at places like Amazon, and Google, and we have all types of machine learning and AI to figure out, you know, there's kind of resource allocation, whether that be hospital beds, or ventilators, or doctors, or nurses, and trying to figure out how to sort that all out. But then all of the, you know, genome work, and you know, kind of all that big heavy lifting data crunching, you know, CPU consuming work, that hopefully is accelerating the vaccine. Because I don't know how we get all the way out of this until, it just seems like kind of race to the vaccine, or massive testing, so we know that it's not going to spike up. So it seems like there is a real opportunity, it's not necessarily Kaiser building ships, or Ford building planes, but there is a role for tech to play in trying to combat this thing, and bring it under control. Umesh, I wonder if you could just kind of contrast being from India, and now being in the States for a couple years. Anything kind of jump out to you, in terms of the differences in what you're hearing back home, in the way this has been handled? >> You know, it's been very interesting, Jeff, I'm sure everyone is concerned that India, for many reasons, so far hasn't become a big hot spot yet. And, you know, we can hope and pray that that remains to be the case. There are many things that the government back home has done, I think India took lessons from what they saw in Europe, and the U.S, and China. They went into a countrywide lockdown pretty early, you know, pretty much when they were lower than a two hundred positive tested cases, the country went into lockdown. And remember this is a 1.5 billion people all together going into lockdown. What I've seen in the U.S. is that, you know, California thankfully reacted fast. We've all been sheltered in place, there's cabin fever for all of us, but you know, I'm sure at the end of the day, we're going to be thankful for the steps that are taken. Both by the administration at the state level, at the federal level, and the medical doctors, who are doing everything they can. But India, on the other hand, has taken the more aggressive stance, in terms of doing a country lockdown. We just last evening went live at a University in the city of Chennai, where Uniphore was born. The government came out with the request, much like the U.S., where they're government departments were getting a surge of traffic about information about COVID, the hospitals that are serving, what beds are available, where is the testing? We stood up a voice bot with AI, in less than a week, in three languages. Which even before the government started to advertise, we started to get thousands of calls. And this is AI answering these questions for the citizens, in doing so. So it goes back to your point of there's a real opportunity of using all the technology that the world has today, to be put to good use. And at the same time, it's really partnering meaningfully with government, in India, in Singapore, in Vietnam, and here in the U.S., to make sure that happens on, you know, John's coaching and nudging, I became a part of the U.S.-India Strategic Partnership Forum, which is truly a premier trade and commerce body between U.S. and India. And I, today, co-chaired the start-up program with, you know, the top start-ups between U.S. and India, being part of that program. And I think we got, again, tremendously fortunate, and lucky with the timeline. We started working on this start-up program between U.S. and India, and getting the start-ups together, two quarters ago, and as this new regulation with the government support, and the news about the two trillion dollar packages coming out, and the support for small businesses, we could quickly get some of the questions answered for the start-ups. Had we not created this body, which had the ability to poll the Treasury Department, and say here are questions, can start-ups do A, B, and C? What do you have by way of regulation? And I think as a response to one of our letters, on Monday the Treasury put out an FAQ on their website, which makes it super clear for start-ups and small businesses, to figure out whether they qualify or they don't qualify. So I think there's ton that both from a individual company, and the technology that each one of us have, but also as a community, how do we, all of us, meaningfully get together, as a community, and just drive benefit, both for our people, for the economy, and for our countries. Wherever we have the businesses, like I said in the U.S., or in India, or parts of Asia. >> Yeah, it's interesting. So, this is a great conversation, I could talk to you guys all night long, but I probably would hear about it later, so we'll wrap it, but I just want to kind of close on the following thought, which is really, as you've talked about before John, and as Umesh as you're now living, you know, when we go through these disruptions, things do get changed, and as you said a lot of people, and companies don't get through it. On the other hand many companies are birthed from it, right, people that are kind of on the new trend, and are in a good position to take advantage, and it's not that you're laughing over the people that didn't make it, but it does stir up the pot, and it sounds like, Umesh, you're in a really good position to take advantage of this new kind of virtual world, this new digital transformation, that's just now waiting anymore. I love your stat, they were going to move X% out of the call center over some period of time, and then it's basically snap your fingers, everybody out, without much planning. So just give you the final word, you know, kind of advice for people, as they're looking forward, and Umesh, we'll get you on another time, because I want to go deep diving in natural language, I think that's just a fascinating topic in the way that people are going to interact with machines and get rid of the stupid qwerty keyboard. But let me get kind of your last thoughts as we wrap this segment. Umesh we'll let you go first. >> Umesh, you want to go first? >> I'll go first. My last thoughts are first for the entrepreneurs, everyone who's sort of going through this together. I think in difficult times is when real heroes are born. I read a quote that when it's a sunny day, you can't overtake too many cars, but when it's raining you have a real opportunity. And the other one that I read was when fishermen can't go out fishing, because of the high tide, they come back, and mend their nets, and be ready for the time that they can go out. So I think there's no easy way to say, this is a difficult time for the economy, health wise, I hope that, you know, we can contain the damage that's being done through the virus, but some of us have the opportunity to really take our products and technology out there, more than usual. Uniphore, particularly, has a unique opportunity, the contact center industry just cannot keep up