(upbeat music) >> Hey everyone, welcome to this event: Build Your Cloud Center of Excellence. I'm your host, Lisa Martin, and I have two guests here with me today to talk about the hybrid cloud, the multi-cloud trends, and specifically the complexity. While we know these trends provide agility and flexibility for customers, they also bring in complexity. And this session is going to focus on exploring that with RBI and HitachiVantara. Please welcome my guests, Adithya Sastry the SVP of Digital Solutions at HitachiVantara and Werner Mayer, head of group core IT and head of group data at RBI International. Guys, welcome to the program. >> Thank you Lisa. Werner, nice to see you again. >> Great to see you both. >> And Werner, we're going to start with you. Talk about RBI. Tell the audience a little bit about what the business is and then we're going to get into your cloud transformation journey over the last couple of years. >> Yes, thank you. So Raiffeisen Bank International is international working banking groups. So our core markets are Central Eastern European, Central Eastern Europe and Austria. And we are serving around 50 million clients in this market. So we active in 13 markets. >> Got it. Talk to me, Werner about the cloud transformation journey that RBI has been on over the last couple of years and some of the complexities that you've experienced as you've launched it. >> Sure. Thank you for the question. So in 2020, we decided that we have to renew our IT strategy. And the aim of the strategy was to change the organization in a way that it can react and adapt fast to the future challenges. So one of the important pillars for us was that we are adapting fast also for new technologies. And this was core pillar in our strategy. So we're searching for technologies which are fit in to our HR transformation. And we found that the cloud and the public cloud environment fits to this venture. So we tested that. We are building up also the competent centers for that and also established the group cloud platform for that. Because our invoice to onboard our international group with the 13 units to this group cloud platform. So that means we have a lot to do to hardening the platforms in terms of security to put in. We have standard for that. We have to introduce large scale programs to train hundreds of engineers. We tested the approach, We convinced the top management and we implemented this, this program. So one of the highlights was, of course, also the the safeguarding of the Ukraine, let's say, banking environment. So we had to lift and shift the complete bank in three months. And it shows that let's say our platforms works. And let's say the approach is proven that we can scale it over the group. >> That's a big challenge. A lot of complexity especially with some of the global things going on. Adithya, these challenges are, are not unique to RBI. A lot of your customers are facing challenges with complexity around cloud management, cloud ops. What can you unpack was the real issue is here? >> Yeah, Lisa, absolutely. And you know, before I answer your question, I do want to, you know, just say a couple of things about Raiffeisen Bank. And you know, we've had the pleasure of working with them for about a year, a little bit more than a year now. And, and, and the way they approach the cloud transformation journey is - should be a template for a lot of the organizations in terms of the preparation in terms of understanding, you know. How other companies have done it and what are the pitfalls. What's worked, and really what's the recipe for their, you know, journey, right? Which is very unique because, you know, you look at you know, being present across 30 different countries within central and eastern Europe as Werner said. And the complexities of dealing with local regulations, GDPR and all these other issues that come with it, right? And not to mention the language variation from country to country. So, you know, phenomenal story there. The journey and the journey still goes, right Werner? It's not complete yet. But Lisa, to your question, you know. When we look at, you know, the complexities of this transformation, that most modern enterprises are going through. It's not very unique, right? What is unique for a Raiffeisen Bank is - has been the preparation. As you get into this journey of moving workloads to cloud, be it refactoring, modernizing, migrating, etc. One of the things that really is often overlooked is: "Are my applications and data workloads resilient on the cloud?" Meaning  how is the performance? Are they just running or are they performing with high availability to meet your customers goals? Is it scalable? And are my cost in line with what I projected when I moved prep. >> Because that's one of the areas we are seeing where you know, what enterprises projected from a cost savings to what they're realizing a year and a half into the journey is a pretty big delta, right? And, and, and a lot of it is dependent on are the cloud - are the applications and the workloads cloud, designed for the cloud? Or are they designed for on-prem which you just move to the cloud. >> So Werner, it sounds like what Adithya said is a compliment to, to you guys and the team at RBI in terms of this being a template for managing complexity. Give us, Werner, your perspective in terms of modern cloud ops. What's in? What's out? What is it that customers really need to be focusing on to be successful? >> Thanks for the compliment, Lisa. And I think this is a great relationship also in the journey. Topic is, is, is a - is a complex program where a lot of things have to fit together. But it was mentioning the resilience. The course, we call it finops, security operations and so on have to come together and have to work on spot. At the end, it's also, let's say, how we are able enabling our teams and how we are ramping out the skills of our teams to deal with these multidimensional, let's say environments. And this is something what we spend a lot of time in order to prepare, but also to bring up the people on a certain level that they can operate at. Because card guard handling is, is different than before. Because beforehand you have central operations team. They do everything for you. But in this world let's say we are also putting the responsibility of the run component of the absent to the - in the tribes and the application teams. And they have to do much more than before. On the other hand, we have first central rules. We have monitoring functions. We have support functions on that in order to best support them in their journey. So this is a hybrid between, let's say, what the teams have to do with the responsibility in the teams, but also with the central functions which are supporting them. And everything have to work together and goes hand in - right, to go hand-in-hand. >> Yeah. Yeah. And if, if I could just add Lisa really quick and and Werner hit the nail on the head, right? Because you cannot look at cloud operation the way we have traditionally looked at managed services. That's the key thing, right? You cannot, you know, traditional managed services you had L1, L2, L3 and then it goes into some sort of a vacuum and then all of a sudden somebody calls you at some point, right? >> Werner: Exactly. >> And it really has flipped, right? To, to Werner's point. And Werner hit that name on the head because you really have to understand. Bring an engineering led approach to make sure that the problems, you know, when you see an issue that you have some level of automation in terms of problem isolation. And then the problem is routed the right individual ie the application engineering team or the data engineering team for resolution in a rapid manner. Right? I think that the key - >> Yes. A very important point with that is said, yeah. So you cannot traditional transport let's say, the operation model what you have now into the cloud because this will not work, yeah. And finally at the end you will not benefit on the technology possibilities there. So super important point. My vision in the cloud and this is also something what we are working on is a sort of zero-ops environment, yeah? Because we're ultimately dealing with the automatization technologies and so on, you can that much - to much more compared to the traditional environment and the benefit of the cloud is: You can test it. You can give it feedback when it is not working, yeah? So it's a completely different operating model. What we try to establish in the cloud environment. >> So really what this seems like guys is is quite a delicate balance that you're solving for. Not the only delicate balance but Werner sticking with you. Talk to us about some of the challenges that you've had around cloud cost management in particular. Help us understand that. >> Thanks for the question. So in principle, we are doing very well on the cost side, surprisingly. And we also started the cloud journey that is said this is not the cost case. Because as I said before, let's say one of the pillars in the strategy strategy was the enablement of technology to the benefit of customer solutions to be adaptive, to be faster. But at the end it turned out that let's say with giving the responsibility of the operation to the dedicated team, they found they - they were working much closer to the cost, and let's say monitoring the cost, then we headed into traditional environments, yeah? I also saw some examples in the group where sort of gamification of the cost were going on. To say who can save more To say who can save more and make more much more out of that what you have in the cloud. And at the end we see that in minimum the cost are balance to the traditional environments in the data centers. But we also saw that let's say, the cost were brought down much more than before. So at the beginning we were relative conservative with the assumptions, yeah? But it turns out that we are really getting the benefit. The things are getting faster and also the costs are going down. And we see this in real cases. >> Yeah. And, and, and Lisa, if I could add something really quick, right? Because - There's been a mad rush to the cloud, right? Everybody kind of, it was, you know, the buzz the buzz was let's get to the cloud. We'll start to realize all these savings. And all of a sudden, everything kind of magically gets better, right? And what we have seen is also, you know, companies or customers or enterprises that have started this journey about 5, 6 years ago and are about, you know, a few years into it. What we are realizing is the cloud costs have increased significantly to what their projections were early on. And the way they're trying to address the cloud cost is by creating a FinOps organization that's looking at, you know, the cost of cloud from a structure standpoint and support as a reactive measure. Saying, "Hey if we move from Azure or one provider to another is there any benefit? If we move certain applications from the cloud back to on-prem, is there any benefit?" When in fact, one of the things that we have noticed really is: The problem needs to shift left to the engineering teams. Because if you are designing the applications and the systems the right way to begin with, then you can manage the data cost issues or the cost overruns, right? So you design for the cloud as opposed to designing and then looking at how do we optimize cloud. >> So Adithya, you talked about the RBI use case as really kind of a template but also some of the challenges with respect to hybrid and multi-cloud are kind of like a chicken and egg scenario. Talk to us kind of like overall about how Hitachi is really helping customers address these challenges and maximize the benefits to get the flexibility to get the agility so that they can deliver what their end user customers are expecting. >> Yeah, yeah. So, so one of the things we are doing, Lisa, when we work with customers, is really trying to understand, you know, look at their entire portfolio of applications, right? And, and look at what the intent of the applications is between customer facing, external customer, internal customer, high availability, production, etc., right? And then we go through a methodology called E3 which is envision, enable and execute. Which is really envision what the end stage should be regardless of what the environment is, right? And then we enable, which is really kind of go through a proof of value to move a few workloads, to modernize, rearchitect, replatform, etc. And look at the benefit of that application on its destination. If it's a cloud - if it's a cloud service provider or if it's another data center, whatever it may be, right? And finally, you know, once we've proven the value and the benefit and and say and kind of monetize the, you know realize the value of it from an agility, from a cost, from security and resilience, etc. Then we go through the execution, which was look we look at the entire portfolio, the entire landscape. And we go through a very disciplined manner working with our customers to roadmap it. And then we execute in a very deliberate manner where you can see value every 2-3 months. Because gone the days when you can do things as a science project that took 2-3 years, right? We, we - Everyone wants to see value, want to see - wants to see progress, and most importantly we want to see cost benefit and agility sooner than later. >> Those are incredibly important outcomes. You guys have done a great job explaining what you're doing together. This sounds like a great relationship. All right, so my last question to both of you is: "If I'm a customer and I'm planning a cloud transformation for my company, what are the two things you want me to remember and consider as I plan this? Werner, we'll start with you. >> I would pick up two things, yeah? The first one is: When you are organizing your company in HR way, then cloud is the HR technology for the HR transformation. Because HR teams needs HR technology. And the second important thing is, what I would say is: Cloud is a large scale and fast moving technology enabler to the company. So if your company is going forward to say: Technology is their enabler tool from a future business then cloud can support this journey. >> Excellent. I'm going to walk away with those. And Adithya, same question to you. I'm a, I'm a customer. I'm at an organization. I'm planning a cloud transformation. Top two things you want me to walk away with. >> Yeah. And I think Werner kind of actually touched on that in the second one, which is: it's not a tech, just an IT or a technology initiative. It is a business initiative, right? Because ultimately what you do from this cloud journey should drive, you know, should lead into business transformation or help your business grow top line or drive margin expansion, etc. So couple of things I would say, right? One is, you know, get Being and prioritize. Work with your business owners, with, you know with the cross-functional team not just the technology team. That's one. The second thing is: as the technology team or the IT team shepherds this journey, you know, keep everyone informed and engaged as you go through this journey. Because as you go through moving workloads modernizing workload, there is an impact to, you know receivables through omnichannel experiences the way customers interact and transact with you, right? And that comes with making making sure your businesses are aware your business stakeholders are aware. So in turn the end customers are aware. So you know, it's not a one and done from an engagement, it's a journey. And bring in the right experts. Talk to people who've done it, done this before, who have kind of stepped in all the pitfalls so you don't have to, right? That's the key. >> That's great advice. That's great advice for anything in life, I think. You talk about the collaboration, the importance of the business and the technology folks coming together. It really has to be - It's a delicate balance as we said before but it really has to be a holistic collaborative approach. Guys, thank you so much for joining me talking through what HitachiVantara and RBI are doing together. It sounds like you're well into this journey and it sounds like it's going quite well. We thank you so much for your insights and your perspectives. >> Thank you, Lisa. Werner, thank you again. >> Good stuff guys. For my guests, I'm Lisa Martin. Thank you so much for watching our event: Build Your Cloud Center of Excellence. (upbeat music)

(upbeat music) >> Hey everyone, welcome to this event: Build Your Cloud Center of Excellence. I'm your host, Lisa Martin, and I have two guests here with me today to talk about the hybrid cloud, the multi-cloud trends, and specifically the complexity. While we know these trends provide agility and flexibility for customers, they also bring in complexity. And this session is going to focus on exploring that with RBI and HitachiVantara. Please welcome my guests, Adithya Sastry the SVP of Digital Solutions at HitachiVantara and Werner Mayer, head of group core IT and head of group data at RBI International. Guys, welcome to the program. >> Thank you Lisa. Werner, nice to see you again. >> Great to see you both. >> And Werner, we're going to start with you. Talk about RBI. Tell the audience a little bit about what the business is and then we're going to get into your cloud transformation journey over the last couple of years. >> Yes, thank you. So Raiffeisen Bank International is international working banking groups. So our core markets are Central Eastern European, Central Eastern Europe and Austria. And we are serving around 50 million clients in this market. So we active in 13 markets. >> Got it. Talk to me, Werner about the cloud transformation journey that RBI has been on over the last couple of years and some of the complexities that you've experienced as you've launched it. >> Sure. Thank you for the question. So in 2020, we decided that we have to renew our IT strategy. And the aim of the strategy was to change the organization in a way that it can react and adapt fast to the future challenges. So one of the important pillars for us was that we are adapting fast also for new technologies. And this was core pillar in our strategy. So we're searching for technologies which are fit in to our HR transformation. And we found that the cloud and the public cloud environment fits to this venture. So we tested that. We are building up also the competent centers for that and also established the group cloud platform for that. Because our invoice to onboard our international group with the 13 units to this group cloud platform. So that means we have a lot to do to hardening the platforms in terms of security to put in. We have standard for that. We have to introduce large scale programs to train hundreds of engineers. We tested the approach, We convinced the top management and we implemented this, this program. So one of the highlights was, of course, also the the safeguarding of the Ukraine, let's say, banking environment. So we had to lift and shift the complete bank in three months. And it shows that let's say our platforms works. And let's say the approach is proven that we can scale it over the group. >> That's a big challenge. A lot of complexity especially with some of the global things going on. Adithya, these challenges are, are not unique to RBI. A lot of your customers are facing challenges with complexity around cloud management, cloud ops. What can you unpack was the real issue is here? >> Yeah, Lisa, absolutely. And you know, before I answer your question, I do want to, you know, just say a couple of things about Raiffeisen Bank. And you know, we've had the pleasure of working with them for about a year, a little bit more than a year now. And, and, and the way they approach the cloud transformation journey is - should be a template for a lot of the organizations in terms of the preparation in terms of understanding, you know. How other companies have done it and what are the pitfalls. What's worked, and really what's the recipe for their, you know, journey, right? Which is very unique because, you know, you look at you know, being present across 30 different countries within central and eastern Europe as Werner said. And the complexities of dealing with local regulations, GDPR and all these other issues that come with it, right? And not to mention the language variation from country to country. So, you know, phenomenal story there. The journey and the journey still goes, right Werner? It's not complete yet. But Lisa, to your question, you know. When we look at, you know, the complexities of this transformation, that most modern enterprises are going through. It's not very unique, right? What is unique for a Raiffeisen Bank is - has been the preparation. But as you get into this journey of moving workloads to cloud, be it refactoring, modernizing, migrating, etc. One of the things that really is often overlooked is: "Are my applications applications and data workloads resilient on, on the, on the cloud?" Meaning are they - How is the performance? Are they just running or are they performing with high availability to meet your customers goals? Is it scalable? And are my cost in line with what I projected when I moved prep, right? Because that's one of the areas we are seeing where you know, what enterprises projected from a cost savings to what they're realizing a year and a half into the journey is a pretty big delta, right? And, and, and a lot of it is dependent on are the cloud - are the applications and the workloads cloud, designed for the cloud? Or are they designed for on-prem which you just move to the cloud. >> So Werner, it sounds like what Adithya said is a compliment to, to you guys and the team at RBI in terms of this being a template for managing complexity. Give us, Werner, your perspective in terms of modern cloud ops. What's in? What's out? What is it that customers really need to be focusing on to be successful? >> Thanks for the compliment, Lisa. And I think this is a great relationship also in the journey. Topic is, is, is a - is a complex program where a lot of things have to fit together. But it was mentioning the resilience. The course, we call it finops, security operations and so on have to come together and have to work on spot. At the end, it's also, let's say, how we are able enabling our teams and how we are ramping out the skills of our teams to deal with these multidimensional, let's say environments. And this is something what we spend a lot of time in order to prepare, but also to bring up the people on a certain level that they can operate at. Because card guard handling is, is different than before. Because beforehand you have central operations team. They do everything for you. But in this world let's say we are also putting the responsibility of the run component of the absent to the - in the tribes and the application teams. And they have to do much more than before. On the other hand, we have first central rules. We have monitoring functions. We have support functions on that in order to best support them in their journey. So this is a hybrid between, let's say, what the teams have to do with the responsibility in the teams, but also with the central functions which are supporting them. And everything have to work together and goes hand in - right, to go hand-in-hand. >> Yeah. Yeah. And if, if I could just add Lisa really quick and and Werner hit the nail on the head, right? Because you cannot look at cloud operation the way we have traditionally looked at managed services. That's the key thing, right? You cannot, you know, traditional managed services you had L1, L2, L3 and then it goes into some sort of a vacuum and then all of a sudden somebody calls you at some point, right? >> Werner: Exactly. >> And it really has flipped, right? To, to Werner's point. And Werner hit that name on the head because you really have to understand. Bring an engineering led approach to make sure that the problems, you know, when you see an issue that you have some level of automation in terms of problem isolation. And then the problem is routed the right individual ie the application engineering team or the data engineering team for resolution in a rapid manner. Right? I think that the key - >> Yes. A very important point with that is said, yeah. So you cannot traditional transport let's say, the operation model what you have now into the cloud because this will not work, yeah. And finally at the end you will not benefit on the technology possibilities there. So super important point. My vision in the cloud and this is also something what we are working on is a sort of zero-ops environment, yeah? Because we're ultimately dealing with the automatization technologies and so on, you can that much - to much more compared to the traditional environment and the benefit of the cloud is: You can test it. You can give it feedback when it is not working, yeah? So it's a completely different operating model. What we try to establish in the cloud environment. >> So really what this seems like guys is is quite a delicate balance that you're solving for. Not the only delicate balance but Werner sticking with you. Talk to us about some of the challenges that you've had around cloud cost management in particular. Help us understand that. >> Thanks for the question. So in principle, we are doing very well on the cost side, surprisingly. And we also started the cloud journey that is said this is not the cost case. Because as I said before, let's say one of the pillars in the strategy strategy was the enablement of technology to the benefit of customer solutions to be adaptive, to be faster. But at the end it turned out that let's say with giving the responsibility of the operation to the dedicated team, they found they - they were working much closer to the cost, and let's say monitoring the cost, then we headed into traditional environments, yeah? I also saw some examples in the group where sort of gamification of the cost were going on. To say who can save more To say who can save more and make more much more out of that what you have in the cloud. And at the end we see that in minimum the cost are balance to the traditional environments in the data centers. But we also saw that let's say, the cost were brought down much more than before. So at the beginning we were relative conservative with the assumptions, yeah? But it turns out that we are really getting the benefit. The things are getting faster and also the costs are going down. And we see this in real cases. >> Yeah. And, and, and Lisa, if I could add something really quick, right? Because - You know, there's been a mad rush to the cloud, right? Everybody kind of, it was, you know, the buzz the buzz was let's get to the cloud. We'll start to realize all these savings. And all of a sudden, everything kind of magically gets better, right? And what we have seen is also, you know, companies or customers or enterprises that have started this journey about 5, 6 years ago and are about, you know, a few years into it. What we are realizing is the cloud costs have increased significantly to what their projections were early on. And the way they're trying to address the cloud cost is by creating a FinOps organization that's looking at, you know, the cost of cloud from a structure standpoint and support as a reactive measure. Saying, "Hey if we move from Azure or one provider to another is there any benefit? If we move certain applications from the cloud back to on-prem, is there any benefit?" When in fact, one of the things that we have noticed really is: The problem needs to shift left to the engineering teams. Because if you are designing the applications and the systems the right way to begin with, then you can manage the data cost issues or the cost overruns, right? So you design for the cloud as opposed to designing and then looking at how do we optimize cloud. >> So Adithya, you talked about the RBI use case as really kind of a template but also some of the challenges with respect to hybrid and multi-cloud are kind of like a chicken and egg scenario. Talk to us kind of like overall about how Hitachi is really helping customers address these challenges and maximize the benefits to get the flexibility to get the agility so that they can deliver what their end user customers are expecting. >> Yeah, yeah. So, so one of the things we are doing, Lisa, when we work with customers, is really trying to understand, you know, look at their entire portfolio of applications, right? And, and look at what the intent of the applications is between customer facing, external customer, internal customer, high availability, production, etc., right? And then we go through a methodology called E3 which is envision, enable and execute. Which is really envision what the end stage should be regardless of what the environment is, right? And then we enable, which is really kind of go through a proof of value to move a few workloads, to modernize, rearchitect, replatform, etc. And look at the benefit of that application on its destination. If it's a cloud - if it's a cloud service provider or if it's another data center, whatever it may be, right? And finally, you know, once we've proven the value and the benefit and and say and kind of monetize the, you know realize the value of it from an agility, from a cost, from security and resilience, etc. Then we go through the execution, which was look we look at the entire portfolio, the entire landscape. And we go through a very disciplined manner working with our customers to roadmap it. And then we execute in a very deliberate manner where you can see value every 2-3 months. Because gone the days when you can do things as a science project that took 2-3 years, right? We, we - Everyone wants to see value, want to see - wants to see progress, and most importantly we want to see cost benefit and agility sooner than later. >> Those are incredibly important outcomes. You guys have done a great job explaining what you're doing together. This sounds like a great relationship. All right, so my last question to both of you is: "If I'm a customer and I'm planning a cloud transformation for my company, what are the two things you want me to remember and consider as I plan this? Werner, we'll start with you. >> I would pick up two things, yeah? The first one is: When you are organizing your company in HR way, then cloud is the HR technology for the HR transformation. Because HR teams needs HR technology. And the second important thing is, what I would say is: Cloud is a large scale and fast moving technology enabler to the company. So if your company is going forward to say: Technology is their enabler tool from a future business then cloud can support this journey. >> Excellent. I'm going to walk away with those. And Adithya, same question to you. I'm a, I'm a customer. I'm at an organization. I'm planning a cloud transformation. Top two things you want me to walk away with. >> Yeah. And I think Werner kind of actually touched on that in the second one, which is: it's not a tech, just an IT or a technology initiative. It is a business initiative, right? Because ultimately what you do from this cloud journey should drive, you know, should lead into business transformation or help your business grow top line or drive margin expansion, etc. So couple of things I would say, right? One is, you know, get Being and prioritize. Work with your business owners, with, you know with the cross-functional team not just the technology team. That's one. The second thing is: as the technology team or the IT team shepherds this journey, you know, keep everyone informed and engaged as you go through this journey. Because as you go through moving workloads modernizing workload, there is an impact to, you know receivables through omnichannel experiences the way customers interact and transact with you, right? And that comes with making making sure your businesses are aware your business stakeholders are aware. So in turn the end customers are aware. So you know, it's not a one and done from an engagement, it's a journey. And bring in the right experts. Talk to people who've done it, done this before, who have kind of stepped in all the pitfalls so you don't have to, right? That's the key. >> That's great advice. That's great advice for anything in life, I think. You talk about the collaboration, the importance of the business and the technology folks coming together. It really has to be - It's a delicate balance as we said before but it really has to be a holistic collaborative approach. Guys, thank you so much for joining me talking through what HitachiVantara and RBI are doing together. It sounds like you're well into this journey and it sounds like it's going quite well. We thank you so much for your insights and your perspectives. >> Thank you, Lisa. Werner, thank you again. >> Good stuff guys. For my guests, I'm Lisa Martin. Thank you so much for watching our event: Build Your Cloud Center of Excellence. (upbeat music)