with the traffic that it's seeing. Around the world, across US, across Asia, across India, and the need for AI and automation would never be pronounced more than it is today. As much as it's a great business opportunity, it's more of a responsibility, as I see it. There can be scale up as fast as the demand is coming, and really come out of this with a much stronger business model. John has always told me in final words you always paint the picture of what you want to be, a year or two out. And I see Uniphore being a much stronger AI plus automation company, in the customer service space, really transforming the face of call centers, and customer service. Which have been forced to rethink their core business value in the last few weeks. And, you know, every fence sitter who would think that digitalization and automation was an option that they could think of in the future years, would be forced to make those decisions now. And I'm just making sure that my team, and my company, and I, am ready to gear to that great responsibility and opportunity that's ahead of us. >> John, give you the final word. >> Say Jeff, I don't know if you can still hear me, we went blank there, maybe for me to follow up. >> We gotcha. >> Shimon Peres taught me a lot about life, and dealing with life the way it is, not the way you wish it was. So did my parents, but he also taught me it always looks darkest just before the tide switches, and you move on to victory. I think the challenges in front of us are huge, I think our nation knows how to deal with that, I do believe the government has moved largely pretty effectively, to give us the impetus to move, and then if we continue to flatten the curve on the issues with the pandemic, if we get some therapeutic drugs that dramatically reduce the risk of death, for people that get the challenges the worst, and over time a vaccine, I think you look to the future, America will rebound, it will be rebounding around start-ups, new job creation, using technology in every business. So not only is there a light at the tunnel, at the end of the tunnel, I think we will emerge from this a stronger nation, a stronger start-up community. But it depends on how well we work together as a group, and I just want to say to Umesh, it's an honor to be your coach, and I learn from you as much as I give back. Jeff, as always, you do a great job. Thank you for your time today. >> Thank you both, and I look forward to our next catch up. Stay safe, wash your hands, and thanks for spending some time with us. >> And I just want to say I hope and pray that all of us can get together in Palo Alto real quick, and in person, and doing fist bumps, not shake hands or probably a namaste. Thank you, it's an honor. >> Thank you very much. All right, that was John and Umesh, you're watching theCUBE from our Palo Alto Studios, thanks for tuning in, stay safe, wash your hands, keep away from people that you're not that familiar with, and we'll see you next time. Thanks for watching. (calm music)

(upbeat music) >> Welcome back to theCUBE everybody. This is Dave Vellante. We've been covering the transformation of Oracle Consulting and really its rebirth. And I'm here with Chris Fox, who's the Group Vice President for Enterprise Cloud Architects and Chief Technologist for the North America Tech Cloud at Oracle. Chris, thanks so much for coming on theCUBE. >> Thanks Dave, glad to be here. >> So I love this title. I mean years ago there was no such thing as a Cloud Architect, certainly there were Chief Technologists but so you are really-- Those are your peeps, is that right? >> That's right. That's right. That's really, my team and I, that's all we do. So our focus is really helping our customers take this journey from when they were on premise to really transforming with cloud. And when we think about cloud, really for us, it's a combination. It's our hybrid cloud which happens to be on premise and then of course the true public cloud like most people are familiar with. So, very exciting journey and frankly I've seen just a lot of success for our customers. >> interesting that you hear conversations like, "Oh every company is a software company" which by the way we believe. Everybody's got a some kind of SaaS offering, but it really used to be the application, heads within organizations that had a lot of the power, still do, but of course you have cloud native developers etc. And now you have this new role of Cloud Architects, they've got to align, essentially have to provide infrastructure and capabilities so that you can be agile from a development standpoint. I wonder if you can talk about that dynamic of how the roles have evolved in the last several years. >> Yeah, you know it's very interesting now because as Oracle we spend a lot of our time with those applications owners. As a leader in SaaS right now, SaaS ERP, HCM. You just start walking through the list, they're transforming their organizations. They're trying to make their lives, much more efficient, better for their employees or customers etc. On the other side of the spectrum, we have the cloud native development teams and they're looking at better ways to deploy, develop applications, roll out new features at scale, roll out new pipelines. But Dave, what I think we're seeing at Oracle though, because we're so connected with SaaS and then we're also connected with the traditional applications that have run the business for years, the legacy applications that have been servicing us for 20 years and then the cloud native developers. So what my team and I are constantly focused on now is things like digital transformation and really wiring up all three of these across. So if we think of like a customer outcome, like I want to have a package delivered to me from a retailer, that actual process flow could touch a brand new cloud native site from e-commerce. It could touch essentially, maybe a traditional application that used to be on prem that's now on the cloud and then it might even use some new SaaS application maybe for maybe a procurement process or delivery vehicle and scheduling. So what my team does, we actually connect all three. So, what I always mention to my team and all of our customers, we have to be able to service all three of those constituents and really think about process flows. So I take the cloud native developer, we help them become efficient. We take the person who's been running that traditional application and we help them become more efficient. And then we have the SaaS applications which are now rolling out new features on a quarterly basis and the whole new delivery model. But the real key is connecting all three of these into a business process flow that makes the customer's life much more efficient. >> So what you're saying is that these Cloud Architects and the sort of modern day Chief Technologists, they're multi tool players. It's not just about cloud, it's about connecting that cloud to, whether the system's on prem or other clouds. Is that right? >> It is. You know and one thing that we're seeing too Dave, is that we know it's multi cloud. So it could be Oracle's cloud, hopefully it's always Oracle's cloud, but we don't expect that. So as architects, we certainly have to take a look at what is it that we're trying to optimize? What's the outcome we're looking for? And then be able to work across these teams, and I think what makes it probably most fun and exciting, on one day in one morning, let's say, you could be talking to the cloud native developer team. Talking about Kubernetes, CI/CD pipelines, all the great technologies that help us roll out applications and features faster. Then you'll go to a traditional, maybe Oracle E-Business suite job. This is something that's been running on prem maybe for 20 years, and it's really still servicing the business. And then you have another team that maybe is rolling out a SaaS application from Oracle. And literally all three teams are connected by a process flow. So the question is, how do we optimize all three on behalf of either the customer, the employee, the supplier? And that's really the job for the Oracle Cloud Architect. Which I think, really good, that's different than the other cloud because for the most part, we actually do offer SaaS, we offer platform, we offer infrastructure and we offer the hybrid cloud on prem. So it's a common conversation. How do we optimize all these? >> So I want to get into this cloud conversation a little bit. You guys are used to this term last mover advantage. I got to ask you about it. How is being last an advantage? But let me start there. >> Yeah, that's a great question. I mean, so frankly speaking I think that-- So Oracle has been developing, what's interesting is our SaaS applications for many, many, many years, and where we began this journey is looking at SaaS. And then we started with platform. Right after that we started saying how do we augment SaaS? This OCI for us or Oracle Cloud Infrastructure Gen 2 could be considered a last mover advantage. What does that mean? We join this cloud journey later than the others but because of our heritage, of the workloads we've been running, right? We've been running enterprise scale workloads for years, the cloud itself has been phenomenal, right? It's easier to use, pay for what you use, elastic etc. These are all phenomenal features, fell. And based on our enterprise heritage it wasn't delivering resilience at scale, even for like the traditional applications we've known on prem forever. People always say, "Chris we want to get out of the data center. "We're going zero data center." And I always say, "Well, how are you going to handle that back office stuff?" Right? The stuff that's really big, it's cranky, doesn't handle just, instances dying or things going away too easily. It needs predictable performance. It needs scale. It absolutely needs security and ultimately a lot of these applications truly have relied on an Oracle database. The Oracle database has it's own specific characteristics that it needs to run really well. So we actually looked at the cloud and we said, let's take the first generation clouds, which are doing great, but let's add the features that specifically, a lot of times, the Oracle workload needed in order to run very well and in a cost effective manner. So that's what we mean when we say, last mover advantage. We said, let's take the best of the clouds that are out there today. Let's look at the workloads that, frankly Oracle runs and has been running for years, what our customers needed and then let's build those features right into this next version of the cloud, we can service the enterprise. So our goal, honestly what's interesting is, even that first discussion we had about cloud native, and legacy applications, and also the new SaaS applications, we built a cloud that handles all three use cases, at scale resiliently in a very secure manner, and I don't know of any other cloud that's handling those three use cases, all in, we'll call it the same tendency for us at Oracle. >> Let's unpack that a little bit and get into, sort of, trying to understand the strategy and I want to frame it. So you were the last really to enter the cloud market, let's sort of agree on that. >> Chris: Yup. >> And you kind of built it from the ground up. And it's just too expensive now. The CapEx required to get into cloud is just astronomical. Now, even for a SaaS company, there's no sense. If you're a new SaaS company, you're going to run it in the cloud. Somebody else's cloud. There are some SaaS companies that of course run their own data centers but they're fewer and further between. But so, and I've also said that your advantage relative to the hyper scalers is that you've got this big SaaS estate and it somewhat insulates you, actually more than somewhat. Largely insulates you from the race to the bottom. On compute and storage, cost per bit kind of thing. But my question is, why was it was it important for Oracle, and is it important for Oracle and it's customers, that it had to participate in IaaS and PaaS and SaaS? Why not just the last two layers of that? What does that give you from a strategic advantage standpoint and what does that do for your customer? >> Yeah, great question. So the number one reason why we needed to have all three was that we have so many customers to today that are in a data center. They're running a lot of our workloads on premise and they absolutely are trying to find a better way to deliver a lower cost services to their customers. And, so, we couldn't just say let's just-- everyone needs to just become net new. Everyone just needs to ditch the old and go just to brand new alone. Too hard, too expensive at times. So we said, let's give us customers the ultimate amount of choice. So, let's even go back again to that developer conversation in SaaS. If you didn't have IaaS, we couldn't help customers achieve a zero data center strategy with their traditional application. We'll call it Peoplesoft, or JD Edwards or E-Business suite or even-- there's some massive applications that are running on the Oracle cloud right now that are custom applications built on the Oracle database. What they want is they said, "Give me the lowest ASP to get predictable performance IaaS" I'll run my app's tier on this. Number two, give me a platform service for database 'cause frankly, I don't really want to run your database, like, with all the manual effort, I want someone to automate, patching, scale up and down, and all these types of features like the pilot should have given us. And then number three, I do want SaaS over time. So we spend a lot of time with our customers, really saying, "how do I take this traditional application, run it on IaaS and PaaS?" And then number two, "let's modernize it at scale." Maybe I