(upbeat music) >> Hey everyone, welcome to this event: Build Your Cloud Center of Excellence. I'm your host, Lisa Martin, and I have two guests here with me today to talk about the hybrid cloud, the multi-cloud trends, and specifically the complexity. While we know these trends provide agility and flexibility for customers, they also bring in complexity. And this session is going to focus on exploring that with RBI and HitachiVantara. Please welcome my guests, Adithya Sastry the SVP of Digital Solutions at HitachiVantara and Werner Mayer, head of group core IT and head of group data at RBI International. Guys, welcome to the program. >> Thank you Lisa. Werner, nice to see you again. >> Great to see you both. >> And Werner, we're going to start with you. Talk about RBI. Tell the audience a little bit about what the business is and then we're going to get into your cloud transformation journey over the last couple of years. >> Yes, thank you. So Raiffeisen Bank International is international working banking groups. So our core markets are Central Eastern European, Central Eastern Europe and Austria. And we are serving around 50 million clients in this market. So we active in 13 markets. >> Got it. Talk to me, Werner about the cloud transformation journey that RBI has been on over the last couple of years and some of the complexities that you've experienced as you've launched it. >> Sure. Thank you for the question. So in 2020, we decided that we have to renew our IT strategy. And the aim of the strategy was to change the organization in a way that it can react and adapt fast to the future challenges. So one of the important pillars for us was that we are adapting fast also for new technologies. And this was core pillar in our strategy. So we're searching for technologies which are fit in to our HR transformation. And we found that the cloud and the public cloud environment fits to this venture. So we tested that. We are building up also the competent centers for that and also established the group cloud platform for that. Because our invoice to onboard our international group with the 13 units to this group cloud platform. So that means we have a lot to do to hardening the platforms in terms of security to put in. We have standard for that. We have to introduce large scale programs to train hundreds of engineers. We tested the approach, We convinced the top management and we implemented this, this program. So one of the highlights was, of course, also the the safeguarding of the Ukraine, let's say, banking environment. So we had to lift and shift the complete bank in three months. And it shows that let's say our platforms works. And let's say the approach is proven that we can scale it over the group. >> That's a big challenge. A lot of complexity especially with some of the global things going on. Adithya, these challenges are, are not unique to RBI. A lot of your customers are facing challenges with complexity around cloud management, cloud ops. What can you unpack was the real issue is here? >> Yeah, Lisa, absolutely. And you know, before I answer your question, I do want to, you know, just say a couple of things about Raiffeisen Bank. And you know, we've had the pleasure of working with them for about a year, a little bit more than a year now. And, and, and the way they approach the cloud transformation journey is - should be a template for a lot of the organizations in terms of the preparation in terms of understanding, you know. How other companies have done it and what are the pitfalls. What's worked, and really what's the recipe for their, you know, journey, right? Which is very unique because, you know, you look at you know, being present across 30 different countries within central and eastern Europe as Werner said. And the complexities of dealing with local regulations, GDPR and all these other issues that come with it, right? And not to mention the language variation from country to country. So, you know, phenomenal story there. The journey and the journey still goes, right Werner? It's not complete yet. But Lisa, to your question, you know. When we look at, you know, the complexities of this transformation, that most modern enterprises are going through. It's not very unique, right? What is unique for a Raiffeisen Bank is - has been the preparation. But as you get into this journey of moving workloads to cloud, be it refactoring, modernizing, migrating, etc. One of the things that really is often overlooked is: "Are my applications applications and data workloads resilient on, on the, on the cloud?" Meaning are they - How is the performance? Are they just running or are they performing with high availability to meet your customers goals? Is it scalable? And are my cost in line with what I projected when I moved prep, right? Because that's one of the areas we are seeing where you know, what enterprises projected from a cost savings to what they're realizing a year and a half into the journey is a pretty big delta, right? And, and, and a lot of it is dependent on are the cloud - are the applications and the workloads cloud, designed for the cloud? Or are they designed for on-prem which you just move to the cloud. >> So Werner, it sounds like what Adithya said is a compliment to, to you guys and the team at RBI in terms of this being a template for managing complexity. Give us, Werner, your perspective in terms of modern cloud ops. What's in? What's out? What is it that customers really need to be focusing on to be successful? >> Thanks for the compliment, Lisa. And I think this is a great relationship also in the journey. Topic is, is, is a - is a complex program where a lot of things have to fit together. But it was mentioning the resilience. The course, we call it finops, security operations and so on have to come together and have to work on spot. At the end, it's also, let's say, how we are able enabling our teams and how we are ramping out the skills of our teams to deal with these multidimensional, let's say environments. And this is something what we spend a lot of time in order to prepare, but also to bring up the people on a certain level that they can operate at. Because card guard handling is, is different than before. Because beforehand you have central operations team. They do everything for you. But in this world let's say we are also putting the responsibility of the run component of the absent to the - in the tribes and the application teams. And they have to do much more than before. On the other hand, we have first central rules. We have monitoring functions. We have support functions on that in order to best support them in their journey. So this is a hybrid between, let's say, what the teams have to do with the responsibility in the teams, but also with the central functions which are supporting them. And everything have to work together and goes hand in - right, to go hand-in-hand. >> Yeah. Yeah. And if, if I could just add Lisa really quick and and Werner hit the nail on the head, right? Because you cannot look at cloud operation the way we have traditionally looked at managed services. That's the key thing, right? You cannot, you know, traditional managed services you had L1, L2, L3 and then it goes into some sort of a vacuum and then all of a sudden somebody calls you at some point, right? >> Werner: Exactly. >> And it really has flipped, right? To, to Werner's point. And Werner hit that name on the head because you really have to understand. Bring an engineering led approach to make sure that the problems, you know, when you see an issue that you have some level of automation in terms of problem isolation. And then the problem is routed the right individual ie the application engineering team or the data engineering team for resolution in a rapid manner. Right? I think that the key - >> Yes. A very important point with that is said, yeah. So you cannot traditional transport let's say, the operation model what you have now into the cloud because this will not work, yeah. And finally at the end you will not benefit on the technology possibilities there. So super important point. My vision in the cloud and this is also something what we are working on is a sort of zero-ops environment, yeah? Because we're ultimately dealing with the automatization technologies and so on, you can that much - to much more compared to the traditional environment and the benefit of the cloud is: You can test it. You can give it feedback when it is not working, yeah? So it's a completely different operating model. What we try to establish in the cloud environment. >> So really what this seems like guys is is quite a delicate balance that you're solving for. Not the only delicate balance but Werner sticking with you. Talk to us about some of the challenges that you've had around cloud cost management in particular. Help us understand that. >> Thanks for the question. So in principle, we are doing very well on the cost side, surprisingly. And we also started the cloud journey that is said this is not the cost case. Because as I said before, let's say one of the pillars in the strategy strategy was the enablement of technology to the benefit of customer solutions to be adaptive, to be faster. But at the end it turned out that let's say with giving the responsibility of the operation to the dedicated team, they found they - they were working much closer to the cost, and let's say monitoring the cost, then we headed into traditional environments, yeah? I also saw some examples in the group where sort of gamification of the cost were going on. To say who can save more To say who can save more and make more much more out of that what you have in the cloud. And at the end we see that in minimum the cost are balance to the traditional environments in the data centers. But we also saw that let's say, the cost were brought down much more than before. So at the beginning we were relative conservative with the assumptions, yeah? But it turns out that we are really getting the benefit. The things are getting faster and also the costs are going down. And we see this in real cases. >> Yeah. And, and, and Lisa, if I could add something really quick, right? Because - You know, there's been a mad rush to the cloud, right? Everybody kind of, it was, you know, the buzz the buzz was let's get to the cloud. We'll start to realize all these savings. And all of a sudden, everything kind of magically gets better, right? And what we have seen is also, you know, companies or customers or enterprises that have started this journey about 5, 6 years ago and are about, you know, a few years into it. What we are realizing is the cloud costs have increased significantly to what their projections were early on. And the way they're trying to address the cloud cost is by creating a FinOps organization that's looking at, you know, the cost of cloud from a structure standpoint and support as a reactive measure. Saying, "Hey if we move from Azure or one provider to another is there any benefit? If we move certain applications from the cloud back to on-prem, is there any benefit?" When in fact, one of the things that we have noticed really is: The problem needs to shift left to the engineering teams. Because if you are designing the applications and the systems the right way to begin with, then you can manage the data cost issues or the cost overruns, right? So you design for the cloud as opposed to designing and then looking at how do we optimize cloud. >> So Adithya, you talked about the RBI use case as really kind of a template but also some of the challenges with respect to hybrid and multi-cloud are kind of like a chicken and egg scenario. Talk to us kind of like overall about how Hitachi is really helping customers address these challenges and maximize the benefits to get the flexibility to get the agility so that they can deliver what their end user customers are expecting. >> Yeah, yeah. So, so one of the things we are doing, Lisa, when we work with customers, is really trying to understand, you know, look at their entire portfolio of applications, right? And, and look at what the intent of the applications is between customer facing, external customer, internal customer, high availability, production, etc., right? And then we go through a methodology called E3 which is envision, enable and execute. Which is really envision what the end stage should be regardless of what the environment is, right? And then we enable, which is really kind of go through a proof of value to move a few workloads, to modernize, rearchitect, replatform, etc. And look at the benefit of that application on its destination. If it's a cloud - if it's a cloud service provider or if it's another data center, whatever it may be, right? And finally, you know, once we've proven the value and the benefit and and say and kind of monetize the, you know realize the value of it from an agility, from a cost, from security and resilience, etc. Then we go through the execution, which was look we look at the entire portfolio, the entire landscape. And we go through a very disciplined manner working with our customers to roadmap it. And then we execute in a very deliberate manner where you can see value every 2-3 months. Because gone the days when you can do things as a science project that took 2-3 years, right? We, we - Everyone wants to see value, want to see - wants to see progress, and most importantly we want to see cost benefit and agility sooner than later. >> Those are incredibly important outcomes. You guys have done a great job explaining what you're doing together. This sounds like a great relationship. All right, so my last question to both of you is: "If I'm a customer and I'm planning a cloud transformation for my company, what are the two things you want me to remember and consider as I plan this? Werner, we'll start with you. >> I would pick up two things, yeah? The first one is: When you are organizing your company in HR way, then cloud is the HR technology for the HR transformation. Because HR teams needs HR technology. And the second important thing is, what I would say is: Cloud is a large scale and fast moving technology enabler to the company. So if your company is going forward to say: Technology is their enabler tool from a future business then cloud can support this journey. >> Excellent. I'm going to walk away with those. And Adithya, same question to you. I'm a, I'm a customer. I'm at an organization. I'm planning a cloud transformation. Top two things you want me to walk away with. >> Yeah. And I think Werner kind of actually touched on that in the second one, which is: it's not a tech, just an IT or a technology initiative. It is a business initiative, right? Because ultimately what you do from this cloud journey should drive, you know, should lead into business transformation or help your business grow top line or drive margin expansion, etc. So couple of things I would say, right? One is, you know, get Being and prioritize. Work with your business owners, with, you know with the cross-functional team not just the technology team. That's one. The second thing is: as the technology team or the IT team shepherds this journey, you know, keep everyone informed and engaged as you go through this journey. Because as you go through moving workloads modernizing workload, there is an impact to, you know receivables through omnichannel experiences the way customers interact and transact with you, right? And that comes with making making sure your businesses are aware your business stakeholders are aware. So in turn the end customers are aware. So you know, it's not a one and done from an engagement, it's a journey. And bring in the right experts. Talk to people who've done it, done this before, who have kind of stepped in all the pitfalls so you don't have to, right? That's the key. >> That's great advice. That's great advice for anything in life, I think. You talk about the collaboration, the importance of the business and the technology folks coming together. It really has to be - It's a delicate balance as we said before but it really has to be a holistic collaborative approach. Guys, thank you so much for joining me talking through what HitachiVantara and RBI are doing together. It sounds like you're well into this journey and it sounds like it's going quite well. We thank you so much for your insights and your perspectives. >> Thank you, Lisa. Werner, thank you again. >> Good stuff guys. For my guests, I'm Lisa Martin. Thank you so much for watching our event: Build Your Cloud Center of Excellence. (upbeat music)

>> TheCUBE presents UI Path Forward Five brought to you by UI Path. >> Welcome back to UI Path Forward Five. You're watching The Cubes, Walter Wall coverage. This is day one, Dave Vellante, with my co-host Dave Nicholson. We're taking RPA to intelligence automation. We're going from point tools to platforms. Neeraj Mathur is here. He's the director of Intelligent Automation at VMware. Yes, VMware. We're not going to talk about vSphere or Aria, or maybe we are, (Neeraj chuckles) but he's joined by Thomas Stocker who's a principal product manager at UI Path. And we're going to talk about testing automation, automating the testing process. It's a new sort of big vector in the whole RPA automation space. Gentleman, welcome to theCUBE. Good to see you. >> Neeraj: Thank you very much. >> Thomas: Thank you. >> So Neeraj, as we were saying, Dave and I, you know, really like VMware was half our lives for a long time but we're going to flip it a little bit. >> Neeraj: Absolutely. >> And talk about sort of some of the inside baseball. Talk about your role and how you're applying automation at VMware. >> Absolutely. So, so as part of us really running the intelligent automation program at VMware, we have a quite matured COE for last, you know four to five years, we've been doing this automation across the enterprise. So what we have really done is, you know over 45 different business functions where we really automated quite a lot different processes and tasks on that. So as part of my role, I'm really responsible for making sure that we are, you know, bringing in the best practices, making sure that we are ready to scale across the enterprise but at the same time, how, you know, quickly we are able to deliver the value of this automation to our businesses as well. >> Thomas, as a product manager, you know the product, and the market inside and out, you know the competition, you know the pricing, you know how customers are using it, you know all the features. What's your area of - main area of focus? >> The main area of the UiPathT suite... >> For your role, I mean? >> For my role is the RPA testing. So meaning testing RPA workflows themselves. And the reason is RPA has matured over the last few years. We see that, and it has adopted a lot of best practices from the software development area. So what we see is RPA now becomes business critical. It's part of the main core business processes in corporation and testing it just makes sense. You have to continuously monitor and continuously test your automation to make sure it does not break in production. >> Okay. And you have a specific product for this? Is it a feature or it's a module? >> So RPA testing or the UiPath T Suite, as the name suggests it's a suite of products. It's actually part of the existing platform. So we use Orchestrator, which is the distribution engine. We use Studio, which is our idea to create automation. And on top of that, we build a new component, which is called the UiPath Test Manager. And this is a kind of analytics and management platform where you have an oversight on what happened, what went wrong, and what is the reason for automation to **bring. >> Okay. And so Neeraj, you're testing your robot code? >> Neeraj: Correct. >> Right. And you're looking for what? Governance, security, quality, efficiency, what are the things you're looking for? >> It's actually all of all of those but our main goal to really start this was two-front, right? So we were really looking at how do we, you know, deliver at a speed with the quality which we can really maintain and sustain for a longer period, right? So to improve our quality of delivery at a speed of delivery, which we can do it. So the way we look at testing automation is not just as an independent entity. We look at this as a pipeline of a continuous improvement for us, right? So how it is called industry as a CICD pipeline. So testing automation is one of the key component of that. But the way we were able to deliver on the speed is to really have that end to end automation done for us to also from developers to production and using that pipeline and our testing is one piece of that. And the way we were able to also improve on the quality of our delivery is to really have automated way of doing the code reviews, automated way of doing the testing using this platform as well. and then, you know, how you go through end to end for that purpose. >> Thomas, when I hear testing robots, (Thomas chuckles) I don't care if it's code or actual robots, it's terrifying. >> It's terrify, yeah. >> It's terrifying. Okay, great. You, you have some test suite that says look, Yeah, we've looked at >> The, why is that terrifying? >> What's, It's terrifying because if you have to let it interact with actual live systems in some way. Yeah. The only way to know if it's going to break something is either you let it loose or you have some sort of sandbox where, I mean, what do you do? Are you taking clones of environments and running actual tests against them? I mean, think it's >> Like testing disaster recovery in the old days. Imagine. >> So we are actually not running any testing in the production live environment, right? The way we build this actually to do a testing in the separate test environment on that as well by using very specific test data from business, which you know, we call that as a golden copy of that test data because we want to use that data for months and years to come. Okay. Right? Yeah. So not touching any production environmental Facebook. >> Yeah. All right. Cause you, you can imagine >> Absolutely >> It's like, oh yeah we've created a robotic changes baby diapers let's go ahead and test it on these babies. [Collective Laughter] Yeah >> I don't think so. No, no, But, but what's the, does it does it matter if there's a delta between the test data and the, the, the production data? How, how big is that delta? How do you manage that? >> It does matter. And that's where actually that whole, you know, angle of how much you can, can in real, in real life can test right? So there are cases where you would have, even in our cases where, you know, the production data might be slightly different than the test data itself. So the whole effort goes into making sure that the test data, which we are preparing here, is as close to the products and data itself, right? It may not be a hundred percent close but that's the sort of you know, boundary or risk you may have to take. >> Okay. So you're snapshotting, that moving it over, a little V motion? >> Neeraj: Yeah. >> Okay. So do you do this for citizen developers as well? Or is you guys pretty much center of excellence writing all the bots? >> No, right now we are doing only for the unattended, the COE driven bots only at this point of time, >> What are you, what are your thoughts on the future? Because I can see I can see some really sloppy citizen coders. >> Yeah. Yeah. So as part of our governance, which we are trying to build for our citizen developers as well, there there is a really similar consideration for that as well. But for us, we have really not gone that far to build that sort of automation right >> Now, narrowly, just if we talk about testing what's the business impact been on the testing? And I'm interested in overall, but the overall platform but specifically for the testing, when did that when did you start implementing that and, and what what has been the business benefit? >> So the benefit is really on the on the speed of the delivery, which means that we are able to actually deliver more projects and more automation as well. So since we adopted that, we have seen our you know, improvement, our speed is around 15%, right? So, so, you know, 15% better speed than previously. What we have also seen is, is that our success rate of our transactions in production environment has gone to 96% success rate, which is, again there is a direct implication on business, on, on that point of view that, you know, there's no more manual exception or manual interaction is required for those failure scenarios. >> So 15% better speed at what? At, at implementing the bots? At actually writing code? Or... >> End to end, Yes. So from building the code to test that code able to approve that and then deploy that into the production environment after testing it this is really has improved by 15%. >> Okay. And, and what, what what business processes outside of sort of testing have you sort of attacked with the platform? Can you talk to that? >> The business processes outside of testing? >> Dave: Yeah. You mean the one which we are not testing ourself? >> Yeah, no. So just the UI path platform, is it exclusively for, for testing? >> This testing is exclusively for the UI path bots which we have built, right? So we have some 400 plus automations of UI bots. So it's meant exclusively >> But are you using UI path in any other ways? >> No, not at this time. >> Okay, okay. Interesting. So you started with testing? >> No, we started by building the bots. So we already had roughly 400 bots in production. When we came with the testing automation, that's when we started looking at it. >> Dave: Okay. And then now building that whole testing-- >> Dave: What are those other bots doing? Let me ask it that way. >> Oh, there's quite a lot. I mean, we have many bots. >> Dave: Paint a picture if you want. Yeah. In, in finance, in auto management, HR, legal, IT, there's a lot of automations which are there. As I'm saying, there's more than 400 automations out there. Yeah. So so it's across the, you know, enterprise on that. >> Thomas. So, and you know, both of you have a have a view on this, but Thomas's views probably wider across other, other instances. What are the most common things that are revealed in tests that indicate something needs to be fixed? Yeah, so think of, think of a test, a test failure, an error. What are the, what are the most common things that happen? >> So when we started with building our product we conducted a, a survey among our customers. And without a surprise the main reason why automation breaks is change. >> David: Sure. >> And the problem here is RPA is a controlled process a controlled workflow but it runs in an uncontrollable environment. So typically RPA is developed by a C.O.E. Those are business and automation experts, but they operate in an environment that's driven by new patches new application changes ruled out by IT. And that's the main challenge here. You cannot control that. And so far, if you, if you do not proactively test what happens is you catch an issue in production when it already breaks, right? That's reactive, that's leads to maintenance to un-claim maintenance actually. And that was the goal right from the start from the taste suite to support our customers here and go over to proactive maintenance meaning testing before and finding those issues before the heat production. >> Yeah. Yeah, yeah. So I'm, I'm still not clear on, so you just gave a perfect example, changes in the environment. >> Yeah. >> So those changes are happening in the production environment. >> Thomas: Yeah. The robot that was happily doing its automation stuff before? >> Thomas: Yeah. Everyone was happy with it. Change happens. Robot breaks. >> Thomas: Yeah. >> Okay. You're saying you test before changes are implemented? To see if those changes will break the robot? >> Thomas: Yeah. >> Okay. How do