want to start peeling off functionality and running them as cloud native services right alongside, right? That's something again, that we're doing at scale, and other people are having a hard time running these traditional workloads on prem in the cloud. The second part is they say, "You know, I've got this legacy traditional ERP. Been servicing we well or maybe a supply chain system. Ultimately I want to get out of this. How do I get to SaaS?" And we say, "Okay, here's the way to do this. First, bring into the cloud, run it on IaaS and PaaS. And then selectively, I call it cloud slicing. Take a piece of functionality and put it into SaaS." For ERP, it might be something like start with GL, a new chart of accounts in ERP SaaS. And then slowly over a number of your journey as needed, adopt the next module. So this way, I mean, I'll just say this is the fun part of as an architect, our jobs, we're helping customers move to the cloud at scale, we're helping them do it at their rate, with whatever level of change they want. And when they're ready for SaaS, we're ready for them. And I would just say the other IaaS providers, here's the challenge we're seeing Dave, is that they're getting to the cloud, they're doing a little bit of modernization, but they want PaaS, they also want to ultimately get to SaaS, and frankly, those other clouds don't offer them. So they're kind of in this we're stuck on this lift and shift. But then we want to really move and modernize and go to SaaS. And I would say that's what Oracle is doing right now for enterprises. We're really helping them move these traditional workloads to the cloud IaaS and PaaS. And then number two, they're moving to SaaS when they're ready. And even when you get to SaaS, everyone says, "You know what, leave it as as vanilla as possible, but I want to make myself differentiated." In that case, again, IaaS and PaaS, coupled alongside a SaaS environment, you can build your specific differentiation. And then you leave the ERP pristine, so it can be upgraded constantly with no impact to your specific sidebar applications. So, I would say that the best clouds in the world, I mean, I think you're going to see a lot of the others are trying to, either SaaS providers trying to grow a PaaS, or maybe some of the IaaS players are trying to add SaaS. So, I think you're going to see this blending more and more because customers are asking for the flexibility For either or all three. But I will say that-- >> How can I get PaaS and SaaS-minus. >> Absolutely, I mean, what are you doing there? You're offering choice. There's not a question in my mind that Cisco is a huge customer of ours, they have a product that is one of their SaaS applications running Tetration on the Oracle Cloud. It actually doesn't run any Oracle. It's all cloud native applications. Natively built with a number of open source components. They run just IaaS. That's it, the Tetration product, and it runs fast. The Gen 2 cloud has a great architecture underneath it, flattened fast network. By far, for us, we feel like we really gotten into the guts of IaaS and made it run more efficiently. Other customers say, "I've got a huge Oracle footprint in the data center, help me get it out." So up to the cloud that they go, and they say I don't want just IaaS because that means I'm writing all the automation, like I have to manage all the patching. And this is where for us platform services really help because we give them the automation at scale, which allows their people to do other things, that may be more impactful for the business. >> I want to ask you about, the automation piece. And you guys have made the statement that your Gen 2 cloud is fundamentally different than how other clouds work, Gen 1 clouds. And the Gen 1 clouds which are evolving, the hyper scalars are evolving, but how is Oracle's Gen 2 cloud fundamentally different? >> Yeah. I think that one of the most basic elements of the cloud itself was that for us, we had to start with the security and the network. So if you imagine that those two components really, A, could dictate speed and performance, plus doing it in a secure fashion. The two things that you'll see an awful lot about for us, is that we've embedded not only security at every level. But we've even separated off what we call, every cloud, you have a number of compute instances and then you have storage, right? In the middle, you have a network. However, to become a cloud, and to offer the elastic scale and the multiple sharing of resources, you have to have something called a control plane. What we've done is we've actually extracted the control plane out into its own separate instance of a running machine. Other clouds actually have the control plane inside of there running compute cores. Now, what does that do? Well, the fact of the matter is, we assume that the control plane and the network should be completely separate from what you run on your cloud. So if you run a virtual machine, or if you run a bare metal instance, there's no Oracle software running on it. We actually don't trust customers, and we actually tell the customers don't trust us, either. So by separating out the control plane, and all the code that runs that environment off of the running machine, you get more cores meaning like you have-- There's no Oracle tax for running this environment. It's a separate conmputer for each one, the control plane. Number two, it's more secure. We actually don't have any running code on that machine, if you had a bare metal instance. So therefore, there's no way for one machine in the cloud to infect another machine if the control plane was compromised. The second part of the network, the guys who have been building this cloud, Don Johnson, a lot of the guys came from other clouds before and they said, "yYou know the one thing we have to do is make a we call it Flattened Fast Clause Network that really is never oversubscribed." So you'll constantly see and people always ask me same question, "Dave, why is the performance faster if its the same VM shape? "Like I don't understand why it's going faster, like high performance computing." And the reason again a lot of times is the network itself is that it's just not oversubscribed. It's constantly flowing all the data, there's no such thing as congestion on the network, which can happen. The last part, we actually added 52 terabytes of local storage to every one of those compute nodes. So therefore, there's a possibility you don't even have to traverse the network to do some really serious work on the local machine. So you add these together, the idea is make the network incredibly fast, separate out the control plane and run the software and security layer separate from the entire node where all the customers work is being done. Number three, give the customers more compute, by obviously having us offload it to a separate machine. And the last thing is put