you, how do you expose those changes that are in the, in a, that are going to be in a production environment to the robot? You must have a, Is is that part of the test environment? Does that mean that you have to have what fully running instances of like an ERP system? >> Thomas: Yeah. You know, a clone of an environment. How do you, how do you test that without having the live robot against the production environment? >> I think there's no big difference to standard software testing. Okay. The interesting thing is, the change actually happens earlier. You are affected on production side with it but the change happens on it side or on DevOps side. So you typically will test in a test environment that's similar to your production environment or probably in it in a pre-product environment. And the test itself is simply running your workflow that you want to test, but mark away any dependencies you don't want to invoke. You don't want to send a, a letter to a customer in a test environment, right? And then you verify that the result is what you actually expect, right? And as soon as this is not the case, you will be notified you will have a result, the fail result, and you can act before it breaks. So you can fix it, redeploy to production and you should be good now. >> But the, the main emphasis at VMware is testing your bots, correct? >> Neeraj: Testing your bots. Yes. Can I apply this to testing other software code? >> Yeah, yeah. You, you can, you can technically actually and Thomas can speak better than me on that to any software for that matter, but we have really not explored that aspect of it. >> David: You guys have pretty good coders, good engineers at VMware, but no, seriously Thomas what's that market looking like? Is that taking off? Are you, are you are you applying this capability or customers applying it for just more broadly testing software? >> Absolutely. So our goal was we want to test RPA and the application it relies on so that includes RPA testing as well as application testing. The main difference is typical functional application testing is a black box testing. So you don't know the inner implementation of of that application. And it works out pretty well. The big, the big opportunity that we have is not isolated Not isolated testing, isolated RPA but we talk about convergence of automation. So what we offer our customers is one automation platform. You create one, you create automation, not redundantly in different departments, but you create once probably for testing and then you reuse it for RPA. So that suddenly helps your, your test engineers to to move from a pure cost center to a value center. >> How, how unique is this capability in the industry relative to your competition and and what capabilities do you have that, that or, or or differentiators from the folks that we all know you're competing with? >> So the big advantage is the power of the entire platform that we have with UiPath. So we didn't start from scratch. We have that great automation layer. We have that great distribution layer. We have all that AI capabilities that so far were used for RPA. We can reuse them, repurpose them for testing. And that really differentiates us from the competition. >> Thomas, I I, I detect a hint of an accent. Is it, is it, is it German or >> It's actually Austrian. >> Austrian. Well, >> You know. Don't compare us with Germans. >> I understand. High German. Is that the proper, is that what's spoken in Austria? >> Yes, it is. >> So, so >> Point being? >> Point being exactly as I drift off point being generally German is considered to be a very very precise language with very specific words. It's very easy to be confused about between the difference the difference between two things automation testing and automating testing. >> Thomas: Yes. >> Because in this case, what you are testing are automations. >> Thomas: Yes. >> That's what you're talking about. >> Thomas: Yes. >> You're not talking about the automation of testing. Correct? >> Well, we talk about >> And that's got to be confusing when you go to translate that into >> Dave: But isn't it both? >> 50 other languages? >> Dave: It's both. >> Is it both? >> Thomas: It actually is both. >> Okay. >> And there's something we are exploring right now which is even, even the next step, the next layer which is autonomous testing. So, so far you had an expert an automation expert creating the automation once and it would be rerun over and over again. What we are now exploring is together with university to autonomously test, meaning a bot explores your application on the test and finds issues completely autonomously. >> Dave: So autonomous testing of automation? >> It's getting more and more complicated. >> It's more clear, it's getting clearer by the minute. >> Sorry for that. >> All right Neeraj, last question is: Where do you want to take this? What's your vision for, for VMware in the context of automation? >> Sure. So, so I think the first and the foremost thing for us is to really make it more mainstream for for our automation developer Excel, right? What I mean by that is, is to really, so so there is a shift now how we engage with our business users and SMEs. And I said previously they used to actually test it manually. Now the conversation changes that, hey can you tell us what test cases you want what you want us to test in an automated measure? Can you give us the test data for that so that we can keep on testing in a continuous manner for the months and years to come down? Right? The other part of the test it changes is that, hey it used to take eight weeks for us to build but now it's going to take nine weeks because we're going to spend an extra week just to automate that as well. But it's going to help you in the long run and that's the conversation. So to really make it as much more mainstream and then say that out of all these kinds of automation and bots which we are building, So we are not looking to have a test automation for every single bot which we are building. So we need to have a way to choose where their value is. Is it the quarter end processing one? Is it the most business critical one, or is it the one where we are expecting of frequent changes, right? That's where the value of the testing is. So really bring that as a part of our whole process and then, you know >> We're still fine too. That great. Guys, thanks so much. This has been really interesting conversation. I've been waiting to talk to a real life customer about testing and automation testing. Appreciate your time. >> Thank you very much. >> Thanks for everything. >> All right. Thank you for watching, keep it right there. Dave Nicholson and I will be back right after this short break. This is day one of theCUBE coverage of UI Path Forward Five. Be right back after this short break.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(light music) >> Hello, and welcome to theCUBE's special presentation with Horizon3.ai with Rainer Richter, Vice President of EMEA, Europe, Middle East and Africa, and Asia Pacific, APAC Horizon3.ai. Welcome to this special CUBE presentation. Thanks for joining us. >> Thank you for the invitation. >> So Horizon3.ai, driving global expansion, big international news with a partner-first approach. You guys are expanding internationally. Let's get into it. You guys are driving this new expanse partner program to new heights. Tell us about it. What are you seeing in the momentum? Why the expansion? What's all the news about? >> Well, I would say in international, we have, I would say a similar situation like in the US. There is a global shortage of well-educated penetration testers on the one hand side. On the other side, we have a raising demand of network and infrastructure security. And with our approach of an autonomous penetration testing, I believe we are totally on top of the game, especially as we have also now starting with an international instance. That means for example, if a customer in Europe is using our service, NodeZero, he will be connected to a NodeZero instance, which is located inside the European Union. And therefore, he doesn't have to worry about the conflict between the European GDPR regulations versus the US CLOUD Act. And I would say there, we have a total good package for our partners that they can provide differentiators to their customers. >> You know, we've had great conversations here on theCUBE with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company. And obviously, I can just connect the dots here, but I'd like you to weigh in more on how that translates into the go-to-market here because you got great cloud scale with the security product you guys are having success with. Great leverage there, I'm seeing a lot of success there. What's the momentum on the channel partner program internationally? Why is it so important to you? Is it just the regional segmentation? Is it the economics? Why the momentum? >> Well, there are multiple issues. First of all, there is a raising demand in penetration testing. And don't forget that in international, we have a much higher level number or percentage in SMB and mid-market customers. So these customers, typically, most of them even didn't have a pen test done once a year. So for them, pen testing was just too expensive. Now with our offering together with our partners, we can provide different ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with a traditional manual pen test, and that is because we have our Consulting PLUS package, which is for typically pen testers. They can go out and can do a much faster, much quicker pen test at many customers after each other. So they can do more pen test on a lower, more attractive price. On the other side, there are others or even the same one who are providing NodeZero as an MSSP service. So they can go after SMP customers saying, "Okay, you only have a couple of hundred IP addresses. No worries, we have the perfect package for you." And then you have, let's say the mid-market. Let's say the thousand and more employees, then they might even have an annual subscription. Very traditional, but for all of them, it's all the same. The customer or the service provider doesn't need a piece of hardware. They only need to install a small piece of a Docker container and that's it. And that makes it so smooth to go in and say, "Okay, Mr. Customer, we just put in this virtual attacker into your network, and that's it and all the rest is done." And within three clicks, they can act like a pen tester with 20 years of experience. >> And that's going to be very channel-friendly and partner-friendly, I can almost imagine. So I have to ask you, and thank you for calling out that breakdown and segmentation. That was good, that was very helpful for me to understand, but I want to follow up, if you don't mind. What type of partners are you seeing the most traction with and why? >> Well, I would say at the beginning, typically, you have the innovators, the early adapters, typically boutique-size of partners. They start because they are always looking for innovation. Those are the ones, they start in the beginning. So we have a wide range of partners having mostly even managed by the owner of the company. So they immediately understand, okay, there is the value, and they can change their offering. They're changing their offering in terms of penetration testing because they can do more pen tests and they can then add others ones. Or we have those ones who offered pen test services, but they did not have their own pen testers. So they had to go out on the open market and source pen testing experts to get the pen test at a particular customer done. And now with NodeZero, they're totally independent. They can go out and say, "Okay, Mr. Customer, here's the service. That's it, we turn it on. And within an hour, you are up and running totally." >> Yeah, and those pen tests are usually expensive and hard to do. Now it's right in line with the sales delivery. Pretty interesting for a partner. >> Absolutely, but on the other hand side, we are not killing the pen tester's business. We are providing with NodeZero, I would call something like the foundational work. The foundational work of having an ongoing penetration testing of the infrastructure, the operating system. And the pen testers by themselves, they can concentrate in the future on things like application pen testing, for example. So those services, which we are not touching. So we are not killing the pen tester market. We are just taking away the ongoing, let's say foundation work, call it that way. >> Yeah, yeah. That was one of my questions. I was going to ask is there's a lot of interest in this autonomous pen testing. One because it's expensive to do because those skills are required are in need and they're expensive. (chuckles) So you kind of cover the entry-level and the blockers that are in there. I've seen people say to me, "This pen test becomes a blocker for getting things done." So there's been a lot of interest in the autonomous pen testing and for organizations to have that posture. And it's an overseas issue too because now you have that ongoing thing. So can you explain that particular benefit for an organization to have that continuously verifying an organization's posture? >> Certainly. So I would say typically, you have to do your patches. You have to bring in new versions of operating systems, of different services, of operating systems of some components, and they are always bringing new vulnerabilities. The difference here is that with NodeZero, we are telling the customer or the partner the package. We're telling them which are the executable vulnerabilities because previously, they might have had a vulnerability scanner. So this vulnerability scanner brought up hundreds or even thousands of CVEs, but didn't say anything about which of them are vulnerable, really executable. And then you need an expert digging in one CVE after the other, finding out is it really executable, yes or no? And that is where you need highly-paid experts, which where we have a shortage. So with NodeZero now, we can say, "Okay, we tell you exactly which ones are the ones you should work on because those are the ones which are executable. We rank them accordingly to risk level, how easily they can be used." And then the good thing is converted or in difference to the traditional penetration test, they don't have to wait for a year for the next pen test to find out if the fixing was effective. They run just the next scan and say, "Yes, closed. Vulnerability is gone." >> The time is really valuable. And if you're doing any DevOps, cloud-native, you're always pushing new things. So pen test, ongoing pen testing is actually a benefit just in general as a kind of hygiene. So really, really interesting solution. Really bringing that global scale is going to be a new coverage area for us, for sure. I have to ask you, if you don't mind answering, what particular region are you focused on or plan to target for this next phase of growth? >> Well, at this moment, we are concentrating on the countries inside the European Union plus United Kingdom. And of course, logically, I'm based in the Frankfurt area. That means we cover more or less the countries just around. So it's like the so-called DACH region, Germany, Switzerland, Austria, plus the Netherlands. But we also already have partners in the Nordic, like in Finland and Sweden. So we have partners already in the UK and it's rapidly growing. So for example, we are now starting with some activities in Singapore and also in the Middle East area. Very important, depending on let's say, the way how to do business. Currently, we try to concentrate on those countries where we can have, let's say at least English as an accepted business language. >> Great, is there any particular region you're having the most success with right now? Sounds like European Union's kind of first wave. What's the most- >> Yes, that's the first. Definitely, that's the first wave. And now with also getting the European INSTANCE up and running, it's clearly our commitment also to the market saying, "Okay, we know there are certain dedicated requirements and we take care of this." And we are just launching, we are building up this one, the instance in the AWS service center here in Frankfurt. Also, with some dedicated hardware, internet, and a data center in Frankfurt, where we have with the DE-CIX, by the way, the highest internet interconnection bandwidth on the planet. So we have very short latency to wherever you are on the globe. >> That's a great call out benefit too. I was going to ask that. What are some of the benefits your partners are seeing in EMEA and Asia Pacific? >> Well, I would say, the benefits for them, it's clearly they can talk with customers and can offer customers penetration testing, which they before even didn't think about because penetration testing in a traditional way was simply too expensive for them, too complex, the preparation time was too long, they didn't have even have the capacity to support an external pen tester. Now with this service, you can go in and even say, "Mr. Customer, we can do a test with you in a couple of minutes. We have installed a Docker container. Within 10 minutes, we have the pen test started. That's it and then we just wait." And I would say we are seeing so many aha moments then. On the partner side, when they see NodeZero the first time working, it's like they say, "Wow, that is great." And then they walk out to customers and show it to their typically at the beginning, mostly the friendly customers like, "Wow, that's great, I need that." And I would say the feedback from the partners is that is a service where I do not have to evangelize the customer. Everybody understands penetration testing, I don't have to describe what it is. The customer understanding immediately, "Yes. Penetration testing, heard about that. I know I should do it, but too complex, too expensive." Now for example, as an MSSP service provided from one of our partners, it's getting easy. >> Yeah, and it's great benefit there. I mean, I got to say I'm a huge fan of what you guys are doing. I like this continuous automation. That's a major benefit to anyone doing DevOps or any kind of modern application development. This is just a godsend for them, this is really good. And like you said, the pen testers that are doing it, they were kind of coming down from their expertise to kind of do things that should have been automated. They get to focus on the bigger ticket items. That's a really big point. >> Exactly. So we free them, we free the pen testers for the higher level elements of the penetration testing segment, and that is typically the application testing, which is currently far away from being automated. >> Yeah, and that's where the most critical workloads are, and I think this is the nice balance. Congratulations on the international expansion of the program, and thanks for coming on this special presentation. I really appreciate it. Thank you very much. >> You're welcome. >> Okay, this is theCUBE special presentation, you know, checking on pen test automation, international expansion, Horizon3.ai. A really innovative solution. In our next segment, Chris Hill, Sector Head for Strategic Accounts, will discuss the power of Horizon3.ai and Splunk in action. You're watching theCUBE, the leader in high tech enterprise coverage. (steady music)

>>And welcome back to the cubes coverage of a, of us. Reinforc here in Boston, Massachusetts. I'm John furrier. We're here for a great interview on the next generation topic of state of industrial security. We have two great guests, Tim Jefferson, senior vice president data network and application security at Barracuda. And Cenon Aron vice president of zero trust engineering at Barracuda. Gentlemen. Thanks for coming on the queue. Talk about industrial security. >>Yeah, thanks for having us. >>So one of the, one of the big things that's going on, obviously you got zero trust. You've got trusted, trusted software supply chain challenges. You've got hardware mattering more than ever. You've got software driving everything, and all this is talking about industrial, you know, critical infrastructure. We saw the oil pipeline had a hack and ransomware attack, and that's just constant barrage of threats in the industrial area. And all the data is pointing to that. This area is gonna be fast growth machine learning's kicking in automation is coming in. You see a huge topic, huge growth trend. What is the big story going on here? >>Yeah, I think at a high level, you know, we did a survey and saw that, you know, over 95% of the organizations are experiencing, you know, security challenges in this space. So, you know, the blast radius in the, of the, the interface that this creates so many different devices and things and objects that are getting network connected now create a huge challenge for security teams to kind of get their arms around that. >>Yeah. And I can add that, you know, majority of these incidents that, that these organizations suffer lead to significant downtime, right? And we're talking about operational technology here, you know, lives depend on, on these technologies, right? Our, our wellbeing everyday wellbeing depend on those. So, so that is a key driver of initiatives and projects to secure industrial IOT and operational technologies in, in these businesses. >>Well, it's great to have both of you guys on, you know, Tim, you know, you had a background at AWS and sit on your startup, founder, soldier, coming to Barracuda, both very experienced, seeing the ways before in this industry. And I'd like to, if you don't mind talk about three areas, remote access, which we've seen in huge demand with, with the pandemic and the out, coming out with the hybrid and certainly industrial, that's a big part of it. And then secondly, that the trend of clear commitment from enterprises to have in a public cloud component, and then finally the secure access edge, you know, with SAS business models, securing these things, these are the three hot areas let's go into the first one, remote access. Why is this important? It seems that this is the top priority for having immediate attention on what's the big challenge here? Is it the most unsecure? Is it the most important? What, why is this relevant? >>So now I'll let you jump in there. >>Yeah, sure. Happy to. I mean, if you think about it, especially now, we've been through a, a pandemic shelter in place cycle for almost two years. It, it becomes essentially a business continuity matter, right? You do need remote access. We also seen a tremendous shift in hiring the best talent, wherever they are, right. Onboarding them and bringing the talent into, into, into, into businesses that have maybe a lot more distributed environments than traditionally. So you have to account for remote access in every part of everyday life, including industrial technologies, you need remote support, right? You need vendors that might be overseas providing you, you know, guidance and support for these technologies. So remote support is every part of life. Whether you work from home, you work on your, on the go, or you are getting support from a vendor that happens to be in Germany, you know, teleporting into your environment in Hawaii. You know, all these things are essentially critical parts of everyday life. Now >>Talk about ZT and a zero trust network access is a, this is a major component for companies. Obviously, you know, it's a position taking trust and verifies. One other approach, zero trust is saying, Hey, I don't trust you. Take us through why that's important. Why is zero trust network access important in this area? >>Yeah. I mean, I could say that traditionally remote access, if you think about infancy of the internet in the nineties, right? It was all about encryption in, in transit, right? You were all about internet was vastly clear text, right? We didn't have even SSL TLS, widely distributed and, and available. So when VPNs first came out, it was more about preventing sniffing, clear tech clear text information from, from, from the network, right? It was more about securing the, the transport, but now that kind of created a, a big security control gap, which implicitly trusted user users, once they are teleported into a remote network, right? That's the essence of having a remote access session you're brought from wherever you are into an internal network. They implicitly trust you that simply breakdown over time because you are able to compromise end points relatively easily using browser exploits. >>You know, so, so for supply chain issues, water hole attacks, and leverage the existing VPN tunnels to laterally move into the organization from within the network, you literally move in further and further and further down, you know, down the network, right? So the VPN needed a, a significant innovation. It was meant to be securing packets and transit. It was all about an encryption layer, but it had an implicit trust problem with zero trust. We turn it into an explicit trust problem, right? Explicit trust concept, ideally. Right? So you are, who do you say you are? And you are authorized to access only to things that you need to access to get the work done. >>So you're talking about granular levels versus the one time database look up you're in >>That's right. >>Tim, talk about the OT it side of this equation of industrial, because it, you know, is IP based, networking, OT have been purpose built, you know, maybe some proprietary technology yeah. That connects to the internet internet, but it's mainly been secure. Those have come together over the years and now with no perimeter security, how is this world evolving? Because there's gonna be more cloud there, be more machine learning, more hybrid on premise, that's going on almost a reset if you will. I mean, is it a reset? What's the, what's the situation. >>Yeah. I think, you know, in typical human behavior, you know, there's a lot of over rotation going on. You know, historically a lot of security controls are all concentrated in a data center. You know, a lot of enterprises had very large sophisticated well-established security stacks in a data center. And as those applications kind of broke down and, and got rearchitected for the cloud, they got more modular, they got more distributed that centralized security stack became an anti pattern. So now this kind of over rotation, Hey, let's take this stack and, and put it up in the cloud. You know, so there's lots of names for this secure access, service edge, you know, secure service edge. But in the end, you know, you're taking your controls and, and migrating them into the cloud. And, you know, I think ultimately this creates a great opportunity to embrace some of security, best practices that were difficult to do in some of the legacy architectures, which is being able to push your controls as far out to the edge as possible. >>And the interesting thing about OT and OT now is just how far out the edge is, right? So instead of being, you know, historically it was the branch or user edge, remote access edge, you know, Syon mentioned that you, you have technologies that can VPN or bring those identities into those networks, but now you have all these things, you know, partners, devices. So it's the thing, edge device edge, the user edge. So a lot more fidelity and awareness around who users are. Cause in parallel, a lot of the IDP and I IBM's platforms have really matured. So marrying those concepts of this, this lot of maturity around identity management yeah. With device in and behavior management into a common security framework is really exciting. But of course it's very nascent. So people are, it's a difficult time getting your arms around >>That. It's funny. We were joking about the edge. We just watching the web telescope photos come in the deep space, the deep edge. So the edge is continuing to be pushed out. Totally see that. And in fact, you know, one of the things we're gonna, we're gonna talk about this survey that you guys had done by an independent firm has a lot of great data. I want to unpack that, but one of the things that was mentioned in there, and I'll get, I wanna get your both reaction to this is that virtually all organizations are committing to the public cloud. Okay. I think it was like 96% or so was the stat. And if you combine in that, the fact that the edge is expanding, the cloud model is evolving at the edge. So for instance, a building, there's a lot behind it. You know, how far does it go? So we don't and, and what is the topology because the topology seem to change too. So there's this growth and change where we need cloud operations, DevOps at, at the edge and the security, but it's changing. It's not pure cloud, but it's cloud. It has to be compatible. What's your reaction to that, Tim? I mean, this is, this is a big part of the growth of industrial. >>Yeah. I think, you know, if you think about, there's kind of two exciting developments that I would think of, you know, obviously there's this increase to the surface area, the tax surface areas, people realize, you know, it's not just laptops and devices and, and people that you're trying to secure, but now they're, you know, refrigerators and, you know, robots and manufacturing floors that, you know, could be compromised, have their firmware updated or, you know, be ransomware. So this a huge kind of increase in surface area. But a lot of those, you know, industrial devices, weren't built around the concept with network security. So kind of bolting on, on thinking through how can you secure who and what ultimately has access to those, to those devices and things. And where is the control framework? So to your point, the control framework now is typically migrated now into public cloud. >>These are custom applications, highly distributed, highly available, very modular. And then, you know, so how do you, you know, collect the telemetry or control information from these things. And then, you know, it creates secure connections back into these, these control applications, which again, are now migrated to public cloud. So you have this challenge, you know, how do you secure? We were talking about this last time we discussed, right. So how do you secure the infrastructure that I've, I've built in deploying now, this control application and in public cloud, and then connect in with this, this physical presence that I have with these, you know, industrial