local storage and everything is what's called NVMe storage. Whether it's local or remote, everything's NVMe, though the IOPS we get are really off the charts. And again, it shows up in our benchmarks. >> Yeah, so you're getting, atomic access to memory. But in your control plane, you describe that control plane that's running. Sorry to geek out everybody. But I'm kind of curious, you know. You got me started, Chris. So that's control-- >> Yeah, that's good. >> the Oracle cloud or runs. Where's it live? >> It's essentially separated from the compute node. We actually have it in between, there's a compute node that all the work is done from the customer, could be on like a Kubernetes container or VM, whatever it might be. The control plane literally is separate. And it lives right next to the actual compute node the customer is using. So it's actually embedded on a SmartNIC, it's a completely different cores. It's a different chipset, different memory structure, everything. And it does two things. It helps us control what happens up in the customers compute nodes in VMs. And it also helps us virtualize the network down as well. So it literally, the control plane is separate and distinct. It's essentially a couple SmartNICS. >> And then how does Autonomous fit into this whole architecture? I'm speaking by the way for that description, I mean, it's nuanced, but it's important. I'm sure you having this conversation with a lot of cloud architects and chief technologists, they want to know this stuff, and they want to know how it works. And then, obviously, we'll talk about what the business impact is. But talk about Autonomous and where that fit. >> Yeah, so as Larry says that there are two products that really dictate the future of Oracle and our success with our customers. Number one is ERP-SaaS. The second one is Autonomous Database. So the Autonomous Database, what we've done is really taken a look at all the runtime operations of an Oracle database. So tuning, patching, securing all these different features, and what we've done is taken the best of the Oracle database, the best of something called Exadata which we run on the cloud, which really helps a lot of our customers. And then we've wrapped it with a set of automation and security tools to help it really manage itself, tune itself, patch itself, scale up and down, independent between compute and storage. So, why that's important though, is that really our goal is to help people run the Oracle database as they have for years but with far less effort, and then even not only far less effort, hopefully, a machine plus man, out of the equation we always talk about is man plus machine is greater than man alone. So being assisted by artificial intelligence and machine learning to perform those database operations, we should provide a better service to our customers with far less costs. >> Yeah, the greatest chess player in the world is a combination of man and machine, you know that? >> You know what? It makes sense. It makes sense because, there's a number of things that we can do as humans that are just too difficult to program. And then there are other things where machines are just phenomenal, right? I mean, there's no-- Think of Google Maps, you ask it wherever you want to go. And it'll tell you in a fraction of a second, not only the best route, but based on traffic from maybe the last couple of years. right now, we don't have autonomous cars, right, that are allowed to at least drive fully autonomous yet, it's coming. But in the meantime, a human could really work through a lot of different scenarios it was hard to find a way to do that in autonomous driving. So I do believe that it's going to be a great combination. Our hope and goal is that the people who have been running Oracle databases, how can we help them do it with far less effort and maybe spend more time on what the data can do for the organization, right? Improve customer experience, etc. Versus maybe like, how do I spin up a table? One of our customers is a huge consumer. They said, "our goal is how do we reduce the time to first table?" Meaning someone in the business just came up with an idea? How do I reduce the time to first table. For some of our customers, it can take months. I mean, if you were going to put in a new server, find a place in the data center, stand up a database, make the security controls, right and etc. With the autonomous database, I could spin one up right here, for us and, and we could start using it and it would be secure, which is utmost and paramount. It would scale up and down, meaning like just based on workload, as I load data into it, it would tune itself, it would help us with the idea of running more efficiently, which means less cores, which means also less cost. And then the constant security patches that may come up because of different threats or new features. It would do that potentially on its own if you allow it. Obviously some people want to watch you know what exactly it's going to do first. Do regression testing. But it's an exciting product because I've been working with the Oracle database for about 20 years now. And to see it run in this manner, it's just phenomenal. And I think that's the thing, a lot of the database teams have seen. Pretty amazing work. >> So I love this conversation. It's hardcore computer science, architecture, engineering. But now let's end with by up leveling this. We've been talking, a lot about Oracle Consulting. So let's talk about the business impact. So you go into customers, you talk to the cloud architects, the chief technologist, you pass that test. Now you got to deliver the business impact. Where does Oracle consulting fit with regard to that, and maybe you could talk about sort of where you guys want to take this thing. >> Yeah, absolutely. I mean, so, the cloud is great set of technologies, but where Oracle consulting is really helping us deliver is in the outcome. One of the things I think that's been fantastic working with the Oracle consulting team is that cloud is new. For a lot of customers who've been running these environments for a number of years, there's always some fear and a little bit of trepidation saying, "How do I learn this new cloud?" I mean, the workloads, we're talking about deeper, like tier zero, tier one, tier two, and all the way up to Dev and Test and DR, Oracle Consulting does really, a couple of things in particular, number one, they start with the end in mind. And number two, that they start to do is they really help implement these systems. And, there's a lot of different assurances that we have that we're going to get it done on time, and better be under budget, 'cause ultimately, again, that's something that's really paramount for us. And then the third part of it a lot of it a lot of times is run books, right? We actually don't want to just live at our customers environments. We want to help them understand how to run this new system. So training and change management. A lot of times Oracle Consulting is helping with run books. We usually will, after doing it the first time, we'll sit back and let the customer do it the next few times, and essentially help them through the process. And our goal at that point is to leave, only if the customer wants us to but ultimately, our goal is to implement it, get it to go live on time, and then help the customer learn this journey to the cloud. And without them, frankly, I think these systems are sometimes too complex and difficult to do on your own, maybe the first time especially because like I say, they're closing the books, they might be running your entire supply chain. They run your entire HR system or whatever they might be. Too important to leave to chance. So they really help us with helping the customer become live and become very competent and skilled, because they can do it themselves. >> But Chris, we've covered the gamut. We're talking about, architecture, went to NVMe. We're talking about the business impact, all of your automation, run books, loved it. Loved the conversation, but to leave it right there but thanks so much for coming on theCUBE and sharing your insights, great stuff. >> Absolutely, thanks Dave, and thank you for having me on. >> All right, you're welcome. And thank you for watching everybody. This is Dave Vellante for theCUBE. We are covering the Oracle North America Consulting transformation and its rebirth in this digital event. Keep it right there. We'll be right back. (upbeat music)

>>from Santa Clara, California. In the heart of Silicon Valley, it's the queue covering altitude 2020. Brought to you by aviatrix. >>Next panel is the aviatrix certified engineers, also known as Aces. This is the folks that are certified their engineering. They're building these new solutions. Please welcome Toby Foster Informatica Stacy Linear from terror data. And Jennifer read with Victor Davis to the stage. >>So we're gonna show you a jacket. Yeah, I get it. >>I was just gonna I was just gonna really rib you guys. See? Where's your jackets? And Jen's got the jacket on. Okay. >>Good. Love. The aviators. Aces, Pilot gear. They're above the clouds. Storage to new heights. So guys, aviatrix pace is love the name. I think it's great. Certified. This is all about getting things engineered. So that level of certification I want to get into that. But first take us through the day in the life on a SAS. And just to point out, Stacy's a squad leader. So he's He's like Squadron leader, quadrant leader, quadrant leader. So it's got a bunch of pieces underneath him, but share your perspective day in the life. We'll start with you. >>Sure, So I have actually a whole team that works for me both in the in the North America, both in the U. S. And in Mexico. And so I'm eagerly working to get them certified as well, so I can become a squad leader myself. But it's important because one of the critical gaps that we found is people having the networking background. Because there you graduate from college and you have a lot of computer science background. You can program. We've got python, but now working and packets they just don't get. And so just taking them through all of the processes that it's really necessary to understand when you're troubleshooting is really critical. And, um, because you're going to get an issue where you need to figure out where, exactly is that happening on the network, you know, is by my issue just in a vpc is on the instant side is a security group or is it going on prim? And is this something actually embedded within Amazon itself? I mean, I trouble shot an issue for about six months going back and forth with Amazon, and it was the VW VPN because they were auto scaling on two sides, and we ended up having to pull out the Cisco's and put in aviatrix so I could just say OK, it's fixed and actually actually help the application teams get to that and get it solved. But I'm taking a lot of junior people and getting them through that certification process so they can understand and see the network The way I see the network, I mean, look, I've been doing this for 25 years, but I got out when I went in the Marine Corps. That's what I did and coming out The network is still the network, but people don't get the same training they get. They got >>just so he just write some software that takes care of itself, but we'll come back to that. I want to come back to that problem solve with Amazon, but I think the only thing I have to >>add to that is that it's always the network as long as I've been in. Networking has always been the network's fault. If you're in the I'm even to this day, you know, still, networks fault, and part of being a network guy is that you need to prove when it is and when It's not your fault. And that means you need to know a little bit about 100 different things. Make that >>And now you got a full stack. Dev Ops, you know, a lot more time. Another 100 times are changing your squadron leader. I get that right. What is? What is the squadron leader first? Could you describe what it is? I think probably just leading off with network components of it. But they from my perspective when you think about what you asked them was it's about no issues and the escalations off my days like that. That's a good outcome. That's a good day. Is a good day's a good day for you. Mention the Amazon. This brings up a good point when you have these new waves come in. You have a lot of new things. New use cases, a lot of the finger point against that guy's problem that girls problems. So what? How do you solve that? And how do you get the young guns up to speed? Is there training is that this with a certification comes in, >>whatever the certification is really going to come in I know when we, uh, we got together at reinvent one of the questions that that we had with with Steven the team was What? What should our certification look like? You know, she would just be teaching about what aviatrix troubleshooting brings to bear. But what should that be like? And I think Toby and I was like, No, no, no, no, that's going a little too high. We need to get really low because the better someone can get actually understanding what's actually happening in the network and where to actually troubleshoot the problem, how to step back each of those processes. Because without that, it's just a big black box and they don't know, you know, because everything is abstracted in Amazon and a Net and Azure and Google, it's abstracted in there. These virtual gateways they have VPN is that you just don't have the logs on is you just don't know. And so then what tools can you put in front of them of where they can look because there are full logs? Well, as long as they turned on the flow logs when I built it, you know, and there's like each one of those little things that well, if they had decided