devices and taking telemetry and control information from those devices and bringing it back into the management. And this kind marries again, back into the remote axis that Sunan was mentioning now with this increase awareness around the efficacy of ransomware, we are, you know, we're definitely seeing attackers going after the management frameworks, which become very vulnerable, you know, and they're, they're typically just unprotected web applications. So once you get control of the management framework, regardless of where it's hosted, you can start moving laterally and, and causing some damage. >>Yeah. That seems to be the common thread. So no talk about, what's your reaction to that because, you know, zero trust, if it's evolving and changing, you, you gotta have zero trust you. I didn't even know it's out there and then it gets connected. How do you solve that problem? Cuz you know, there's a lot of surface area that's evolving all the OT stuff and the new, it, what's the, what's the perspective and posture that the clients your clients are having and customers. Well, >>I, I think they're having this conversation about further mobilizing identity, right? We did start with, you know, user identity that become kind of the first foundational building block for any kind of zero trust implementation. You work with, you know, some sort of SSO identity provider, you get your, you sync with your user directories, you have a single social truth for all your users. >>You authenticate them through an identity provider. However that didn't quite cut it for industrial OT and OT environments. So you see like we have the concept of hardware machines, machine identities now become an important construct, right? The, the legacy notion of being able to put controls and, and, and, and rules based on network constructs doesn't really scale anymore. Right? So you need to have this concept of another abstraction layer of identity that belongs to a service that belongs to an application that belongs to a user that belongs to a piece of hardware. Right. And then you can, yeah. And then you can build a lot more, of course, scalable controls that basically understand the, the trust relation between these identities and enforce that rather than trying to say this internal network can talk to this other internal network through a, through a network circuit. No, those things are really, are not scalable in this new distributed landscape that we live in today. So identity is basically going to operationalize zero trust and a lot more secure access going forward. >>And that's why we're seeing the sassy growth. Right. That's a main piece of it. Is that what you, what you're seeing too? I mean, that seems to be the, the approach >>I think like >>Go >>Ahead to, yeah. I think like, you know, sassy to me is really about, you know, migrating and moving your security infrastructure to the cloud edge, you know, as we talked to the cloud, you know, and then, you know, do you funnel all ingress and egress traffic through this, you know, which is potentially an anti pattern, right? You don't wanna create, you know, some brittle constraint around who and what has access. So again, a security best practices, instead of doing all your enforcement in one place, you can distribute and push your controls out as far to the edge. So a lot of SASI now is really around centralizing policy management, which is the big be one of the big benefits is instead of having all these separate management plans, which always difficult to be very federated policy, right? You can consolidate your policy and then decide mechanism wise how you're gonna instrument those controls at the edge. >>So I think that's the, the real promise of, of the, the sassy movement and the, I think the other big piece, which you kind of touched on earlier is around analytics, right? So it creates an opportunity to collect a whole bunch of telemetry from devices and things, behavior consumption, which is, which is a big, common, best practice around once you have SA based tools that you can instrument in a lot of visibility and how users and devices are behaving in being operated. And to Syon point, you can marry that in with their identity. Yeah. Right. And then you can start building models around what normal behavior is and, you know, with very fine grain control, you can, you know, these types of analytics can discover things that humans just can't discover, you know, anomalous behavior, any kind of indicators are compromised. And those can be, you know, dynamic policy blockers. >>And I think sun's point about what he was talking about, talks about the, the perimeters no longer secure. So you gotta go to the new way to do that. Totally, totally relevant. I love that point. Let me ask you guys a question on the, on the macro, if you don't mind, how concerned are you guys on the current threat landscape in the geopolitical situation in terms of the impact on industrial IOT in this area? >>So I'll let you go first. Yeah. >>I mean, it's, it's definitely significantly concerning, especially if now with the new sanctions, there's at least two more countries being, you know, let's say restricted to participate in the global economic, you know, Mar marketplace, right? So if you look at North Korea as a pattern, since they've been isolated, they've been sanctioned for a long time. They actually double down on rents somewhere to even fund state operations. Right? So now that you have, you know, BES be San Russia being heavily sanctioned due to due to their due, due to their activities, we can envision more increase in ransomware and, you know, sponsoring state activities through illegal gains, through compromising, you know, pipelines and, you know, industrial, you know, op operations and, and seeking large payouts. So, so I think the more they will, they're ized they're pushed out from the, from the global marketplace. There will be a lot more aggression towards critical infrastructure. >>Oh yeah. I think it's gonna ignite more action off the books, so to speak as we've seen. Yeah. We've >>Seen, you know, another point there is, you know, Barracuda also runs a, a backup, you know, product. We do a, a purpose built backup appliance and a cloud to cloud backup. And, you know, we've been running this service for over a decade. And historically the, the amount of ransomware escalations that we got were very slow, you know, is whenever we had a significant one, helping our customers recover from them, you know, you know, once a month, but over the last 18 months, this is routine now for us, this is something we deal with on a daily basis. And it's becoming very common. You know, it's, it's been a well established, you know, easily monetized route to market for the bad guys. And, and it's being very common now for people to compromise management planes, you know, they use account takeover. And the first thing they're doing is, is breaking into management planes, looking at control frameworks. And then first thing they'll do is delete, you know, of course the backups, which this sort of highlights the vulnerability that we try to talk to our customers about, you know, and this affects industrial too, is the first thing you have to do is among other things, is, is protect your management planes. Yeah. And putting really fine grain mechanisms like zero trust is, is a great, >>Yeah. How, how good is backup, Tim, if you gets deleted first is like no backup. There it is. So, yeah. Yeah. Air gaping. >>I mean, obviously that's kinda a best practice when you're bad guys, like go in and delete all the backups. So, >>And all the air gaps get in control of everything. Let me ask you about the, the survey pointed out that there's a lot of security incidents happening. You guys pointed that out and discussed a little bit of it. We also talked about in the survey, you know, the threat vectors and the threat landscape, the common ones, ransomware was one of them. The area that I liked, what that was interesting was the, the area that talked about how organizations are investing in security and particularly around this, can you guys share your thoughts on how you see the, the market, your customers and, and the industry investing? What are they investing in? What stage are they in when it comes to IOT and OT, industrial IOT and OT security, do they do audits? Are they too busy? I mean, what's the state of their investment thesis progress of, of, of how they're investing in industrial IOT? >>Yeah. Our, our view is, you know, we have a next generation product line. We call, you know, our next, our cloud chain firewalls. And we have a form factor that sports industrial use cases we call secure connectors. So it's interesting that if you, what we learned from that business is a tremendous amount of bespoke efforts at this point, which is sort of indicative of a, of a nascent market still, which is related to another piece of information I thought was really interested in the survey that I think it was 93% of the, the participants, the enterprises had a failed OT initiative, you know, that, you know, people tried to do these things and didn't get off the ground. And then once we see build, you know, strong momentum, you know, like we have a, a large luxury car manufacturer that uses our secure connectors on the, on the robots, on the floor. >>So well established manufacturing environments, you know, building very sophisticated control frameworks and, and security controls. And, but again, a very bespoke effort, you know, they have very specific set of controls and specific set of use cases around it. So it kind of reminds me of the late nineties, early two thousands of people trying to figure out, you know, networking and the blast radi and networking and, and customers, and now, and a lot of SI are, are invested in this building, you know, fast growing practices around helping their customers build more robust controls in, in helping them manage those environments. So, yeah, I, I think that the market is still fairly nascent >>From what we seeing, right. But there are some encouraging, you know, data that shows that at least helpful of the organizations are actively pursuing. There's an initiative in place for OT and a, you know, industrial IOT security projects in place, right. They're dedicating time and resources and budget for this. And, and in, in regards to industries, verticals and, and geographies oil and gas, you know, is, is ahead of the curve more than 50% responded to have the project completed, which I guess colonial pipeline was the, you know, the call to arms that, that, that was the big, big, you know, industrial, I guess, incident that triggered a lot of these projects to be accelerating and, and, you know, coming to the finish line as far as geographies go DACA, which is Germany, Austria, Switzerland, and of course, north America, which happens to be the industrial powerhouses of, of the world. Well, APAC, you know, also included, but they're a bit behind the curve, which is, you know, that part is a bit concerning, but encouragingly, you know, Western Europe and north America is ahead of these, you know, projects. A lot of them are near completion or, or they're in the middle of some sort of an, you know, industrial IOT security project right >>Now. I'm glad you brought the colonial pipeline one and, and oil and gas was the catalyst. Again, a lot of, Hey, scared that better than, than me kinda attitude, better invest. So I gotta ask you that, that supports Tim's point about the management plane. And I believe on that hack or ransomware, it wasn't actually control of the pipeline. It was control over the management billing, and then they shut down the pipeline cuz they were afraid it was gonna move over. So it wasn't actually the critical infrastructure itself to your point, Tim. >>Yeah. It's hardly over the critical infrastructure, by the way, you always go through the management plane, right. It's such an easier lying effort to compromise because it runs on an endpoint it's standard endpoint. Right? All this control software will, will be easier to get to rather than the industrial hardware itself. >>Yeah. It's it's, it's interesting. Just don't make a control software at the endpoint, put it zero trust. So down that was a great point. Oh guys. So really appreciate the time and the insight and, and the white paper's called NETEC it's on the Barracuda. Netex industrial security in 2022. It's on the barracuda.com website Barracuda network guys. So let's talk about the read force event hasn't been around for a while cuz of the pandemic we're back in person what's changed in 2019 a ton it's like security years is not dog years anymore. It's probably dog times too. Right. So, so a lot's gone on where are we right now as an industry relative to the security cybersecurity. Could you guys summarize kind of the, the high order bit on where we are today in 2022 versus 2019? >>Yeah, I think, you know, if you look at the awareness around how to secure infrastructure in applications that are built in public cloud in AWS, it's, you know, exponentially better than it was. I think I remember when you and I met in 2018 at one of these conferences, you know, there were still a lot of concerns, whether, you know, IAS was safe, you know, and I think the amount of innovation that's gone on and then the amount of education and awareness around how to consume, you know, public cloud resources is amazing. And you know, I think that's facilitated a lot of the fast growth we've seen, you know, the consistent, fast growth that we've seen across all these platforms >>Say that what's your reaction to the, >>I think the shared responsibility model is well understood, you know, and, and, and, and we can see a lot more implementation around, you know, CSBM, you know, continuously auditing the configurations in these cloud environments become a, a standard table stake, you know, investment from every stage of any business, right? Whether from early state startups, all the way to, you know, public companies. So I think it's very well understood and, and the, and the investment has been steady and robust when it comes to cloud security. We've been busy, you know, you know, helping our customers and AWS Azure environments and, and others. So I, I think it's well understood. And, and, and we are on a very optimistic note actually in a good place when it comes to public cloud. >>Yeah. A lot of great momentum, a lot of scale and data act out there. People sharing data, shared responsibility. Tim is in, thank you for sharing your insights here in this cube segment coverage of reinforce here in Boston. Appreciate it. >>All right. Thanks for having >>Us. Thank you. >>Okay, everyone. Thanks for watching the we're here at the reinforced conference. AWS, Amazon web services reinforced. It's a security focused conference. I'm John furier host of the cube. We'd right back with more coverage after the short break.

welcome back to the cube's presentation of the aws executive summit at re invent 2021 made possible by accenture my name is dave vellante we're going to look at how digital infrastructure is helping to transform consumer experiences specifically how an insurance company is changing its industry by incentivizing and rewarding consumers who change their behavior to live healthier lives a real passion of of mine and getting to the really root cause of health with me now are simon guest who's the chief executive officer of generality vitality gmbh and niels mueller who's the managing director at the cloud first application engineering lead for the european market at accenture gentlemen welcome to the cube thanks for having us you're very welcome simon generally vitality it's a really interesting concept that you guys have envisioned and now put into practice tell us how does it all work sure no problem and thanks for for having us on dave it's a pleasure to be here so look uh generally vitality is in its uh it's core pretty simple concepts so it's uh it's a program that you have on your phone and the idea of this program is that it's a it's a wellness coach for you as an individual and it's going to help you to understand your health and where you are in terms of the state of your health at the moment and it's going to take you on a journey to improve your your lifestyle and your wellness and hopefully help you to lead a healthier and a more sort of mindful life i guess is is the best way of summarizing it from um from our point of view with insurance company of course you know our historical role has always been to uh be the company that's there if something goes wrong you know so if unfortunately you pass away or you have sickness in your in your life or in your family's life that's that's historically been our role but what we see with generality vitality is something a little bit different so it's a program that really is uh supposed to be with you every day of your life to help you to live a healthier life it's something that we already have in in four european markets in fact in five from this week i'm a little bit behind the time so we're live already in in germany in france in austria and italy and in spain and fundamentally what we what we do dave is too is to say to customers look if you want to understand your health if you want to improve it by moving a little bit more by visiting the doctor more by eating healthier by healthy choices on a daily basis we're going to help you to do that and we're going to incentivize you for going on this journey and making healthy choices and we're going to reward you for for doing the same so you know we partner up with with great companies like garmin like adidas like big brands that are let's say invested in this health and wellness space so that we can produce really an ecosystem for customers that's all about live well make good choices be healthy have an insurance company that partners you along that journey and if you do that we're going to reward you for for that so you know we're here not just in the difficult times which of course is one of our main roles but we're here as a partner as a lifetime partner to you too to help you feel better and live a better life i love it i mean it sounds so simple but but it's i'm sure it's very complicated to to make the technology simple for the user you've got mobile involved you've got the back end and we're going to get into some of the tech but first i want to understand the member engagement and some of the lifestyle changes simon that you've analyzed what's the feedback that you're getting from your customers what does the data tell you how do the incentives work as well what what is the incentive for the the member to actually do the right thing sure look i think actually the the covered uh situation that we've had in the last sort of two years has really crystallized the fact that this is something that we really ought to be doing and something that our customers really value so i mean look just to give you a bit of a sort of information about how it works for for customers so what we try to do with them is is to get customers to understand uh their current health situation you know using their phone so uh you know we ask our customers to go through a sort of health assessment around how they live what they eat how they sleep you know and to go through that sort of process uh and to give them what a vitality age which is a sort of uh you know sort of actuarial comparison with their real age so i'm i'm 45 but unfortunately my my vitality age is 49 and it means i have some work to do to bring that back together uh and what we see is that you know two-thirds of our customers take this test every year because they want to see how they are progressing on an annual basis in terms of living a healthier life and if what if what they are doing is having an impact on their life expectancy and their lifespan and their health span so how long are they going to live healthier for so you see them really engaging in this in this approach of understanding their current situation then what we know actually because the program is built around this model that uh really activity and moving and exercise is the biggest contributor to living a healthier life we know that the majority of deaths are caused by lifestyle illness is like you know poor nutrition and smoking and drinking alcohol and not exercising and so a lot of the program is really built around getting people to move more and it's not about being an athlete it's about you know getting off the the underground one station earlier walking home or making sure you do your 10 000 steps a day and what we see is that that sort of 40 of our customers are on a regularly basis linking either their phone or their their exercise device to our program and downloading that data so that they can see how how much they are exercising and at the same time what we do is we set we set our customers weekly challenges to say look if you can move a little bit more than last week we are going to to reward you for that and we see that you know almost half of our customers are achieving this weekly goal every week and it's really a fantastic level of engagement that normally is an insurer uh we don't see the way the rewards work is is pretty simple it's similar in a way to an airline program so every good choice you make every activity you do every piece of good food that you eat when you check your on your health situation we'll give you points and the more points you get you go through through a sort of status approach of starting off at the bottom status and ending up at a gold and then a platinum status and the the higher up you get in the status that the higher the value of the rewards that we give you so almost a quarter of our customers now and this is accelerated through provide they've reached that platinum status so they are the most engaged customers that we we have and those ones who are really engaging in the in the program and what we really try to create is this sort of virtuous circle that says if you live well you make good choices you improve your health you you progress through the program and we give you better and stronger and more uh valuable rewards for for doing that and some of those rewards are are around health and wellness so it might be that you get you get a discount on on gym gear from adidas it might be that you get a discount on a uh on a device from garmin or it might be actually on other things so we also give people amazon vouchers we also give people uh discounts on holidays and another thing that we we did actually in the last year which we found really powerful is that we've given the opportunity for our customers to convert those rewards into charitable donations because we we work in generality with a with a sort of um campaign called the human safety net which is helping out the poorest people in society and some what our customers do a lot of the time is instead of taking those financial rewards for themselves they convert it into a charitable donation so we're actually also thinking wellness and feeling good and insurance and some societal good so we're really trying to create a virtuous circle of uh of engagement with our customers i mean that's a powerful cocktail i love it you got the the data because if i see the data then i can change my behavior you got the gamification piece you actually have you know hard dollar rewards you could give those to charities and and you've got the the most important which is priceless can't put a value on good health i got one more question for simon and niels i'd love you to chime in as well on this question how did you guys decide simon to engage with accenture and aws and the cloud to build out this platform what's the story behind that collaboration was there unique value that you saw that that you wanted to tap that you feel like they bring to the table what was your experience yeah look i mean we worked at accenture as well because the the the sort of construct of this vitality proposition is a pretty a pretty complex one so you mentioned that the idea is simple but the the build is not so uh is not so simple and that that's the case so accenture's been part of that journey uh from the beginning they're one of the partners that we work with but specifically around the topic of rewards uh you know we're we're a primarily european focused organization but when you take those countries that i mentioned even though we're next to each other geographically we're quite diverse and what we wanted to create was really a sustainable and reusable and consistent customer experience that allowed us to go and get to market with an increasing amount of efficiency and and to do that we needed to work with somebody who understood our business has this historical let's say investment in in the vitality concept so so knows how to bring it to life but that what then could really support us in making uh what can be a complex piece of work as simple and as as replicable as possible across multiple markets because we don't want to go reinventing the wheel every time we do we move to a new market so we need to find a balance between having a consistent product a consistent technology offer a consistent customer experience with the fact that we we operate in quite diverse markets so this was let's say the the reason for more deeply engaging with accenture on this journey thank you very much niels why don't you comment on on that as well i'd love to to get your thoughts and and really really it's kind of your role here i mean accenture global si deep expertise in industry but also technology what are your thoughts on this topic yeah i'd love to love to comment so when we started the journey it was pretty clear from the outset that we would need to build this on cloud in order to get this scalability and this ability to roll out to different markets have a central solution that can act as a template for the different markets but then also have the opportunity to localize different languages different partners for the rewards there's different reward partners in the different markets so we needed to build in an asset basically that could work as a tempos centrally standardizing things but also leaving enough flexibility to to then localize in the individual markets and if we talk about some of the more specific requirements so one one thing that gave us headaches in the beginning was the authentication of the users because each of the markets has their own systems of record where the basically the authentication needs to happen and we somehow needed to still find a holistic solution that comes through the central platform and we were able to do that at the end through the aws cognito service sort of wrapping the individual markets uh local idp systems and by now we've even extended that solution to have a standalone cloud native kind of idp solution in place for markets that do not have a local idp solution in place or don't want to use it for for this purpose yeah so you had you had data you have you had the integration you've got local laws you mentioned the flexibility you're building ecosystems that are unique to the to the local uh both language and and cultures uh please you had another comment i interrupted you yeah i know i just wanted to expand basically on the on the requirements so that was the central one being able to roll this out in a standardized way across the markets but then there were further requirements for example like being able to operate that platform with very low operations overhead there is no large i.t team behind generally vitality that you know works to serve us or can can act as this itis backbone support so we needed to have basically a solution that runs itself that runs on autopilot and that was another big big driver for first of all going to cloud but second of all making specific choices within cloud so we specifically chose to build this as a cloud native solution using for example manage database services you know with automatic backup with automatic ability to restore data that scales automatically that you know has all this built in which usually maybe a database administrator would take care of and we applied that concept basically to every component to everything we looked at we we applied this requirement of how can this run on autopilot how can we make this as much managed by itself within the cloud as possible and then land it on these services and for example we also used the the api gateway from from aws for our api services that also came in handy when for example we had some response time issues with the third party we needed to call and then we could just with a flick of a button basically introduce caching on the level of the api gateway and really improve the user experience because the data you know wasn't updated so much so it was easier to cache so these are all experiences i think that that proved in the end that we made the right choices here and the requirements that that drove that to to have a good user experience niels would you say that the architecture is is a sort of a data architecture specifically is it a decentralized data architecture with sort of federated you know centralized governance or is it more of a centralized view what if you could talk about that yeah it's it's actually a centralized platform basically so the core product is the same for all the markets and we run them as different tenants basically on top of that infrastructure so the data is separated in a way obviously by the different tenants but it's in a central place and we can analyze it in a central fashion if if the need arises from from the business and the reason i ask that simon is because essentially i look at this as a as largely a data offering for your customers and so niels you were talking about the local language and simon as well i would imagine that that the local business lines have specific requirements and specific data requirements and so you've got to build an architecture that is flexible enough to meet those needs yet at the same time can ensure data quality and governance and security that's not a trivial challenge i wonder if you both could comment on that yeah maybe maybe i'll give a start and then simon can chime in so um what we're specifically doing is managing the rewards experience right so so our solution will take care of tracking what rewards have been earned for what customer what rewards have been redeemed what rewards can be unlocked on the next level and we we foreshadow a little bit to to motivate to incentivize the customer and as that data sits in an aws database in a tenant by tenant fashion and you can run analysis on top of that maybe what you're getting into is also the let's say the exercise data the fitness device tracking data that is not specifically part of what my team has built but i'm sure simon can comment a little bit on that angle as well yeah please yeah sure sure yeah sure so look i think them the topic of data and how we use it uh in our business is a very is very interesting one because it's um it's not historically being seen let's say as the remit of insurers to go beyond the you know the the data that you need to underwrite policies or process claims or whatever it might be but actually we see that this is a whole point around being able to create some shared value in in this kind of product and and what i mean by that is uh look if you are a customer and you're buying an insurance policy it might be a life insurance or health insurance policy from from generali and we are giving you access to this uh to this program and through that program you are living a healthier life and that might have a you know a positive impact on generali in terms of you know maybe we're going to increase our market share or maybe we're going to lower claims or we're going to generate value out of that then one of the points of this program is that we then share that value back with customers through the rewards on the platform that we that we've built here and of course being able to understand that data and to quantify it and to value that data is an important part of the of the the different stages of how you of how much value you are creating and it's also interesting to know that you know in a couple of our markets we we operate in the corporate space so not with retail customers but with with organizations and one of the reasons that those companies give vitality to their employees is that they want to see things like the improved health of a workforce they want to see higher presenteeism lower absenteeism of employees and of course being able to demonstrate that there's a sort of correlation between participation in the vitality program and things like that is also is also important and as we've said the markets are very different so we need to be able to to take the data uh that we have out of the vitality program uh and be able in in the company that that i'm managing to to interpret that data so that in our insurance businesses we are able to make good decisions about the kind of insurance products we i think what's interesting to uh to make clear is that actually that the kind of health data that we generate stays purely within the vitality business itself and what we do inside the vitality business is to analyze that data and say okay is this is this also helping our insurance businesses to to drive uh yeah you know better top line and bottom line in the in the relevant business lines and this is different per company and per mark so yeah being able to interrogate that data understand it apply it in different markets and different uh distribution systems and different kinds of approaches to insurance is an is an important one yes it's an excellent example of a digital business in in you know we talk about digital transformation what does that mean this is what it means i i'd love i mean it must be really interesting board discussions because you're transforming an industry you're lowering overall cost i mean if people are getting less sick that's more profit for your company and you can choose to invest that in new products you can give back some to your corporate clients you can play that balancing act you can gain market share and and you've got some knobs to turn some levers uh for your stakeholders which is which is awesome neil something that i'm interested in i mean it must have been really important for you to figure out how to determine and measure success i mean you're obviously removed it's up it's up to generality vitality to get adoption for for their customers but at the same time the efficacy of your solution is going to determine you know the ease of of of delivery and consumption so so how did you map to the specific goals what were some of the key kpis in terms of mapping to their you know aggressive goals besides the things we already touched on i think one thing i would mention is the timeline right so we we started the team ramping in january or february and then within six months basically we had the solution built and then we went through a extensive test phase and within the next six months we had the product rolled out to three markets so this speed to value speed to market that we were able to achieve i think is one of the key um key criteria that also simon and team gave to us right there was a timeline and that timeline was not going to move so we needed to make a plan adjust to that timeline and i think it's both a testament to to the team's work that they did that we made this timeline but it also is enabled by technologies like cloud i have to say if i go back five years ten years if if you had to build in a solution like this on a corporate data center across so many different markets and each managed locally there would have been no way to do this in 12 months right that's for sure yeah i mean simon you're a technology company i mean insurance has always been a tech heavy company but but as niels just mentioned if you had to do that with it departments in each region so my question is is now you've got this it's almost like non-recurring engineering costs you've got that it took one year to actually get the first one done how fast are you able to launch into new markets just from a technology perspective not withstanding any you know local regulations and figuring out to go to market is that compressed yeah so if you are specifically technology-wise i think we would be able to set up a new market including localizations that often involves translation of because in europe you have all the different languages and so on at i would say four to six weeks we probably could stand up a localized solution in reality it takes more like six to nine months to get it rolled out because there's many other things involved obviously but just our piece of the solution we can pretty quickly localize it to a new market but but simon that means that you can spend time on those other factors you don't have to really worry so much about the technology and so you've launched in multiple european markets what do you see for the future of this program come to america you know you can fight you can find that this program in america dave but with one of our competitors we're not we're not operating so much in uh but you can find it if you want to become a customer for sure but yes you're right so look i think from from our perspective uh you know to put this kind of business into a new market it's not it's not an easy thing because what we're doing is not offering it just as a as a service on a standalone basis to customers we want to link it with with insurance business in the end we are an insurance business and we want to to see the value that comes from that so there's you know there's a lot of effort that has to go into making sure that we land it in the right way also from a customer publishing point of view with our distribution and they are they are quite different so so yeah look coming to the question of what's next i mean it comes in three stages for me so as i mentioned we are uh in five markets already uh in next in the first half of 2022 we'll also come to to the czech republic and poland uh which we're excited to to do and that will that will basically mean that we we have this business in in the seven main uh general markets in europe related to life and health business which is the most natural uh let's say fit for something like vitality then you know the next the sort of second part of that is to say okay look we have a program that's very heavily focused around uh activity and rewards and that that's a good place to start but you know wellness these days is not just about you know can you move a bit more than you did historically it's also about mental well-being it's about sleeping good it's about mindfulness it's about being able to have a more holistic approach to well-being and and covert has taught us and customer feedback has taught us actually that this is something where we need to to go and here we need to have the technology to move there as well so to be able to work with partners that are not just based on on on physical activity but also also on mindfulness so this is how one other way we'll develop the proposition and i think the third one which is more strategic and and we are you know really looking into is there's clearly something in the whole uh perception of incentives and rewards which drives a level of engagement between an insurer like generali and its customers that it hasn't had historically so i think we need to learn you know forget you know forgetting about the specific one of vitality being a wellness program but if there's an insurer there's a role for us to play where we offer incentives to customers to do something in a specific way and reward them for doing that and it creates value for us as an insurer then then this is probably you know a place we want to investigate more and to be able to do that in in other areas means we need to have the technology available that is as i said before replicable faster market can adapt quickly to to other ideas that we have so we can go and test those in in different markets so yes we have to we have to complete our scope on vitality we have to get that to scale and be able to manage all of this data at scale all of those rewards at real scale and uh to have the technology that allows us to do that without without thinking about it too much and then to say okay how do we widen the proposition and how do we take the concept of vitality that sits behind vitality to see if we can apply it to other areas of our business and that's really what the future is is going to look like for us you know the the isolation era really taught us that if you're not a digital business you're out of business and pre-kov a lot of these stories were kind of buried uh but the companies that have invested in digital are now thriving and this is an awesome example jeff another point is that jeff amebacher one of the founders of cloudera early facebook employee famously said about 10 12 years ago the best and greatest engineering minds of our my generation are trying to figure out how to get people to click on ads and this is a wonderful example of how to use data to change people's lives so guys congratulations best of luck really awesome example of applying technology to create an important societal outcome really appreciate you your time on the cube thank you thanks bye-bye all right and thanks for watching this segment of thecube's presentation of the aws executive summit at reinvent 2021 made possible by accenture keep it right there for more deep dives [Music] you

(upbeat music) >> Welcome back to theCUBE's presentation of the AWS Executive Summit at re:Invent 2021 made possible by Accenture. My name is Dave Vellante. We're going to look at how digital infrastructure is helping to transform consumer experiences, specifically how an insurance company is changing its industry by incentivizing and rewarding consumers who changed their behavior to live healthier lives, a real passion of mine, and getting to the really root cause of health. With me now are Simon Guest, who's the Chief Executive Officer of Generali Vitality, GmbH, and Nils Muller-Sheffer, who's the Managing Director at the Cloud First Application Engineering Lead for the European market at Accenture. Gentlemen, welcome to theCUBE. >> Thanks for having us. >> You're very welcome Simon. Simon, Generali Vitality is a really interesting concept that you guys have envisioned and now put it into practice. Tell us how does it all work? >> Sure. No problem. And thanks for having us on David, pleasure to be here. So look, Generali Vitality is in its core a pretty simple concept. It's a program that you have on your phone. And the idea of this program is that it's a wellness coach for you as an individual, and it's going to help you to understand your health and where you are in terms of the state of your health at the moment, and it's going to take you on a journey to improve your lifestyle and your wellness, and hopefully help you to live a healthier and a more sort of mindful life, I guess, is the best way of summarizing it. From our point of view as an insurance company, of course, our historical role has always been to be the company that's there if something goes wrong. So if unfortunately you pass away or you have sickness in your life or your family's life, that's historically been our role. But what we see with Generali Vitality is something a little bit different. So it's a program that really is supposed to be with you every day of your life to help you to live a healthier life. It's something that we already have in for European markets and in fact, in five from this week, I'm a little bit behind the times. So we're live already in Germany, in France, in Austria, in Italy and in Spain. And fundamentally what we do Dave, is to say to customers, "Look, if you want to understand your health, if you want to improve it by moving a little bit more, or by visiting the doctor more, by eating healthier, by healthy choices on a daily basis, we're going to help you to do that. And we're going to incentivize you for going on this journey and making healthy choices. And we're going to reward you for doing the same." So, we partner up with great companies like Garmin, like Adidas, like big brands that are, let's say, invested in this health and wellness space so that we can produce really an ecosystem for customers that's all about live well, make good choices, be healthy, have an insurance company that partners you along that journey. And if you do that, we've going to reward you for that. So, we're here not just in a difficult times, which of course is one of our main roles, but we're here as a partner, as a lifetime partner to you to help you feel better and live a better life. >> I love it, I mean, it sounds so simple, but I'm sure it's very complicated to make the technology simple for the user. You've got mobile involved, you've got the back end and we're going to get into some of the tech, but first I want to understand the member engagement and some of the lifestyle changes Simon that you've analyzed. What's the feedback that you're getting from your customers? What does the data tell you? How do the incentives work as well? What is the incentive for the member to actually do the right thing? >> Sure, I think actually that the COVID situation that we've had in the last sort of two years is really crystallized the fact that this is something that we really ought to be doing and something that our customers really value. Just to give you a bit of a sort of information about how it works for our customers. So what we try to do with them, is to get customers to understand their current health situation, using their phone. So, we asked our customers to go through a sort of health assessments around how they live, what they eat, how they sleep, and to go through that sort of process and to give them all the Vitality age, which is a sort of actuarial comparison with their real age. So I'm 45, but unfortunately my Vitality age is 49 and it means I have some work to do to bring that back together. And what we see is that, two thirds of our customers take this test every year because they want to see how they are progressing on an annual basis in terms of living a healthier life. And if what they are doing is having an impact on their life expectancy and their lifespan and their health span. So how long are they going to live healthier for? So you see them really engaging in this approach of understanding that current situation. Then what we know actually, because the program is built around this model that's really activity and moving, and exercise is the biggest contributors to living a healthier life. We know that the majority of deaths are caused by lifestyle illnesses like poor nutrition and smoking and drinking alcohol and not exercising. And so a lot of the program is really built around getting people to move more. And it's not about being an athlete. It's about, getting off the underground one station earlier and walking home or making sure you do your 10,000 steps a day. And what we see is that that sort of 40% of our customers are on a regularly basis linking either their phone or their exercise device to our program and downloading that data so that they can see how much they are exercising. And at the same time, what we do is we set our customers weekly challenges to say, look, if you can move a little bit more than last week, we are go into to reward you for that. And we see that almost half of our customers are achieving this weekly goal every week. And it's really a level of engagement that normally as an insurer, we don't see. The way that rewards work is pretty simple. It's similar in a way to an airline program. So every good choice you make every activity to every piece of good food that you eat. When you check your on your health situation, we'll give you points. And the more points you get, you go through through a sort of status approach of starting off at the bottom status and ending up at a golden and a platinum status. And the higher up you get in the status, the higher the value of the rewards that we give you. So almost a quarter of our customers now, and this has accelerated through COVID have reached that platinum status. So they are the most engaged customers that we have and those ones who are really engaging in the program. And what we really tried to create is this sort of virtuous circle that says If you live well, you make good choices, you improve your health, you progress through the program and we give you better and stronger and more valuable rewards for doing that. And some of those rewards are around health and wellness. So it might be that you get a discounts on gym gear from Adidas, it might be that you get a discount on a device from Garmin, or it might be actually on other things. We also give people Amazon vouchers. We also give people discounts on holidays. And another thing that we did actually in the last year, which we found really powerful is that we've given the opportunity for our customers to convert those rewards into charitable donations. Because we work in generosity with a sort of campaign called The Human Safety Net, which is helping out the poorest people in society. And so what our customers do a lot of the time is instead of taking those financial rewards for themselves, they convert it into a charitable donation. So we're actually also linking wellness and feeling good and insurance and some societal goods. So we're really trying to create a virtuous circle of engagement with our customers. >> That's a powerful cocktail. I love it. You've got the data, because if I see the data, then I can change my behavior. You've got the gamification piece. You actually have hard dollar rewards. You could give those to charities and you've got the most important, which is priceless, you can't put a value on good health. I got one more question for Simon and Nils I'd love for you to chime in as well on this question. How did you guys decide, Simon, to engage with Accenture and AWS and the cloud to build out this platform? What's the story behind that collaboration? Was there unique value that you saw that you wanted to tap, that you feel like they bring to the table? What was your experience? >> Yeah, we work with Accenture as well because the sort of constructs of this Vitality proposition is a pretty complex one. So you mentioned that the idea is simple, but the build is not so simple and that's the case. So Accenture has been part of that journey from the beginning. They are one of the partners that we work with, but specifically around the topic of rewards, we're primarily European focused organization, but when you take those countries that I mentioned, even though we're next to each other geographically, we're quite diverse. And what we wanted to create was really a sustainable and reusable and consistent customer experience that allowed us to go get to market with an increasing amounts of efficiency. And to do that, we needed to work with somebody who understood our business, has this historical, let's say investment in the Vitality concepts and so knows how to bring it to life, but then could really support us in making what can be a complex piece of work, as simple, as replicable as possible across multiple markets, because we don't want to go reinventing the wheel every time we knew we moved to a new market. So we need to find a balance between having a consistent product, a consistent technology offer, a consistent customer experience with the fact that we operate in quite diverse markets. So this was, let's say the reason for more deeply engaging with Accenture on this journey. >> Thank you very much, Nils, why don't you comment on that as well? I'd love to get your thoughts and really is kind of your role here, an Accenture global SI, deep expertise in industry, but also technology, what are your thoughts on this topic? >> Yeah, I'd love to love to comment. So when we started the journey, it was pretty clear from the outset that we would need to build this on cloud in order to get this scalability and this ability to roll out to different markets, have a central solution that can act as a template for the different markets, but then also have the opportunity to localize different languages, different partners for the rewards, there's different reward partners in the different markets. So we needed to build an asset basically that could work as a template, centrally standardizing things, but also leaving enough flexibility to then localize in the individual markets. And if we talk about some of the most specific requirements, so one thing that gave us headaches in the beginning was the authentication of the users because each of the markets has their own systems of record where the, basically the authentication needs to happen. And if we somehow needed to still find a holistic solution that comes through the central platform, and we were able to do that at the end through the AWS cognitive service, sort of wrapping the individual markets, local IDP systems. And by now we've even extended that solution to have a standalone cloud native kind of IDP solution in place for markets that do not have a local IDP solution in place, or don't want to use it for this purpose. >> So you had data, you had the integration, you've got local laws, you mentioned the flexibility, you're building ecosystems that are unique to the local, both language and cultures. Please, you had another comment, I interrupted you. >> No, I just wanted to expand basically on the requirements. So that was the central one being able to roll this out in a standardized way across the markets, but then there were further requirements. For example, like being able to operate the platform with very low operations overhead. There is no large IT team behind Generali Vitality that, works disservice or can act as this backbone support. So we needed to have basically a solution that runs itself that runs on autopilot. And that was another big, big driver for first of all, going to cloud, but second of all, making specific choices within cloud. So we specifically chose to build this as a cloud native solution using for example, managed database services, with automatic backup, with automatic ability to restore data that scales automatically that has all this built in which usually maybe in a database administrator would take care of. And we applied that concept basically to every component, to everything we looked at, we applied this requirement of how can this run on autopilot? How can we make this as much managed by itself within the cloud as possible, and then lend it on these services. For example, we also use the API gateway from AWS for our API services that also came in handy when, for example, we had some response time issues with the third party we needed to call. And then we could just with a flick of a button basically, introduced caching on the level of the API gateway and really improve the user experience because the data wasn't updated so much, so it was easier to cache. So these are all experiences I think that that proved in the end that we made the right choices here and the requirements that drove that to have a good user experience. >> Would you say that the architecture is a sort of a, data architecture specifically, is it a decentralized data architecture with sort of federated, centralized governance? Or is it more of a centralized view, wonder if you could talk about that? >> Yeah, it's actually a centralized platform basically. So the core product is the same for all the markets and we run them as different tenants basically on top of the infrastructure. So the data is separated in a way, obviously by the different tenants, but it's in a central place and we can analyze it in a central fashion if the need arises from the business. >> And the reason I asked that Simon is because essentially I look at this as largely a data offering for your customers. And so Nils, you were talking about the local language and Simon as well. I would imagine that the local business lines have specific requirements and specific data requirements. And so you've got to build an architecture that is flexible enough to meet those needs yet at the same time can ensure data quality and governance and security. And that's not a trivial challenge. I wonder if you both could comment on that. >> Yeah, maybe I'll give a start and then Simon can chime in. So what we're specifically doing is managing the rewards experience, so our solution will take care of tracking what rewards have been earned for what customer, what rewards have been redeemed, what rewards can be unlocked on the next level, and we foreshadow a little bit to motivate incentivize the customer and asset that data sits in an AWS database by tenant fashion. And you can run analysis on top of that. Maybe what you're getting into is also the, let's say the exercise data, the fitness device tracking data that is not specifically part of what my team has built, but I'm sure Simon can comment a little bit on that angle as well. >> Yeah, please. >> Yeah, sure. I think the topic of data and how we use it in our business is a very interesting one because it's not historically been seen, let's say as the remit of insurance to go beyond the data that you need to underwrite policies or process claims or whatever it might be. But actually we see that this is a whole point around being able to create some shared value in this kind of products. And what I mean by that is, if you are a customer and you're buying an insurance policy, it might be a life insurance or health insurance policy from Generali, and we're not giving you access to this program. And through that program, you are living a healthier life and that might have a positive impact on generosity in terms of, maybe we're going to increase our market share, or maybe we are going through lower claims, or we're going to generate value of that then. One of the points of this program is we then share that value back with customers, through the rewards on the platform that we've built here. And of course, being able to understand that data and to quantify it and to value that data is an important part of the different stages of how much value you are creating. And it's also interesting to know that, in a couple of our markets, we operate in the corporate space. So not with retail customers, but with organizations. And one of the reasons that those companies give Vitality to their employees is that they want to see things like the improved health of a workforce. They want to see higher presenteeism, lower absenteeism of employees, and of course, being able to demonstrate that there's a sort of correlation between participation in the Vitality program and things like that is also important. And as we've said, the markets are very different. So we need to be able to take the data that we have out of the Vitality Program and be able in the company that I'm managing to interpret that data so that in our insurance businesses, we are able to make good decisions about kind of insurance product we have. I think what's interesting to make clear is that actually that the kind of health data that we generate states purely within the Vitality business itself and what we do inside the Vitality business is to analyze that data and say, is this also helping our insurance businesses to drive better top line and bottom line in the relevant business lines? And this is different per company. Being able to interrogate that data, understand it, apply it in different markets, in different distribution systems and different kinds of approaches to insurance is an important one, yes. >> It's an excellent example of a digital business and we talked about digital transformation. What does that mean? This is what it means. It must be really interesting board discussions because you're transforming an industry, you're lowering overall costs. I mean, if people are getting less sick, that's more profit for your company and you can choose to invest that in new products, you can give back some to your corporate clients, you can play that balancing act, you can gain market share. And you've got some knobs to turn, some levers, for your stakeholders, which is awesome. Nils, something that I'm interested in, it must've been really important for you to figure out how to determine and measure success. Obviously it's up to Generali Vitality to get adoption for their customers, but at the same time, the efficacy of your solution is going to determine, the ease of delivery and consumption. So, how did you map to the specific goals? What were some of the key KPIs in terms of mapping to their aggressive goals. >> Besides the things we already touched on, I think one thing I would mention is the timeline. So, we started the team ramping in January, February, and then within six months