to do that when they built it, it's there. But if you can come in later to really supplement that with training to actual troubleshoot and do a packet capture here as it's going through the teaching them how to read act. Even >>so, we were talking before we came on up on stage about your career. You've been networking all your time, and then, you know, you're no mentoring a lot of younger people. How is that going? Because the people who come in fresh, they don't have all the old war stories they don't talk about, You know, it's never fall. I walk in bare feet in the snow when I was your age, so easy now, right? They say, What's your take on how you train the young piece? >>So I've noticed two things. One is that they are up to speed a lot faster in generalities of networking. They can tell you what network is in high school level now where I didn't learn that until midway through my career, and they're learning it faster, but they don't necessarily understand why it's that way here, you know, everybody thinks that it's always slash 24 for a submit, and they don't understand why you can break it down. Smaller. What? It's really necessary. So the ramp up speed is much faster for these guys that are coming in, but they don't understand why. And they need some of that background knowledge to see where it's coming from. And why is it important? And that's old guys. That's where we thrive. >>Jennifer, you mentioned you got in from the Marines helps. But when you got into networking, how what was it like that? And compare it now? Almost like we heard earlier. Static versus Dynamic. Don't be static. And then you just set the network. You got a perimeter? >>Yeah. No, there was no such thing. Yeah, no. So, back in the day, I mean, yeah, I mean, we had banyan vines for email, you know, we had token ring and I had to set up token ring networks and figure out why that didn't work. Because how many of things were actually sharing it, But then actually, just cutting fiber and running fiber cables and dropping them over, you know, shelters to plug them in, and Oh, crap. They swung it too hard and shattered. And I got a great polish this thing and actually shoot like to see if it works. I mean, that was the network crypt. Five cat, five cables to run an Ethernet, you know? And then from that to set network switches. Dumb switches like those were the most common ones you had then, actually configuring routers and, you know, logging into a Cisco router and actually knowing how to configure that. And it was funny because I had gone all the way up. It was a software product manager for a while, So I've gone all the way up the stack. And then, ah, two and 1/2 3 years ago, I came across, too, to work with NTT Group that became Victor Davis. But we went to help one of our customers, Avis, and it was like, Okay, so we need to fix the network. Okay, I haven't done this in 20 years, but all right, let's get to it, you know, because it really fundamentally does not change. It's still the network. I mean, I've had people tell me Well, you know, when we go to containers, we will not have to worry about the network. And I'm like, Yeah, you don't I >>dio. And then with this with program ability is really interesting. So I think this brings up the certification. What are some of the new things that people should be aware of that come in with the aviatrix? A certification? What are some of the highlights? Can you guys share some of the highlights around certifications? >>I think some of the importance is that its it doesn't need to be vendor specific for network generality or basic networking knowledge. And instead of learning how Cisco does something or how Palo Alto does something, we need to understand how and why it works as a basic model and then understand how each vendor has gone about that problem and solve it in a general. That's true in Multi Cloud as well. You can't learn how cloud networking works without understanding how AWS and Measure and GC P r. All slightly the same, but slightly different and some things work and some things don't. I think that's probably the number one take. >>I think having a certification across clouds is really valuable because we heard the global outside of the business issues. What does it mean to do? That code is that networking is the configurations that aviatrix what is the state matrix is a certification, but what is it about the multi cloud that makes it multi networking and multi vendor? But the >>easy answer is yes, >>yes, it's >>all got to be a general. Let's get your hands and you have to be >>right. And it takes experience because it's every every cloud vendor has their own certification. Um, whether that stops and, um, advanced networking and events, security or whatever it might be. Yeah, they can take the test, but they have no idea how to figure out what's wrong with that system in the same thing with any certification. But it's really getting your hands in there. And actually having to troubleshoot the problems, you know, actually work the problem, you know, and calm down. It's going to be OK because I don't know how many calls I've been on or even had aviatrix join me on. It's like, Okay, so everyone calm down. Let's figure out what's happening. It's like we've looked at that screen three times looking at it again. It's not going to solve that problem, right, But at the same time, remaining calm. But knowing that it really is, I'm getting a packet from here to go over here. It's not working. So what could be the problem, you know, and actually stepping them through those scenarios. But that's like, you only get that by having to do it, you know, and and seeing it and going through it. And >>I have a question. So, you know, I just see it. We started this program maybe six months ago. We're seeing a huge amount of interest. I mean, where oversubscribed on all the training sessions, we've got people flying from around the country, even with Corona virus flying to go to Seattle to go to these events were over >>subscribed. Good is that originally they would put their Yeah. Is >>that something that you see in your organizations? Are you recommending that two people do you see? I mean, I'm just I guess I'm surprised. I'm not surprised, but I'm really surprised by the demand, if you would of this multi cloud network certification. Is there really isn't anything like that? Is that something you guys could comment on? That do you see the same things in your organization I see from >>my side Because we operate in a multi cloud environments that really helps. It's beneficial. Yeah, >>I think I would add that, um, networking guys have always needed to use certifications to prove that they know what they know. It's not good enough to say. Yeah, I know. I p addresses are I know how the network works and a couple little check marks. Our little letters by your helps give you validity. So even in our team, we can