basically, we had the solution built and then we went through a extensive test phase. And within the next six months we had the product rolled out to three markets. So this speed to value, speed to market that we were able to achieve, I think is one of the key criteria that also Simon and team gave to us. There was a timeline and that time I was not going to move. So we needed to make a plan, adjust to that timeline. And I think it's both a testament to the team's work that we met this timeline, but it also is enabled by a technology stack cloud. I have to say, if I go back five years, 10 years, if you had to build in a solution like this on a corporate data center across so many different markets and each managed locally, there would've been no way to do this in 12 months, that's for sure. >> Yeah, Simon, you're a technology company. I mean, insurance has always been a tech heavy company, but as Nils just mentioned, if you had to do that with IT departments in each region. So my question is now you've got this, it's almost like nonrecurring engineering costs, it took one year to actually get the first one done, how fast are you able to launch into new markets just from a technology perspective, not withstanding local regulations and figuring out the go to market? Is that compressed? >> So you asked specifically technology-wise I think we would be able to set up a new market, including localizations that often involves translation of, because in Europe you have all the different languages and so on, I would say four to six weeks, we probably could stand up a localized solution. In reality, it takes more like six to nine months to get it rolled out because there's many other things involved, obviously, but just our piece of the solution, we can pretty quickly localize it to a new market. >> But Simon, that means that you can spend time on those other factors, you don't have to really worry so much about the technology. And so you've launched in multiple European markets, what do you see for the future of this program? Come to America. >> You can find that this program in America Dave, but with one of our competitors, we're not operating so much in the US, but you can find it if you want to become a customer for sure. But yes, you're right. I think from our perspective, to put this kind of business into a new market is not an easy thing because what we're doing is not offering it just as a service on a standalone basis to customers, we want to link it with insurance business. In the end, we are an insurance business, and we want to see the value that comes from that. So there's a lot of effort that has to go into making sure that we land it in the right way, also from a customer proposition points of view with our distribution, they are all quite different. Coming to the question of what's next? It comes in three stages for me. So as I mentioned, we are in five markets already. In the first half of 2022, we'll also come to the Czech Republic and Poland, which we're excited to do. And that will basically mean that we have this business in the seven main Generali markets in Europe related to life and health business, which is the most natural at let's say fit for something like Vitality. Then, the sort of second part of that is to say, we have a program that is very heavily focused around activity and rewards, and that's a good place to start, but, wellness these days is not just about, can you move a bit more than you did historically, it's also about mental wellbeing, it's about sleeping good, it's about mindfulness, it's about being able to have a more holistic approach to wellbeing and COVID has taught us, and customer feedback has taught is actually that this is something where we need to go. And here we need to have the technology to move there as well. So to be able to work with partners that are not just based on physical activity, but also on mindfulness. So this is how one other way we will develop the proposition. And I think the third one, which is more strategic and we are really looking into is, there's clearly something in the whole perception of incentives and rewards, which drives a level of engagement between an insurer like Generali and its customers that it hasn't had historically. So I think we need to learn, forgetting about the specific one or Vitality being a wellness program, but if there's an insurer, there's a role for us to play where we offer incentives to customers to do something in a specific way and reward them for doing that. And it creates value for us as an insurer, then this is probably a place that we'd want to investigate more. And to be able to do that in other areas means we need to have the technology available, that is, as I said before, replicable faster market can adapt quickly to other ideas that we have, so we can go and test those in different markets. So yes, we have to, we have to complete our scope on Vitality, We have to get that to scale and be able to manage all of this data at scale, all of those rewards that real scale, and to have the technology that allows us to do that without thinking about it too much. And then to say, okay, how do we widen the proposition? And how do we take the concept that sits behind Vitality to see if we can apply it to other areas of our business. And that's really what the future is going to look like for us. >> The isolation era really taught us that if you're not a digital business, you're out of business, and pre COVID, a lot of these stories were kind of buried, but the companies that have invested in digital are now thriving. And this is an awesome example, and another point is that Jeff Hammerbacher, one of the founders of Cloudera, early Facebook employee, famously said about 10, 12 years ago, "The best and greatest engineering minds of my generation are trying to figure out how to get people to click on ads." And this is a wonderful example of how to use data to change people's lives. So guys, congratulations, best of luck, really awesome example of applying technology to create an important societal outcome. Really appreciate your time on theCUBE. Thank you. >> Bye-bye. >> All right, and thanks for watching this segment of theCUBE's presentation of the AWS Executive Summit at re:Invent 2021 made possible by Accenture. Keep it right there for more deep dives. (upbeat music)

>>Hey, everyone. I want to welcome you back. This is our intermission. And let me tell you what a morning we've had for those of you that don't know. I'm, Hayma Ganapati, I'm in product marketing at Docker. And I would just want to quote, actually someone who was in one of the chat rooms and this, I think encapsulates exactly how I feel today, because this is my first Docker con and the quote was from. And he said, I feel like a kid in an ice cream store where I don't know which flavor to choose. I want to go to all of the sessions and I got to tell you that's how I felt. And, you know, um, I want to just do some specific call-ups. Um, first of all, Dana way to keep it real in your interview. I love the cube interview. If you miss that, um, it was really great. >>She talks a lot about, uh, CI CD pipeline and you know, what to do with GoodHub. It was great. Um, I also want to say that I was, uh, slipping back and forth between the community rooms and way to go Brazil obrigado until all of the people who participate in the Brazil room, we had about 250 plus people in that room. And the, the chat window was just going crazy and in the French community room, Vive left hall. So if you've a uncle funny, uh, we had about 150 plus people in that room. So I just want to say that, you know, we've been seeing a lot of participation and I just want to thank everyone for attending and for participating on people have been so kind in the chat rooms, we just want to remind you to stay kind, you know, presenters put a lot of effort into their presentations, so just, you know, offer some positive and supportive critique to them. >>And the other thing I want to mention is all of the countries that we're seeing, all of the participation. So I'm just going to call out a few. We have people from the Netherlands, from Canada, from South Africa, Akron, Ohio, Belgium, Austria, yeah, Ecuador, New Zealand. And he cut up Westchester. Like, I mean, it just goes list goes on and on and on. And I think this really speaks to the power of Docker community. And it's a real testimony to how people from all over the world are in love with Docker technology and are excited to be here. And so I just wanted to thank everyone again and want to remind you that we want to leverage the power of community. And we have a fundraising campaign going on to help, uh, people who are affected by COVID. And you know, some of our big communities, especially in India and Brazil are, have been really affected by COVID. >>So we're asking you to contribute and we'd really like you to participate. Um, we have, uh, the, the link you can see here, Docker donates, you can tweet about it and would love to see the numbers go up for those donations, because, you know, I've personally been affected, had some family members pass away from COVID in India, and I'm sure other people may have stories that firsthand or secondhand. So please do that and let's show what the power of Docker community can do. And before I hand over to, to Peter, I'm just going to read out some of the tweets we've been getting, okay, this Brett and Peter, these are great. Uh, one of the, one of the tweets said dev environments is one of the most exciting features in the past few years. Super excited to try this out. Great, great, great tweet. Yeah. >>I agree to, um, another loving the content that was not your tweets. You can, you can slip me the 20 bucks later. Um, there's another tweet that says loving the content from hashtag Docker con so far fascinating use cases and interesting progress and future directions love that. And then there's another one I'm trying to find it here. Uh, I've been waiting for this so long Docker builds now work on Intel and M one. So keep those tweets coming. We love getting this kind of feedback and we love reading the chat room. So, um, Peter, you know, I attended your, your panel and I love that we were talking about a security and that moving, moving it left. So how did that go for you? >>Uh, it was, it was, uh, it was extremely fun. And for those that are, uh, I think my parents might be watching, so they probably watched it and were like, w this is the most boring thing I've ever seen, but, um, you know, you get a bunch of geeks and, uh, Brett has told me I should use geek instead of nerd, but I, I liked, uh, geek. So you get a bunch of geeks talking about security and coding and, um, what, what, what containers actually are, what vulnerabilities are. Yeah, it was, it was extremely fun. The panel was fantastic. They were very engaging the chat. I mean, I couldn't keep up with the chat. Right. It would just kept flying by, uh, luckily I had a helper to pull off questions, but, um, yeah, it's super exciting. You can, I know we're all remote, but you can just feel that energy, right. It was, it was great. It was great. Yeah. Yeah, for sure. It's super >>Connected. I felt that with your panel to Brett as well, sorry to talk over you there, but yeah. How did, how did it go for you? I, there was a lot of engagement in your session. >>Uh, ditto, like it was just, uh, there was so many questions. We only got to get a fraction of them. I tried to pick themes because, uh, when you talk about continuous testing and integration and all the things that take a part of that, um, you, you end up with lots of, well, what I like is the discussion around opinions, because so much of these pipelines from code on your machine, into production and everything in between, it's really, uh, it's a culture. It turns out to be the description of your culture and how you all perceive testing, how you, what you value in testing. And so that really started to come out as a theme, um, throughout that show. And we, we ran at a time. I was also watching Peters and it was fantastic, but like you think an hour is enough time to cover a topic, but it's just tipping tip of the iceberg kind of stuff. So I think it was super helpful. I learned some things, um, I really enjoyed watching Peters and, uh, yeah, can't wait for the next one. There's >>More than that. And likewise, great. I mean, I know, I know we're w maybe we pat chose it, but it, it was, it was super exciting to watch your panel. They were very Nikos, one of my favorite people in the world, uh, a fellow Austinite, but, um, yeah, I love that too. How you, uh, you were talking about opinions right. And playing off each other. It's, it's always interesting to hear smart people, uh, how they think, right. Yeah. I learned from how they think, right. Yeah. A hundred percent. >>So, all right. So we're, we're, um, what's next? Like, we, we gotta keep this thing going, so I've got to remember that. >>I want to, so I want to talk a bit about some of the panels that are, or the sessions that are coming up and just want to remind people that happened this afternoon. I'm all about use cases. You know, I was a developer for many decades, and it's great to hear how other developers are using the tools. But, uh, as a developer, I always wanted to know how are, what are the end user applications? And so we have two exciting sessions at 1:00 PM. We have sneak and red ventures, and they're going to be talking about how they used Docker containers. The title of the, uh, uh, session is great. An ounce of prevention, curing, insecure, container images. So check that out. And we also have another one at one 30 with Massimo, from AWS and Dexter Legaspi from Sirius XM. And they're going to be talking about a real world application using Docker containers. So I really want you to, to encourage you to attend those. >>Yeah. Um, can I say one really quick? Cause I'm Sue and a shout out to Eric Smalling. He's giving the red ventures talk with our partners. He's awesome. Go check out his, uh, but I'm really excited about Matt. Jarvis's sneak talk around. Uh, I think we might've talked about it earlier. My container image has 500 vulnerabilities vulnerabilities now what, right. I mean, I think as developers, as we're coming into this and dev ops and everybody right. You scan and then you see all these vulnerabilities just shoot by. And you're like, well, what do I do? So Matt, Matt will be addressing that. And he is fantastic. I can go on. There's a bunch of them. >>Yeah. There's a whole bunch of coming up and right up after this, I'm on a live stream with a bunch of panels on get ops. And then after that, Peter will be back. And so stay tuned and thanks for watching during the intermission. And we'll see you soon. >>I'm also leading the women in tech panel attend that. Don't forget to do that. >>Absolutely. Yep. All right. Ciao. Ciao >>For me like my first, oh, I get it about Docker was when I used a SQL server container on my neck book for the first time >>Being able to install Docker desktop, which was the first thing that I did and be able to build this without worrying about any of my software versions that I currently had on my machine. It was >>Awesome. One of the things, because I love the most about Docker is because I write books and I do video training courses to help a lot of people take their first steps with Docker and containers and to get a connection with those people and for them to come back to me and say, do you know what this is so cool, so easy, and it's going to change both my job. And, but also my organization, my team, all of that kind of stuff, change the experience that our customers have with our applications and what our business really puts a smile on my face. If >>You want to use containers, then Docker is the first toys, especially with tools like the mark Docker, compose, you can, uh, easily do your day-to-day job as a developer, or even if you're an ops person, then there are the books of the cloud and other things. So yeah, the idea is that we can go the simplicity one simple task, uh, to, uh, Daugherty mate and make that reuse as many times. Uh, that is one of the cool things I like about my >>Favorite part about Docker is using it as a developer tool. I using Docker desktop, really easy to install, really easy to run. >>Every time I come back to DACA, I love the simplicity of the way that it works, especially on things like security, which I find frustrating and hard. It's just done so seamlessly. And so my favorite thing about DACA is not just that it changed the world in the way that we develop in and ship and build applications and put that. It's just so easy that even the guy, like, I think >>It really is all about finding that aha moment, that hook where Docker really makes sense to you because once you have that moment, then all of a sudden, you, you know, you are on your way to being a Docker power user. >>We need for people to understand this technology better before they can, uh, actually dive deep into that. And Docker makes it easier to explain things, to explain the concept of containers, to explain how containers will work, how you can split your environments, how you can, uh, standardize all your pipelines and so on. It's important that we also take the time to help other people. And I think it's very important that we also give back and that's part of the motto of open sources. How do we give back to other people and how we help other people learn? And I think that's what I'm really passionate about. This whole thing is continuing, uh, giving back to the community. I just >>Hope and has fun at Docker con. And I know that there's a lot of great speakers coming and I will be watching the talks, even though they're happening at 3:00 AM and in my local time zone, um, I'm pretty excited to watch and, uh, hopefully watch more than later on streaming or YouTube or wherever they're going to be. So I hope everyone has fun and learn something and yeah, I don't see how you couldn't have fun.

>> Hi everyone, my name is Michael Swan and I'm the global director of business development for HPE Financial Services, and I'm really excited to have the opportunity to speak with you today. In this session, I will provide you with an overview of how we help our customers create investment capacity to help fuel their cloud in digital transformation initiatives. I will then share with you three customer use cases to talk about the types of solutions that we've implemented to help our customers move their businesses forward. Now, it wasn't that long ago that businesses were prioritizing their 2020 digital transformation projects. And executives were telling us that they thought 2020 was going to be a year where they were going to see a significant ramp in their spending on digital transformation projects. Businesses were already starting to plan to make investments in cloud and security and AI and machine learning to help improve their customer experience, help to advance employee productivity, and help them to get an overall better competitive edge. Then of course, we were all hit by the COVID-19 pandemic. And in response to the pandemic, businesses have had to think really hard about how do they enable workforce productivity when they have nearly all of their employee base working from home. They've also had to think about some of the challenges around ensuring connectivity, security, and maintaining a very high degree of customer support and customer experience. And the economic impact of COVID put a lot of pressure on companies to maintain their cash positions and preserve capital. Now Gartner's forecasted that IT spending will increase to about $3.7 trillion in 2021, which is up about a little more than 4% from last year. And investment in cloud-based IT infrastructure in particular is expected to surge to more than 27% this year. So what all this is telling us is that customers are ready to move beyond the pandemic. They're thinking about how can I take my company to the next level? Where are the investments that I need to be making to advance and grow? Now to advance and grow requires investment capacity. Investment capacity is really the lifeblood of any business, and without that, you can't invest in your digital transformation, and you can't invest in the long-term future of your business. So this is where HPE Financial Services can help. We're working with businesses to help create the investment capacity that they need to move their business ahead. And we're doing this in three ways. Firstly, we're creating financial vitality. In the last two years alone, we've injected more than $640 million back into our customers' budgets to help fuel their investments. And we provide a range of investment solutions that help our customers to increase their ability to invest and do so in a way that actually results in better financial outcomes. Secondly, we're able to manage any tech, anytime, anywhere. We are recognized by both IDC and Gartner as a global leader in asset lifecycle supporting the circular economy. And in the last two years alone, we've taken in more than eight million assets into our technology renewal centers with more than 90% of those assets being designated for reuse before recycle. And thirdly, we are your CIFO. With nearly 30 years of IT Asset economic experience in our DNA, we work with you to understand where you want to go, what you need, and to help you put an investment strategy in place to help you get there. Let's now look at some of the solutions that we are delivering to our customers. Now, many of our customers seek to defer or reduce the expense of investing in IT in order to preserve their capital, or to try to do more with their available budgets. So we offer a range of Payment Deferral programs which enable our customers to delay the upfront costs of modernizing their IT. And in response to COVID, in 2020 we introduced the Payment Relief Program which enables customers to keep those critical IT projects moving forward while deferring more than 90% of the cost into the next calendar year. We're also helping customers to create investment capacity by generating cash from assets. And we're doing this based on the value of equipment that they already own. With our Accelerated Migration offer, we're converting existing, client-owned IT into an incremental source of capital, while enabling them to continue to use that equipment for its remaining useful life. And with our Tech Buyback program, we're managing the disposition of older legacy equipment returning value back to our customers and helping them to contribute to their sustainability initiatives. Now in each of our IT investment solutions, we aim to help our customers match their payments with the use of the technology. Our Extended Deployment solution is a phased deployment program that allows our customers to acquire the critical technology that they need today upfront. But we allow them time to get the equipment stood up in place, configured and tested, up and running before they actually have to begin making any payments for that equipment. And then lastly, we help enterprises relieve capacity strain or delivery delays that might be caused by supply chain disruptions or limitations in their capital budget, ar perhaps they're just simply looking to maintain existing legacy systems that are running critical business applications. And we do this by sourcing HPE certified pre-owned equipment that can be used to help maintain existing legacy systems. Now, all of the pre-owned equipment that we make available is available with a warranty, and is also eligible for HPE support services. Now, with that, as an overview, I'd like to transition to a brief video, which highlights how we help customers create investment capacity. (bright music) HPE and HPE Financial Services are meeting customer demands across the IT life cycle, while also contributing to the circular economy. And we're doing this in three ways. First HPE designs solutions and sources components with the aim to maximize reuse before recycle, and to minimize environmental impacts. Second, HPE's GreenLake Cloud services helps customers to acquire and consume only the capacity that they need for the period of time that they need to use it, and have the flexibility to refresh technology in an environmentally friendly way. We are committed to taking back 100% of all technology that is deployed within the HPE GreenLake Services contract. And last, HPE has industry leading experience and capabilities to renew IT assets, keeping them in the circular economy longer, and thus minimizing waste. We are committed to helping each one of our customers contribute to the circular economy, and this is one of the more important reasons why customers choose to partner with HPE. So let's now look at three customer use cases to help explain how we have helped customers create the investment capacity that they needed to move their business ahead. This first example involves an agricultural company based in Turkey. Their objective was to prevent COVID from disrupting their operations. They needed to ensure that they could preserve cash while at the same time, they wanted to continue to move ahead with a critical IT modernization project. They sought creative approaches to do more with their IT budget and to keep the project moving on track. HPE Financial Services made it possible for MAY Tohum to continue modernizing their IT estate while deferring the cost of the project into the following fiscal year, by utilizing our Payment Relief program. As a result, the infrastructure transformation project went forward, they were able to preserve their cash position and most importantly, MAY was able to continue to bring its innovative seed products to market without any disruption. The next customer example involved a large bank in New Zealand. Now, it might come as a surprise to you to think about a bank seeking additional investment capacity. Well banks understand well the importance of maximizing the return on their capital, and they also need to comply with regulations requiring certain capital funding commitments. Therefore banks as a whole comprise one of our largest set of customers. Now this bank in particular sought to transform the management of IT for their business to an as-a-service model. They sought additional investment capacity, and they wanted a single approach to managing their IT infrastructure. HPE Financial Services helped the bank to generate cash from their existing assets and transition them into the new GreenLake Services contract. This solution helped ensure not only that the ongoing business operations would not be disrupted, but it also provided an additional source of capital to help fund the project, and it helped to accelerate their move to an as-a-service model. And the last example I would like to share with you involves a hospital based in Austria. Now like most healthcare facilities around the world, this hospital's operations were severely impacted by COVID in the increased demand for their services. They experienced IT system constraints that were created by increased patient workloads, and sought immediate access to additional computing power to ensure they could continue to deliver critical care to their patients. HPE Financial Services sourced 14 Gen9 C7000 Blades, pre-owned equipment to match the existing systems that they already had in place. And this enabled the hospital to ensure that they could provide uninterrupted operations and critical care to their patients. HPE Financial Services also works closely with partners, whether they be IT solution providers, system integrators, or channel partners to help them create investment capacity for their customers. So now I'd like to share a brief video with a few stories from some of our partners. >> We had a client who needed to roll out a more robust identity and access management solution to support their efforts of enabling their remote workforce. The project wasn't budgeted, but quickly moved to the top of the priority list. And we were able to structure a deal that allowed them to acquire the technology they needed in the timeframe required, while deferring payments over an extended period. >> I think what's really important for the HPE at Tech Data structure shift, it allows us to offer an enterprise class solution as a true partnership, addressing some of their requirements and needs of the enterprise market plus. >> Obviously the customer was very pleased, we were very happy, and it was a way for us to get much closer to that customer, become their trusted advisor, and set us up for the future where we can continue to add value to that customer with HPE. >> Now we do believe that Hewlett-Packard Enterprise has a very strong and competitive offering to our customers when it comes to especially asset upcycling services, and also offering certified pre-owned products on the Nordic market. >> We leveraged HPEFS to acquire millions of dollars of hardware to stock up our data center to provide instant on-demand for a virtual desktop environment for remote users for several of our manufacturing and financial clients. (light music) >> As a recap, HPE provides the solutions and services to accelerate your business transformation. With HPE GreenLake, you can deploy any workload as-a-service and achieve cloud-like speed, agility, in the as-a-service model, wherever your apps and your data reside today, whether that be in a co-location facility, or within your own data center. With HPE Pointnext Services, you gain access to more than 15,000 experts, and an ecosystem of partners to help you at every stage of your digital transformation journey. And HPE Financial Services helps you create investment capacity to drive your digital transformation initiatives. We help you overcome financial barriers to your transformation, we help you unlock the value of your entire IT estate, and we are your business and technology partner. Maintaining flexibility and creating financial capacity are key to achieving your digital transformation objectives. I encourage you to reach out to HPE Financial Services to discuss your IT investment strategy and explore ways that we can help you achieve your desired business outcomes. Included here are a few QR codes where you can learn more or even view a virtual tour of one of our technology renewal centers. Thank you again for joining me in this session. I wish you a great rest of the day, and I hope you keep well, bye.

>>from around the globe. It's the Cube with coverage of Yukon and Cloud. Native Con North America 2020 Virtual brought to you by Red Hat The Cloud, Native Computing Foundation and Ecosystem Partners. Hello, everyone. And welcome back to the cubes Ongoing coverage of Cuba con North America. Joe Fernandez is here. He's with Stephanie, Cheras and Joe's, the V, P and GM for core cloud platforms. That red hat and Stephanie is this s VP and GM of the Red Hat Enterprise. Lennox bu. Two great friends of the Cube. Awesome seeing you guys. How you doing? >>It's great to be here, Dave. Yeah, thanks >>for the opportunity. >>Hey, so we all talked, you know, recently, uh, answerable fest Seems like a while ago, but But we talked about what's new? Red hat really coming at it from an automation perspective. But I wonder if we could take a view from open shift and what's new from the standpoint of you really focus on helping customers, you know, change their operations and operationalize. And Stephanie, Maybe you could start, and then, you know, Joe, you could bring in some added color. >>No, that's great. And I think you know one of the things we try and do it. Red hat clearly building off of open source. We have been focused on this open hybrid cloud strategy for, you know, really years. Now the beauty of it is that hybrid cloud and open hybrid cloud continues to evolve right with bringing in things like speed and stability and scale and now adding in other footprints, like manage services as well as edge and pulling that all together across the whole red hat portfolio from the platforms, right? Certainly with Lennox and roll into open shift in the platform with open shift and then adding automation, which certainly you need for scale. But it's ah, it's continues to evolve as the as the definition of open hybrid cloud evolves. >>Great. So thank you, Stephanie jokes. You guys got hard news here that you could maybe talk about 46? >>Yeah. Eso eso open shift is our enterprise kubernetes platform. With this announcement, we announced the release of open ship 4.6 Eso eso We're doing releases every quarter tracking the upstream kubernetes release cycle. So this brings communities 1.19, which is, um but itself brings a number of new innovations, some specific things to call out. We have this new automated installer for open shift on bare metal, and that's definitely a trend that we're seeing is more customers not only looking at containers but looking at running containers directly on bare metal environments. Open shift provides an abstraction, you know, which combines Cuban. And he's, uh, on top of Lennox with RL. I really across all environments, from bare metal to virtualization platforms to the various public clouds and out to the edge. But we're seeing a lot of interest in bare metal. This is basically increasing the really three automation to install seamlessly and manage upgrades in those environments. We're also seeing a number of other enhancements open shifts service mesh, which is our SDO based solution for managing, uh, the interactions between micro services being able to manage traffic against those services. Being able to do tracing. We have a new release of that on open shift Ford out six on then, um, some work specific to the public cloud that we started extending into the government clouds. So we already supported AWS and Azure. With this release, we added support for the A W s government cloud as well. Azaz Acela's Microsoft Azure government on dso again This is really important to like our public sector customers who are looking to move to the public cloud leveraging open shift as an abstraction but wanted thio support it on the specialized clouds that they need to use with azure gonna meet us Cup. >>So, joke, we stay there for a minute. So so bare metal talking performance there because, you know, you know what? You really want to run fast, right? So that's the attractiveness there. And then the point about SDO in the open, open shift service measure that makes things simpler. Maybe talk a little bit about sort of business impact and what customers should expect to get out of >>these two things. So So let me take them one at a time, right? So so running on bare metal certainly performances a consideration. You know, I think a lot of fixed today are still running containers, and Cuban is on top of some form of virtualization. Either a platform like this fear or open stack, or maybe VMS in the in one of the public clouds. But, you know containers don't depend on a virtualization layer. Containers only depend on Lennox and Lennox runs great on bare metal. So as we see customers moving more towards performance and Leighton see sensitive workloads, they want to get that Barry mental performance on running open shift on bare metal and their containerized applications on that, uh, platform certainly gives them that advantage. Others just want to reduce the cost right. They want to reduce their VM sprawl, the infrastructure and operational cost of managing avert layer beneath their careers clusters. And that's another benefit. So we see a lot of uptake in open shift on bare metal on the service match side. This is really about You know how we see applications evolving, right? Uh, customers are moving more towards these distributed architectures, taking, you know, formally monolithic or enter applications and splitting them out into ah, lots of different services. The challenge there becomes. Then how do you manage all those connections? Right, Because something that was a single stack is now comprised of tens or hundreds of services on DSO. You wanna be able to manage traffic to those services, so if the service goes down, you can redirect that those requests thio to an alternative or fail over service. Also tracing. If you're looking at performance issues, you need to know where in your architecture, er you're having those degradations and so forth. And, you know, those are some of the challenges that people can sort of overcome or get help with by using service mash, which is powered by SDO. >>And then I'm sorry, Stephanie ever get to in a minute. But which is 11 follow up on that Joe is so the rial differentiation between what you bring in what I can just if I'm in a mono cloud, for instance is you're gonna you're gonna bring this across clouds. I'm gonna You're gonna bring it on, Prem And we're gonna talk about the edge in in a minute. Is that right? From a differentiation standpoint, >>Yeah, that That's one of the key >>differentiations. You know, Read has been talking about the hybrid cloud for a long time. We've we've been articulating are open hybrid cloud strategy, Andi, >>even if that's >>not a strategy that you may be thinking about, it is ultimately where folks end up right, because all of our enterprise customers still have applications running in the data center. But they're also all starting to move applications out to the public cloud. As they expand their usage of public cloud, you start seeing them adopted multi cloud strategies because they don't want to put all their eggs in one basket. And then for certain classes of applications, they need to move those applications closer to the data. And and so you start to see EJ becoming part of that hybrid cloud picture on DSO. What we do is basically provide a consistency across all those environments, right? We want run great on Amazon, but also great on Azure on Google on bare metal in the data center during medal out at the edge on top of your favorite virtualization platform. And yeah, that that consistency to take a set of applications and run them the same way across all those environments. That is just one of the key benefits of going with red hat as your provider for open hybrid cloud solutions. >>All right, thank you. Stephanie would come back to you here, so I mean, we talk about rail a lot because your business unit that you manage, but we're starting to see red hats edge strategy unfolded. Kind of real is really the linchpin I wanna You could talk about how you're thinking about the edge and and particularly interested in how you're handling scale and why you feel like you're in a good position toe handle that massive scale on the requirements of the edge and versus hey, we need a new OS for the edge. >>Yeah, I think. And Joe did a great job of said and up it does come back to our view around this open hybrid cloud story has always been about consistency. It's about that language that you speak, no matter where you want to run your applications in between rela on on my side and Joe with open shift and and of course, you know we run the same Lennox underneath. So real core os is part of open shift that consistently see leads to a lot of flexibility, whether it's through a broad ecosystem or it's across footprints. And so now is we have been talking with customers about how they want to move their applications closer to data, you know, further out and away from their data center. So some of it is about distributing your data center, getting that compute closer to the data or closer to your customers. It drives, drives some different requirements right around. How you do updates, how you do over the air updates. And so we have been working in typical red hat fashion, right? We've been looking at what's being done in the upstream. So in the fedora upstream community, there is a lot of working that has been done in what's called the I. O. T Special Interest group. They have been really investigating what the requirements are for this use case and edge. So now we're really pleased in, um, in our most recent release of really aid relate 00.3. We have put in some key capabilities that we're seeing being driven by these edge use cases. So things like How do you do quick image generation? And that's important because, as you distribute, want that consistency created tailored image, be able to deploy that in a consistent way, allow that to address scale, meet security requirements that you may have also right updates become very important when you start to spread this out. So we put in things in order to allow remote device mirroring so that you can put code into production and then you can schedule it on those remote devices toe happen with the minimal disruption. Things like things like we all know now, right with all this virtual stuff, we often run into things like not ideal bandwidth and sometimes intermittent connectivity with all of those devices out there. So we put in, um, capabilities around, being able to use something called rpm Austria, Um, in order to be able to deliver efficient over the air updates. And then, of course, you got to do intelligent rollbacks for per chance that something goes wrong. How do you come back to a previous state? So it's all about being able to deploy at scale in a distributed way, be ready for that use case and have some predictability and consistency. And again, that's what we build our platforms for. It's all about predictability and consistency, and that gives you flexibility to add your innovation on top. >>I'm glad you mentioned intelligent rollbacks I learned a long time ago. You always ask the question. What happens when something goes wrong? You learn a lot from the answer to that, but You know, we talk a lot about cloud native. Sounds like you're adapting well to become edge native. >>Yeah. I mean, I mean, we're finding whether it's inthe e verticals, right in the very specific use cases or whether it's in sort of an enterprise edge use case. Having consistency brings a ton of flexibility. It was funny, one of our talking with a customer not too long ago. And they said, you know, agility is the new version of efficiency. So it's that having that sort of language be spoken everywhere from your core data center all the way out to the edge that allows you a lot of flexibility going forward. >>So what if you could talk? I mentioned just mentioned Cloud Native. I mean, I think people sometimes just underestimate the effort. It takes tow, make all this stuff run in all the different clouds the engineering efforts required. And I'm wondering what kind of engineering you do with if any with the cloud providers and and, of course, the balance of the ecosystem. But But maybe you could describe that a little bit. >>Yeah, so? So Red Hat works closely with all the major cloud providers you know, whether that's Amazon, Azure, Google or IBM Cloud. Obviously, Andi, we're you know, we're very keen on sort of making sure that we're providing the best environment to run enterprise applications across all those environments, whether you're running it directly just with Lennox on Ralph or whether you're running it in a containerized environment with Open Chef, which which includes route eso eso, our partnership includes work we do upstream, for example. You know, Red Hat help. Google launched the Cuban community, and I've been, you know, with Google. You know, we've been the top two contributors driving that product that project since inception, um, but then also extends into sort of our hosted services. So we run a jointly developed and jointly managed service called the Azure Red Hat Open Shift Service. Together with Microsoft were our joint customers can get access to open shift in an azure environment as a native azure service, meaning it's, you know, it's fully integrated, just like any other. As your service you can tied into as you're building and so forth. It's sold by by Azure Microsoft's sales reps. Um, but you know, we get the benefit of working together with our Microsoft counterparts and developing that service in managing that service and then in supporting our joint customers. We over the summer announced sort of a similar partnership with Amazon and we'll be launching are already doing pilots on the Amazon Red Hat Open ship service, which is which is, you know, the same concept now applied to the AWS cloud. So that will be coming out g a later this year, right? But again, whether it's working upstream or whether it's, you know, partnering on managed services. I know Stephanie team also do a lot of work with Microsoft, for example, on sequel server on Lenox dot net on Lenox. Whoever thought be running that applications on Linux. But that's, you know, a couple of years old now, a few years old, So eso again. It's been a great partnership, not just with Microsoft, but with all the cloud providers. >>So I think you just shared a little little He showed a little leg there, Joe, what's what's coming g A. Later this year. I want to circle back to >>that. Yeah, eso we way announced a preview earlier this year of of the Amazon Red Hat Open ships service. It's not generally available yet. We're you know, we're taking customers. We want toe, sort of be early access, get access to pilots and then that'll be generally available later this year. Although Red Hat does manage our own service Open ship dedicated that's available on AWS today. But that's a service that's, you know, solely, uh, operated by Red Hat. This new service will be jointly operated by Red Hat and Amazon together Idea. That would be sort of a service that we are delivering together as partners >>as a managed service and and okay, so that's in beta now. I presume if it's gonna be g a little, it's >>like, Yeah, that's yeah, >>that's probably running on bare metal. I would imagine that >>one is running >>on E. C. Two. That's running an A W C C T V exactly, and >>run again. You know, all of our all of >>our I mean, we you know, that open shift does offer bare metal cloud, and we do you know, we do have customers who can take the open shift software and deploy it there right now are managed. Offering is running on top of the C two and on top of Azure VM. But again, this is this is appealing to customers who, you know, like what we bring in terms of an enterprise kubernetes platform, but don't wanna, you know, operated themselves, right? So it's a fully managed service. You just come and build and deploy your APS, and then we manage all of the infrastructure and all the underlying platform for you >>that's going to explode. My prediction. Um, let's take an example of heart example of security. And I'm interested in how you guys ensure a consistent, you know, security experience across all these locations on Prem Cloud. Multiple clouds, the edge. Maybe you could talk about that. And Stephanie, I'm sure you have a perspective on this is Well, from the standpoint of of Ralph. So who wants to start? >>Yeah, Maybe I could start from the bottom and then I'll pass it over to Joe to talk a bit. I think one of these aspects about security it's clearly top of mind of all customers. Um, it does start with the very bottom and base selection in your OS. We continue to drive SC Lennox capabilities into rural to provide that foundational layer. And then as we run real core OS and open shift, we bring over that s C Lennox capability as well. Um, but, you know, there's a whole lot of ways to tackle this we've done. We've done a lot around our policies around, um see ve updates, etcetera around rail to make sure that we are continuing to provide on DCA mitt too. Mitigating all critical and importance, providing better transparency toe how we assess those CVS. So security is certainly top of mind for us. And then as we move forward, right there's also and joke and talk about the security work we do is also capabilities to do that in container ization. But you know, we we work. We work all the way from the base to doing things like these images in these easy to build images, which are tailored so you can make them smaller, less surface area for security. Security is one of those things. That's a lifestyle, right? You gotta look at it from all the way the base in the operating system, with things like sc Lennox toe how you build your images, which now we've added new capabilities. There And then, of course, in containers. There's, um there's a whole focus in the open shift area around container container security, >>Joe. Anything you want to add to that? >>Yeah, sure. I >>mean, I think, you know, obviously, Lennox is the foundation for, you know, for all public clouds. It's it's driving enterprise applications in the data center, part of keeping those applications. Security is keeping them up to date And, you know, through, you know, through real, we provide, you know, securing up to date foundation as a Stephanie mentioned as you move into open shift, you're also been able to take advantage of, uh, Thio to take advantage of essentially mutability. Right? So now the application that you're deploying isn't immutable unit that you build once as a container image, and then you deploy that out all your various environments. When you have to do an update, you don't go and update all those environments. You build a new image that includes those updates, and then you deploy those images out rolling fashion and, as you mentioned that you could go back if there's issues. So the idea, the notion of immutable application deployments has a lot to do with security, and it's enabled by containers. And then, obviously you have cured Panetti's and, you know, and all the rest of our capabilities as part of open Shift managing that for you. We've extended that concept to the entire platform. So Stephanie mentioned, real core West Open shift has always run on real. What we have done in open shift for is we've taken an immutable version of Ralph. So it's the same red hat enterprise Lennox that we've had for years. But now, in this latest version relate, we have a new way to package and deploy it as a relic or OS image, and then that becomes part of the platform. So when customers want toe in addition to keeping their applications up to date, they need to keep their platform up to dates. Need to keep, you know, up with the latest kubernetes patches up with the latest Lennox packages. What we're doing is delivering that as one platform, so when you get updates for open shift, they could include updates for kubernetes. They could include updates for Lennox itself as well as all the integrated services and again, all of this is just you know this is how you keep your applications secure. Is making sure your you know, taking care of that hygiene of, you know, managing your vulnerabilities, keeping everything patched in up to date and ultimately ensuring security for your application and users. >>I know I'm going a little bit over, but I have I have one question that I wanna ask you guys and a broad question about maybe a trends you see in the business. I mean, you look at what we talk a lot about cloud native, and you look at kubernetes and the interest in kubernetes off the charts. It's an area that has a lot of spending momentum. People are putting resource is behind it. But you know, really, to build these sort of modern applications, it's considered state of the art on. Do you see a lot of people trying to really bring that modern approach toe any cloud we've been talking about? EJ. You wanna bring it also on Prem And people generally associate this notion of cloud native with this kind of elite developers, right? But you're bringing it to the masses and there's 20 million plus software developers out there, and most you know, with all due respect that you know they may not be the the the elites of the elite. So how are you seeing this evolve in terms of re Skilling people to be able, handle and take advantage of all this? You know, cool new stuff that's coming out. >>Yeah, I can start, you know, open shift. Our focus from the beginning has been bringing kubernetes to the enterprise. So we think of open shift as the dominant enterprise kubernetes platform enterprises come in all shapes and sizes and and skill sets. As you mentioned, they have unique requirements in terms of how they need toe run stuff in their data center and then also bring that to production, whether it's in the data center across the public clouds eso So part of it is, you know, making sure that the technology meets the requirements and then part of it is working. The people process and and culture thio make them help them understand what it means to sort of take advantage of container ization and cloud native platforms and communities. Of course, this is nothing new to red hat, right? This is what we did 20 years ago when we first brought Lennox to the Enterprise with well, right on. In essence, Carozza is basically distributed. Lennox right Kubernetes builds on Lennox and brings it out to your cluster to your distributed systems on across the hybrid cloud. So So nothing new for Red Hat. But a lot of the same challenges apply to this new cloud native world. >>Awesome. Stephanie, we'll give you the last word, >>all right? And I think just a touch on what Joe talked about it. And Joe and I worked really closely on this, right? The ability to run containers right is someone launches down this because it is magical. What could be done with deploying applications? Using a container technology, we built the capabilities and the tools directly into rural in order to be able to build and deploy, leveraging things like pod man directly into rural. And that's exactly so, folks. Everyone who has a real subscription today can start on their container journey, start to build and deploy that, and then we work to help those skills then be transferrable as you movinto open shift in kubernetes and orchestration. So, you know, we work very closely to make sure that the skills building can be done directly on rail and then transfer into open shift. Because, as Joe said, at the end of the day, it's just a different way to deploy. Lennox, >>You guys are doing some good work. Keep it up. And thanks so much for coming back in. The Cube is great to talk to you today. >>Good to see you, Dave. >>Yes, Thank you. >>All right. Thank you for watching everybody. The cubes coverage of Cuba con en a continues right after this.

>>from around the globe. It's the Q with digital coverage of exa scale day made possible by Hewlett Packard Enterprise. Welcome, everyone to the Cube celebration of Exa Scale Day. Shaheen Khan is here. He's the founding partner, an analyst at Orion X And, among other things, he is the co host of Radio free HPC Shaheen. Welcome. Thanks for coming on. >>Thanks for being here, Dave. Great to be here. How are you >>doing? Well, thanks. Crazy with doing these things, Cove in remote interviews. I wish we were face to face at us at a supercomputer show, but, hey, this thing is working. We can still have great conversations. And And I love talking to analysts like you because you bring an independent perspective. You're very wide observation space. So So let me, Like many analysts, you probably have sort of a mental model or a market model that you look at. So maybe talk about your your work, how you look at the market, and we could get into some of the mega trends that you see >>very well. Very well. Let me just quickly set the scene. We fundamentally track the megatrends of the Information Age And, of course, because we're in the information age, digital transformation falls out of that. And the megatrends that drive that in our mind is Ayotte, because that's the fountain of data five G. Because that's how it's gonna get communicated ai and HBC because that's how we're gonna make sense of it Blockchain and Cryptocurrencies because that's how it's gonna get transacted on. That's how value is going to get transferred from the place took place and then finally, quantum computing, because that exemplifies how things are gonna get accelerated. >>So let me ask you So I spent a lot of time, but I D. C and I had the pleasure of of the High Performance computing group reported into me. I wasn't an HPC analyst, but over time you listen to those guys, you learning. And as I recall, it was HPC was everywhere, and it sounds like we're still seeing that trend where, whether it was, you know, the Internet itself were certainly big data, you know, coming into play. Uh, you know, defense, obviously. But is your background mawr HPC or so that these other technologies that you're talking about it sounds like it's your high performance computing expert market watcher. And then you see it permeating into all these trends. Is that a fair statement? >>That's a fair statement. I did grow up in HPC. My first job out of school was working for an IBM fellow doing payroll processing in the old days on and and And it went from there, I worked for Cray Research. I worked for floating point systems, so I grew up in HPC. But then, over time, uh, we had experiences outside of HPC. So for a number of years, I had to go do commercial enterprise computing and learn about transaction processing and business intelligence and, you know, data warehousing and things like that, and then e commerce and then Web technology. So over time it's sort of expanded. But HPC is a like a bug. You get it and you can't get rid of because it's just so inspiring. So supercomputing has always been my home, so to say >>well and so the reason I ask is I wanted to touch on a little history of the industry is there was kind of a renaissance in many, many years ago, and you had all these startups you had Kendall Square Research Danny Hillis thinking machines. You had convex trying to make many supercomputers. And it was just this This is, you know, tons of money flowing in and and then, you know, things kind of consolidate a little bit and, uh, things got very, very specialized. And then with the big data craze, you know, we've seen HPC really at the heart of all that. So what's your take on on the ebb and flow of the HPC business and how it's evolved? >>Well, HBC was always trying to make sense of the world, was trying to make sense of nature. And of course, as much as we do know about nature, there's a lot we don't know about nature and problems in nature are you can classify those problems into basically linear and nonlinear problems. The linear ones are easy. They've already been solved. The nonlinear wants. Some of them are easy. Many of them are hard, the nonlinear, hard, chaotic. All of those problems are the ones that you really need to solve. The closer you get. So HBC was basically marching along trying to solve these things. It had a whole process, you know, with the scientific method going way back to Galileo, the experimentation that was part of it. And then between theory, you got to look at the experiment and the data. You kind of theorize things. And then you experimented to prove the theories and then simulation and using the computers to validate some things eventually became a third pillar of off science. On you had theory, experiment and simulation. So all of that was going on until the rest of the world, thanks to digitization, started needing some of those same techniques. Why? Because you've got too much data. Simply, there's too much data to ship to the cloud. There's too much data to, uh, make sense of without math and science. So now enterprise computing problems are starting to look like scientific problems. Enterprise data centers are starting to look like national lab data centers, and there is that sort of a convergence that has been taking place gradually, really over the past 34 decades. And it's starting to look really, really now >>interesting, I want I want to ask you about. I was like to talk to analysts about, you know, competition. The competitive landscape is the competition in HPC. Is it between vendors or countries? >>Well, this is a very interesting thing you're saying, because our other thesis is that we are moving a little bit beyond geopolitics to techno politics. And there are now, uh, imperatives at the political level that are driving some of these decisions. Obviously, five G is very visible as as as a piece of technology that is now in the middle of political discussions. Covert 19 as you mentioned itself, is a challenge that is a global challenge that needs to be solved at that level. Ai, who has access to how much data and what sort of algorithms. And it turns out as we all know that for a I, you need a lot more data than you thought. You do so suddenly. Data superiority is more important perhaps than even. It can lead to information superiority. So, yeah, that's really all happening. But the actors, of course, continue to be the vendors that are the embodiment of the algorithms and the data and the systems and infrastructure that feed the applications. So to say >>so let's get into some of these mega trends, and maybe I'll ask you some Colombo questions and weaken geek out a little bit. Let's start with a you know, again, it was one of this when I started the industry. It's all it was a i expert systems. It was all the rage. And then we should have had this long ai winter, even though, you know, the technology never went away. But But there were at least two things that happened. You had all this data on then the cost of computing. You know, declines came down so so rapidly over the years. So now a eyes back, we're seeing all kinds of applications getting infused into virtually every part of our lives. People trying to advertise to us, etcetera. Eso So talk about the intersection of AI and HPC. What are you seeing there? >>Yeah, definitely. Like you said, I has a long history. I mean, you know, it came out of MIT Media Lab and the AI Lab that they had back then and it was really, as you mentioned, all focused on expert systems. It was about logical processing. It was a lot of if then else. And then it morphed into search. How do I search for the right answer, you know, needle in the haystack. But then, at some point, it became computational. Neural nets are not a new idea. I remember you know, we had we had a We had a researcher in our lab who was doing neural networks, you know, years ago. And he was just saying how he was running out of computational power and we couldn't. We were wondering, you know what? What's taking all this difficult, You know, time. And it turns out that it is computational. So when deep neural nets showed up about a decade ago, arm or it finally started working and it was a confluence of a few things. Thalib rhythms were there, the data sets were there, and the technology was there in the form of GPS and accelerators that finally made distractible. So you really could say, as in I do say that a I was kind of languishing for decades before HPC Technologies reignited it. And when you look at deep learning, which is really the only part of a I that has been prominent and has made all this stuff work, it's all HPC. It's all matrix algebra. It's all signal processing algorithms. are computational. The infrastructure is similar to H B. C. The skill set that you need is the skill set of HPC. I see a lot of interest in HBC talent right now in part motivated by a I >>mhm awesome. Thank you on. Then I wanna talk about Blockchain and I can't talk about Blockchain without talking about crypto you've written. You've written about that? I think, you know, obviously supercomputers play a role. I think you had written that 50 of the top crypto supercomputers actually reside in in China A lot of times the vendor community doesn't like to talk about crypto because you know that you know the fraud and everything else. But it's one of the more interesting use cases is actually the primary use case for Blockchain even though Blockchain has so much other potential. But what do you see in Blockchain? The potential of that technology And maybe we can work in a little crypto talk as well. >>Yeah, I think 11 simple way to think of Blockchain is in terms off so called permission and permission less the permission block chains or when everybody kind of knows everybody and you don't really