say, Hey, you know, we're using these certifications to know that you know enough of the basics and enough of the understandings that you have the tools necessary, >>right? So I guess my final question for you guys is why and a certification is relevant. And then second part is share with Livestream folks who aren't yet a certified or might want to jump in to be aviator certified engineers. Why is it important? So why is it relevant? And why should someone want to be a certified engineer? >>I think my V is a little different. I think certification comes from proving that you have the knowledge not proving that you get a certification to get. I mean, they're backwards. So when you've got the training and the understanding in the you use that to prove and you can, like, grow your certification list with it versus studying for a test to get a certification and have no understanding of >>that. So that who is the right person that look at this and saying I'm qualified is a network engineer. Is that a Dev ops person? What your view? Is it a certain >>you know, I think Cloud is really the answer. It's the as we talked like the edge is getting eroded. So is the network definition getting eroded? We're getting more and more of some network. Some develop some security lots and lots of security. Because network is so involved in so many of them, that's just the next progression. >>You want to add something there, I would say expand that to more automation engineers because we have those now, so I'm probably extended >>Well, I think the training classes themselves are helpful, especially the entry level ones for people who maybe quote unquote cloud architects. But I've never done anything in networking for them to understand why we need those things to really work, Whether or not they go through it. Eventually get a certification is something different. But I really think fundamentally understanding how these things work. It makes them a better architect. Make some better application developer, but even more so as you deploy more of your applications into the cloud. Really getting an understanding even from our people have tradition down on Prem networking. They can understand how that's gonna work in the cloud. >>I know we've got just under 30 seconds left. I want to get one more question than just one more for the folks watching that are maybe younger than I don't have. The networking training from your experience is, each of you can answer. Why should they know about networking? What's the benefit? What's in it for them? Motivate them, share some insights and why they should go with the deeper and networking space we'll start with. You know, I would say it's probably fundamental right after delivery solutions networking. Use the very top. I >>would say. If you fundamental of an operating system running on a machine, how those machines talk together, um, is a fundamental change is something that starts from the base and work your way up. >>Well, I think it's a challenge because you've come from top down. Now you're going to start looking from bottom up, and you want those different systems to cross, communicate and say you built something and your overlapping eyepiece space. Not that that doesn't happen. But how can I actually make that still operate without having to re? I re platform? It's like those challenges, like those younger developers or Cisco engineers can really start to get their hands around and understand those complexities and bring that forward in their careers. >>And, you know, the pipes are working plumbing. >>That's right. >>And they know how it works. How to code it. >>That's right. >>Awesome. Thank you, guys for great insights. Ace certified engineers, also known as aces, give a round of applause. >>Yeah, Yeah, that's great. Thank you. Okay, alright, that >>concludes my portion. Thank you, Steve. Thanks for having >>on. Thank you very much. That was fantastic. Everybody >>running with John Furrier. Yeah. So Great event. Great event. I'm >>not gonna take along with that. We got lunch outside for the people here. Just a couple of things. I just called action, right? So we saw the aces. You know, for those of you out of the stream here, become a certified. It's great for your career. Is great for not knowledge is is fantastic. It's not just an aviatrix thing. It's going to teach you about cloud networking, multi cloud networking with a little bit of aviatrix, exactly what the Cisco CC IE program was for I p Network. That type of the thing that's number one second thing is, is is learn, right? So there's a There's a link up there for the for to join the community, get like I started this. This is a community. This is the kickoff to this community, and it's a movement. So go to what may be community dot IBM dot com. Starting a community of multi cloud. So you get trained learn. I'd say the next thing is we're doing over 100 seminars in across the United States and also starting into Europe. Soon we will come out and we'll actually spend a couple hours and talk about architecture and talk about those beginning things. For those of you on the you know, on the live stream in here as well. You know, we're coming to a city near you. Go to one of those events. It's a great way to network with other people that are in the industry as well is to start to learn and get on that multi cloud journey. And then I'd say the last thing is, you know, we haven't talked a lot about what aviatrix does here, and that's intentional. We want you, you know, leaving with wanting to gnome or and schedule get with us and schedule a multi our architecture workshop sessions. So we we sit down with customers and we talk about where they're at in that journey and, more importantly, where they're going and define that end state architecture from networking, compute storage, everything and everything you've heard. Today. Every panel kept talking about architecture, talking about operations. Those are the types of things that we saw. We help. You could define that canonical architecture that system architecture, that's yours. So for so many of our customers, they have three by five plotted lucid charts, architecture, drawings, and it's the customer name slash aviatrix our network architecture, and they put it on the whiteboard that's what we and that's the most valuable thing they get from us. So this becomes there 20 year network architecture, drawing that. They don't do anything without talking us. And look at that architecture. That's what we do in these multi hour workshop sessions with customers. And that's super super powerful. So if you're interested, definitely call us. And let's schedule that with our team. So anyway, I just want to thank everybody on the livestream. Thank everybody here. Hopefully it was It was very useful. I think it waas and join the movement. And for those of you here, join us for lunch and thank you very much. >>Yeah, >>yeah, yeah.