get to participate without people knowing who you are and as a result, have some basis to trust your behavior and your transactions. So things are a lot calmer. It's a lot easier. You don't really need all the supercomputing activity. Whereas for AI the assertion was that intelligence is computer herbal. And with some of these exa scale technologies, we're trying to, you know, we're getting to that point for permission. Less Blockchain. The assertion is that trust is computer ble and, it turns out for trust to be computer ble. It's really computational intensive because you want to provide an incentive based such that good actors are rewarded and back actors. Bad actors are punished, and it is worth their while to actually put all their effort towards good behavior. And that's really what you see, embodied in like a Bitcoin system where the chain has been safe over the many years. It's been no attacks, no breeches. Now people have lost money because they forgot the password or some other. You know, custody of the accounts have not been trustable, but the chain itself has managed to produce that, So that's an example of computational intensity yielding trust. So that suddenly becomes really interesting intelligence trust. What else is computer ble that we could do if we if we had enough power? >>Well, that's really interesting the way you described it, essentially the the confluence of crypto graphics software engineering and, uh, game theory, Really? Where the bad actors air Incentive Thio mined Bitcoin versus rip people off because it's because because there are lives better eso eso so that so So Okay, so make it make the connection. I mean, you sort of did. But But I want to better understand the connection between, you know, supercomputing and HPC and Blockchain. We know we get a crypto for sure, like in mind a Bitcoin which gets harder and harder and harder. Um and you mentioned there's other things that we can potentially compute on trust. Like what? What else? What do you thinking there? >>Well, I think that, you know, the next big thing that we are really seeing is in communication. And it turns out, as I was saying earlier, that these highly computational intensive algorithms and models show up in all sorts of places like, you know, in five g communication, there's something called the memo multi and multi out and to optimally manage that traffic such that you know exactly what beam it's going to and worth Antenna is coming from that turns out to be a non trivial, you know, partial differential equation. So next thing you know, you've got HPC in there as and he didn't expect it because there's so much data to be sent, you really have to do some data reduction and data processing almost at the point of inception, if not at the point of aggregation. So that has led to edge computing and edge data centers. And that, too, is now. People want some level of computational capability at that place like you're building a microcontroller, which traditionally would just be a, you know, small, low power, low cost thing. And people want victor instructions. There. People want matrix algebra there because it makes sense to process the data before you have to ship it. So HPCs cropping up really everywhere. And then finally, when you're trying to accelerate things that obviously GP use have been a great example of that mixed signal technologies air coming to do analog and digital at the same time, quantum technologies coming so you could do the you know, the usual analysts to buy to where you have analog, digital, classical quantum and then see which, you know, with what lies where all of that is coming. And all of that is essentially resting on HBC. >>That's interesting. I didn't realize that HBC had that position in five G with multi and multi out. That's great example and then I o t. I want to ask you about that because there's a lot of discussion about real time influencing AI influencing at the edge on you're seeing sort of new computing architectures, potentially emerging, uh, video. The acquisition of arm Perhaps, you know, amore efficient way, maybe a lower cost way of doing specialized computing at the edge it, But it sounds like you're envisioning, actually, supercomputing at the edge. Of course, we've talked to Dr Mark Fernandez about space born computers. That's like the ultimate edge you got. You have supercomputers hanging on the ceiling of the International space station, but But how far away are we from this sort of edge? Maybe not. Space is an extreme example, but you think factories and windmills and all kinds of edge examples where supercomputing is is playing a local role. >>Well, I think initially you're going to see it on base stations, Antenna towers, where you're aggregating data from a large number of endpoints and sensors that are gathering the data, maybe do some level of local processing and then ship it to the local antenna because it's no more than 100 m away sort of a thing. But there is enough there that that thing can now do the processing and do some level of learning and decide what data to ship back to the cloud and what data to get rid of and what data to just hold. Or now those edge data centers sitting on top of an antenna. They could have a half a dozen GPS in them. They're pretty powerful things. They could have, you know, one they could have to, but but it could be depending on what you do. A good a good case study. There is like surveillance cameras. You don't really need to ship every image back to the cloud. And if you ever need it, the guy who needs it is gonna be on the scene, not back at the cloud. So there is really no sense in sending it, Not certainly not every frame. So maybe you can do some processing and send an image every five seconds or every 10 seconds, and that way you can have a record of it. But you've reduced your bandwidth by orders of magnitude. So things like that are happening. And toe make sense of all of that is to recognize when things changed. Did somebody come into the scene or is it just you know that you know, they became night, So that's sort of a decision. Cannot be automated and fundamentally what is making it happen? It may not be supercomputing exa scale class, but it's definitely HPCs, definitely numerically oriented technologies. >>Shane, what do you see happening in chip architectures? Because, you see, you know the classical intel they're trying to put as much function on the real estate as possible. We've seen the emergence of alternative processors, particularly, uh, GP use. But even if f b g A s, I mentioned the arm acquisition, so you're seeing these alternative processors really gain momentum and you're seeing data processing units emerge and kind of interesting trends going on there. What do you see? And what's the relationship to HPC? >>Well, I think a few things are going on there. Of course, one is, uh, essentially the end of Moore's law, where you cannot make the cycle time be any faster, so you have to do architectural adjustments. And then if you have a killer app that lends itself to large volume, you can build silicon. That is especially good for that now. Graphics and gaming was an example of that, and people said, Oh my God, I've got all these cores in there. Why can't I use it for computation? So everybody got busy making it 64 bit capable and some grass capability, And then people say, Oh, I know I can use that for a I And you know, now you move it to a I say, Well, I don't really need 64 but maybe I can do it in 32 or 16. So now you do it for that, and then tens, of course, come about. And so there's that sort of a progression of architecture, er trumping, basically cycle time. That's one thing. The second thing is scale out and decentralization and distributed computing. And that means that the inter communication and intra communication among all these notes now becomes an issue big enough issue that maybe it makes sense to go to a DPU. Maybe it makes sense to go do some level of, you know, edge data centers like we were talking about on then. The third thing, really is that in many of these cases you have data streaming. What is really coming from I o t, especially an edge, is that data is streaming and when data streaming suddenly new architectures like F B G. A s become really interesting and and and hold promise. So I do see, I do see FPG's becoming more prominent just for that reason, but then finally got a program all of these things on. That's really a difficulty, because what happens now is that you need to get three different ecosystems together mobile programming, embedded programming and cloud programming. And those are really three different developer types. You can't hire somebody who's good at all three. I mean, maybe you can, but not many. So all of that is challenges that are driving this this this this industry, >>you kind of referred to this distributed network and a lot of people you know, they refer to this. The next generation cloud is this hyper distributed system. When you include the edge and multiple clouds that etcetera space, maybe that's too extreme. But to your point, at least I inferred there's a There's an issue of Leighton. See, there's the speed of light s So what? What? What is the implication then for HBC? Does that mean I have tow Have all the data in one place? Can I move the compute to the data architecturally, What are you seeing there? >>Well, you fundamentally want to optimize when to move data and when to move, Compute. Right. So is it better to move data to compute? Or is it better to bring compute to data and under what conditions? And the dancer is gonna be different for different use cases. It's like, really, is it worth my while to make the trip, get my processing done and then come back? Or should I just developed processing capability right here? Moving data is really expensive and relatively speaking. It has become even more expensive, while the price of everything has dropped down its price has dropped less than than than like processing. So it is now starting to make sense to do a lot of local processing because processing is cheap and moving data is expensive Deep Use an example of that, Uh, you know, we call this in C two processing like, you know, let's not move data. If you don't have to accept that we live in the age of big data, so data is huge and wants to be moved. And that optimization, I think, is part of what you're what you're referring to. >>Yeah, So a couple examples might be autonomous vehicles. You gotta have to make decisions in real time. You can't send data back to the cloud flip side of that is we talk about space borne computers. You're collecting all this data You can at some point. You know, maybe it's a year or two after the lived out its purpose. You ship that data back and a bunch of disk drives or flash drives, and then load it up into some kind of HPC system and then have at it and then you doom or modeling and learn from that data corpus, right? I mean those air, >>right? Exactly. Exactly. Yeah. I mean, you know, driverless vehicles is a great example, because it is obviously coming fast and furious, no pun intended. And also, it dovetails nicely with the smart city, which dovetails nicely with I o. T. Because it is in an urban area. Mostly, you can afford to have a lot of antenna, so you can give it the five g density that you want. And it requires the Layton sees. There's a notion of how about if my fleet could communicate with each other. What if the car in front of me could let me know what it sees, That sort of a thing. So, you know, vehicle fleets is going to be in a non opportunity. All of that can bring all of what we talked about. 21 place. >>Well, that's interesting. Okay, so yeah, the fleets talking to each other. So kind of a Byzantine fault. Tolerance. That problem that you talk about that z kind of cool. I wanna I wanna sort of clothes on quantum. It's hard to get your head around. Sometimes You see the demonstrations of quantum. It's not a one or zero. It could be both. And you go, What? How did come that being so? And And of course, there it's not stable. Uh, looks like it's quite a ways off, but the potential is enormous. It's of course, it's scary because we think all of our, you know, passwords are already, you know, not secure. And every password we know it's gonna get broken. But give us the give us the quantum 101 And let's talk about what the implications. >>All right, very well. So first off, we don't need to worry about our passwords quite yet. That that that's that's still ways off. It is true that analgesic DM came up that showed how quantum computers can fact arise numbers relatively fast and prime factory ization is at the core of a lot of cryptology algorithms. So if you can fact arise, you know, if you get you know, number 21 you say, Well, that's three times seven, and those three, you know, three and seven or prime numbers. Uh, that's an example of a problem that has been solved with quantum computing, but if you have an actual number, would like, you know, 2000 digits in it. That's really harder to do. It's impossible to do for existing computers and even for quantum computers. Ways off, however. So as you mentioned, cubits can be somewhere between zero and one, and you're trying to create cubits Now there are many different ways of building cubits. You can do trapped ions, trapped ion trapped atoms, photons, uh, sometimes with super cool, sometimes not super cool. But fundamentally, you're trying to get these quantum level elements or particles into a superimposed entanglement state. And there are different ways of doing that, which is why quantum computers out there are pursuing a lot of different ways. The whole somebody said it's really nice that quantum computing is simultaneously overhyped and underestimated on. And that is that is true because there's a lot of effort that is like ways off. On the other hand, it is so exciting that you don't want to miss out if it's going to get somewhere. So it is rapidly progressing, and it has now morphed into three different segments. Quantum computing, quantum communication and quantum sensing. Quantum sensing is when you can measure really precise my new things because when you perturb them the quantum effects can allow you to measure them. Quantum communication is working its way, especially in financial services, initially with quantum key distribution, where the key to your cryptography is sent in a quantum way. And the data sent a traditional way that our efforts to do quantum Internet, where you actually have a quantum photon going down the fiber optic lines and Brookhaven National Labs just now demonstrated a couple of weeks ago going pretty much across the, you know, Long Island and, like 87 miles or something. So it's really coming, and and fundamentally, it's going to be brand new algorithms. >>So these examples that you're giving these air all in the lab right there lab projects are actually >>some of them are in the lab projects. Some of them are out there. Of course, even traditional WiFi has benefited from quantum computing or quantum analysis and, you know, algorithms. But some of them are really like quantum key distribution. If you're a bank in New York City, you very well could go to a company and by quantum key distribution services and ship it across the you know, the waters to New Jersey on that is happening right now. Some researchers in China and Austria showed a quantum connection from, like somewhere in China, to Vienna, even as far away as that. When you then put the satellite and the nano satellites and you know, the bent pipe networks that are being talked about out there, that brings another flavor to it. So, yes, some of it is like real. Some of it is still kind of in the last. >>How about I said I would end the quantum? I just e wanna ask you mentioned earlier that sort of the geopolitical battles that are going on, who's who are the ones to watch in the Who? The horses on the track, obviously United States, China, Japan. Still pretty prominent. How is that shaping up in your >>view? Well, without a doubt, it's the US is to lose because it's got the density and the breadth and depth of all the technologies across the board. On the other hand, information age is a new eyes. Their revolution information revolution is is not trivial. And when revolutions happen, unpredictable things happen, so you gotta get it right and and one of the things that these technologies enforce one of these. These revolutions enforce is not just kind of technological and social and governance, but also culture, right? The example I give is that if you're a farmer, it takes you maybe a couple of seasons before you realize that you better get up at the crack of dawn and you better do it in this particular season. You're gonna starve six months later. So you do that to three years in a row. A culture has now been enforced on you because that's how it needs. And then when you go to industrialization, you realize that Gosh, I need these factories. And then, you know I need workers. And then next thing you know, you got 9 to 5 jobs and you didn't have that before. You don't have a command and control system. You had it in military, but not in business. And and some of those cultural shifts take place on and change. So I think the winner is going to be whoever shows the most agility in terms off cultural norms and governance and and and pursuit of actual knowledge and not being distracted by what you think. But what actually happens and Gosh, I think these exa scale technologies can make the difference. >>Shaheen Khan. Great cast. Thank you so much for joining us to celebrate the extra scale day, which is, uh, on 10. 18 on dso. Really? Appreciate your insights. >>Likewise. Thank you so much. >>All right. Thank you for watching. Keep it right there. We'll be back with our next guest right here in the Cube. We're celebrating Exa scale day right back.

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> The steepest drop in the stock market since June 11th flipped the narrative and sent investors scrambling. Tech got hammered after a two-month run, and people are asking questions. Is this a bubble popping, or is it a healthy correction? Are we now going to see a rotation into traditional stocks, like banks and maybe certain cyclicals that have lagged behind the technology winners? Hello, everyone, and welcome to this week's episode of Wikibon's CUBE Insights powered by ETR. In this Breaking Analysis, we want to give you our perspective on what's happening in the technology space and unpack what this sentiment flip means for the balance of 2020 and beyond. Let's look at what happened on September 3rd, 2020. The tech markets recoiled this week as the NASDAQ Composite dropped almost 5% in a single day. Apple's market cap alone lost $178 billion. The Big Four: Apple, Microsoft, Amazon, and Google lost a combined value that approached half a trillion dollars. For context, this number is larger than the gross domestic product for countries as large as Thailand, Iran, Austria, Norway, and even the UAE, and many more. The tech stocks that have been running due to COVID, well, they got crushed. These are the ones that we've highlighted as best positioned to thrive during the pandemic, you know, the work-from-home, SaaS, cloud, security stocks. We really have been talking about names like Zoom, ServiceNow, Salesforce, DocuSign, Splunk, and the security names like CrowdStrike, Okta, Zscaler. By the way, DocuSign and CrowdStrike and Okta all had nice earnings beats, but they still got killed underscoring the sentiment shift. Now the broader tech market was off as well on sympathy, and this trend appears to be continuing into the Labor Day holiday. Now why is this happening, and why now? Well, there are a lot of opinions on this. And first, many, like myself, are relatively happy because this market needed to take a little breather. As we've said before, the stock market, it's really not reflecting the realities of the broader economy. Now as we head into September in an election year, uncertainty kicks in, but it really looks like this pullback was fueled by a combination of an overheated market and technical factors. Specifically, take a look at volatility indices. They were high and rising, yet markets kept rising along with them. Robinhood millennial investors who couldn't bet on sports realized that investing in stocks was as much of a rush and potentially more lucrative. The other big wave, which was first reported by the Financial Times, is that SoftBank made a huge bet on tech and bought options tied to around $50 billion worth of high-flying tech stocks. So the option call volumes skyrocketed. The call versus put ratio was getting way too hot, and we saw an imbalance in the market. Now market makers will often buy an underlying stock to hedge call options to ensure liquidity in these cases. So to be more specific, delta in options is a measure of the change in the price of an option relative to the underlying stock, and gamma is a measure of the volatility of the delta. Now usually, volatility is relatively consistent on both sides of the trade, the calls and the puts, because investors often hedge their bets. But in the case of many of these hot stocks, like Tesla, for example, you've seen the call skew be much greater than the skew in the downside. So let's take an example. If people are buying cheap out of the money calls, a market maker might buy the underlying stock to hedge for liquidity. And then if Elon puts out some good news, which he always does, the stock goes up. Market makers have to then buy more of the underlying stock. And then algos kick in to buy even more. And then the price of the call goes up. And as it approaches it at the money price, this forces market makers to keep buying more of that underlying stock. And then the melt up until it stops. And then the market flips like it did this week. When stock prices begin to drop, then market makers were going to rebalance their portfolios and their risk and sell their underlying stocks, and then the rug gets pulled out from the markets. And that's really why some of the stocks that have run dropped so precipitously. Okay, why did I spend so much time on this, and why am I not freaking out? Because I think these market moves are largely technical versus fundamental. It's not like 1999. We had a double whammy of technical rug pulls combined with poor underlying fundamentals for high-flying companies like CMGI and Internet Capital Group, whose businesses, they were all about placing bets on dot-coms that had no business models other than non-monetizable eyeballs. All right, let's take a look at the NASDAQ and dig into the data a little bit. And I think you'll see what I mean and why I'm not too concerned. This is a year-to-date chart of the NASDAQ, and you can see it bottomed on March 23rd at 6,860. And then ran up until June 11th and had that big drop, but was still elevated at 9,492. And then it ran up to over 12,000 and hit an all-time high. And then you see the big drop. And that trend continued on Friday morning. The NASDAQ Composite traded below 11,000. It actually corrected to 10% of its high, 9.8% to be precise, and then it snapped back. But even at its low, that's still up over 20% for the year. In the year of COVID, would that have surprised you in March? It certainly would have surprised me. So to me, this pullback is sort of a relief. It's good and actually very normal and quite predictable. Now the exact timing of these pullbacks, of course, on the other hand is not entirely predictable. Not at all, frankly, at least for this observer. So the big question is where do we go from here? So let's talk about that a little bit. Now the economy continues to get better. Take a look at the August job report; it was good. 1.4 million new jobs, 340,000 came from the government. That was positive numbers. And the other good news is it translates into a drop in unemployment under 10%. It's now at 8.4%. And this is really good relative to expectations. Now the sell-off continued, which suggested that the market wanted to keep correcting, so that's good. Maybe some buying opportunities would emerge in over the next several months, the market snapped back, but for those who have been waiting, I think that's going to happen. And so that snapback, maybe that's an indicator that the market wants to keep going up, we'll see. But I think there are more opportunities ahead because there's really so much uncertainty. What's going to happen with the next round of the stimulus? The jobs report, maybe that's a catalyst for compromise between the Democrats and the Republicans, maybe. The US debt is projected to exceed 100% of GDP this calendar year. That's the highest it's been since World War II. Does that give you a good feeling? That doesn't give me a good feeling. And when we talk about the election, that brings additional uncertainty. So there's a lot to think about for the markets. Now let's talk about what this means for tech. Well, as we've been projecting for months with our colleagues at ETR, despite what's going on in the stock market and its rise, there's those real tech winners, we still see a contraction in 2020 for IT spend of minus 5 to 8%. And we talk a lot about the bifurcation in the market due to COVID accelerating some of these trends that were already in place, like digital transformation and SaaS and cloud. And then the work-from-home kicks in with other trends like video conferencing and the shift to security spend. And we think this is going to continue for years. However, because these stocks have run up so much, they're going to have very tough compares in 2021. So maybe time for a pause. Now let's take a look at the IT spending macroeconomics. This data is from a series of surveys that ETR conducted to try to better understand spending patterns due to COVID. Those yellow slices of the pies show the percent of customers that indicate that their budgets will be impacted by coronavirus. And you can see there's a steady increase from mid-March, which blend into April, and then you can see the June data. It goes from 63% saying yes, which is very high, to 78%, which is very, very high. And the bottom part of the chart shows the degree of that change. So 22% say no change in the latest survey, but you can see much more of a skew to the red declines on the left versus the green upticks on the right-hand side of the chart. Now take a look at how IT buyers are seeing the response to the pandemic. This chart shows what companies are doing as a result of COVID in another recent ETR survey. Now of course, it's no surprise, everybody's working from home. Nobody's traveling for business, not nobody, but most people aren't, we know that. But look at the increase in hiring freezes and freezing new IT deployments, and the sharp rise in layoffs. So IT is yet again being asked to do more with less. They're used to it. Well, we see this driving an acceleration to automation, and that's going to benefit, for instance, the RPA players, cloud providers, and modern software vendors. And it will also precipitate a tailwind for more aggressive AI implementations. And many other selected names are going to continue to do well, which we'll talk about in a second, but they're in the work-from-home, the cloud, the SaaS, and the modern data sectors. But the problem is those sectors are not large enough to offset the declines in the core businesses of the legacy players who have a much higher market share, so the overall IT spend declines. Now where it gets kind of interesting is the legacy companies, look, they all have growth businesses. They're making acquisitions, they're making other bets. IBM, for example, has its hybrid cloud business in Red Hat, Dell has VMware and it's got work-from-home solutions, Oracle has SaaS and cloud, Cisco has its security business, HPE, it's as a service initiative, and so forth. And again, these businesses are growing faster, but they are not large enough to offset the decline in core on-prem legacy and drive anything more than flat growth, overall, for these companies at best. And by the time they're large enough, we'll be into the next big thing, so the cycle continues. But these legacy companies are going to compete with the upstarts, and that's where it gets interesting. So let's get into some of the specific names that we've been talking about for over a year now and make some comments around their prospects. So what we want to do is let's start with one of our favorites: Snowflake. Now Snowflake, along with Asana, JFrog, Sumo Logic, and Unity, has a highly anticipated upcoming IPO. And this chart shows new adoptions in the database sector. And you can see that Snowflake, while down from the October 19th survey, is far outpacing its competitors, with the exception of Google, where BigQuery is doing very well. But you see Mongo and AWS remain strong, and I'm actually quite encouraged that it looks like Cloudera has righted the ship and you kind of saw that in their earnings recently. But my point is that Snowflake is a share gainer, and we think will likely continue to be one for a number of quarters and years if they can execute and compete with the big cloud players, and that's a topic that we've covered extensively in previous Breaking Analysis segments, and, as you know, we think Snowflake can compete. Now let's look at automation. This is another space that we've been talking about quite a bit, and we've largely focused on two leaders: UiPath and Automation Anywhere. But I have to say, I still like Blue Prism. I think they're well-positioned. And I especially like Pegasystems, which has, for years, been embarking on a broader automation agenda. What this chart shows is net score or spending velocity data for those customers who said they were decreasing spend in 2020. Those red bars that we showed earlier are the ones who are decreasing. And you can see both Automation Anywhere and UiPath show elevated levels within that base where spending is declining, so that's a real positive. Now Microsoft, as we've reported, is elbowing its way into the market with what is currently an inferior point product, but, you know, it's Microsoft, so we can't ignore that. And finally, let's have a look at the all-important security sector, which we've covered extensively and put out a report recently. So what this next chart does is cherry-picks of a few of our favorite names, and it shows the net score or spending momentum and the granularity for some of the leaders and emerging players. All of these players are in the green, as you can see in the upper right, and they all have decent presence in the dataset as indicated by the shared NS. Okta is at the top of the list with 58% net score. Palo Alto, they're a more mature player, but still, they have an elevated net score. CrowdStrike's net score dropped this quarter, which was a bit of a concern, but it's still high. And it followed by SailPoint and Zscaler, who are right there. The big three trends in this space right now are cloud security, identity access management, and endpoint security. Those are the tailwinds, and we think these trends have legs. Remember, net score in this survey is a forward-looking metric, so we'll come back and look at the next survey, which is running this month in the field from ETR. Now everyone on this chart has reported earnings, except Zscaler, which reports on September 9th, and all of these companies are doing well and exceeding expectations, but as I said earlier, next year's compares won't be so easy. Oh, and by the way, their stock prices, they all got killed this week as a result of the rug pull that we explained earlier. So we really feel this isn't a fundamental problem for these firms that we're talking about. It's more of a technical in the market. Now Automation Anywhere and UiPath, you really don't know because they're not public and I think they need to get their house in order so they can IPO, so we'll see when they make it to public markets. I don't think that's an if, that I think they will IPO, but the fact that they haven't filed yet says they're not ready. Now why wouldn't you IPO if you are ready in this market despite the recent pullbacks? Okay, let's summarize. So listen, all you new investors out there that think stock picking is easy, look, any fool can make money in a market that goes up every day, but trees don't grow to the moon and there are bulls and bears and pigs, and pigs get slaughtered. And I can throw a dozen other cliches at you, but I am excited that you're learning. You maybe have made a few bucks playing the options game. It's not as easy as you might think. And I'm hoping that you're not trading on margin. But look, I think there are going to be some buying opportunities ahead, there always are, be patient. It's very hard, actually impossible, to time markets, and I'm a big fan of dollar-cost averaging. And young people, if you make less than $137,000 a year, load up on your Roth, it's a government gift that I wish I could have tapped when I was a newbie. And as always, please do your homework. Okay, that's it for today. Remember, these episodes, they're all available as podcasts, wherever you listen, so please subscribe. I publish weekly on wikibon.com and siliconangle.com, so check that out, and please do comment on my LinkedIn posts. Don't forget, check out etr.plus for all the survey action. Get in touch on Twitter, I'm @dvellante, or email me at david.vellante@siliconangle.com. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, everyone. Be well, and we'll see you next time. (gentle upbeat music)